def test_prepare_vault_unsealed(self, service_running, log,
get_vault_health, initialize_vault,
unseal_vault, is_leader,
setup_charm_vault_access, leader_set):
is_leader.return_value = False
service_running.return_value = True
get_vault_health.return_value = {'initialized': True, 'sealed': False}
vault.prepare_vault()
self.assertFalse(initialize_vault.called)
self.assertFalse(unseal_vault.called)
leader_set.assert_not_called()
def test_prepare_vault_non_leader(self, service_running, log,
get_vault_health, initialize_vault,
unseal_vault, is_leader, leader_set,
leader_get):
leader_get.return_value = "[]"
is_leader.return_value = False
service_running.return_value = True
get_vault_health.return_value = {'initialized': False, 'sealed': True}
vault.prepare_vault()
self.assertFalse(initialize_vault.called)
unseal_vault.assert_called_once_with()
def snap_refresh():
channel = config('channel') or 'stable'
if validate_snap_channel(channel):
clear_flag('snap.channel.invalid')
snap.refresh('vault', channel=channel)
if vault.can_restart():
log("Restarting vault", level=DEBUG)
service_restart('vault')
if config('totally-unsecure-auto-unlock'):
vault.prepare_vault()
else:
set_flag('snap.channel.invalid')
def test_prepare_vault(self, service_running, log, get_vault_health,
initialize_vault, unseal_vault, is_leader,
setup_charm_vault_access, leader_set, leader_get):
is_leader.return_value = True
leader_get.return_value = "[]"
service_running.return_value = True
get_vault_health.return_value = {'initialized': False, 'sealed': True}
vault.prepare_vault()
initialize_vault.assert_called_once_with()
setup_charm_vault_access.assert_called_once_with()
unseal_vault.assert_called_once_with()
setup_charm_vault_access.assert_called_once_with()
leader_set.assert_called_once_with(
{vault.CHARM_ACCESS_ROLE_ID: mock.ANY})
def start_vault():
# start or restart vault
vault.opportunistic_restart()
@tenacity.retry(wait=tenacity.wait_exponential(multiplier=1, max=10),
stop=tenacity.stop_after_attempt(10),
retry=tenacity.retry_if_result(lambda b: not b))
def _check_vault_running():
return service_running('vault')
if _check_vault_running():
set_flag('started')
clear_flag('failed.to.start')
if config('totally-unsecure-auto-unlock'):
vault.prepare_vault()
else:
set_flag('failed.to.start')
def file_change_auto_unlock_mode():
log("Calling opportunistic_restart", level=DEBUG)
vault.opportunistic_restart()
if config('totally-unsecure-auto-unlock'):
vault.prepare_vault()
def test_prepare_vault_svc_down(self, service_running, log,
initialize_vault, unseal_vault):
service_running.return_value = False
vault.prepare_vault()
self.assertFalse(initialize_vault.called)
self.assertFalse(unseal_vault.called)
