def test_vault_reload(self):
"""Run reload tests.
Reload service and check services were restarted
by doing simple change in the running config by API.
Then confirm that service is not sealed
"""
vault_actions = zaza.model.get_actions('vault')
if 'reload' not in vault_actions:
raise unittest.SkipTest("The version of charm-vault tested does "
"not have reload action")
lead_client = vault_utils.get_cluster_leader(self.clients)
running_config = vault_utils.get_running_config(lead_client)
value_to_set = not running_config['data']['disable_mlock']
zaza.model.set_application_config('vault',
{'disable-mlock': str(value_to_set)})
logging.info("Testing reload")
zaza.model.run_action(juju_utils.get_unit_name_from_ip_address(
lead_client.addr, 'vault'),
'reload',
model_name=self.model_name)
new_value = vault_utils.get_running_config(
lead_client)['data']['disable_mlock']
logging.info(new_value)
self.assertEqual(value_to_set, new_value)
self.assertFalse(lead_client.hvac_client.seal_status['sealed'])
def test_get_unit_name_from_ip_address(self):
unit_mock3 = mock.MagicMock()
unit_mock3.data = {'public-address': '10.0.0.12', 'private-address':
'10.0.0.13', 'name': 'myapp/2'}
unit_mock3.entity_id = 'myapp/2'
unit_mock4 = mock.MagicMock()
unit_mock4.data = {'public-address': '10.0.0.240', 'private-address':
'10.0.0.241', 'name': 'myapp/5'}
unit_mock4.entity_id = 'myapp/5'
self.model.get_units.return_value = [unit_mock3, unit_mock4]
self.assertEqual(
juju_utils.get_unit_name_from_ip_address('10.0.0.12', 'myapp'),
'myapp/2')
self.assertEqual(
juju_utils.get_unit_name_from_ip_address('10.0.0.241', 'myapp'),
'myapp/5')
def unseal_by_unit(cacert=None):
"""Unseal any units reported as sealed using mojo cacert."""
cacert = cacert or get_cacert_file()
vault_creds = vault_utils.get_credentials()
for client in vault_utils.get_clients(cacert=cacert):
if client.hvac_client.is_sealed():
client.hvac_client.unseal(vault_creds['keys'][0])
unit_name = juju_utils.get_unit_name_from_ip_address(
client.addr, 'vault')
zaza.model.run_on_unit(unit_name, './hooks/update-status')
def mojo_unseal_by_unit():
"""Unseal any units reported as sealed using mojo cacert."""
cacert = zaza.openstack.utilities.generic.get_mojo_cacert_path()
vault_creds = vault_utils.get_credentails()
for client in vault_utils.get_clients(cacert=cacert):
if client.hvac_client.is_sealed():
client.hvac_client.unseal(vault_creds['keys'][0])
unit_name = juju_utils.get_unit_name_from_ip_address(
client.addr, 'vault')
zaza.model.run_on_unit(unit_name, './hooks/update-status')
def test_vault_reload(self):
"""Run reload tests.
Reload service and check services were restarted
by doing simple change in the running config by API.
Then confirm that service is not sealed
"""
vault_actions = zaza.model.get_actions('vault')
if 'reload' not in vault_actions:
raise unittest.SkipTest("The version of charm-vault tested does "
"not have reload action")
container_results = zaza.model.run_on_leader(
"vault", "systemd-detect-virt --container")
container_rc = json.loads(container_results["Code"])
if container_rc == 0:
raise unittest.SkipTest(
"Vault unit is running in a container. Cannot use mlock.")
lead_client = vault_utils.get_cluster_leader(self.clients)
running_config = vault_utils.get_running_config(lead_client)
value_to_set = not running_config['data']['disable_mlock']
logging.info("Setting disable-mlock to {}".format(str(value_to_set)))
zaza.model.set_application_config('vault',
{'disable-mlock': str(value_to_set)})
logging.info("Waiting for model to be idle ...")
zaza.model.block_until_all_units_idle(model_name=self.model_name)
logging.info("Testing action reload on {}".format(lead_client))
zaza.model.run_action(juju_utils.get_unit_name_from_ip_address(
lead_client.addr, 'vault'),
'reload',
model_name=self.model_name)
logging.info("Getting new value ...")
new_value = vault_utils.get_running_config(
lead_client)['data']['disable_mlock']
logging.info("Asserting new value {} is equal to set value {}".format(
new_value, value_to_set))
self.assertEqual(value_to_set, new_value)
logging.info("Asserting not sealed")
self.assertFalse(lead_client.hvac_client.seal_status['sealed'])
