Skip to content

Commit

Permalink
vault: Allow consecutive invocations of auto_initialize
Browse files Browse the repository at this point in the history
The vault charm will expect the ``force`` parameter to be set to
'true' on consecutive runs of the ``get-csr`` or
``regenerate-intermediate-ca`` actions.
  • Loading branch information
fnordahl committed Jan 2, 2024
1 parent 96f64e1 commit 4afc0cc
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 2 deletions.
4 changes: 4 additions & 0 deletions zaza/openstack/charm_tests/vault/setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,10 @@ def auto_initialize(cacert=None, validation_application='keystone', wait=True,
basic_setup(cacert=cacert, unseal_and_authorize=True)

action = vault_utils.run_get_csr()
if 'output' not in action.data['results']:
logging.warning("Running 'get-csr' action with force, "
"vault already initialized?")
action = vault_utils.run_get_csr(force=True)
intermediate_csr = action.data['results']['output']
(cakey, cacertificate) = zaza.openstack.utilities.cert.generate_cert(
'DivineAuthority',
Expand Down
9 changes: 7 additions & 2 deletions zaza/openstack/charm_tests/vault/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -474,18 +474,23 @@ def run_charm_authorize(token):
action_params={'token': token})


def run_get_csr():
def run_get_csr(force=None):
"""Retrieve CSR from vault.
Run vault charm action to retrieve CSR from vault.
:param force: Force regeneration of intermediate ca.
:type force: Optional[bool]
:returns: Action object
:rtype: juju.action.Action
"""
action_params = {}
if force is not None:
action_params.update({'force': force})
return zaza.model.run_action_on_leader(
'vault',
'get-csr',
action_params={})
action_params=action_params)


def run_upload_signed_csr(pem, root_ca, allowed_domains):
Expand Down

0 comments on commit 4afc0cc

Please sign in to comment.