Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: secret owners do not auto-peek, and can use refresh #1067

Merged
merged 9 commits into from
Nov 23, 2023
Merged

feat: secret owners do not auto-peek, and can use refresh #1067

merged 9 commits into from
Nov 23, 2023

Conversation

tonyandrewmeyer
Copy link
Contributor

@tonyandrewmeyer tonyandrewmeyer commented Nov 19, 2023
edited
Loading

Update the testing harness to reflect an upcoming Juju change regarding secrets: the special-casing for secret-get is going to be removed, so that owners have the same behaviour as everyone else - they get the tracked revision of the secret, and can call peek to get the latest content, or refresh to get the latest content and update the tracking pointer.

Also extends the Harness tests for getting secrets.

Fixes #1062

@tonyandrewmeyer
Reflect upcoming Juju secret behaviour.
d02f829 
The special-casing for secret-get is going to be removed, so that owners have the same behaviour as everyone else - they get the tracked revision of the secret, and can call peek to get the latest content, or refresh to get the latest content and update the tracking pointer.
@tonyandrewmeyer
Merge branch 'main' into secret-owner-behaviour-change-1062
5ff5d4e
@tonyandrewmeyer
Copy link
Contributor Author

@benhoyt it seems like we don't have any tests asserting the previous behaviour (nothing fails when it's removed, and I couldn't manually find any). Do you think we should add tests for the new behaviour, e.g. where the owner uses peek=False or refresh=True?

@tonyandrewmeyer
Copy link
Contributor Author

@wallyworld just to confirm: the secret owner always has permission to do a secret-get, right? ie. in the testing harness, we're checking that a grant exists for the relevant secret+relation, but skipping that for the owner. Does that sound right to you?

@benhoyt
Copy link
Collaborator

benhoyt commented Nov 19, 2023

@benhoyt it seems like we don't have any tests asserting the previous behaviour (nothing fails when it's removed, and I couldn't manually find any). Do you think we should add tests for the new behaviour, e.g. where the owner uses peek=False or refresh=True?

Because this is now the same for owners and observers, I don't think we need any owner-specific tests for it. (I'm presuming the peek and refresh code paths are tested in general.)

@wallyworld
Copy link

@wallyworld just to confirm: the secret owner always has permission to do a secret-get, right? ie. in the testing harness, we're checking that a grant exists for the relevant secret+relation, but skipping that for the owner. Does that sound right to you?

When a secret is created, the owner gets "manage" permission. So they can read the value, as well as grant access etc

@tonyandrewmeyer
Copy link
Contributor Author

Because this is now the same for owners and observers, I don't think we need any owner-specific tests for it. (I'm presuming the peek and refresh code paths are tested in general.)

We have tests that check that get_secret works when the app/unit has been granted access, and that it fails when no grant exists.

We don't have a test that checks the 'owner has manage permission' case. We also seem to only have tests that provide the ID, so don't check getting by label or updating the label (not even using get_info() - I can't find any harness tests for that?). We don't seem to test the peek or refresh paths.

So I think the conclusion here is that a few extra tests would be a good idea, even if they aren't specifically about this change.

@tonyandrewmeyer tonyandrewmeyer marked this pull request as ready for review November 20, 2023 01:38
benhoyt
benhoyt approved these changes Nov 20, 2023
View reviewed changes
Copy link
Collaborator

@benhoyt benhoyt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Thanks for the additional tests.

@benhoyt benhoyt mentioned this pull request Nov 20, 2023
Merged
@PietroPasotti
Copy link
Contributor

what juju version will this be?

@benhoyt
Copy link
Collaborator

benhoyt commented Nov 21, 2023

@wallyworld Can you remind us what Juju version(s) the secrets owner fix will be going into?

@tonyandrewmeyer I wonder, maybe we should have a JujuVersion property to allow testing for this (and simply to record the version clearly).

@tonyandrewmeyer
Copy link
Contributor Author

@tonyandrewmeyer I wonder, maybe we should have a JujuVersion property to allow testing for this (and simply to record the version clearly).

I wondered about this in the original MM thread too. It seems like Juju is treating this as a bug (at least in the way that it's being changed in existing versions), and I don't think we would want to deliberately model behaviour of bugs in specific Juju versions. I don't think we want JujuVersion to end up being a Juju changelog, or to have Charmers running large matrices of tests with different simulated Juju versions.

Otoh, it doesn't seem like a bug to me, and JujuVersion already has checks that go to the patch level.

The default JujuVersion of 0.0.0 isn't ideal here, though. That means the default behaviour would be the old (flawed/buggy) approach, and you'd need to explicitly set the Juju version to get the new (good/fixed) behaviour. Perhaps that's more of an argument for resolving #1037, though.

Overall, I'm -0 on adding a JujuVersion check and switching the behaviour based on that. If we're confident that at least some Chamers would write charms that change their behaviour to handle both Juju versions and have tests to verify that, that'd move me to at least +0.

@benhoyt
Copy link
Collaborator

benhoyt commented Nov 22, 2023

Overall, I'm -0 on adding a JujuVersion check and switching the behaviour based on that

Yeah, you've convinced me -- let's leave that out.

@tonyandrewmeyer
Merge branch 'main' into secret-owner-behaviour-change-1062
ba3d43d
@tonyandrewmeyer
Remove note: true now, not true after Juju updates.
d5a9d0b 
It seems to make sense to remove this at the same time we're changing the Harness behaviour, even though we're a bit ahead of Juju.
@tonyandrewmeyer tonyandrewmeyer added the testing Related to ops.testing label Nov 23, 2023
benhoyt
benhoyt approved these changes Nov 23, 2023
View reviewed changes
Copy link
Collaborator

@benhoyt benhoyt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, thanks for this

@benhoyt benhoyt merged commit a7f34cb into canonical:main Nov 23, 2023
20 checks passed
@tonyandrewmeyer tonyandrewmeyer deleted the secret-owner-behaviour-change-1062 branch November 23, 2023 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benhoyt benhoyt benhoyt approved these changes

@wallyworld wallyworld Awaiting requested review from wallyworld

Assignees
No one assigned
Labels
testing Related to ops.testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[testing] ValueError: Secret owner cannot use refresh=True
4 participants
@tonyandrewmeyer @benhoyt @wallyworld @PietroPasotti