From 5ba8f4ccae990b7855800ea73e8b2c96ca3a8704 Mon Sep 17 00:00:00 2001
From: Frode Nordahl <frode.nordahl@canonical.com>
Date: Sun, 31 Dec 2023 07:13:21 +0100
Subject: [PATCH] vault: Allow consecutive invocations of auto_initialize

The vault charm will expect the ``force`` parameter to be set to
'true' on consecutive runs of the ``get-csr`` or
``regenerate-intermediate-ca`` actions.
---
 zaza/openstack/charm_tests/vault/setup.py | 4 ++++
 zaza/openstack/charm_tests/vault/utils.py | 9 +++++++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/zaza/openstack/charm_tests/vault/setup.py b/zaza/openstack/charm_tests/vault/setup.py
index 05e8cc547..74b14ec63 100644
--- a/zaza/openstack/charm_tests/vault/setup.py
+++ b/zaza/openstack/charm_tests/vault/setup.py
@@ -162,6 +162,10 @@ def auto_initialize(cacert=None, validation_application='keystone', wait=True,
     basic_setup(cacert=cacert, unseal_and_authorize=True)
 
     action = vault_utils.run_get_csr()
+    if 'output' not in action.data['results']:
+        logging.warning("Running 'get-csr' action with force, "
+                        "vault already initialized?")
+        action = vault_utils.run_get_csr(force=True)
     intermediate_csr = action.data['results']['output']
     (cakey, cacertificate) = zaza.openstack.utilities.cert.generate_cert(
         'DivineAuthority',
diff --git a/zaza/openstack/charm_tests/vault/utils.py b/zaza/openstack/charm_tests/vault/utils.py
index 72cbac413..61f590866 100644
--- a/zaza/openstack/charm_tests/vault/utils.py
+++ b/zaza/openstack/charm_tests/vault/utils.py
@@ -474,18 +474,23 @@ def run_charm_authorize(token):
         action_params={'token': token})
 
 
-def run_get_csr():
+def run_get_csr(force=None):
     """Retrieve CSR from vault.
 
     Run vault charm action to retrieve CSR from vault.
 
+    :param force: Force regeneration of intermediate ca.
+    :type force: Optional[bool]
     :returns: Action object
     :rtype: juju.action.Action
     """
+    action_params = {}
+    if force is not None:
+        action_params.update({'force': force})
     return zaza.model.run_action_on_leader(
         'vault',
         'get-csr',
-        action_params={})
+        action_params=action_params)
 
 
 def run_upload_signed_csr(pem, root_ca, allowed_domains):