def test_get_chain_default_pki(self, get_local_client): client_mock = mock.MagicMock() client_mock.read.return_value = {'data': {'certificate': 'somecert'}} get_local_client.return_value = client_mock self.assertEqual(vault_pki.get_chain(), 'somecert') client_mock.read.assert_called_once_with( 'charm-pki-local/cert/ca_chain')
def publish_ca_info(): if is_unit_paused_set(): log("The Vault unit is paused, passing on publishing ca info.") return if not service_running('vault'): set_flag('failed.to.start') return client = vault.get_client(url=vault.VAULT_LOCALHOST_URL) tls = endpoint_from_flag('certificates.available') if client.is_sealed(): log("Unable to publish ca info, service sealed.") else: tls.set_ca(vault_pki.get_ca()) chain = vault_pki.get_chain() if chain: tls.set_chain(chain)
def publish_ca_info(): if not client_approle_authorized(): log("Vault not authorized: Skipping publicsh_ca_info", "WARNING") return if is_unit_paused_set(): log("The Vault unit is paused, passing on publishing ca info.") return if not service_running('vault'): set_flag('failed.to.start') return client = vault.get_client(url=vault.VAULT_LOCALHOST_URL) tls = endpoint_from_flag('certificates.available') if client.is_sealed(): log("Unable to publish ca info, service sealed.") else: tls.set_ca(vault_pki.get_ca()) try: # this might fail if we were restarted and need to be unsealed chain = vault_pki.get_chain() except vault.hvac.exceptions.VaultDown: chain = None if chain: tls.set_chain(chain)
def publish_ca_info(): tls = endpoint_from_flag('certificates.available') tls.set_ca(vault_pki.get_ca()) chain = vault_pki.get_chain() if chain: tls.set_chain(chain)