From a4011def704f724e94cc73b6657a530bc2b2d195 Mon Sep 17 00:00:00 2001 From: David Ames Date: Tue, 12 Mar 2019 08:34:47 -0700 Subject: [PATCH] Don't use unittests --- zaza/charm_tests/vault/setup.py | 64 +++++++++++++++++++++++++++++---- 1 file changed, 57 insertions(+), 7 deletions(-) diff --git a/zaza/charm_tests/vault/setup.py b/zaza/charm_tests/vault/setup.py index 24ca9b5..c00a8b5 100644 --- a/zaza/charm_tests/vault/setup.py +++ b/zaza/charm_tests/vault/setup.py @@ -14,12 +14,16 @@ """Run configuration phase.""" -import unittest +import requests +import tempfile + +import zaza.charm_lifecycle.utils as lifecycle_utils import zaza.charm_tests.vault.utils as vault_utils -import zaza.charm_tests.vault.tests as vault_tests +import zaza.model +import zaza.utilities.cert -def basic_setup(cacert=None): +def basic_setup(cacert=None, unseal_and_authorize=False): """Run basic setup for vault tests. :param cacert: Path to CA cert used for vaults api cert. @@ -40,12 +44,58 @@ def basic_setup(cacert=None): vault_creds = vault_utils.init_vault(unseal_client) vault_utils.store_credentails(vault_creds) + if unseal_and_authorize: + vault_utils.unseal_all(clients, vault_creds['keys'][0]) + vault_utils.auth_all(clients, vault_creds['root_token']) + action = vault_utils.run_charm_authorize( + vault_creds['root_token']) -def auto_inititialize(): + +def auto_inititialize(cacert=None): """Auto initialize vault for testing. - In a stack that includes and relies on certificate in vault initialize + Generating a csr and uploading a signed certificate. + In a stack that includes and relies on certificates in vault initialize vault by unsealing and creating a certificate authority. """ - suite = unittest.TestLoader().loadTestsFromTestCase(vault_tests.VaultTest) - unittest.TextTestRunner(verbosity=2).run(suite) + + basic_setup(cacert=cacert, unseal_and_authorize=True) + + action = vault_utils.run_get_csr() + intermediate_csr = action.data['results']['output'] + (cakey, cacert) = zaza.utilities.cert.generate_cert( + 'DivineAuthority', + generate_ca=True) + intermediate_cert = zaza.utilities.cert.sign_csr( + intermediate_csr, + cakey.decode(), + cacert.decode(), + generate_ca=True) + action = vault_utils.run_upload_signed_csr( + pem=intermediate_cert, + root_ca=cacert, + allowed_domains='openstack.local') + + validate_ca(cacert) + + +def validate_ca(cacert, application="keystone", port=5000): + + vault_creds = vault_utils.get_credentails() + test_config = lifecycle_utils.get_charm_config() + + zaza.model.block_until_file_has_contents( + application, + '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt', + cacert.decode().strip()) + zaza.model.wait_for_application_states( + states=test_config.get('target_deploy_status', {})) + vip = zaza.model.get_application_config(application).get("vip").get("value") + if vip: + ip = vip + else: + ip = zaza.model.get_app_ips(application)[0] + with tempfile.NamedTemporaryFile(mode='w') as fp: + fp.write(cacert.decode()) + fp.flush() + requests.get('https://{}:{}'.format(ip, str(port)), verify=fp.name)