def test_001_policyd_good_yaml(self):
"""Test that the policyd with a good zipped yaml file."""
good = self.good
good_zip_path = self._make_zip_file_from('good.zip', good)
logging.info("Attaching good zip file as a resource.")
zaza_model.attach_resource(self.application_name,
'policyd-override',
good_zip_path)
zaza_model.block_until_all_units_idle()
logging.debug("Now setting config to true")
self._set_config(True)
# check that the file gets to the right location
if self.path_infix:
path = os.path.join(
"/etc", self._service_name, "policy.d", self.path_infix,
'file1.yaml')
else:
path = os.path.join(
"/etc", self._service_name, "policy.d", 'file1.yaml')
logging.info("Now checking for file contents: {}".format(path))
zaza_model.block_until_file_has_contents(self.application_name,
path,
"rule1: '!'")
# ensure that the workload status info line starts with PO:
logging.info("Checking for workload status line starts with PO:")
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:")
logging.debug("App status is valid")
# disable the policy override
logging.info("Disabling policy override by setting config to false")
self._set_config(False)
# check that the status no longer has "PO:" on it.
# we have to do it twice due to async races and that some info lines
# erase the PO: bit prior to actuall getting back to idle. The double
# check verifies that the charms have started, the idle waits until it
# is finished, and then the final check really makes sure they got
# switched off.
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:", negate_match=True)
zaza_model.block_until_all_units_idle()
zaza_model.block_until_wl_status_info_starts_with(
self.application_name, "PO:", negate_match=True)
# verify that the file no longer exists
logging.info("Checking that {} has been removed".format(path))
zaza_model.block_until_file_missing(self.application_name, path)
logging.info("OK")
def test_block_until_file_has_contents_missing(self):
self.patch_object(model, 'Model')
self.Model.return_value = self.Model_mock
self.patch_object(model, 'get_juju_model', return_value='mname')
self.patch("builtins.open",
new_callable=mock.mock_open(),
name="_open")
_fileobj = mock.MagicMock()
_fileobj.__enter__().read.return_value = "anything else"
self._open.return_value = _fileobj
with self.assertRaises(asyncio.futures.TimeoutError):
model.block_until_file_has_contents('app',
'/tmp/src/myfile.txt',
'somestring',
timeout=0.1)
self.unit1.scp_from.assert_called_once_with('/tmp/src/myfile.txt',
mock.ANY)
def test_block_until_file_has_contents(self):
self.patch_object(model, 'Model')
self.Model.return_value = self.Model_mock
self.patch("builtins.open",
new_callable=mock.mock_open(),
name="_open")
_fileobj = mock.MagicMock()
_fileobj.__enter__().read.return_value = "somestring"
self._open.return_value = _fileobj
model.block_until_file_has_contents(
'modelname',
'app',
'/tmp/src/myfile.txt',
'somestring',
timeout=0.1)
self.unit1.scp_from.assert_called_once_with(
'/tmp/src/myfile.txt', mock.ANY)
self.unit2.scp_from.assert_called_once_with(
'/tmp/src/myfile.txt', mock.ANY)
def test_upload_external_cert(self):
"""Verify that the external CA is uploaded correctly."""
logging.info('Changing value for trusted-external-ca-cert.')
ca_cert_option = 'trusted-external-ca-cert'
ppk, cert = utilities.cert.generate_cert('gnocchi_test.ci.local')
b64_cert = base64.b64encode(cert).decode()
config = {
ca_cert_option: b64_cert,
}
model.set_application_config('gnocchi', config)
model.block_until_all_units_idle()
files = [
'/usr/local/share/ca-certificates/gnocchi-external.crt',
'/etc/ssl/certs/gnocchi-external.pem',
]
for file in files:
logging.info("Validating that {} is created.".format(file))
model.block_until_file_has_contents('gnocchi', file, 'CERTIFICATE')
logging.info("Found {} successfully.".format(file))
def test_deferred_restarts(self):
"""Run deferred restart tests."""
app_config = model.get_application_config(self.application_name)
auto_restart_config_key = 'enable-auto-restarts'
if auto_restart_config_key not in app_config:
raise unittest.SkipTest("Deferred restarts not implemented")
# Ensure auto restarts are off.
policy_file = '/etc/policy-rc.d/charm-{}.policy'.format(
self.application_name)
if app_config[auto_restart_config_key]['value']:
logging.info("Turning off auto restarts")
model.set_application_config(
self.application_name, {auto_restart_config_key: 'False'})
logging.info("Waiting for {} to appear on units of {}".format(
policy_file,
self.application_name))
model.block_until_file_has_contents(
self.application_name,
policy_file,
'policy_requestor_name')
# The block_until_file_has_contents ensures the change we waiting
# for has happened, now just wait for any hooks to finish.
logging.info("Waiting for units to be idle")
model.block_until_all_units_idle()
else:
logging.info("Auto restarts already disabled")
self.run_tests()
# Finished so turn auto-restarts back on.
logging.info("Turning on auto restarts")
model.set_application_config(
self.application_name, {auto_restart_config_key: 'True'})
model.block_until_file_missing(
self.application_name,
policy_file)
model.block_until_all_units_idle()
self.check_clear_hooks()
intermediate_csr = action.data['results']['output']
with open(os.path.join(certificate_directory, 'ca.key'), 'rb') as f:
cakey = f.read()
with open(os.path.join(certificate_directory, 'cacert.pem'), 'rb') as f:
cacert = f.read()
intermediate_cert = zaza.openstack.utilities.cert.sign_csr(
intermediate_csr,
cakey.decode(),
cacert.decode(),
generate_ca=True)
action = vault_utils.run_upload_signed_csr(
pem=intermediate_cert,
root_ca=cacert,
allowed_domains='openstack.local')
del wl_statuses['vault']
model.block_until_file_has_contents(
'keystone',
'/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt',
cacert.decode().strip())
model.wait_for_application_states(
states=wl_statuses)
if os_version <= 'pike':
logging.info("Restoring designate memcached relation")
model.add_relation(
'designate',
'coordinator-memcached',
'memcached:cache')
del wl_statuses['designate']
model.wait_for_application_states(
states=wl_statuses)
