handler: fix publish_ca_info when unit is paused

If the service is paused we should pass on executing this function. Change-Id: Iab86101a6b9bf2647ea852c01bb47bee47661c4f Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
2019-11-20 11:06:40 +00:00 · 2019-11-20 11:06:40 +00:00 · c982239239
parent 45890b14d0
commit c982239239
2 changed files with 17 additions and 0 deletions
--- a/src/reactive/vault_handlers.py
+++ b/src/reactive/vault_handlers.py
@ -14,6 +14,10 @@ from charmhelpers.contrib.charmsupport.nrpe import (
    get_nagios_unit_name,
 )

+from charmhelpers.contrib.openstack.utils import (
+    is_unit_paused_set,
+)
+
 from charmhelpers.core.hookenv import (
    DEBUG,
    ERROR,
@ -736,6 +740,10 @@ def takeover_cert_leadership():
      'charm.vault.ca.ready',
      'certificates.available')
 def publish_ca_info():
+    if is_unit_paused_set():
+        log("The Vault unit is paused, passing on publishing ca info.")
+        return
+    # TODO(sahid): Add check when service is not running
    client = vault.get_client(url=vault.VAULT_LOCALHOST_URL)
    tls = endpoint_from_flag('certificates.available')
    if client.is_sealed():
--- a/unit_tests/test_reactive_vault_handlers.py
+++ b/unit_tests/test_reactive_vault_handlers.py
@ -71,6 +71,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
            'clear_flag',
            'is_container',
            'unitdata',
+            'is_unit_paused_set',
        ]
        self.patch_all()
        self.is_container.return_value = False
@ -731,6 +732,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
    @mock.patch.object(handlers, 'vault')
    @mock.patch.object(handlers, 'vault_pki')
    def test_publish_ca_info(self, vault_pki, _vault):
+        self.is_unit_paused_set.return_value = False
        self._set_sealed(_vault, False)

        tls = self.endpoint_from_flag.return_value
@ -743,6 +745,7 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
    @mock.patch.object(handlers, 'vault')
    @mock.patch.object(handlers, 'vault_pki')
    def test_publish_ca_info_sealed(self, vault_pki, _vault):
+        self.is_unit_paused_set.return_value = False
        self._set_sealed(_vault, True)

        tls = self.endpoint_from_flag.return_value
@ -750,6 +753,12 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
        assert not tls.set_ca.called
        assert not tls.set_chain.called

+    @mock.patch.object(handlers, 'vault')
+    def test_publish_ca_info_paused(self, _vault):
+        self.is_unit_paused_set.return_value = True
+        handlers.publish_ca_info()
+        assert not _vault.get_client.called
+
    @mock.patch.object(handlers, 'vault_pki')
    def test_publish_global_client_cert_already_gend(self, vault_pki):
        tls = self.endpoint_from_flag.return_value