Only try to unseal vault when leader has set keys
Change-Id: I2574da2f7e6520d4c9bc8e5b9f03b5723840b5c8 Closes-Bug: #1792603
This commit is contained in:
parent
9459c01476
commit
e621b4dec0
|
@ -239,7 +239,7 @@ def prepare_vault():
|
|||
vault_health = get_vault_health()
|
||||
if not vault_health['initialized'] and hookenv.is_leader():
|
||||
initialize_vault()
|
||||
if vault_health['sealed']:
|
||||
if vault_health['sealed'] and hookenv.leader_get('keys'):
|
||||
unseal_vault()
|
||||
if hookenv.is_leader():
|
||||
role_id = setup_charm_vault_access()
|
||||
|
|
|
@ -179,6 +179,7 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
"http://127.0.0.1:8220/v1/sys/health")
|
||||
mock_response.json.assert_called_once()
|
||||
|
||||
@patch.object(vault.hookenv, 'leader_get')
|
||||
@patch.object(vault.hookenv, 'leader_set')
|
||||
@patch.object(vault, 'setup_charm_vault_access')
|
||||
@patch.object(vault.hookenv, 'is_leader')
|
||||
|
@ -189,8 +190,10 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
@patch.object(vault.host, 'service_running')
|
||||
def test_prepare_vault(self, service_running, log, get_vault_health,
|
||||
initialize_vault, unseal_vault, is_leader,
|
||||
setup_charm_vault_access, leader_set):
|
||||
setup_charm_vault_access, leader_set,
|
||||
leader_get):
|
||||
is_leader.return_value = True
|
||||
leader_get.return_value = "[]"
|
||||
service_running.return_value = True
|
||||
get_vault_health.return_value = {
|
||||
'initialized': False,
|
||||
|
@ -204,6 +207,7 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
{vault.CHARM_ACCESS_ROLE_ID: mock.ANY}
|
||||
)
|
||||
|
||||
@patch.object(vault.hookenv, 'leader_get')
|
||||
@patch.object(vault.hookenv, 'leader_set')
|
||||
@patch.object(vault.hookenv, 'is_leader')
|
||||
@patch.object(vault, 'unseal_vault')
|
||||
|
@ -213,7 +217,9 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
@patch.object(vault.host, 'service_running')
|
||||
def test_prepare_vault_non_leader(self, service_running, log,
|
||||
get_vault_health, initialize_vault,
|
||||
unseal_vault, is_leader, leader_set):
|
||||
unseal_vault, is_leader, leader_set,
|
||||
leader_get):
|
||||
leader_get.return_value = "[]"
|
||||
is_leader.return_value = False
|
||||
service_running.return_value = True
|
||||
get_vault_health.return_value = {
|
||||
|
@ -234,6 +240,7 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
self.assertFalse(initialize_vault.called)
|
||||
self.assertFalse(unseal_vault.called)
|
||||
|
||||
@patch.object(vault.hookenv, 'leader_get')
|
||||
@patch.object(vault.hookenv, 'leader_set')
|
||||
@patch.object(vault, 'setup_charm_vault_access')
|
||||
@patch.object(vault.hookenv, 'is_leader')
|
||||
|
@ -246,7 +253,8 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
|
|||
get_vault_health, initialize_vault,
|
||||
unseal_vault, is_leader,
|
||||
setup_charm_vault_access,
|
||||
leader_set):
|
||||
leader_set, leader_get):
|
||||
leader_get.return_value = "[]"
|
||||
is_leader.return_value = False
|
||||
service_running.return_value = True
|
||||
get_vault_health.return_value = {
|
||||
|
|
Loading…
Reference in New Issue