In the MySQL test we destroy a unit and then attempt to remove it from
metadata. The metadata removal (remove_instance action) gets stuck when it is
started while the destroyed unit has not been entirely removed and is still
running MySQL.
Wait for all the units to have cluster incomplete workload status message
before attempting the remove_instance.
This will allow security checks to be logically separate from other
functional tests, and adhere to a similar design pattern that is
used in other charm tests (see nova [0]) for an example. It will also
highight which security checks are currently passing, and which are not.
[0] 35840a66d6/zaza/openstack/charm_tests/nova/tests.py (L485-L529)
Partial-Bug: #1883196
The current approach of storing the deployment CA certificate in
the 'test/' relative path does not allow for executing tests for
multiple targets from the same environment.
We have previously moved (7a90110) the local copy of the SSH
private key for similar reasons.
Remove the global constants as we cannot build them without making
function calls, and we'd rather avoid doing that at module import
time. Code using the location of the local CA certificate has
already been changed to use helper functions.
8681b023 changed the signature of _login but did not update the
policyd test. This was not immediately picked up because the
policyd test is skipped before groovy due to Bug #1880959
Closes-Bug: #1911923
The current test expects Nova to never have TLS connections, let's
expect them to be there whenever vault is present.
Remove the 'is-volume-encryption-enabled' assertion as it is not
a property of the Nova security checks. This was previously masked
by the fact that action would always fail due to TLS tests not
being enabled for any bundles.
When on MAAS support doing charm based configuration of OVS by
retrieving MAC address of ports attached to external network
from MAAS.
Note that we should extend the MAAS support to also work with
deployments where MAAS does the OVS configuration for us.
The function does three separate things today, and two of its
tasks are useful for other provider types such as MAAS.
Also fix create_additional_port_for_machines idempotency.
We previously added a run time assertion to fail early when
attempting to configure networking for an invalid bundle. The
check had the side effect of prohibiting subsequent runs on
already configured models.
