def test_assess_status(self, get_vault_health, _assess_interface_groups,
_client_approle_authorized, _leader_get):
self.snap.get_installed_version.return_value = '0.9.0'
self.is_flag_set.return_value = False
get_vault_health.return_value = self._health_response
_assess_interface_groups.return_value = []
_leader_get.return_value = True
_client_approle_authorized.return_value = True
self.config.return_value = False
self.service_running.return_value = True
handlers._assess_status()
self.application_version_set.assert_called_with(
self._health_response['version'])
self.status_set.assert_called_with(
'active', 'Unit is ready (active: true, mlock: enabled)')
self.config.assert_called_with('disable-mlock')
_assess_interface_groups.assert_has_calls([
mock.call(handlers.REQUIRED_INTERFACES,
optional=False,
missing_interfaces=mock.ANY,
incomplete_interfaces=mock.ANY),
mock.call(handlers.OPTIONAL_INTERFACES,
optional=True,
missing_interfaces=mock.ANY,
incomplete_interfaces=mock.ANY),
])
def test_assess_status_vault_sealed(self, get_vault_health,
_assess_interface_groups):
self.is_flag_set.return_value = False
get_vault_health.return_value = self._health_response_sealed
_assess_interface_groups.return_value = []
self.service_running.return_value = True
handlers._assess_status()
self.status_set.assert_called_with('blocked', 'Unit is sealed')
def test_assess_status_service_not_running(self, get_vault_health,
_assess_interface_groups):
self.is_flag_set.return_value = False
self.service_running.return_value = False
_assess_interface_groups.return_value = []
handlers._assess_status()
self.status_set.assert_called_with('blocked',
'Vault service not running')
def test_assess_status_empty_health(self, get_vault_health):
self.is_flag_set.return_value = False
self.service_running.return_value = True
get_vault_health.return_value = {}
handlers._assess_status()
self.application_version_set.assert_called_with('Unknown')
self.status_set.assert_called_with('blocked',
'Vault health check failed')
def test_assess_status_not_running(self, get_vault_health,
_assess_interface_groups):
self.is_flag_set.return_value = False
get_vault_health.return_value = self._health_response
self.service_running.return_value = False
handlers._assess_status()
self.application_version_set.assert_not_called()
self.status_set.assert_called_with('blocked',
'Vault service not running')
def test_assess_status_empty_health(self, get_vault_health,
_assess_interface_groups):
self.is_flag_set.return_value = False
self.service_running.return_value = True
get_vault_health.return_value = {}
_assess_interface_groups.return_value = []
handlers._assess_status()
self.application_version_set.assert_called_with('Unknown')
self.status_set.assert_called_with('blocked', 'Unknown vault version')
def test_assess_status_invalid_haconfig(self):
statuses = {
'snap.channel.invalid': False,
'config.dns_vip.invalid': True
}
self.is_flag_set.side_effect = lambda x: statuses[x]
handlers._assess_status()
self.status_set.assert_called_with(
'blocked', 'vip and dns-ha-access-record configured')
self.is_flag_set.assert_called_with('config.dns_vip.invalid')
def test_assess_status_invalid_channel(self):
statuses = {
'snap.channel.invalid': True,
'config.dns_vip.invalid': False
}
self.is_flag_set.side_effect = lambda x: statuses[x]
self.config.return_value = 'foorbar'
handlers._assess_status()
self.status_set.assert_called_with(
'blocked', 'Invalid snap channel configured: foorbar')
self.is_flag_set.assert_called_with('snap.channel.invalid')
self.config.assert_called_with('channel')
def test_assess_status_vault_missing_ca(self, get_vault_health,
_assess_interface_groups,
_client_approle_authorized,
_leader_get):
flags = ['certificates.certs.requested']
self.is_flag_set.side_effect = lambda f: f in flags
get_vault_health.return_value = self._health_response
handlers._assess_status()
self.status_set.assert_called_with('active', mock.ANY)
flags.append('leadership.is_leader')
handlers._assess_status()
self.status_set.assert_called_with('blocked', 'Missing CA cert')
def test_assess_status_vault_snap_refresh(self, get_vault_health,
_assess_interface_groups,
_client_approle_authorized,
_leader_get):
# New version of vault installed 0.9.1
self.snap.get_installed_version.return_value = '0.9.1'
self.is_flag_set.return_value = False
get_vault_health.return_value = self._health_response
handlers._assess_status()
self.status_set.assert_called_with(
'active', 'New version of vault installed, manual intervention '
'required to restart the service.')
def test_assess_status_non_ha(self, get_vault_health,
_assess_interface_groups,
_client_approle_authorized, _leader_get,
get_local_client):
get_vault_health.return_value = self._health_response
self.snap.get_installed_version.return_value = '0.9.0'
self.endpoint_from_name().is_available = True
self.endpoint_from_name().has_response = False
self.is_flag_set.side_effect = lambda f: False
get_local_client.return_value.ha_status = {'ha_enabled': False}
handlers._assess_status()
self.assertIn('Unit is ready', self.status_set.call_args[0][1])
self.is_flag_set.side_effect = lambda f: f == 'etcd.tls.available'
handlers._assess_status()
self.assertIn('Vault running as non-HA',
self.status_set.call_args[0][1])
get_local_client.return_value.ha_status = {'ha_enabled': True}
handlers._assess_status()
self.assertIn('Unit is ready', self.status_set.call_args[0][1])
def test_assess_status_loadbalancer(self, get_vault_health,
_assess_interface_groups,
_client_approle_authorized,
_leader_get):
self.is_flag_set.return_value = False
get_vault_health.return_value = self._health_response
self.endpoint_from_name().is_available = True
self.endpoint_from_name().has_response = False
handlers._assess_status()
self.status_set.assert_called_with('active', mock.ANY)
self.is_flag_set.side_effect = lambda f: f == 'leadership.is_leader'
handlers._assess_status()
self.status_set.assert_called_with('waiting',
'Waiting for load balancer')
self.endpoint_from_name().has_response = True
self.endpoint_from_name().get_response().error = True
self.endpoint_from_name().get_response().error_message = 'just because'
handlers._assess_status()
self.status_set.assert_called_with(
'blocked', 'Load balancer failed: just because')