More robust hvac.Client post response handling
Pin the version of hvac for a consistent response type. Use the adpater to get response code and json data. Closes Bug: #1871981 Change-Id: Ia8517a75e7bc20f751eca83aaa84728cc62edee6
This commit is contained in:
parent
4e1c539eaf
commit
f6546dda33
|
@ -17,11 +17,19 @@ import hvac
|
||||||
SYSTEM_CA_BUNDLE = '/etc/ssl/certs/ca-certificates.crt'
|
SYSTEM_CA_BUNDLE = '/etc/ssl/certs/ca-certificates.crt'
|
||||||
|
|
||||||
|
|
||||||
|
# TODO: There is a version in charmhelpers.contrib.openstack.vaultlocker
|
||||||
|
# that does everything but the System CA bundle. Update that helper to allow
|
||||||
|
# a CA bundle for verify.
|
||||||
def retrieve_secret_id(url, token):
|
def retrieve_secret_id(url, token):
|
||||||
client = hvac.Client(url=url, verify=SYSTEM_CA_BUNDLE, token=token)
|
# hvac 0.10.1 changed default adapter to JSONAdapter
|
||||||
|
client = hvac.Client(
|
||||||
|
url=url, token=token,
|
||||||
|
adapter=hvac.adapters.Request,
|
||||||
|
verify=SYSTEM_CA_BUNDLE)
|
||||||
# workaround for issue where callng `client.unwrap(token)` results in
|
# workaround for issue where callng `client.unwrap(token)` results in
|
||||||
# "error decrementing wrapping token's use-count: invalid token entry
|
# "error decrementing wrapping token's use-count: invalid token entry
|
||||||
# provided for use count decrementing"
|
# provided for use count decrementing"
|
||||||
response = client._post('/v1/sys/wrapping/unwrap')
|
response = client._post('/v1/sys/wrapping/unwrap')
|
||||||
if response.get("data"):
|
if response.status_code == 200:
|
||||||
return response['data']['secret_id']
|
data = response.json()
|
||||||
|
return data['data']['secret_id']
|
||||||
|
|
|
@ -105,3 +105,4 @@ def plugin_info_barbican_publish():
|
||||||
level=ch_core.hookenv.INFO)
|
level=ch_core.hookenv.INFO)
|
||||||
barbican.publish_plugin_info('vault', vault_data)
|
barbican.publish_plugin_info('vault', vault_data)
|
||||||
reactive.clear_flag('endpoint.secrets-storage.changed')
|
reactive.clear_flag('endpoint.secrets-storage.changed')
|
||||||
|
barbican_vault_charm.assess_status()
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
hvac
|
# Pin hvac for a consistent response type
|
||||||
|
hvac==0.10.1
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
# https://github.com/openstack-charmers/release-tools
|
# https://github.com/openstack-charmers/release-tools
|
||||||
#
|
#
|
||||||
# Lint and unit test requirements
|
# Lint and unit test requirements
|
||||||
flake8>=2.2.4,<=2.4.1
|
flake8>=2.2.4
|
||||||
stestr>=2.2.0
|
stestr>=2.2.0
|
||||||
requests>=2.18.4
|
requests>=2.18.4
|
||||||
charms.reactive
|
charms.reactive
|
||||||
|
|
|
@ -25,7 +25,9 @@ class TestVaultUtils(test_utils.PatchHelper):
|
||||||
self.patch_object(vault_utils, 'hvac')
|
self.patch_object(vault_utils, 'hvac')
|
||||||
hvac_client = mock.MagicMock()
|
hvac_client = mock.MagicMock()
|
||||||
self.hvac.Client.return_value = hvac_client
|
self.hvac.Client.return_value = hvac_client
|
||||||
response = {'data': {'secret_id': 'FAKE_SECRET_ID'}}
|
response = mock.MagicMock()
|
||||||
|
response.status_code = 200
|
||||||
|
response.json.return_value = {'data': {'secret_id': 'FAKE_SECRET_ID'}}
|
||||||
hvac_client._post.return_value = response
|
hvac_client._post.return_value = response
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
vault_utils.retrieve_secret_id('url', 'token'), 'FAKE_SECRET_ID')
|
vault_utils.retrieve_secret_id('url', 'token'), 'FAKE_SECRET_ID')
|
||||||
|
@ -33,4 +35,5 @@ class TestVaultUtils(test_utils.PatchHelper):
|
||||||
self.hvac.Client.assert_called_once_with(
|
self.hvac.Client.assert_called_once_with(
|
||||||
token='token',
|
token='token',
|
||||||
url='url',
|
url='url',
|
||||||
|
adapter=self.hvac.adapters.Request,
|
||||||
verify=vault_utils.SYSTEM_CA_BUNDLE)
|
verify=vault_utils.SYSTEM_CA_BUNDLE)
|
||||||
|
|
Loading…
Reference in New Issue