From debd7ec645a83389d03027f3b2782fc8b67d9bbe Mon Sep 17 00:00:00 2001 From: Liam Young Date: Wed, 11 Jul 2018 12:47:24 +0000 Subject: [PATCH] Support vault api behind https --- zaza/charm_tests/vault/setup.py | 12 ++++++++---- zaza/charm_tests/vault/utils.py | 24 +++++++++++++++++------- zaza/utilities/openstack.py | 2 +- 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/zaza/charm_tests/vault/setup.py b/zaza/charm_tests/vault/setup.py index 6fe8ce5..60c5a57 100644 --- a/zaza/charm_tests/vault/setup.py +++ b/zaza/charm_tests/vault/setup.py @@ -3,10 +3,14 @@ import zaza.charm_tests.vault.utils as vault_utils -def basic_setup(): - """Run basic setup for vault tests.""" - clients = vault_utils.get_clients() - vip_client = vault_utils.get_vip_client() +def basic_setup(cacert=None): + """Run basic setup for vault tests. + + :param cacert: Path to CA cert used for vaults api cert. + :type cacert: str + """ + clients = vault_utils.get_clients(cacert=cacert) + vip_client = vault_utils.get_vip_client(cacert=cacert) if vip_client: unseal_client = vip_client else: diff --git a/zaza/charm_tests/vault/utils.py b/zaza/charm_tests/vault/utils.py index a1f936b..d744863 100644 --- a/zaza/charm_tests/vault/utils.py +++ b/zaza/charm_tests/vault/utils.py @@ -26,23 +26,31 @@ def get_unit_api_url(ip): :returns: URL :rtype: atr """ - return 'http://{}:8200'.format(ip) + vault_config = zaza.model.get_application_config('vault') + transport = 'http' + if vault_config['ssl-cert']['value']: + transport = 'https' + return '{}://{}:8200'.format(transport, ip) -def get_hvac_client(vault_url): +def get_hvac_client(vault_url, cacert=None): """Return an hvac client for the given URL. :param vault_url: Vault url to point client at :type vault_url: str + :param cacert: Path to CA cert used for vaults api cert. + :type cacert: str :returns: hvac client for given url :rtype: hvac.Client """ - return hvac.Client(url=vault_url) + return hvac.Client(url=vault_url, verify=cacert) -def get_vip_client(): +def get_vip_client(cacert=None): """Return CharmVaultClient for the vip if a vip is being used. + :param cacert: Path to CA cert used for vaults api cert. + :type cacert: str :returns: CharmVaultClient :rtype: CharmVaultClient or None """ @@ -52,7 +60,7 @@ def get_vip_client(): if vip: client = CharmVaultClient( vip, - get_hvac_client(get_unit_api_url(vip)), + get_hvac_client(get_unit_api_url(vip), cacert=cacert), True) return client @@ -72,11 +80,13 @@ def init_vault(client, shares=1, threshold=1): return client.hvac_client.initialize(shares, threshold) -def get_clients(units=None): +def get_clients(units=None, cacert=None): """Create a list of clients, one per vault server. :param units: List of IP addresses of vault endpoints :type units: [str, str, ...] + :param cacert: Path to CA cert used for vaults api cert. + :type cacert: str :returns: List of CharmVaultClients :rtype: [CharmVaultClient, ...] """ @@ -87,7 +97,7 @@ def get_clients(units=None): vault_url = get_unit_api_url(unit) clients.append(CharmVaultClient( unit, - get_hvac_client(vault_url), + get_hvac_client(vault_url, cacert=cacert), False)) return clients diff --git a/zaza/utilities/openstack.py b/zaza/utilities/openstack.py index 4e1c6b6..36d7883 100644 --- a/zaza/utilities/openstack.py +++ b/zaza/utilities/openstack.py @@ -1218,7 +1218,7 @@ def get_overcloud_auth(): :rtype: dict """ tls_rid = model.get_relation_id('keystone', 'vault', - remote_interface_name='tls-certificates') + remote_interface_name='certificates') ssl_config = get_application_config_option('keystone', 'ssl_cert') if tls_rid or ssl_config: transport = 'https'