def publish_ca_info():
if is_unit_paused_set():
log("The Vault unit is paused, passing on publishing ca info.")
return
if not service_running('vault'):
set_flag('failed.to.start')
return
client = vault.get_client(url=vault.VAULT_LOCALHOST_URL)
tls = endpoint_from_flag('certificates.available')
if client.is_sealed():
log("Unable to publish ca info, service sealed.")
else:
tls.set_ca(vault_pki.get_ca())
chain = vault_pki.get_chain()
if chain:
tls.set_chain(chain)
def publish_ca_info():
if not client_approle_authorized():
log("Vault not authorized: Skipping publicsh_ca_info", "WARNING")
return
if is_unit_paused_set():
log("The Vault unit is paused, passing on publishing ca info.")
return
if not service_running('vault'):
set_flag('failed.to.start')
return
client = vault.get_client(url=vault.VAULT_LOCALHOST_URL)
tls = endpoint_from_flag('certificates.available')
if client.is_sealed():
log("Unable to publish ca info, service sealed.")
else:
tls.set_ca(vault_pki.get_ca())
try:
# this might fail if we were restarted and need to be unsealed
chain = vault_pki.get_chain()
except vault.hvac.exceptions.VaultDown:
chain = None
if chain:
tls.set_chain(chain)
def publish_ca_info():
tls = endpoint_from_flag('certificates.available')
tls.set_ca(vault_pki.get_ca())
chain = vault_pki.get_chain()
if chain:
tls.set_chain(chain)
def test_get_ca(self, leader_get):
leader_get.return_value = 'ROOTCA'
self.assertEqual(vault_pki.get_ca(), 'ROOTCA')