More robust hvac.Client post response handling

Pin the version of hvac for a consistent response type. Use the adpater to get response code and json data. Closes Bug: #1871981 Change-Id: Ia8517a75e7bc20f751eca83aaa84728cc62edee6
2020-04-29 12:14:08 -07:00 · 2020-04-29 12:14:08 -07:00 · f6546dda33
parent 4e1c539eaf
commit f6546dda33
5 changed files with 19 additions and 6 deletions
--- a/src/lib/charm/vault_utils.py
+++ b/src/lib/charm/vault_utils.py
@ -17,11 +17,19 @@ import hvac
 SYSTEM_CA_BUNDLE = '/etc/ssl/certs/ca-certificates.crt'


+# TODO: There is a version in  charmhelpers.contrib.openstack.vaultlocker
+# that does everything but the System CA bundle. Update that helper to allow
+# a CA bundle for verify.
 def retrieve_secret_id(url, token):
-    client = hvac.Client(url=url, verify=SYSTEM_CA_BUNDLE, token=token)
+    # hvac 0.10.1 changed default adapter to JSONAdapter
+    client = hvac.Client(
+        url=url, token=token,
+        adapter=hvac.adapters.Request,
+        verify=SYSTEM_CA_BUNDLE)
    # workaround for issue where callng `client.unwrap(token)` results in
    # "error decrementing wrapping token's use-count: invalid token entry
    #  provided for use count decrementing"
    response = client._post('/v1/sys/wrapping/unwrap')
-    if response.get("data"):
-        return response['data']['secret_id']
+    if response.status_code == 200:
+        data = response.json()
+        return data['data']['secret_id']
--- a/src/reactive/barbican_vault_handlers.py
+++ b/src/reactive/barbican_vault_handlers.py
@ -105,3 +105,4 @@ def plugin_info_barbican_publish():
                            level=ch_core.hookenv.INFO)
        barbican.publish_plugin_info('vault', vault_data)
        reactive.clear_flag('endpoint.secrets-storage.changed')
+        barbican_vault_charm.assess_status()
--- a/src/wheelhouse.txt
+++ b/src/wheelhouse.txt
@ -1 +1,2 @@
-hvac
+# Pin hvac for a consistent response type
+hvac==0.10.1
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -4,7 +4,7 @@
 #     https://github.com/openstack-charmers/release-tools
 #
 # Lint and unit test requirements
-flake8>=2.2.4,<=2.4.1
+flake8>=2.2.4
 stestr>=2.2.0
 requests>=2.18.4
 charms.reactive
--- a/unit_tests/test_vault_utils.py
+++ b/unit_tests/test_vault_utils.py
@ -25,7 +25,9 @@ class TestVaultUtils(test_utils.PatchHelper):
        self.patch_object(vault_utils, 'hvac')
        hvac_client = mock.MagicMock()
        self.hvac.Client.return_value = hvac_client
-        response = {'data': {'secret_id': 'FAKE_SECRET_ID'}}
+        response = mock.MagicMock()
+        response.status_code = 200
+        response.json.return_value = {'data': {'secret_id': 'FAKE_SECRET_ID'}}
        hvac_client._post.return_value = response
        self.assertEqual(
            vault_utils.retrieve_secret_id('url', 'token'), 'FAKE_SECRET_ID')
@ -33,4 +35,5 @@ class TestVaultUtils(test_utils.PatchHelper):
        self.hvac.Client.assert_called_once_with(
            token='token',
            url='url',
+            adapter=self.hvac.adapters.Request,
            verify=vault_utils.SYSTEM_CA_BUNDLE)