Check MySQL ACL before use
Ensure that the local vault unit has been granted access to the MySQL vault database before trying to configure vault to actually use it. The MySQL charms provide a list of units which have been granted access using the 'allowed_units' function on the mysql-shared interface. Change-Id: I4c1a7f559fcf6279a537770e76d92c01d33ced99
This commit is contained in:
parent
ef2e3655e4
commit
c143ac761d
|
@ -21,6 +21,7 @@ from charmhelpers.core.hookenv import (
|
|||
unit_private_ip,
|
||||
application_version_set,
|
||||
atexit,
|
||||
local_unit,
|
||||
)
|
||||
|
||||
from charmhelpers.core.host import (
|
||||
|
@ -173,6 +174,10 @@ def configure_vault_psql(psql):
|
|||
@when('shared-db.available')
|
||||
@when('vault.ssl.configured')
|
||||
def configure_vault_mysql(mysql):
|
||||
if local_unit() not in mysql.allowed_units():
|
||||
log("Deferring vault configuration until"
|
||||
" MySQL access is granted", level=DEBUG)
|
||||
return
|
||||
context = {
|
||||
'storage_name': 'mysql',
|
||||
'mysql_db_relation': mysql,
|
||||
|
|
|
@ -43,6 +43,7 @@ class TestHandlers(unittest.TestCase):
|
|||
'render',
|
||||
'unit_private_ip',
|
||||
'application_version_set',
|
||||
'local_unit',
|
||||
]
|
||||
self.patch_all()
|
||||
|
||||
|
@ -139,11 +140,21 @@ class TestHandlers(unittest.TestCase):
|
|||
@patch.object(handlers, 'configure_vault')
|
||||
def test_configure_vault_msql(self, configure_vault):
|
||||
mysql = mock.MagicMock()
|
||||
mysql.allowed_units.return_value = ['vault/0']
|
||||
self.local_unit.return_value = 'vault/0'
|
||||
handlers.configure_vault_mysql(mysql)
|
||||
configure_vault.assert_called_once_with({
|
||||
'storage_name': 'mysql',
|
||||
'mysql_db_relation': mysql})
|
||||
|
||||
@patch.object(handlers, 'configure_vault')
|
||||
def test_configure_vault_msql_noacl(self, configure_vault):
|
||||
mysql = mock.MagicMock()
|
||||
mysql.allowed_units.return_value = ['vault/1']
|
||||
self.local_unit.return_value = 'vault/0'
|
||||
handlers.configure_vault_mysql(mysql)
|
||||
configure_vault.assert_not_called()
|
||||
|
||||
def test_disable_mlock_changed(self):
|
||||
handlers.disable_mlock_changed()
|
||||
self.remove_state.assert_called_once_with('configured')
|
||||
|
|
Loading…
Reference in New Issue