|
15 | 15 | """Encapsulate OVN testing.""" |
16 | 16 |
|
17 | 17 | import logging |
| 18 | +import unittest |
| 19 | +from time import sleep |
18 | 20 |
|
19 | 21 | import juju |
20 | 22 |
|
@@ -1101,3 +1103,46 @@ def test_cluster_downscale(self): |
1101 | 1103 | leader_sb, leader_nb = self._get_server_ids(leader_unit) |
1102 | 1104 | self._remove_unit(leader_unit) |
1103 | 1105 | self._assert_servers_cleanly_removed(leader_sb, leader_nb) |
| 1106 | + |
| 1107 | + |
| 1108 | +class OVNCentralSSLExpireTests(test_utils.BaseCharmTest): |
| 1109 | + """Tests for SSL Expiration and renewal actions.""" |
| 1110 | + |
| 1111 | + def test_check_ssl_expire(self): |
| 1112 | + """Test unit is able to renew a certificate, even if it is expired. |
| 1113 | +
|
| 1114 | + When the cert expires, then the unit should go into blocked state, and |
| 1115 | + a reissue should then be able to update the certificate. |
| 1116 | + """ |
| 1117 | + vault_actions = zaza.model.get_actions("vault") |
| 1118 | + |
| 1119 | + if 'reissue-certificates' not in vault_actions: |
| 1120 | + raise unittest.SkipTest('Action not defined') |
| 1121 | + |
| 1122 | + with self.config_change( |
| 1123 | + {}, |
| 1124 | + {'default-ttl': '1m'}, |
| 1125 | + application_name='vault', |
| 1126 | + reset_to_charm_default=True): |
| 1127 | + zaza.model.run_action_on_leader( |
| 1128 | + 'vault', |
| 1129 | + 'reissue-certificates', |
| 1130 | + action_params={}) |
| 1131 | + |
| 1132 | + for unit in zaza.model.get_units(self.application_name): |
| 1133 | + zaza.model.block_until_unit_wl_message_match( |
| 1134 | + unit.entity_id, |
| 1135 | + '.*certificate verify failed: certificate has expired.*') |
| 1136 | + |
| 1137 | + # Sleeping 10 seconds for the config to be reverted, so that the below |
| 1138 | + # action can be issued. |
| 1139 | + sleep(10) |
| 1140 | + |
| 1141 | + # Now that the certs have expired, and the default-ttl is set back to |
| 1142 | + # default and reissue-certs |
| 1143 | + zaza.model.run_action_on_leader( |
| 1144 | + 'vault', |
| 1145 | + 'reissue-certificates', |
| 1146 | + action_params={}) |
| 1147 | + |
| 1148 | + zaza.model.block_until_all_units_idle() |
0 commit comments