diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7f360d8c3..9007809d1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -70,7 +70,7 @@ Testing high availability on a production cluster can be done with: tox run -e ha-integration -- --model= ``` -Note if you'd like to test storage re-use in ha-testing, your storage must not be of the type `rootfs`. `rootfs` storage is tied to the machine lifecycle and does not stick around after unit removal. `rootfs` storage is used by default with `tox run -e ha-integration`. To test ha-testing for storage re-use: +Note if you'd like to test storage reuse in ha-testing, your storage must not be of the type `rootfs`. `rootfs` storage is tied to the machine lifecycle and does not stick around after unit removal. `rootfs` storage is used by default with `tox run -e ha-integration`. To test ha-testing for storage reuse: ```shell juju create-storage-pool mongodb-ebs ebs volume-type=standard # create a storage pool juju deploy ./*charm --storage mongodb=mongodb-ebs,7G,1 # deploy 1 or more units of application with said storage pool diff --git a/lib/charms/data_platform_libs/v0/data_interfaces.py b/lib/charms/data_platform_libs/v0/data_interfaces.py index 9fa0021ec..1925c3cb2 100644 --- a/lib/charms/data_platform_libs/v0/data_interfaces.py +++ b/lib/charms/data_platform_libs/v0/data_interfaces.py @@ -320,7 +320,7 @@ def _on_topic_requested(self, event: TopicRequestedEvent): # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 18 +LIBPATCH = 19 PYDEPS = ["ops>=2.0.0"] @@ -377,12 +377,19 @@ class SecretsIllegalUpdateError(SecretError): """Secrets aren't yet available for Juju version used.""" -def get_encoded_field(relation, member, field) -> Dict[str, str]: +def get_encoded_field( + relation: Relation, member: Union[Unit, Application], field +) -> Union[str, List[str], Dict[str, str]]: """Retrieve and decode an encoded field from relation data.""" return json.loads(relation.data[member].get(field, "{}")) -def set_encoded_field(relation, member, field, value) -> None: +def set_encoded_field( + relation: Relation, + member: Union[Unit, Application], + field: str, + value: Union[str, list, Dict[str, str]], +) -> None: """Set an encoded field from relation data.""" relation.data[member].update({field: json.dumps(value)}) @@ -400,6 +407,15 @@ def diff(event: RelationChangedEvent, bucket: Union[Unit, Application]) -> Diff: """ # Retrieve the old data from the data key in the application relation databag. old_data = get_encoded_field(event.relation, bucket, "data") + + if not old_data: + old_data = {} + + if not isinstance(old_data, dict): + # We should never get here, added to re-assure pyright + logger.error("Previous databag diff is of a wrong type.") + old_data = {} + # Retrieve the new data from the event relation databag. new_data = ( {key: value for key, value in event.relation.data[event.app].items() if key != "data"} @@ -408,12 +424,16 @@ def diff(event: RelationChangedEvent, bucket: Union[Unit, Application]) -> Diff: ) # These are the keys that were added to the databag and triggered this event. - added = new_data.keys() - old_data.keys() + added = new_data.keys() - old_data.keys() # pyright: ignore [reportGeneralTypeIssues] # These are the keys that were removed from the databag and triggered this event. - deleted = old_data.keys() - new_data.keys() + deleted = old_data.keys() - new_data.keys() # pyright: ignore [reportGeneralTypeIssues] # These are the keys that already existed in the databag, # but had their values changed. - changed = {key for key in old_data.keys() & new_data.keys() if old_data[key] != new_data[key]} + changed = { + key + for key in old_data.keys() & new_data.keys() # pyright: ignore [reportGeneralTypeIssues] + if old_data[key] != new_data[key] # pyright: ignore [reportGeneralTypeIssues] + } # Convert the new_data to a serializable format and save it for a next diff