def test_get_chain_default_pki(self, get_local_client):
client_mock = mock.MagicMock()
client_mock.read.return_value = {'data': {'certificate': 'somecert'}}
get_local_client.return_value = client_mock
self.assertEqual(vault_pki.get_chain(), 'somecert')
client_mock.read.assert_called_once_with(
'charm-pki-local/cert/ca_chain')
def publish_ca_info():
if is_unit_paused_set():
log("The Vault unit is paused, passing on publishing ca info.")
return
if not service_running('vault'):
set_flag('failed.to.start')
return
client = vault.get_client(url=vault.VAULT_LOCALHOST_URL)
tls = endpoint_from_flag('certificates.available')
if client.is_sealed():
log("Unable to publish ca info, service sealed.")
else:
tls.set_ca(vault_pki.get_ca())
chain = vault_pki.get_chain()
if chain:
tls.set_chain(chain)
def publish_ca_info():
if not client_approle_authorized():
log("Vault not authorized: Skipping publicsh_ca_info", "WARNING")
return
if is_unit_paused_set():
log("The Vault unit is paused, passing on publishing ca info.")
return
if not service_running('vault'):
set_flag('failed.to.start')
return
client = vault.get_client(url=vault.VAULT_LOCALHOST_URL)
tls = endpoint_from_flag('certificates.available')
if client.is_sealed():
log("Unable to publish ca info, service sealed.")
else:
tls.set_ca(vault_pki.get_ca())
try:
# this might fail if we were restarted and need to be unsealed
chain = vault_pki.get_chain()
except vault.hvac.exceptions.VaultDown:
chain = None
if chain:
tls.set_chain(chain)
def publish_ca_info():
tls = endpoint_from_flag('certificates.available')
tls.set_ca(vault_pki.get_ca())
chain = vault_pki.get_chain()
if chain:
tls.set_chain(chain)