Fix unit tests

canonical · Nov 15, 2024 · bb3f04a · bb3f04a
1 parent 7b4d732
commit bb3f04a
Showing 1 changed file with 48 additions and 28 deletions.
diff --git a/tests/unit/lib/test_opensearch_tls.py b/tests/unit/lib/test_opensearch_tls.py
@@ -83,8 +83,6 @@ class TestOpenSearchTLS(unittest.TestCase):
 
     @patch("charm.OpenSearchOperatorCharm._put_or_update_internal_user_leader")
     def setUp(self, _) -> None:
-        self.skipTest("TODO: remove this skip")
-
         self.harness = Harness(OpenSearchOperatorCharm)
         self.addCleanup(self.harness.cleanup)
         self.rel_id = self.harness.add_network("1.1.1.1", endpoint=PeerRelationName)
@@ -1625,7 +1623,6 @@ def test_on_certificate_available_rotation_ongoing_on_this_unit(
         )
 
         self.harness.set_leader(is_leader=leader)
-        original_status = self.harness.model.unit.status
 
         # This unit is within the process of certificate renewal
         with self.harness.hooks_disabled():
@@ -1635,20 +1632,32 @@ def test_on_certificate_available_rotation_ongoing_on_this_unit(
 
         self.charm.tls._on_certificate_available(self.charm.on.certificate_available)
 
-        # No action taken, no change on status or certificates
-        assert run_cmd.call_count == 0
-        assert self.harness.model.unit.status == original_status
+        # exactly three run_cmd commands to be executed: checking the current CA for the
+        # admin cert, the unit_http cert and the unit_transport cert
         if leader:
-            self.charm.on.certificate_available.defer.assert_called_once()
+            assert run_cmd.call_count == 3
+            assert self.harness.model.unit.status == MaintenanceStatus(
+                "Applying new CA certificate..."
+            )
+            assert self.secret_store.get_object(Scope.APP, CertType.APP_ADMIN.val) == {
+                "csr": csr,
+                "chain": "new_chain",
+                "keystore-password": "keystore_12345",
+                "truststore-password": "truststore_12345",
+                "ca-cert": "new_ca",
+                "cert": "new_cert",
+            }
         else:
-            self.charm.on.certificate_available.defer.assert_not_called()
-        assert self.secret_store.get_object(Scope.APP, CertType.APP_ADMIN.val) == {
-            "csr": csr,
-            "keystore-password": "keystore_12345",
-            "truststore-password": "truststore_12345",
-            "ca-cert": "old_ca_cert",
-            "cert": "old_cert",
-        }
+            # We have scope == Scope.APP, so we will skip the entire logic
+            assert run_cmd.call_count == 0
+            assert self.harness.model.unit.status == MaintenanceStatus("")
+            assert self.secret_store.get_object(Scope.APP, CertType.APP_ADMIN.val) == {
+                "csr": csr,
+                "keystore-password": "keystore_12345",
+                "truststore-password": "truststore_12345",
+                "ca-cert": "old_ca_cert",
+                "cert": "old_cert",
+            }
 
     # Mock to investigate/compare/alter
     @parameterized.expand(
@@ -1723,7 +1732,6 @@ def test_on_certificate_available_rotation_ongoing_on_another_unit(
         )
 
         self.harness.set_leader(is_leader=leader)
-        original_status = self.harness.model.unit.status
 
         # This unit has updated CA certificate
         # but another unit of the cluster is still within the process
@@ -1738,17 +1746,29 @@ def test_on_certificate_available_rotation_ongoing_on_another_unit(
 
         self.charm.tls._on_certificate_available(self.charm.on.certificate_available)
 
-        # No action taken, no change on status or certificates
-        assert run_cmd.call_count == 0
-        assert self.harness.model.unit.status == original_status
+        # exactly three run_cmd commands to be executed: checking the current CA for the
+        # admin cert, the unit_http cert and the unit_transport cert
         if leader:
-            self.charm.on.certificate_available.defer.assert_called_once()
+            assert run_cmd.call_count == 3
+            assert self.harness.model.unit.status == MaintenanceStatus(
+                "Applying new CA certificate..."
+            )
+            assert self.secret_store.get_object(Scope.APP, CertType.APP_ADMIN.val) == {
+                "csr": csr,
+                "chain": "new_chain",
+                "keystore-password": "keystore_12345",
+                "truststore-password": "truststore_12345",
+                "ca-cert": "new_ca",
+                "cert": "new_cert",
+            }
         else:
-            self.charm.on.certificate_available.defer.assert_not_called()
-        assert self.secret_store.get_object(Scope.APP, CertType.APP_ADMIN.val) == {
-            "csr": csr,
-            "keystore-password": "keystore_12345",
-            "truststore-password": "truststore_12345",
-            "ca-cert": "old_ca_cert",
-            "cert": "old_cert",
-        }
+            # We have scope == Scope.APP, so we will skip the entire logic
+            assert run_cmd.call_count == 0
+            assert self.harness.model.unit.status == MaintenanceStatus("")
+            assert self.secret_store.get_object(Scope.APP, CertType.APP_ADMIN.val) == {
+                "csr": csr,
+                "keystore-password": "keystore_12345",
+                "truststore-password": "truststore_12345",
+                "ca-cert": "old_ca_cert",
+                "cert": "old_cert",
+            }