From 73c78a0db3c2a1b89314405bf83540d7b0444509 Mon Sep 17 00:00:00 2001
From: Bartosz Woronicz <bartosz.woronicz@canonical.com>
Date: Tue, 2 Mar 2021 00:33:55 +0100
Subject: [PATCH] add reload and restart action tests for vault

---
 zaza/openstack/charm_tests/vault/tests.py | 54 ++++++++++++++++++++++-
 zaza/openstack/charm_tests/vault/utils.py | 14 ++++++
 2 files changed, 66 insertions(+), 2 deletions(-)

diff --git a/zaza/openstack/charm_tests/vault/tests.py b/zaza/openstack/charm_tests/vault/tests.py
index 68130a0..219291e 100644
--- a/zaza/openstack/charm_tests/vault/tests.py
+++ b/zaza/openstack/charm_tests/vault/tests.py
@@ -244,8 +244,6 @@ class VaultTest(BaseVaultTest):
         Pause service and check services are stopped, then resume and check
         they are started.
         """
-        # Restarting vault process will set it as sealed so it's
-        # important to have the test executed at the end.
         vault_actions = zaza.model.get_actions(
             'vault')
         if 'pause' not in vault_actions or 'resume' not in vault_actions:
@@ -257,6 +255,58 @@ class VaultTest(BaseVaultTest):
         lead_client = vault_utils.extract_lead_unit_client(self.clients)
         self.assertTrue(lead_client.hvac_client.seal_status['sealed'])
 
+    def test_vault_reload(self):
+        """Run reload tests.
+
+        Reload service and check services were restarted
+        by doing simple change in the running config by API.
+        Then confirm that service is not sealed
+        """
+        vault_actions = zaza.model.get_actions(
+            'vault')
+        if 'reload' not in vault_actions:
+            raise unittest.SkipTest("The version of charm-vault tested does "
+                                    "not have reload action")
+
+        lead_client = vault_utils.extract_lead_unit_client(self.clients)
+        running_config = vault_utils.get_running_config(lead_client)
+        value_to_set = not running_config['data']['disable_mlock']
+
+        zaza.model.set_application_config(
+            'vault',
+            {'disable-mlock': str(value_to_set)})
+
+        logging.info("Testing reload")
+        zaza.model.run_action_on_leader(
+            'vault',
+            'reload',
+            action_params={})
+
+        self.assertEqual(
+            value_to_set,
+            vault_utils.get_running_config(lead_client)[
+                'data']['disable_mlock'])
+        self.assertFalse(lead_client.hvac_client.seal_status['sealed'])
+
+    def test_vault_restart(self):
+        """Run pause and resume tests.
+
+        Restart service and check services are started.
+        """
+        vault_actions = zaza.model.get_actions(
+            'vault')
+        if 'restart' not in vault_actions:
+            raise unittest.SkipTest("The version of charm-vault tested does "
+                                    "not have restart action")
+        logging.info("Testing restart")
+        zaza.model.run_action_on_leader(
+            'vault',
+            'restart',
+            action_params={})
+
+        lead_client = vault_utils.extract_lead_unit_client(self.clients)
+        self.assertTrue(lead_client.hvac_client.seal_status['sealed'])
+
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/zaza/openstack/charm_tests/vault/utils.py b/zaza/openstack/charm_tests/vault/utils.py
index 9814243..9098b12 100644
--- a/zaza/openstack/charm_tests/vault/utils.py
+++ b/zaza/openstack/charm_tests/vault/utils.py
@@ -137,6 +137,20 @@ def get_vip_client(cacert=None):
     return client
 
 
+def get_running_config(client):
+    """Get Vault running config.
+
+    :param client: Client to use for initiliasation
+    :type client: CharmVaultClient
+    The hvac library does not support getting info
+    from endpoint /v1/sys/config/state/sanitized
+    Therefore we implement it here
+    """
+    return requests.get(
+        client.hvac_client.adapter.base_uri + '/v1/sys/config/state/sanitized',
+        headers={'X-Vault-Token': client.hvac_client.token}).json()
+
+
 def init_vault(client, shares=1, threshold=1):
     """Initialise vault.