diff --git a/zaza/openstack/charm_tests/vault/setup.py b/zaza/openstack/charm_tests/vault/setup.py index 05e8cc547..74b14ec63 100644 --- a/zaza/openstack/charm_tests/vault/setup.py +++ b/zaza/openstack/charm_tests/vault/setup.py @@ -162,6 +162,10 @@ def auto_initialize(cacert=None, validation_application='keystone', wait=True, basic_setup(cacert=cacert, unseal_and_authorize=True) action = vault_utils.run_get_csr() + if 'output' not in action.data['results']: + logging.warning("Running 'get-csr' action with force, " + "vault already initialized?") + action = vault_utils.run_get_csr(force=True) intermediate_csr = action.data['results']['output'] (cakey, cacertificate) = zaza.openstack.utilities.cert.generate_cert( 'DivineAuthority', diff --git a/zaza/openstack/charm_tests/vault/utils.py b/zaza/openstack/charm_tests/vault/utils.py index 72cbac413..61f590866 100644 --- a/zaza/openstack/charm_tests/vault/utils.py +++ b/zaza/openstack/charm_tests/vault/utils.py @@ -474,18 +474,23 @@ def run_charm_authorize(token): action_params={'token': token}) -def run_get_csr(): +def run_get_csr(force=None): """Retrieve CSR from vault. Run vault charm action to retrieve CSR from vault. + :param force: Force regeneration of intermediate ca. + :type force: Optional[bool] :returns: Action object :rtype: juju.action.Action """ + action_params = {} + if force is not None: + action_params.update({'force': force}) return zaza.model.run_action_on_leader( 'vault', 'get-csr', - action_params={}) + action_params=action_params) def run_upload_signed_csr(pem, root_ca, allowed_domains):