Check MySQL ACL before use

Ensure that the local vault unit has been granted access to
the MySQL vault database before trying to configure vault to
actually use it.

The MySQL charms provide a list of units which have been
granted access using the 'allowed_units' function on the
mysql-shared interface.

Change-Id: I4c1a7f559fcf6279a537770e76d92c01d33ced99
This commit is contained in:
James Page 2018-04-18 14:55:42 +01:00
parent ef2e3655e4
commit c143ac761d
2 changed files with 16 additions and 0 deletions

View File

@ -21,6 +21,7 @@ from charmhelpers.core.hookenv import (
unit_private_ip,
application_version_set,
atexit,
local_unit,
)
from charmhelpers.core.host import (
@ -173,6 +174,10 @@ def configure_vault_psql(psql):
@when('shared-db.available')
@when('vault.ssl.configured')
def configure_vault_mysql(mysql):
if local_unit() not in mysql.allowed_units():
log("Deferring vault configuration until"
" MySQL access is granted", level=DEBUG)
return
context = {
'storage_name': 'mysql',
'mysql_db_relation': mysql,

View File

@ -43,6 +43,7 @@ class TestHandlers(unittest.TestCase):
'render',
'unit_private_ip',
'application_version_set',
'local_unit',
]
self.patch_all()
@ -139,11 +140,21 @@ class TestHandlers(unittest.TestCase):
@patch.object(handlers, 'configure_vault')
def test_configure_vault_msql(self, configure_vault):
mysql = mock.MagicMock()
mysql.allowed_units.return_value = ['vault/0']
self.local_unit.return_value = 'vault/0'
handlers.configure_vault_mysql(mysql)
configure_vault.assert_called_once_with({
'storage_name': 'mysql',
'mysql_db_relation': mysql})
@patch.object(handlers, 'configure_vault')
def test_configure_vault_msql_noacl(self, configure_vault):
mysql = mock.MagicMock()
mysql.allowed_units.return_value = ['vault/1']
self.local_unit.return_value = 'vault/0'
handlers.configure_vault_mysql(mysql)
configure_vault.assert_not_called()
def test_disable_mlock_changed(self):
handlers.disable_mlock_changed()
self.remove_state.assert_called_once_with('configured')