handler: correctly handle vault sealed exception
In situation where the vault service is restarted the service should be unsealed. It apears that some parts of the code do not handle the exception correctly which results the unit to be in an error state. In the code to handle that we check whether the service is well unsealed. If that not the case juju will report the service as blocked asking user to unseal it. Change-Id: I1b4d83eb4c944a98a06cc457f51d0fb9d0b9a6ce Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
This commit is contained in:
parent
77033874d1
commit
fb166e451e
|
@ -734,11 +734,15 @@ def takeover_cert_leadership():
|
|||
'charm.vault.ca.ready',
|
||||
'certificates.available')
|
||||
def publish_ca_info():
|
||||
client = vault.get_client(url=vault.VAULT_LOCALHOST_URL)
|
||||
tls = endpoint_from_flag('certificates.available')
|
||||
tls.set_ca(vault_pki.get_ca())
|
||||
chain = vault_pki.get_chain()
|
||||
if chain:
|
||||
tls.set_chain(chain)
|
||||
if client.is_sealed():
|
||||
log("Unable to publish ca info, service sealed.")
|
||||
else:
|
||||
tls.set_ca(vault_pki.get_ca())
|
||||
chain = vault_pki.get_chain()
|
||||
if chain:
|
||||
tls.set_chain(chain)
|
||||
|
||||
|
||||
@when('leadership.is_leader',
|
||||
|
|
|
@ -723,8 +723,16 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
|||
vault_ca='test-ca'
|
||||
)
|
||||
|
||||
def _set_sealed(self, _vault, status):
|
||||
hvac_client = mock.MagicMock()
|
||||
_vault.get_client.return_value = hvac_client
|
||||
hvac_client.is_sealed.return_value = status
|
||||
|
||||
@mock.patch.object(handlers, 'vault')
|
||||
@mock.patch.object(handlers, 'vault_pki')
|
||||
def test_publish_ca_info(self, vault_pki):
|
||||
def test_publish_ca_info(self, vault_pki, _vault):
|
||||
self._set_sealed(_vault, False)
|
||||
|
||||
tls = self.endpoint_from_flag.return_value
|
||||
vault_pki.get_ca.return_value = 'ca'
|
||||
vault_pki.get_chain.return_value = 'chain'
|
||||
|
@ -732,6 +740,16 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
|
|||
tls.set_ca.assert_called_with('ca')
|
||||
tls.set_chain.assert_called_with('chain')
|
||||
|
||||
@mock.patch.object(handlers, 'vault')
|
||||
@mock.patch.object(handlers, 'vault_pki')
|
||||
def test_publish_ca_info_sealed(self, vault_pki, _vault):
|
||||
self._set_sealed(_vault, True)
|
||||
|
||||
tls = self.endpoint_from_flag.return_value
|
||||
handlers.publish_ca_info()
|
||||
assert not tls.set_ca.called
|
||||
assert not tls.set_chain.called
|
||||
|
||||
@mock.patch.object(handlers, 'vault_pki')
|
||||
def test_publish_global_client_cert_already_gend(self, vault_pki):
|
||||
tls = self.endpoint_from_flag.return_value
|
||||
|
|
Loading…
Reference in New Issue