refactor: replace harness with scenario for unit testing (TLS Access) (…

…#459)

Signed-off-by: guillaume <[email protected]>

lib/charms/vault_k8s/v0/vault_tls.py

@@ -202,7 +202,6 @@ def configure_certificates(self, subject_ip: str) -> None:
                 )
                 self._restart_vault()
             return
-
         if self._should_request_new_certificate():
             self._send_new_certificate_request_to_provider(
                 self.pull_tls_file_from_workload(File.CSR), subject_ip
@@ -246,7 +245,6 @@ def _generate_self_signed_certs(self, subject_ip: str) -> None:
         if not (private_key := self.pull_tls_file_from_workload(File.KEY)):
             private_key = generate_private_key().decode()
             self._push_tls_file_to_workload(File.KEY, private_key)
-
         ca_private_key, ca_certificate = self._get_ca_certificate_secret()
         self._push_tls_file_to_workload(File.CA, ca_certificate)
         sans_ip = [subject_ip]

src/charm.py

@@ -46,7 +46,6 @@
 )
 from charms.vault_k8s.v0.vault_s3 import S3, S3Error
 from charms.vault_k8s.v0.vault_tls import File, VaultCertsError, VaultTLSManager
-from container import Container
 from cryptography import x509
 from jinja2 import Environment, FileSystemLoader
 from ops import CharmBase, MaintenanceStatus
@@ -69,6 +68,8 @@
 )
 from ops.pebble import ChangeError, Layer, PathError
 
+from container import Container
+
 logger = logging.getLogger(__name__)
 
 APPROLE_ROLE_NAME = "charm"
@@ -385,7 +386,6 @@ def _configure(self, event: Optional[ConfigChangedEvent] = None) -> None:  # noq
         self.tls.configure_certificates(self._ingress_address)
         if not self.unit.is_leader() and not self.tls.tls_file_pushed_to_workload(File.CA):
             return
-
         self._generate_vault_config_file()
         self._set_pebble_plan()
         vault = Vault(

test-requirements.in

@@ -7,3 +7,4 @@ pytest-operator
 pytest-asyncio==0.21.2
 ruff
 types-hvac
+ops-scenario

