[DPE-2838] Secret labels #303
Conversation
juditnovak
force-pushed
the
DPE-2838_secret_labels
branch
from
8092497 to
56d6bd4
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
juditnovak
force-pushed
the
DPE-2838_secret_labels
branch
from
56d6bd4 to
6bef675
Compare
juditnovak
force-pushed
the
DPE-2838_secret_labels
branch
4 times, most recently
from
e795f8e to
2c55d94
Compare
| value = secret.get_content().get(secret_key) | ||
| if value != SECRET_DELETED_LABEL: | ||
| return value |
There was a problem hiding this comment.
Why not do this in self.secrets.get()?
There was a problem hiding this comment.
I was thinking about this one too.
As long as hoping for unification of the <charmnam>_secrets module across charms, I'd like to leave this out.
The reason is: this is a Juju 3.1.6 > workaround.
Now we already have a bunch of charms that could drop Juju2. I'm wondering that they may be able 2 drop 3.1.5 at some point -- while other charms may still need to support it.
I'd rather not put a version-bound workaround in a lib, that has a chance for centralization.
It's a logical suggestion, but I'm wondering that --for now-- it may be better to keep it outside.
(If the moduel relamins local and OK to diverge, this could be refactored into the module)
juditnovak
force-pushed
the
DPE-2838_secret_labels
branch
13 times, most recently
from
f253472 to
778436e
Compare
|
Upgrade tests seem to be failing because existing secrets on |
juditnovak
force-pushed
the
DPE-2838_secret_labels
branch
12 times, most recently
from
48dcab3 to
11c439f
Compare
juditnovak
force-pushed
the
DPE-2838_secret_labels
branch
from
11c439f to
75b7b62
Compare
| # We need to create a brand-new secret for this scope | ||
| else: | ||
| scope_obj = self._scope_obj(scope) | ||
| if JujuVersion.from_environ().has_secrets: |
There was a problem hiding this comment.
lets create such func in the lib in the future PR
|
|
||
| return bool(self.secrets[scope].get(SECRET_CACHE_LABEL)) | ||
| def _translate_field_to_secret_key(self, key: str) -> str: |
| else: | ||
| scope_obj = self._scope_obj(scope) | ||
| if JujuVersion.from_environ().has_secrets: | ||
| label = generate_secret_label(self, scope) |
There was a problem hiding this comment.
lets generate label in the lib in the future PR
| value = secret.get_content().get(secret_key) | ||
| if value != SECRET_DELETED_LABEL: | ||
| return value |
|
|
||
| key = SECRET_KEY_OVERRIDES.get(key, key) | ||
| def remove_secret(self, scope: Scopes, key: str) -> None: |
There was a problem hiding this comment.
lets move most of logic to lib in the future PR
|
|
||
| def set_secret(self, scope: str, key: str, value: Optional[str]) -> Optional[str]: | ||
| def set_secret(self, scope: Scopes, key: str, value: Optional[str]) -> Optional[str]: |
There was a problem hiding this comment.
lets move most of logic to lib in the future PR
* Adding parameterized * New data_secrets lib from data-platform-libs * Refactoring secret functionalities * Unittests * Integration tests * ops, pytest-mock libs for integration, so secrets-related fixtures would work * Updates safe to switch from secret ID to label
Secrets with labels (refacored to a better shape)