Merge pull request #98 from gnuoy/refactor-vault-unseal-code

Facade for vault & basic_setup_and_unseal
2019-10-14 10:46:36 +01:00
parent d29a1fdadd 79a149bfc5
commit 6b27d77f4c
2 changed files with 71 additions and 19 deletions
--- a/zaza/openstack/charm_tests/vault/setup.py
+++ b/zaza/openstack/charm_tests/vault/setup.py
@@ -33,26 +33,22 @@ def basic_setup(cacert=None, unseal_and_authorize=False):
    :param unseal_and_authorize: Whether to unseal and authorize vault.
    :type unseal_and_authorize: bool
    """
-    clients = vault_utils.get_clients(cacert=cacert)
-    vip_client = vault_utils.get_vip_client(cacert=cacert)
-    if vip_client:
-        unseal_client = vip_client
-    else:
-        unseal_client = clients[0]
-    initialized = vault_utils.is_initialized(unseal_client)
-    # The credentials are written to a file to allow the tests to be re-run
-    # this is mainly useful for manually working on the tests.
-    if initialized:
-        vault_creds = vault_utils.get_credentails()
-    else:
-        vault_creds = vault_utils.init_vault(unseal_client)
-        vault_utils.store_credentails(vault_creds)
-
-    # For use by charms or bundles other than vault
+    vault_svc = vault_utils.VaultFacade(cacert=cacert)
    if unseal_and_authorize:
-        vault_utils.unseal_all(clients, vault_creds['keys'][0])
-        vault_utils.auth_all(clients, vault_creds['root_token'])
-        vault_utils.run_charm_authorize(vault_creds['root_token'])
+        vault_svc.unseal()
+        vault_svc.authorize()
+
+
+def basic_setup_and_unseal(cacert=None):
+    """Initialize (if needed) and unseal vault.
+
+    :param cacert: Path to CA cert used for vaults api cert.
+    :type cacert: str
+    """
+    vault_svc = vault_utils.VaultFacade(cacert=cacert)
+    vault_svc.unseal()
+    for unit in zaza.model.get_units('vault'):
+        zaza.model.run_on_unit(unit.name, './hooks/update-status')


 def auto_initialize(cacert=None, validation_application='keystone'):
--- a/zaza/openstack/charm_tests/vault/utils.py
+++ b/zaza/openstack/charm_tests/vault/utils.py
@@ -33,6 +33,62 @@ CharmVaultClient = collections.namedtuple(
    'CharmVaultClient', ['addr', 'hvac_client', 'vip_client'])


+class VaultFacade:
+    """Provide a facade for interacting with vault.
+
+    For example to setup new vault deployment::
+
+        vault_svc = VaultFacade()
+        vault_svc.unseal()
+        vault_svc.authorize()
+    """
+
+    def __init__(self, cacert=None, initialize=True):
+        """Create a facade for interacting with vault.
+
+        :param cacert: Path to CA cert used for vaults api cert.
+        :type cacert: str
+        :param initialize: Whether to initialize vault.
+        :type initialize: bool
+        """
+        self.clients = get_clients(cacert=cacert)
+        self.vip_client = get_vip_client(cacert=cacert)
+        if self.vip_client:
+            self.unseal_client = self.vip_client
+        else:
+            self.unseal_client = self.clients[0]
+        self.initialized = is_initialized(self.unseal_client)
+        if initialize:
+            self.initialize()
+
+    @property
+    def is_initialized(self):
+        """Check if vault is initialized."""
+        return self.initialized
+
+    def initialize(self):
+        """Initialise vault and store resulting credentials."""
+        if self.is_initialized:
+            self.vault_creds = get_credentails()
+        else:
+            self.vault_creds = init_vault(self.unseal_client)
+            store_credentails(self.vault_creds)
+        self.initialized = is_initialized(self.unseal_client)
+
+    def unseal(self):
+        """Unseal all the vaults clients."""
+        unseal_all(self.clients, self.vault_creds['keys'][0])
+
+    def authorize(self):
+        """Authorize charm to perfom certain actions.
+
+        Run vault charm action to authorize the charm to perform a limited
+        set of calls against the vault API.
+        """
+        auth_all(self.clients, self.vault_creds['root_token'])
+        run_charm_authorize(self.vault_creds['root_token'])
+
+
 def get_unit_api_url(ip):
    """Return URL for api access.