deflake test

G-Research · Sep 23, 2024 · a1d5693 · a1d5693
1 parent a392f9a
commit a1d5693
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 11 deletions.
diff --git a/app/lib/clients/vault/certificate.rb b/app/lib/clients/vault/certificate.rb
@@ -11,6 +11,8 @@ def issue_cert(cert_issue_request)
 
       def configure_pki
         enable_ca
+        sign_cert
+        configure_ca
       end
 
       private
@@ -38,12 +40,14 @@ def cert_engine_type
       def enable_ca
         # if mount exists, assume configuration is done
         if client.sys.mounts.key?(intermediate_ca_mount.to_sym)
-          # return
+          return
         end
 
         # create the mount
-        # enable_engine(intermediate_ca_mount, cert_engine_type)
+        enable_engine(intermediate_ca_mount, cert_engine_type)
+      end
 
+      def sign_cert
         # Generate intermediate CSR
         intermediate_csr = client.logical.write("#{intermediate_ca_mount}/intermediate/generate/internal",
                                                 common_name: "astral.internal Intermediate Authority",
@@ -64,7 +68,9 @@ def enable_ca
 
         # Set the signed intermediate certificate
         client.logical.write("#{intermediate_ca_mount}/intermediate/set-signed", certificate: intermediate_cert)
+      end
 
+      def configure_ca
         # Configure the intermediate CA
         client.logical.write("#{intermediate_ca_mount}/config/cluster",
                              path: "#{vault_address}/v1/#{intermediate_ca_mount}",
@@ -83,8 +89,6 @@ def enable_ca
                              crl_distribution_points: "{{cluster_aia_path}}/issuer/{{issuer_id}}/crl/der",
                              ocsp_servers: "{{cluster_path}}/ocsp",
                              enable_templating: true)
-      rescue ::Vault::HTTPError => e
-        Rails.logger.error "Unable to configure intermediate_cert: #{e}"
       end
     end
   end

diff --git a/test/integration/secrets_test.rb b/test/integration/secrets_test.rb
@@ -12,33 +12,35 @@ class SecretsTest < ActionDispatch::IntegrationTest
   end
 
   test "#create or update a secret" do
-    create_secret
+    create_secret("top/secret/key1")
     assert_response :success
     %w[ data metadata lease_id ].each do |key|
       assert_includes response.parsed_body["secret"].keys, key
     end
   end
 
   test "#show" do
-    create_secret
+    create_secret("top/secret/key2")
     # view the secret
-    get secret_path("top/secret/key"), headers: { "Authorization" => "Bearer #{jwt_authorized}" }
+    get secret_path("top/secret/key2"), headers: { "Authorization" => "Bearer #{jwt_authorized}" }
     assert_response :success
     %w[ data metadata lease_id ].each do |key|
       assert_includes response.parsed_body["secret"].keys, key
     end
   end
 
   test "#delete" do
-    create_secret
+    create_secret("top/secret/key3")
     # delete the secret
-    delete destroy_secret_path("top/secret/key"), headers: { "Authorization" => "Bearer #{jwt_authorized}" }
+    delete destroy_secret_path("top/secret/key3"), headers: { "Authorization" => "Bearer #{jwt_authorized}" }
     assert_response :success
   end
 
-  def create_secret
+  private
+
+  def create_secret(path)
     # create the secret
     post secrets_path, headers: { "Authorization" => "Bearer #{jwt_authorized}" },
-         params: { secret: { path: "top/secret/key", data: { password: "sicr3t" } } }
+         params: { secret: { path: path, data: { password: "sicr3t" } } }
   end
 end