[DPE-6320][DPE-6325] General secrets resetting fix (#726)

* Test general secrets fix * Disable cache * Pop the translated peer data directly
canonical · Jan 16, 2025 · 342c175 · 342c175
1 parent 6abf80c
commit 342c175
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 20 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -47,7 +47,8 @@ jobs:
     name: Build charm
     uses: canonical/data-platform-workflows/.github/workflows/[email protected]
     with:
-      cache: true
+      cache: false
+      artifact-prefix: test-build
 
   integration-test:
     strategy:

diff --git a/lib/charms/postgresql_k8s/v0/postgresql_tls.py b/lib/charms/postgresql_k8s/v0/postgresql_tls.py
@@ -45,7 +45,7 @@
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version.
-LIBPATCH = 12
+LIBPATCH = 13
 
 logger = logging.getLogger(__name__)
 SCOPE = "unit"
@@ -135,16 +135,10 @@ def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
             event.defer()
             return
 
-        chain = self.charm.get_secret(SCOPE, "chain")
         new_chain = "\n".join(event.chain) if event.chain is not None else None
-        if chain != new_chain:
-            self.charm.set_secret(SCOPE, "chain", new_chain)
-        cert = self.charm.get_secret(SCOPE, "cert")
-        if cert != event.certificate:
-            self.charm.set_secret(SCOPE, "cert", event.certificate)
-        ca = self.charm.get_secret(SCOPE, "ca")
-        if ca != event.ca:
-            self.charm.set_secret(SCOPE, "ca", event.ca)
+        self.charm.set_secret(SCOPE, "chain", new_chain)
+        self.charm.set_secret(SCOPE, "cert", event.certificate)
+        self.charm.set_secret(SCOPE, "ca", event.ca)
 
         try:
             if not self.charm.push_tls_files_to_workload():

diff --git a/src/charm.py b/src/charm.py
@@ -240,6 +240,13 @@ def app_units(self) -> set[Unit]:
 
         return {self.unit, *self._peers.units}
 
+    def scoped_peer_data(self, scope: Scopes) -> dict | None:
+        """Returns peer data based on scope."""
+        if scope == APP_SCOPE:
+            return self.app_peer_data
+        elif scope == UNIT_SCOPE:
+            return self.unit_peer_data
+
     @property
     def app_peer_data(self) -> dict:
         """Application peer relation data object."""
@@ -318,7 +325,7 @@ def set_secret(self, scope: Scopes, key: str, value: str | None) -> str | None:
             return None
         secret_key = self._translate_field_to_secret_key(key)
         # Old translation in databag is to be deleted
-        self.peer_relation_data(scope).delete_relation_data(peers.id, [key])
+        self.scoped_peer_data(scope).pop(key, None)
         self.peer_relation_data(scope).set_secret(peers.id, secret_key, value)
 
     def remove_secret(self, scope: Scopes, key: str) -> None:
@@ -329,10 +336,8 @@ def remove_secret(self, scope: Scopes, key: str) -> None:
         if not (peers := self.model.get_relation(PEER)):
             return None
         secret_key = self._translate_field_to_secret_key(key)
-        if scope == APP_SCOPE:
-            self.peer_relation_app.delete_relation_data(peers.id, [secret_key])
-        else:
-            self.peer_relation_unit.delete_relation_data(peers.id, [secret_key])
+
+        self.peer_relation_data(scope).delete_relation_data(peers.id, [secret_key])
 
     @property
     def is_cluster_initialised(self) -> bool:

diff --git a/src/relations/db.py b/src/relations/db.py
@@ -196,10 +196,8 @@ def set_up_relation(self, relation: Relation) -> bool:
 
             # Store the user, password and database name in the secret store to be accessible by
             # non-leader units when the cluster topology changes.
-            if password != self.charm.get_secret(APP_SCOPE, user):
-                self.charm.set_secret(APP_SCOPE, user, password)
-            if database and database != self.charm.get_secret(APP_SCOPE, f"{user}-database"):
-                self.charm.set_secret(APP_SCOPE, f"{user}-database", database)
+            self.charm.set_secret(APP_SCOPE, user, password)
+            self.charm.set_secret(APP_SCOPE, f"{user}-database", database)
 
             self.charm.postgresql.create_user(user, password, self.admin)
             plugins = self.charm.get_plugins()