diff --git a/zaza/openstack/charm_tests/vault/setup.py b/zaza/openstack/charm_tests/vault/setup.py index 05e8cc547..74b14ec63 100644 --- a/zaza/openstack/charm_tests/vault/setup.py +++ b/zaza/openstack/charm_tests/vault/setup.py @@ -162,6 +162,10 @@ def auto_initialize(cacert=None, validation_application='keystone', wait=True, basic_setup(cacert=cacert, unseal_and_authorize=True) action = vault_utils.run_get_csr() + if 'output' not in action.data['results']: + logging.warning("Running 'get-csr' action with force, " + "vault already initialized?") + action = vault_utils.run_get_csr(force=True) intermediate_csr = action.data['results']['output'] (cakey, cacertificate) = zaza.openstack.utilities.cert.generate_cert( 'DivineAuthority', diff --git a/zaza/openstack/charm_tests/vault/utils.py b/zaza/openstack/charm_tests/vault/utils.py index 72cbac413..464095708 100644 --- a/zaza/openstack/charm_tests/vault/utils.py +++ b/zaza/openstack/charm_tests/vault/utils.py @@ -474,18 +474,23 @@ def run_charm_authorize(token): action_params={'token': token}) -def run_get_csr(): +def run_get_csr(force=None): """Retrieve CSR from vault. Run vault charm action to retrieve CSR from vault. + :param force: Force regeneration of intermediate ca. + :type force: Optional[bool] :returns: Action object :rtype: juju.action.Action """ + action_params={} + if force is not None: + action_params.update({'force': force}) return zaza.model.run_action_on_leader( 'vault', 'get-csr', - action_params={}) + action_params=action_params) def run_upload_signed_csr(pem, root_ca, allowed_domains): diff --git a/zaza/openstack/utilities/openstack.py b/zaza/openstack/utilities/openstack.py index 540b9a3c1..99daefa5b 100644 --- a/zaza/openstack/utilities/openstack.py +++ b/zaza/openstack/utilities/openstack.py @@ -237,8 +237,15 @@ async def _check_ca_present(model, ca_files): for ca_file in ca_files: for unit in units: try: - output = await unit.run('cat {}'.format(ca_file)) - contents = output.data.get('results').get('Stdout', '') + action = await unit.run('cat {}'.format(ca_file)) + action = await action.wait() + # NOTE(fnordahl): yes, this is a call to a private + # function, and to be pragmatic we are already + # mocking about under the hood in this function, so let's + # just make it work. + results = zaza.model._normalise_action_results( + getattr(action, 'results', action.data.get('results'))) + contents = results.get('stdout', '') if ca_cert not in contents: break # libjuju throws a generic error for connection failure. So we