check. set_encoded_field(event.relation, bucket, "data", new_data) @@ -592,6 +612,13 @@ def _fetch_specific_relation_data( """Fetch data available (directily or indirectly -- i.e. secrets) from the relation.""" raise NotImplementedError + @abstractmethod + def _fetch_my_specific_relation_data( + self, relation, fields: Optional[List[str]] + ) -> Dict[str, str]: + """Fetch data available (directily or indirectly -- i.e. secrets) from the relation for owner/this_app.""" + raise NotImplementedError + # Internal helper methods @staticmethod @@ -658,6 +685,22 @@ def _group_secret_fields(secret_fields: List[str]) -> Dict[SecretGroup, List[str secret_fieldnames_grouped.setdefault(SecretGroup.EXTRA, []).append(key) return secret_fieldnames_grouped + def _retrieve_group_secret_contents( + self, + relation_id, + group: SecretGroup, + secret_fields: Optional[Union[Set[str], List[str]]] = None, + ) -> Dict[str, str]: + """Helper function to retrieve collective, requested contents of a secret.""" + if not secret_fields: + secret_fields = [] + + if (secret := self._get_relation_secret(relation_id, group)) and ( + secret_data := secret.get_content() + ): + return {k: v for k, v in secret_data.items() if k in secret_fields} + return {} + @juju_secrets_only def _get_relation_secret_data( self, relation_id: int, group_mapping: SecretGroup, relation_name: Optional[str] = None @@ -667,6 +710,58 @@ def _get_relation_secret_data( if secret: return secret.get_content() + def _fetch_relation_data_without_secrets( + self, app: Application, relation, fields: Optional[List[str]] + ) -> dict: + if fields: + return {k: relation.data[app].get(k) for k in fields} + else: + return relation.data[app] + + def _fetch_relation_data_with_secrets( + self, + app: Application, + req_secret_fields: Optional[List[str]], + relation, + fields: Optional[List[str]] = None, + ) -> Dict[str, str]: + result = {} + + normal_fields = fields + if not normal_fields: + normal_fields = list(relation.data[app].keys()) + + if req_secret_fields and self.secrets_enabled: + if fields: + # Processing from what was requested + normal_fields = set(fields) - set(req_secret_fields) + secret_fields = set(fields) - set(normal_fields) + + secret_fieldnames_grouped = self._group_secret_fields(list(secret_fields)) + + for group in secret_fieldnames_grouped: + if contents := self._retrieve_group_secret_contents( + relation.id, group, secret_fields + ): + result.update(contents) + else: + # If it wasn't found as a secret, let's give it a 2nd chance as "normal" field + normal_fields |= set(secret_fieldnames_grouped[group]) + else: + # Processing from what is given, i.e. retrieving all + normal_fields = [ + f for f in relation.data[app].keys() if not self._is_secret_field(f) + ] + secret_fields = [f for f in relation.data[app].keys() if self._is_secret_field(f)] + for group in SecretGroup: + result.update( + self._retrieve_group_secret_contents(relation.id, group, req_secret_fields) + ) + + # Processing "normal" fields. May include leftover from what we couldn't retrieve as a secret. + result.update({k: relation.data[app].get(k) for k in normal_fields}) + return result + # Public methods def get_relation(self, relation_name, relation_id) -> Relation: @@ -716,6 +811,50 @@ def fetch_relation_data( data[relation.id] = self._fetch_specific_relation_data(relation, fields) return data + def fetch_relation_field( + self, relation_id: int, field: str, relation_name: Optional[str] = None + ) -> Optional[str]: + """Get a single field from the relation data.""" + return ( + self.fetch_relation_data([relation_id], [field], relation_name) + .get(relation_id, {}) + .get(field) + ) + + def fetch_my_relation_data( + self, + relation_ids: Optional[List[int]] = None, + fields: Optional[List[str]] = None, + relation_name: Optional[str] = None, + ): + """Fetch data of the 'owner' (or 'this app') side of the relation.""" + if not relation_name: + relation_name = self.relation_name + + relations = [] + if relation_ids: + relations = [ + self.get_relation(relation_name, relation_id) for relation_id in relation_ids + ] + else: + relations = self.relations + + data = {} + for relation in relations: + if not relation_ids or (relation_ids and relation.id in relation_ids): + data[relation.id] = self._fetch_my_specific_relation_data(relation, fields) + return data + + def fetch_my_relation_field( + self, relation_id: int, field: str, relation_name: Optional[str] = None + ) -> Optional[str]: + """Get a single field from the relation data -- owner side.""" + return ( + self.fetch_my_relation_data([relation_id], [field], relation_name) + .get(relation_id, {}) + .get(field) + ) + # Public methods - mandatory override @abstractmethod @@ -823,18 +962,32 @@ def _get_relation_secret( if secret_uri := relation.data[self.local_app].get(secret_field): return self.secrets.get(label, secret_uri) - def _fetch_specific_relation_data(self, relation, fields: Optional[List[str]]) -> dict: + def _fetch_specific_relation_data( + self, relation: Relation, fields: Optional[List[str]] + ) -> dict: """Fetching relation data for Provides. - NOTE: Since all secret fields are in the Requires side of the databag, we don't need to worry about that + NOTE: Since all secret fields are in the Provides side of the databag, we don't need to worry about that """ if not relation.app: return {} - if fields: - return {k: relation.data[relation.app].get(k) for k in fields} - else: - return relation.data[relation.app] + return self._fetch_relation_data_without_secrets(relation.app, relation, fields) + + def _fetch_my_specific_relation_data( + self, relation: Relation, fields: Optional[List[str]] + ) -> dict: + """Fetching our own relation data.""" + secret_fields = None + if relation.app: + secret_fields = get_encoded_field(relation, relation.app, REQ_SECRET_FIELDS) + + return self._fetch_relation_data_with_secrets( + self.local_app, + secret_fields if isinstance(secret_fields, list) else None, + relation, + fields, + ) # Public methods -- mandatory overrides @@ -843,7 +996,10 @@ def update_relation_data(self, relation_id: int, fields: Dict[str, str]) -> None """Set values for fields not caring whether it's a secret or not.""" relation = self.get_relation(self.relation_name, relation_id) - relation_secret_fields = get_encoded_field(relation, relation.app, REQ_SECRET_FIELDS) + if relation.app: + relation_secret_fields = get_encoded_field(relation, relation.app, REQ_SECRET_FIELDS) + else: + relation_secret_fields = [] normal_fields = list(fields) if relation_secret_fields and self.secrets_enabled: @@ -1021,22 +1177,6 @@ def is_resource_created(self, relation_id: Optional[int] = None) -> bool: else False ) - def _retrieve_group_secret_contents( - self, - relation_id, - group: SecretGroup, - secret_fields: Optional[Union[Set[str], List[str]]] = None, - ) -> Dict[str, str]: - """Helper function to retrieve collective, requested contents of a secret.""" - if not secret_fields: - secret_fields = [] - - if (secret := self._get_relation_secret(relation_id, group)) and ( - secret_data := secret.get_content() - ): - return {k: v for k, v in secret_data.items() if k in secret_fields} - return {} - # Event handlers def _on_relation_created_event(self, event: RelationCreatedEvent) -> None: @@ -1070,49 +1210,14 @@ def _get_relation_secret( def _fetch_specific_relation_data( self, relation, fields: Optional[List[str]] = None ) -> Dict[str, str]: - if not relation.app: - return {} - - result = {} - - normal_fields = fields - if not normal_fields: - normal_fields = list(relation.data[relation.app].keys()) - - if self.secret_fields and self.secrets_enabled: - if fields: - # Processing from what was requested - normal_fields = set(fields) - set(self.secret_fields) - secret_fields = set(fields) - set(normal_fields) - - secret_fieldnames_grouped = self._group_secret_fields(list(secret_fields)) - - for group in