test-requirements.txt

@@ -1,92 +1,119 @@
 #
-# This file is autogenerated by pip-compile with Python 3.11
+# This file is autogenerated by pip-compile with Python 3.12
 # by the following command:
 #
 #    pip-compile --constraint=requirements.txt test-requirements.in
 #
 asttokens==2.4.1
     # via stack-data
-bcrypt==4.1.2
+bcrypt==4.2.0
     # via paramiko
-cachetools==5.3.3
+cachetools==5.4.0
     # via google-auth
 certifi==2024.2.2
     # via
+    #   -c requirements.txt
     #   kubernetes
     #   requests
 cffi==1.16.0
     # via
+    #   -c requirements.txt
     #   cryptography
     #   pynacl
 charset-normalizer==3.3.2
-    # via requests
-codespell==2.2.6
+    # via
+    #   -c requirements.txt
+    #   requests
+codespell==2.3.0
     # via -r test-requirements.in
 coverage[toml]==7.6.1
     # via -r test-requirements.in
 cryptography==43.0.0
-    # via paramiko
+    # via
+    #   -c requirements.txt
+    #   paramiko
 decorator==5.1.1
     # via
     #   ipdb
     #   ipython
 executing==2.0.1
     # via stack-data
-google-auth==2.29.0
+google-auth==2.33.0
     # via kubernetes
 hvac==2.3.0
-    # via juju
+    # via
+    #   -c requirements.txt
+    #   juju
 idna==3.7
-    # via requests
+    # via
+    #   -c requirements.txt
+    #   requests
 iniconfig==2.0.0
-    # via pytest
+    # via
+    #   -c requirements.txt
+    #   pytest
 ipdb==0.13.13
     # via pytest-operator
-ipython==8.23.0
+ipython==8.26.0
     # via ipdb
 jedi==0.19.1
     # via ipython
 jinja2==3.1.4
-    # via pytest-operator
+    # via
+    #   -c requirements.txt
+    #   pytest-operator
 juju==3.5.2.0
     # via
     #   -r test-requirements.in
     #   pytest-operator
-kubernetes==29.0.0
+kubernetes==30.1.0
     # via juju
 macaroonbakery==1.3.4
     # via juju
 markupsafe==2.1.5
-    # via jinja2
+    # via
+    #   -c requirements.txt
+    #   jinja2
 matplotlib-inline==0.1.7
     # via ipython
 mypy-extensions==1.0.0
     # via typing-inspect
-nodeenv==1.8.0
+nodeenv==1.9.1
     # via pyright
 oauthlib==3.2.2
     # via
     #   kubernetes
     #   requests-oauthlib
+ops==2.15.0
+    # via
+    #   -c requirements.txt
+    #   ops-scenario
+ops-scenario==6.0.3
+    # via
+    #   -c requirements.txt
+    #   -r test-requirements.in
 packaging==24.0
     # via
+    #   -c requirements.txt
     #   juju
     #   pytest
-paramiko==3.4.0
+paramiko==3.4.1
     # via juju
 parso==0.8.4
     # via jedi
 pexpect==4.9.0
     # via ipython
 pluggy==1.5.0
-    # via pytest
-prompt-toolkit==3.0.43
+    # via
+    #   -c requirements.txt
+    #   pytest
+prompt-toolkit==3.0.47
     # via ipython
-protobuf==5.26.1
+protobuf==5.27.3
     # via macaroonbakery
 ptyprocess==0.7.0
     # via pexpect
-pure-eval==0.2.2
+pure-eval==0.2.3
     # via stack-data
 pyasn1==0.6.0
     # via
@@ -96,8 +123,10 @@ pyasn1==0.6.0
 pyasn1-modules==0.4.0
     # via google-auth
 pycparser==2.22
-    # via cffi
-pygments==2.17.2
+    # via
+    #   -c requirements.txt
+    #   cffi
+pygments==2.18.0
     # via ipython
 pymacaroons==0.13.0
     # via macaroonbakery
@@ -110,10 +139,11 @@ pyrfc3339==1.1
     # via
     #   juju
     #   macaroonbakery
-pyright==1.1.375
+pyright==1.1.376
     # via -r test-requirements.in
 pytest==8.3.2
     # via
+    #   -c requirements.txt
     #   -r test-requirements.in
     #   pytest-asyncio
     #   pytest-operator
@@ -124,16 +154,22 @@ pytest-asyncio==0.21.2
 pytest-operator==0.36.0
     # via -r test-requirements.in
 python-dateutil==2.9.0.post0
-    # via kubernetes
+    # via
+    #   -c requirements.txt
+    #   kubernetes
 pytz==2024.1
     # via pyrfc3339
 pyyaml==6.0.1
     # via
+    #   -c requirements.txt
     #   juju
     #   kubernetes
+    #   ops
+    #   ops-scenario
     #   pytest-operator
 requests==2.32.3
     # via
+    #   -c requirements.txt
     #   hvac
     #   kubernetes
     #   macaroonbakery
@@ -142,10 +178,11 @@ requests-oauthlib==2.0.0
     # via kubernetes
 rsa==4.9
     # via google-auth
-ruff==0.5.7
+ruff==0.6.1
     # via -r test-requirements.in
 six==1.16.0
     # via
+    #   -c requirements.txt
     #   asttokens
     #   kubernetes
     #   macaroonbakery
@@ -161,25 +198,26 @@ traitlets==5.14.3
     #   matplotlib-inline
 types-hvac==2.3.0.20240621
     # via -r test-requirements.in
-types-requests==2.31.0.20240406
+types-requests==2.32.0.20240712
     # via types-hvac
 typing-extensions==4.11.0
     # via
-    #   ipython
+    #   -c requirements.txt
     #   typing-inspect
 typing-inspect==0.9.0
     # via juju
 urllib3==2.2.2
     # via
+    #   -c requirements.txt
     #   kubernetes
     #   requests
     #   types-requests
 wcwidth==0.2.13
     # via prompt-toolkit
 websocket-client==1.7.0
-    # via kubernetes
+    # via
+    #   -c requirements.txt
+    #   kubernetes
+    #   ops
 websockets==12.0
     # via juju
-
-# The following packages are considered to be unsafe in a requirements file:
-# setuptools

tests/unit/lib/charms/vault_k8s/v0/test_vault_client.py

@@ -6,7 +6,6 @@
 from unittest.mock import MagicMock, patch
 
 import requests
-from charm import AUTOUNSEAL_POLICY_PATH
 from charms.vault_k8s.v0.vault_client import (
     AppRole,
     AuditDeviceType,
@@ -17,6 +16,8 @@
 )
 from hvac.exceptions import InvalidPath
 
+from charm import AUTOUNSEAL_POLICY_PATH
+
 TEST_PATH = "./tests/unit/lib/charms/vault_k8s/v0"