vault-kv: Add functional test and use KV v1

Add ceph-mon and ceph-osd charms to smoke testing bundle to ensure coverage of vault-kv relation and associated secrets storage functionality. Revert default KV backend to v1; v2 has a slightly different API so revert default KV backend version to v1. This resolve and issue with vaultlocker access to stored keys. Also pin hvac version to < 0.7.0. Change-Id: I8ed197aba3f9a42399fd4304b21e2a36e3dd6dca
2018-05-08 17:10:24 +01:00 · 2018-05-08 17:10:24 +01:00 · b5afdc3817
parent 54a29e06ab
commit b5afdc3817
6 changed files with 25 additions and 4 deletions
--- a/src/lib/charm/vault.py
+++ b/src/lib/charm/vault.py
@ -328,7 +328,7 @@ def configure_secret_backend(client, name):
        client.enable_secret_backend(backend_type='kv',
                                     description='Charm created KV backend',
                                     mount_point=name,
-                                     options={'version': 2})
+                                     options={'version': 1})


 def configure_policy(client, name, hcl):
--- a/src/tests/bundles/xenial-mysql.yaml
+++ b/src/tests/bundles/xenial-mysql.yaml
@ -13,6 +13,20 @@ services:
    options:
      admin-password: openstack
      openstack-origin: cloud:xenial-queens
+  ceph-mon:
+    charm: cs:ceph-mon
+    num_units: 3
+    options:
+      source: cloud:xenial-queens
+  ceph-osd:
+    charm: cs:~openstack-charmers-next/ceph-osd
+    num_units: 3
+    options:
+      source: cloud:xenial-queens
+      osd-encrypt: true
+      osd-encrypt-keymanager: vault
+    storage:
+      osd-devices: 10G,2
 relations:
 - - vault:shared-db
  - mysql:shared-db
@ -20,3 +34,7 @@ relations:
  - mysql:shared-db
 - - vault:certificates
  - keystone:certificates
+- - vault:secrets
+  - ceph-osd:secrets-storage
+- - ceph-mon:osd
+  - ceph-osd:mon
--- a/src/tests/tests.yaml
+++ b/src/tests/tests.yaml
@ -20,5 +20,8 @@ target_deploy_status:
  vault:
    workload-status: blocked
    workload-status-message: Vault needs to be initialized
+  ceph-osd:
+    workload-status: waiting
+    workload-status-message: "Incomplete relation: vault"
 tests:
 - zaza.charm_tests.vault.tests.VaultTest
--- a/src/wheelhouse.txt
+++ b/src/wheelhouse.txt
@ -1,4 +1,4 @@
 netifaces
-hvac
+hvac<0.7.0
 tenacity
 pbr
--- a/test-requirements.txt
+++ b/test-requirements.txt
@ -8,7 +8,7 @@ nose>=1.3.7
 coverage>=3.6
 git+https://github.com/openstack/charms.openstack.git#egg=charms-openstack
 netifaces   # vault
-hvac        # vault
+hvac<0.7.0  # vault
 psycopg2    # vault
 tenacity    # vault
 pbr             # vault
--- a/unit_tests/test_lib_charm_vault.py
+++ b/unit_tests/test_lib_charm_vault.py
@ -343,7 +343,7 @@ class TestLibCharmVault(unit_tests.test_utils.CharmTestCase):
            backend_type='kv',
            description=mock.ANY,
            mount_point='test',
-            options={'version': 2})
+            options={'version': 1})

    def test_configure_secret_backend_noop(self):
        hvac_client = mock.MagicMock()