secret_fieldnames_grouped: - if contents := self._retrieve_group_secret_contents( - relation.id, group, secret_fields - ): - result.update(contents) - else: - # If it wasn't found as a secret, let's give it a 2nd chance as "normal" field - normal_fields |= set(secret_fieldnames_grouped[group]) - else: - # Processing from what is given, i.e. retrieving all - normal_fields = [ - f for f in relation.data[relation.app].keys() if not self._is_secret_field(f) - ] - secret_fields = [ - f for f in relation.data[relation.app].keys() if self._is_secret_field(f) - ] - for group in SecretGroup: - result.update( - self._retrieve_group_secret_contents( - relation.id, group, self.secret_fields - ) - ) + """Fetching Requires data -- that may include secrets.""" + return self._fetch_relation_data_with_secrets( + relation.app, self.secret_fields, relation, fields + ) - # Processing "normal" fields. May include leftover from what we couldn't retrieve as a secret. - result.update({k: relation.data[relation.app].get(k) for k in normal_fields}) - return result + def _fetch_my_specific_relation_data(self, relation, fields: Optional[List[str]]) -> dict: + """Fetching our own relation data.""" + return self._fetch_relation_data_without_secrets(self.local_app, relation, fields) # Public methods -- mandatory overrides @@ -1135,18 +1240,6 @@ def update_relation_data(self, relation_id: int, data: dict) -> None: if relation: relation.data[self.local_app].update(data) - # "Native" public methods - - def fetch_relation_field( - self, relation_id: int, field: str, relation_name: Optional[str] = None - ) -> Optional[str]: - """Get a single field from the relation data.""" - return ( - self.fetch_relation_data([relation_id], [field], relation_name) - .get(relation_id, {}) - .get(field) - ) - # General events diff --git a/lib/charms/mongodb/v0/mongodb.py b/lib/charms/mongodb/v0/mongodb.py index 25a65d7c0..1ff8bcc8e 100644 --- a/lib/charms/mongodb/v0/mongodb.py +++ b/lib/charms/mongodb/v0/mongodb.py @@ -308,7 +308,7 @@ def create_role(self, role_name: str, privileges: dict, roles: dict = []): Args: role_name: name of the role to be added. - privileges: privledges to be associated with the role. + privileges: privileges to be associated with the role. roles: List of roles from which this role inherits privileges. """ try: diff --git a/lib/charms/mongodb/v0/mongodb_backups.py b/lib/charms/mongodb/v0/mongodb_backups.py index bd30b8d49..d152beb26 100644 --- a/lib/charms/mongodb/v0/mongodb_backups.py +++ b/lib/charms/mongodb/v0/mongodb_backups.py @@ -505,7 +505,7 @@ def _try_to_restore(self, backup_id: str) -> None: If PBM is resyncing, the function will retry to create backup (up to BACKUP_RESTORE_MAX_ATTEMPTS times) with BACKUP_RESTORE_ATTEMPT_COOLDOWN - time between attepts. + time between attempts. If PMB returen any other error, the function will raise RestoreError. """ @@ -541,7 +541,7 @@ def _try_to_backup(self): If PBM is resyncing, the function will retry to create backup (up to BACKUP_RESTORE_MAX_ATTEMPTS times) - with BACKUP_RESTORE_ATTEMPT_COOLDOWN time between attepts. + with BACKUP_RESTORE_ATTEMPT_COOLDOWN time between attempts. If PMB returen any other error, the function will raise BackupError. """ diff --git a/lib/charms/mongodb/v0/mongodb_provider.py b/lib/charms/mongodb/v0/mongodb_provider.py index 54632e25d..6375a262e 100644 --- a/lib/charms/mongodb/v0/mongodb_provider.py +++ b/lib/charms/mongodb/v0/mongodb_provider.py @@ -86,7 +86,7 @@ def _on_relation_event(self, event): creates or drops MongoDB users and sets credentials into relation data. As a result, related charm gets credentials for accessing the MongoDB database. - """ + """ if not self.charm.unit.is_leader(): return # We shouldn't try to create or update users if the database is not @@ -156,18 +156,14 @@ def oversee_users(self, departed_relation_id: Optional[int], event): # We need to wait for the moment when the provider