Add zaza tests for cert renewals for ovn-central

2025-12-15 13:36:35 +00:00
parent fb477bbc77
commit 3f86a15b38
1 changed files with 53 additions and 0 deletions
--- a/zaza/openstack/charm_tests/ovn/tests.py
+++ b/zaza/openstack/charm_tests/ovn/tests.py
@@ -15,6 +15,8 @@
 """Encapsulate OVN testing."""

 import logging
+import unittest
+import time

 import juju

@@ -1101,3 +1103,54 @@ class OVNCentralDownscaleTests(test_utils.BaseCharmTest):
        leader_sb, leader_nb = self._get_server_ids(leader_unit)
        self._remove_unit(leader_unit)
        self._assert_servers_cleanly_removed(leader_sb, leader_nb)
+
+
+class OVNCentralSSLExpireTests(test_utils.BaseCharmTest):
+    """Tests for SSL Expiration and renewal actions."""
+
+    def test_check_ssl_expire(self):
+        """Test unit is able to renew a certificate, even if it is expired.
+
+        When the cert expires, then the unit should go into blocked state, and
+        a reissue should then be able to update the certificate.
+        """
+        vault_actions = zaza.model.get_actions("vault")
+
+        if 'reissue-certificates' not in vault_actions:
+            raise unittest.SkipTest('Action not defined')
+
+        with self.config_change(
+                {},
+                {'default-ttl': '1h'},
+                application_name='vault',
+                reset_to_charm_default=True):
+            with self.config_change(
+                    {'default-ttl': '1h'},
+                    {'default-ttl': '1m'},
+                    application_name='vault'):
+                zaza.model.run_action_on_leader(
+                    'vault',
+                    'reissue-certificates',
+                    action_params={})
+
+                for unit in zaza.model.get_units(self.application_name):
+                    zaza.model.block_until_unit_wl_message_match(
+                        unit.entity_id,
+                        '.*certificate verify failed: certificate has '
+                        'expired.*')
+
+            logging.info("Certificate now expired on all ovn-central Units")
+            logging.info("Sleeping 30s ...")
+
+            time.sleep(30)
+
+            logging.info("Issuing reissue-certificates on vault unit ...")
+            zaza.model.run_action_on_leader(
+                'vault',
+                'reissue-certificates',
+                action_params={})
+
+            for unit in zaza.model.get_units(self.application_name):
+                zaza.model.block_until_unit_wl_message_match(
+                    unit.entity_id,
+                    'Unit is ready.*')