From 83982a7aec3da7813d0e4c8897d2ed4342d5f7cf Mon Sep 17 00:00:00 2001
From: Liam Young <liam.young@canonical.com>
Date: Mon, 3 Feb 2020 13:39:17 +0000
Subject: [PATCH] Add unseal function for mojo use.

* Add an unseal function for mojo to use.
* Switch mojo to use new function after series upgrade reboot.
* Add fallback if vip client is unavailable (the case if all
  hacluster units are paused for series upgrade).
---
 .../charm_tests/series_upgrade/tests.py        |  2 +-
 zaza/openstack/charm_tests/vault/setup.py      | 18 ++++++++++++++++++
 zaza/openstack/charm_tests/vault/utils.py      |  4 ++++
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/zaza/openstack/charm_tests/series_upgrade/tests.py b/zaza/openstack/charm_tests/series_upgrade/tests.py
index fa5257c..ab82b0d 100644
--- a/zaza/openstack/charm_tests/series_upgrade/tests.py
+++ b/zaza/openstack/charm_tests/series_upgrade/tests.py
@@ -85,7 +85,7 @@ class SeriesUpgradeTest(unittest.TestCase):
             if "vault" in applications[application]["charm"]:
                 post_upgrade_functions = [
                     ('zaza.openstack.charm_tests.vault.setup.'
-                     'basic_setup_and_unseal')]
+                     'basic_unseal_mojo_cacert')]
             if ("mongodb" in applications[application]["charm"] or
                     "vault" in applications[application]["charm"]):
                 # Mongodb and vault need to run series upgrade
diff --git a/zaza/openstack/charm_tests/vault/setup.py b/zaza/openstack/charm_tests/vault/setup.py
index 952bbcd..47623cd 100644
--- a/zaza/openstack/charm_tests/vault/setup.py
+++ b/zaza/openstack/charm_tests/vault/setup.py
@@ -15,6 +15,7 @@
 """Run configuration phase."""
 
 import functools
+import os
 import requests
 import tempfile
 
@@ -51,6 +52,23 @@ def basic_setup_and_unseal(cacert=None):
         zaza.model.run_on_unit(unit.name, './hooks/update-status')
 
 
+def basic_unseal_mojo_cacert():
+    """Unseal Vault and search for cacert to use.
+
+    This is designed to be used from a mojo spec where certs are stored in the
+    $MOJO_LOCAL directory.
+    """
+    try:
+        cert_dir = os.environ['MOJO_LOCAL']
+    except KeyError:
+        raise Exception("Could not find cacert.pem, MOJO_LOCAL unset")
+    cacert = os.path.join(cert_dir, 'cacert.pem')
+    if os.path.exists(cacert):
+        basic_setup_and_unseal(cacert=cacert)
+    else:
+        raise Exception("Could not find cacert.pem")
+
+
 def auto_initialize(cacert=None, validation_application='keystone'):
     """Auto initialize vault for testing.
 
diff --git a/zaza/openstack/charm_tests/vault/utils.py b/zaza/openstack/charm_tests/vault/utils.py
index b6f4cf5..c0ac82e 100644
--- a/zaza/openstack/charm_tests/vault/utils.py
+++ b/zaza/openstack/charm_tests/vault/utils.py
@@ -55,6 +55,10 @@ class VaultFacade:
         self.vip_client = get_vip_client(cacert=cacert)
         if self.vip_client:
             self.unseal_client = self.vip_client
+            try:
+                self.unseal_client.hvac_client.is_initialized()
+            except requests.exceptions.ConnectionError:
+                self.unseal_client = self.clients[0]
         else:
             self.unseal_client = self.clients[0]
         self.initialized = is_initialized(self.unseal_client)