def basic_setup(cacert=None, unseal_and_authorize=False):
"""Run basic setup for vault tests.
:param cacert: Path to CA cert used for vaults api cert.
:type cacert: str
:param unseal_and_authorize: Whether to unseal and authorize vault.
:type unseal_and_authorize: bool
"""
clients = vault_utils.get_clients(cacert=cacert)
vip_client = vault_utils.get_vip_client(cacert=cacert)
if vip_client:
unseal_client = vip_client
else:
unseal_client = clients[0]
initialized = vault_utils.is_initialized(unseal_client)
# The credentials are written to a file to allow the tests to be re-run
# this is mainly useful for manually working on the tests.
if initialized:
vault_creds = vault_utils.get_credentails()
else:
vault_creds = vault_utils.init_vault(unseal_client)
vault_utils.store_credentails(vault_creds)
# For use by charms or bundles other than vault
if unseal_and_authorize:
vault_utils.unseal_all(clients, vault_creds['keys'][0])
vault_utils.auth_all(clients, vault_creds['root_token'])
vault_utils.run_charm_authorize(vault_creds['root_token'])
def setUpClass(cls):
cls.clients = vault_utils.get_clients()
cls.vip_client = vault_utils.get_vip_client()
if cls.vip_client:
cls.clients.append(cls.vip_client)
cls.vault_creds = vault_utils.get_credentails()
vault_utils.unseal_all(cls.clients, cls.vault_creds['keys'][0])
vault_utils.auth_all(cls.clients, cls.vault_creds['root_token'])
def basic_setup():
clients = vault_utils.get_clients()
vip_client = vault_utils.get_vip_client()
if vip_client:
unseal_client = vip_client
else:
unseal_client = clients[0]
initialized = vault_utils.is_initialized(unseal_client)
# The credentials are written to a file to allow the tests to be re-run
# this is mainly useful for manually working on the tests.
if initialized:
vault_creds = vault_utils.get_credentails()
else:
vault_creds = vault_utils.init_vault(unseal_client)
vault_utils.store_credentails(vault_creds)
def basic_setup(cacert=None):
"""Run basic setup for vault tests.
:param cacert: Path to CA cert used for vaults api cert.
:type cacert: str
"""
clients = vault_utils.get_clients(cacert=cacert)
vip_client = vault_utils.get_vip_client(cacert=cacert)
if vip_client:
unseal_client = vip_client
else:
unseal_client = clients[0]
initialized = vault_utils.is_initialized(unseal_client)
# The credentials are written to a file to allow the tests to be re-run
# this is mainly useful for manually working on the tests.
if initialized:
vault_creds = vault_utils.get_credentails()
else:
vault_creds = vault_utils.init_vault(unseal_client)
vault_utils.store_credentails(vault_creds)
from zaza import model
from zaza.openstack.utilities import (
cli as cli_utils,
openstack,
)
from zaza.charm_tests.vault import (setup as vault_setup, utils as vault_utils)
import zaza.openstack.utilities.cert
import utils.mojo_utils as mojo_utils
if __name__ == "__main__":
cli_utils.setup_logging()
target_model = model.get_juju_model()
certificate_directory = mojo_utils.get_local_certificate_directory()
certfile = mojo_utils.get_overcloud_cacert_file()
vault_setup.basic_setup(cacert=certfile)
clients = vault_utils.get_clients(cacert=certfile)
vault_creds = vault_utils.get_credentails()
vault_utils.unseal_all(clients, vault_creds['keys'][0])
action = vault_utils.run_charm_authorize(vault_creds['root_token'])
action = vault_utils.run_get_csr()
intermediate_csr = action.data['results']['output']
with open(os.path.join(certificate_directory, 'ca.key'), 'rb') as f:
cakey = f.read()
with open(os.path.join(certificate_directory, 'cacert.pem'), 'rb') as f:
cacert = f.read()
intermediate_cert = zaza.openstack.utilities.cert.sign_csr(
intermediate_csr, cakey.decode(), cacert.decode(), generate_ca=True)
action = vault_utils.run_upload_signed_csr(
pem=intermediate_cert,
root_ca=cacert,
allowed_domains='openstack.local')