From 2eb0f551742c67f191a23b4d37a8ca19a579919f Mon Sep 17 00:00:00 2001
From: Dmitry Ratushnyy <dmitry.ratushnyy@canonical.com>
Date: Sat, 6 Jan 2024 07:00:36 +0000
Subject: [PATCH] Fixes for tls tests

---
 tests/integration/helpers.py            |  3 +-
 tests/integration/test_charm.py         |  2 +-
 tests/integration/tls_tests/helpers.py  | 16 +++++-----
 tests/integration/tls_tests/test_tls.py | 40 ++++++++++++-------------
 4 files changed, 32 insertions(+), 29 deletions(-)

diff --git a/tests/integration/helpers.py b/tests/integration/helpers.py
index 2709f925a..a2c901936 100644
--- a/tests/integration/helpers.py
+++ b/tests/integration/helpers.py
@@ -52,7 +52,7 @@ async def get_password(ops_test: OpsTest, username="operator", app_name=None) ->
         password = action.results["password"]
         return password
     except KeyError:
-        logger.error("Failed to get passworf. Action %s. Results %s", action, action.results)
+        logger.error("Failed to get password. Action %s. Results %s", action, action.results)
         return None
 
 
@@ -236,6 +236,7 @@ async def get_app_name(ops_test: OpsTest) -> str:
         # note that format of the charm field is not exactly "mongodb" but instead takes the form
         # of `local:focal/mongodb-6`
         if "mongodb" in status["applications"][app]["charm"]:
+            logger.debug("Found mongodb app named '%s'", app)
             return app
 
     return None
diff --git a/tests/integration/test_charm.py b/tests/integration/test_charm.py
index bd3dbaac4..932ec8d26 100644
--- a/tests/integration/test_charm.py
+++ b/tests/integration/test_charm.py
@@ -195,7 +195,7 @@ async def test_monitor_user(ops_test: OpsTest) -> None:
     """Test verifies that the monitor user can perform operations such as 'rs.conf()'."""
     app_name = await get_app_name(ops_test)
     unit = ops_test.model.applications[app_name].units[0]
-    password = await get_password(ops_test, "monitor")
+    password = await get_password(ops_test, username="monitor")
     replica_set_hosts = [
         unit.public_address for unit in ops_test.model.applications[app_name].units
     ]
diff --git a/tests/integration/tls_tests/helpers.py b/tests/integration/tls_tests/helpers.py
index 2257fd63e..3523f1ee2 100644
--- a/tests/integration/tls_tests/helpers.py
+++ b/tests/integration/tls_tests/helpers.py
@@ -37,13 +37,13 @@ class ProcessError(Exception):
     """Raised when a process fails."""
 
 
-async def mongo_tls_command(ops_test: OpsTest) -> str:
+async def mongo_tls_command(ops_test: OpsTest, app_name=None) -> str:
     """Generates a command which verifies TLS status."""
-    app_name = await get_app_name(ops_test)
+    app_name = app_name or await get_app_name(ops_test)
     replica_set_hosts = [
         unit.public_address for unit in ops_test.model.applications[app_name].units
     ]
-    password = await get_password(ops_test, app_name)
+    password = await get_password(ops_test, app_name=app_name)
     hosts = ",".join(replica_set_hosts)
     replica_set_uri = f"mongodb://operator:" f"{password}@" f"{hosts}/admin?replicaSet={app_name}"
 
@@ -54,7 +54,7 @@ async def mongo_tls_command(ops_test: OpsTest) -> str:
     )
 
 
-async def check_tls(ops_test: OpsTest, unit: ops.model.Unit, enabled: bool) -> bool:
+async def check_tls(ops_test: OpsTest, unit: ops.model.Unit, enabled: bool, app_name=None) -> bool:
     """Returns whether TLS is enabled on the specific PostgreSQL instance.
 
     Args:
@@ -70,7 +70,7 @@ async def check_tls(ops_test: OpsTest, unit: ops.model.Unit, enabled: bool) -> b
             stop=stop_after_attempt(10), wait=wait_exponential(multiplier=1, min=2, max=30)
         ):
             with attempt:
-                mongod_tls_check = await mongo_tls_command(ops_test)
+                mongod_tls_check = await mongo_tls_command(ops_test, app_name=app_name)
                 check_tls_cmd = f"exec --unit {unit.name} -- {mongod_tls_check}"
                 return_code, _, _ = await ops_test.juju(*check_tls_cmd.split())
                 tls_enabled = return_code == 0
@@ -145,12 +145,14 @@ async def scp_file_preserve_ctime(ops_test: OpsTest, unit_name: str, path: str)
     return f"{filename}"
 
 
-async def check_certs_correctly_distributed(ops_test: OpsTest, unit: ops.Unit) -> None:
+async def check_certs_correctly_distributed(
+    ops_test: OpsTest, unit: ops.Unit, app_name=None
+) -> None:
     """Comparing expected vs distributed certificates.
 
