Add unseal function for mojo use.

* Add an unseal function for mojo to use.
* Switch mojo to use new function after series upgrade reboot.
* Add fallback if vip client is unavailable (the case if all
  hacluster units are paused for series upgrade).

zaza/openstack/charm_tests/series_upgrade/tests.py

@@ -85,7 +85,7 @@ class SeriesUpgradeTest(unittest.TestCase):
             if "vault" in applications[application]["charm"]:
                 post_upgrade_functions = [
                     ('zaza.openstack.charm_tests.vault.setup.'
-                     'basic_setup_and_unseal')]
+                     'basic_unseal_mojo_cacert')]
             if ("mongodb" in applications[application]["charm"] or
                     "vault" in applications[application]["charm"]):
                 # Mongodb and vault need to run series upgrade

zaza/openstack/charm_tests/vault/setup.py

@@ -15,6 +15,7 @@
 """Run configuration phase."""
 
 import functools
+import os
 import requests
 import tempfile
 
@@ -51,6 +52,23 @@ def basic_setup_and_unseal(cacert=None):
         zaza.model.run_on_unit(unit.name, './hooks/update-status')
 
 
+def basic_unseal_mojo_cacert():
+    """Unseal Vault and search for cacert to use.
+
+    This is designed to be used from a mojo spec where certs are stored in the
+    $MOJO_LOCAL directory.
+    """
+    try:
+        cert_dir = os.environ['MOJO_LOCAL']
+    except KeyError:
+        raise Exception("Could not find cacert.pem, MOJO_LOCAL unset")
+    cacert = os.path.join(cert_dir, 'cacert.pem')
+    if os.path.exists(cacert):
+        basic_setup_and_unseal(cacert=cacert)
+    else:
+        raise Exception("Could not find cacert.pem")
+
+
 def auto_initialize(cacert=None, validation_application='keystone'):
     """Auto initialize vault for testing.
 

zaza/openstack/charm_tests/vault/utils.py

@@ -55,6 +55,10 @@ class VaultFacade:
         self.vip_client = get_vip_client(cacert=cacert)
         if self.vip_client:
             self.unseal_client = self.vip_client
+            try:
+                self.unseal_client.hvac_client.is_initialized()
+            except requests.exceptions.ConnectionError:
+                self.unseal_client = self.clients[0]
         else:
             self.unseal_client = self.clients[0]
         self.initialized = is_initialized(self.unseal_client)