Fix integration test

canonical · Dec 11, 2024 · eca0329 · eca0329
1 parent df0636c
commit eca0329
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 13 deletions.
diff --git a/src/charm.py b/src/charm.py
@@ -506,19 +506,19 @@ def _configure(self, _):  # noqa: C901
             return
         if not self._bind_address:
             return
-        if not self.unit.is_leader():
+        if not self.juju_facade.is_leader:
             if len(self._other_peer_node_api_addresses()) == 0:
                 return
             if not self.tls.ca_certificate_is_saved():
                 return
         self._generate_vault_config_file()
         self._start_vault_service()
         self._set_peer_relation_node_api_address()
-        self._configure_pki_secrets_engine()
 
         vault = self._get_active_vault_client()
         if not vault:
             return
+        self._configure_pki_secrets_engine(vault)
         self._sync_vault_autounseal(vault)
         self._sync_vault_kv(vault)
         self._sync_vault_pki()
@@ -994,15 +994,11 @@ def _sync_vault_pki(self) -> None:
                 requirer_csr=pki_request,
             )
 
-    def _configure_pki_secrets_engine(self) -> None:  # noqa: C901
+    def _configure_pki_secrets_engine(self, vault: VaultClient) -> None:  # noqa: C901
         """Configure the PKI secrets engine."""
         if not self.unit.is_leader():
             logger.debug("Only leader unit can handle a vault-pki certificate request, skipping")
             return
-        vault = self._get_active_vault_client()
-        if not vault:
-            logger.debug("Vault is not ready to handle a vault-pki certificate request, skipping")
-            return
         if not self.juju_facade.relation_exists(TLS_CERTIFICATES_PKI_RELATION_NAME):
             logger.debug("TLS Certificates PKI relation not created, skipping")
             return

diff --git a/tests/integration/helpers.py b/tests/integration/helpers.py
@@ -227,14 +227,17 @@ async def deploy_vault(ops_test: OpsTest, charm_path, num_vaults) -> None:
     await deploy_if_not_exists(ops_test.model, APP_NAME, charm_path, num_units=num_vaults)
 
 
-async def deploy_vault_and_wait(ops_test: OpsTest, charm_path, num_units) -> None:
+async def deploy_vault_and_wait(
+    ops_test: OpsTest, charm_path, num_units, status: str | None = None
+) -> None:
     await deploy_vault(ops_test, charm_path, num_units)
-    async with ops_test.fast_forward():
+    async with ops_test.fast_forward(fast_interval="60s"):
         assert ops_test.model
         await ops_test.model.wait_for_idle(
             apps=[APP_NAME],
             wait_for_at_least_units=num_units,
             timeout=1000,
+            status=status,
         )
 
 

diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py
@@ -69,6 +69,17 @@ async def vault_idle(ops_test: OpsTest, request, vault_charm_path) -> Task:
     return create_task(deploy_vault_and_wait(ops_test, vault_charm_path, NUM_VAULT_UNITS))
 
 
+@pytest.fixture(scope="function")
+async def vault_idle_blocked(ops_test: OpsTest, request, vault_charm_path) -> Task:
+    """Deploy the Vault charm, and wait for it to be blocked.
+
+    This is the default state of Vault.
+    """
+    return create_task(
+        deploy_vault_and_wait(ops_test, vault_charm_path, NUM_VAULT_UNITS, status="blocked")
+    )
+
+
 @pytest.fixture(scope="function")
 async def vault_initialized(ops_test: OpsTest, vault_idle: Task) -> Task:
     async def deploy_and_initialize():
@@ -377,21 +388,21 @@ async def test_deploy_all_the_things(
 
 
 @pytest.mark.abort_on_fail
-async def test_given_charm_deployed_then_status_blocked(ops_test: OpsTest, vault_idle: Task):
+async def test_given_charm_deployed_then_status_blocked(ops_test: OpsTest, vault_idle_blocked: Task):
     assert ops_test.model
-    await vault_idle
+    await vault_idle_blocked
 
     vault_app = get_app(ops_test.model)
     assert vault_app.status == "blocked"
 
 
 @pytest.mark.abort_on_fail
 async def test_given_certificates_provider_is_related_when_vault_status_checked_then_vault_returns_200_or_429(  # noqa: E501
-    ops_test: OpsTest, vault_idle: Task, self_signed_certificates_idle: Task
+    ops_test: OpsTest, vault_idle_blocked: Task, self_signed_certificates_idle: Task
 ):
     """To test that Vault is actually running when the charm is active."""
     assert ops_test.model
-    await gather(vault_idle, self_signed_certificates_idle)
+    await gather(vault_idle_blocked, self_signed_certificates_idle)
 
     await ops_test.model.integrate(
         relation1=f"{SELF_SIGNED_CERTIFICATES_APPLICATION_NAME}:certificates",