Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DPE-3184] Secrets #178

Merged
merged 10 commits into from
Jan 31, 2024
Merged

[DPE-3184] Secrets #178

merged 10 commits into from
Jan 31, 2024

Conversation

dragomirp
Copy link
Contributor

@dragomirp dragomirp commented Jan 12, 2024
edited
Loading

Issue

PGB peer secrets implementation lagged behind the common implementation in other charms.

Solution

Updated the shared secrets to be in line with the Postgresql VM charm.

@dragomirp dragomirp force-pushed the dpe-3184-secrets-update branch from 34422ce to e6250e3 Compare January 12, 2024 16:04
@dragomirp dragomirp marked this pull request as ready for review January 12, 2024 18:07
marceloneppel
marceloneppel reviewed Jan 15, 2024
View reviewed changes
src/charm.py Outdated
Comment on lines 75 to 78
"monitoring-password",
"operator-password",
"replication-password",
"rewind-password",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this operator have all these passwords?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really. Will check tomorrow what needs to be kept and what doesn't.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pgbouncer needs arbitrary secret names, which are currently not supported by the lib. The PR will have to wait until there is a way to do this or when we know we need to change this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

List should be up to date now.

taurus-forever
taurus-forever approved these changes Jan 17, 2024
View reviewed changes
Copy link
Contributor

@taurus-forever taurus-forever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Please clean unnecessary secret requests as reported by Marcelo.
Nice work!

@dragomirp dragomirp force-pushed the dpe-3184-secrets-update branch from b5a3f3e to 3f11a4a Compare January 27, 2024 15:49
@dragomirp dragomirp marked this pull request as draft January 27, 2024 17:29
dragomirp and others added 2 commits January 31, 2024 00:24
@dragomirp
Remove username secret (#204)
c44f2f7 
* Remove username secret

* Only the leader blocks

* Bump libs

* Borked test

* Unit tests
@dragomirp
Merge branch 'main' into dpe-3184-secrets-update
9c53e78
dragomirp
dragomirp commented Jan 30, 2024
View reviewed changes
src/relations/db.py
Comment on lines -240 to -244
if not (password := self.charm.get_secret(APP_SCOPE, user)):
password = pgb.generate_password()
self.charm.peers.add_user(user, password)
else:
password = self.charm.get_secret(APP_SCOPE, user)
Copy link
Contributor Author

@dragomirp dragomirp Jan 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@delgod suggested removing the arbitrary secrets. The charm seems to function mostly the same (see this comment).

dragomirp
dragomirp commented Jan 30, 2024
View reviewed changes
tests/integration/relations/test_db.py
Comment on lines -181 to +184
await ops_test.model.wait_for_idle(apps=[PGB], status="blocked", timeout=1000)
assert (
ops_test.model.applications[PGB].units[0].workload_status_message
== EXTENSIONS_BLOCKING_MESSAGE
leader_unit = await get_leader_unit(ops_test, PGB)
await ops_test.model.block_until(
lambda: leader_unit.workload_status_message == EXTENSIONS_BLOCKING_MESSAGE, timeout=1000
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the main divergence I found from the previous behaviour. Since only the leader evaluates the the legacy _on_relation_joined() now, only the leader will block.

@dragomirp dragomirp marked this pull request as ready for review January 30, 2024 22:55
taurus-forever
taurus-forever approved these changes Jan 31, 2024
View reviewed changes
Copy link
Contributor

@taurus-forever taurus-forever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tnx!

@dragomirp dragomirp merged commit 51588b6 into main Jan 31, 2024
29 checks passed
@dragomirp dragomirp deleted the dpe-3184-secrets-update branch January 31, 2024 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marceloneppel marceloneppel marceloneppel approved these changes

@juditnovak juditnovak juditnovak approved these changes

@taurus-forever taurus-forever taurus-forever approved these changes

Assignees
No one assigned
Labels
Libraries: OK
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dragomirp @taurus-forever @juditnovak @marceloneppel