     Verifying certificates downloaded on the charm against the ones distributed by the TLS operator
     """
-    app_name = await get_app_name(ops_test)
+    app_name = app_name or await get_app_name(ops_test)
     app_secret_id = await get_secret_id(ops_test, app_name)
     unit_secret_id = await get_secret_id(ops_test, unit.name)
     app_secret_content = await get_secret_content(ops_test, app_secret_id)
diff --git a/tests/integration/tls_tests/test_tls.py b/tests/integration/tls_tests/test_tls.py
index 15d3140d9..cd0e4640b 100644
--- a/tests/integration/tls_tests/test_tls.py
+++ b/tests/integration/tls_tests/test_tls.py
@@ -39,32 +39,32 @@ async def test_build_and_deploy(ops_test: OpsTest) -> None:
     # is a pre-existing cluster.
     app_name = await get_app_name(ops_test)
     if app_name:
-        return check_or_scale_app(ops_test, app_name, len(UNIT_IDS))
-
-    app_name = DATABASE_APP_NAME
-    async with ops_test.fast_forward():
-        my_charm = await ops_test.build_charm(".")
-        await ops_test.model.deploy(my_charm, num_units=3)
-        await ops_test.model.wait_for_idle(apps=[app_name], status="active")
-
-        config = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
-        await ops_test.model.deploy(TLS_CERTIFICATES_APP_NAME, channel="stable", config=config)
-        await ops_test.model.wait_for_idle(
-            apps=[TLS_CERTIFICATES_APP_NAME], status="active", timeout=1000
-        )
+        check_or_scale_app(ops_test, app_name, len(UNIT_IDS))
+    else:
+        app_name = DATABASE_APP_NAME
+        async with ops_test.fast_forward():
+            my_charm = await ops_test.build_charm(".")
+            await ops_test.model.deploy(my_charm, num_units=3)
+            await ops_test.model.wait_for_idle(apps=[app_name], status="active")
+
+    config = {"generate-self-signed-certificates": "true", "ca-common-name": "Test CA"}
+    await ops_test.model.deploy(TLS_CERTIFICATES_APP_NAME, channel="stable", config=config)
+    await ops_test.model.wait_for_idle(
+        apps=[TLS_CERTIFICATES_APP_NAME], status="active", timeout=1000
+    )
 
 
 async def test_enable_tls(ops_test: OpsTest) -> None:
     """Verify each unit has TLS enabled after relating to the TLS application."""
     # Relate it to the MongoDB to enable TLS.
     app_name = await get_app_name(ops_test) or DATABASE_APP_NAME
-    await ops_test.model.relate(app_name, TLS_CERTIFICATES_APP_NAME)
+    await ops_test.model.integrate(app_name, TLS_CERTIFICATES_APP_NAME)
 
     await ops_test.model.wait_for_idle(status="active", timeout=1000, idle_period=60)
 
     # Wait for all units enabling TLS.
     for unit in ops_test.model.applications[app_name].units:
-        assert await check_tls(ops_test, unit, enabled=True)
+        assert await check_tls(ops_test, unit, enabled=True, app_name=app_name)
 
 
 async def test_rotate_tls_key(ops_test: OpsTest) -> None:
@@ -111,7 +111,7 @@ async def test_rotate_tls_key(ops_test: OpsTest) -> None:
         new_internal_cert_time = await time_file_created(ops_test, unit.name, INTERNAL_CERT_PATH)
         new_mongod_service_time = await time_process_started(ops_test, unit.name, DB_SERVICE)
 
-        check_certs_correctly_distributed(ops_test, unit)
+        check_certs_correctly_distributed(ops_test, unit, app_name=app_name)
 
         assert (
             new_external_cert_time > original_tls_times[unit.name]["external_cert"]
@@ -129,7 +129,7 @@ async def test_rotate_tls_key(ops_test: OpsTest) -> None:
     # Verify that TLS is functioning on all units.
     for unit in ops_test.model.applications[app_name].units:
         assert await check_tls(
-            ops_test, unit, enabled=True
+            ops_test, unit, enabled=True, app_name=app_name
         ), f"tls is not enabled for {unit.name}."
 
 
@@ -192,7 +192,7 @@ async def test_set_tls_key(ops_test: OpsTest) -> None:
         new_internal_cert_time = await time_file_created(ops_test, unit.name, INTERNAL_CERT_PATH)
         new_mongod_service_time = await time_process_started(ops_test, unit.name, DB_SERVICE)
 
-        check_certs_correctly_distributed(ops_test, unit)
+        check_certs_correctly_distributed(ops_test, unit, app_name=app_name)
 
         assert (
             new_external_cert_time > original_tls_times[unit.name]["external_cert"]
@@ -210,7 +210,7 @@ async def test_set_tls_key(ops_test: OpsTest) -> None:
     # Verify that TLS is functioning on all units.
     for unit in ops_test.model.applications[app_name].units:
         assert await check_tls(
-            ops_test, unit, enabled=True
+            ops_test, unit, enabled=True, app_name=app_name
         ), f"tls is not enabled for {unit.name}."
 
 
@@ -228,4 +228,4 @@ async def test_disable_tls(ops_test: OpsTest) -> None:
 
     # Wait for all units disabling TLS.
     for unit in ops_test.model.applications[app_name].units:
-        assert await check_tls(ops_test, unit, enabled=False)
+        assert await check_tls(ops_test, unit, enabled=False, app_name=app_name)