def test_configure_vault_etcd(self, get_api_url, can_restart, get_cluster_url, save_etcd_client_credentials): can_restart.return_value = True get_api_url.return_value = 'http://this-unit:8200' get_cluster_url.return_value = 'http://this-unit:8201' self.config.return_value = False etcd_mock = mock.MagicMock() etcd_mock.connection_string.return_value = 'http://etcd' self.is_flag_set.return_value = True self.endpoint_from_flag.return_value = etcd_mock self.is_state.return_value = True handlers.configure_vault({}) expected_context = { 'disable_mlock': False, 'ssl_available': True, 'etcd_conn': 'http://etcd', 'etcd_tls_ca_file': '/var/snap/vault/common/etcd-ca.pem', 'etcd_tls_cert_file': '/var/snap/vault/common/etcd-cert.pem', 'etcd_tls_key_file': '/var/snap/vault/common/etcd.key', 'api_addr': 'http://this-unit:8200', 'cluster_addr': 'http://this-unit:8201' } render_calls = [ mock.call('vault.hcl.j2', '/var/snap/vault/common/vault.hcl', expected_context, perms=0o600), mock.call('vault.service.j2', '/etc/systemd/system/vault.service', {}, perms=0o644) ] self.render.assert_has_calls(render_calls) save_etcd_client_credentials.assert_called_with( etcd_mock, key=expected_context['etcd_tls_key_file'], cert=expected_context['etcd_tls_cert_file'], ca=expected_context['etcd_tls_ca_file'], ) self.is_flag_set.assert_called_with('etcd.tls.available') self.config.assert_called_with('disable-mlock')
def test_configure_vault(self, can_restart): can_restart.return_value = True self.config.return_value = False self.is_state.return_value = True db_context = {'storage_name': 'psql', 'psql_db_conn': 'myuri'} self.is_flag_set.return_value = False self.endpoint_from_flag.return_value = None handlers.configure_vault(db_context) expected_context = { 'storage_name': 'psql', 'psql_db_conn': 'myuri', 'disable_mlock': False, 'ssl_available': True, } render_calls = [ mock.call('vault.hcl.j2', '/var/snap/vault/common/vault.hcl', expected_context, perms=0o600), mock.call('vault.service.j2', '/etc/systemd/system/vault.service', {}, perms=0o644) ] self.open_port.assert_called_once_with(8200) self.render.assert_has_calls(render_calls) self.config.assert_called_with('disable-mlock') # Check flipping disable-mlock makes it to the context self.config.return_value = True expected_context['disable_mlock'] = True handlers.configure_vault(db_context) render_calls = [ mock.call('vault.hcl.j2', '/var/snap/vault/common/vault.hcl', expected_context, perms=0o600), mock.call('vault.service.j2', '/etc/systemd/system/vault.service', {}, perms=0o644) ] self.render.assert_has_calls(render_calls) self.service.assert_called_with('enable', 'vault') self.config.assert_called_with('disable-mlock') # Ensure is_container will override config option self.config.return_value = False self.is_container.return_value = True expected_context['disable_mlock'] = True handlers.configure_vault(db_context) render_calls = [ mock.call('vault.hcl.j2', '/var/snap/vault/common/vault.hcl', expected_context, perms=0o600), mock.call('vault.service.j2', '/etc/systemd/system/vault.service', {}, perms=0o644) ] self.render.assert_has_calls(render_calls) self.service.assert_called_with('enable', 'vault') self.config.assert_called_with('disable-mlock') self.is_container.assert_called_with()