library # set the database name into the relation. continue - logger.error(">>>>>> Create relation user: %s on %s", config.username, config.database) mongo.create_user(config) self._set_relation(config) - for username in relation_users.intersection(database_users): config = self._get_config(username, None) - logger.error(">>>>>> Update relation user: %s on %s", config.username, config.database) mongo.update_user(config) logger.error("Updating relation data according to diff") self._diff(event) - if not self.charm.model.config["auto-delete"]: return @@ -237,8 +233,7 @@ def update_app_relation_data(self) -> None: relation.id, config.uri, ) - logger.error(">>>>>>>>>>>>>>>>>>>> update_app_relation_data '%s", self) - + def _get_or_set_password(self, relation: Relation) -> str: """Retrieve password from cache or generate a new one. @@ -248,20 +243,12 @@ def _get_or_set_password(self, relation: Relation) -> str: Returns: str: The password. """ - import pdb; pdb.set_trace() - relation_data = self.database_provides.fetch_relation_data( - [relation.id], ["password"], relation.name - ) - logger.error(">>>>>>>>>>>>>>>>>>>> _get_or_set_password '%s', '%s'", relation_data, self) - password = relation_data.get(relation.id, {}).get("password") + password = self.database_provides.fetch_my_relation_field(relation.id, "password") if password: - logger.error(">>>>>>>>>>>>>>>>>>>> _get_or_set_password found password '%s', '%s'", password, self) return password password = generate_password() - logger.error(">>>>>>>>>>>>>>>>>>>> _get_or_set_password generated password '%s', '%s'", password, self) self.database_provides.update_relation_data(relation.id, {"password": password}) return password - def _get_config(self, username: str, password: Optional[str]) -> MongoDBConfiguration: """Construct the config object for future user creation.""" diff --git a/src/charm.py b/src/charm.py index 4501f943a..3e073f79c 100755 --- a/src/charm.py +++ b/src/charm.py @@ -1151,7 +1151,7 @@ def _juju_secret_set(self, scope: Scopes, key: str, value: str) -> str: secret = self.secrets[scope].get(Config.Secrets.SECRET_LABEL) - # It's not the first secret for the scope, we can re-use the existing one + # It's not the first secret for the scope, we can reuse the existing one # that was fetched in the previous call, as fetching secrets from juju is # slow if secret: diff --git a/tests/integration/ha_tests/test_ha.py b/tests/integration/ha_tests/test_ha.py index 13d0d84a2..600f5bafc 100644 --- a/tests/integration/ha_tests/test_ha.py +++ b/tests/integration/ha_tests/test_ha.py @@ -96,7 +96,7 @@ async def test_storage_re_use(ops_test, continuous_writes): app = await helpers.app_name(ops_test) if helpers.storage_type(ops_test, app) == "rootfs": pytest.skip( - "re-use of storage can only be used on deployments with persistent storage not on rootfs deployments" + "reuse of storage can only be used on deployments with persistent storage not on rootfs deployments" ) # removing the only replica can be disastrous @@ -501,7 +501,7 @@ async def test_full_cluster_crash(ops_test: OpsTest, continuous_writes, reset_re ) # This test serves to verify behavior when all replicas are down at the same time that when - # they come back online they operate as expected. This check verifies that we meet the criterea + # they come back online they operate as expected. This check verifies that we meet the criteria # of all replicas being down at the same time. assert await helpers.all_db_processes_down(ops_test), "Not all units down at the same time." @@ -549,7 +549,7 @@ async def test_full_cluster_restart(ops_test: OpsTest, continuous_writes, reset_ ) # This test serves to verify behavior when all replicas are down at the same time that when - # they come back online they operate as expected. This check verifies that we meet the criterea + # they come back online they operate as expected. This check verifies that we meet the criteria # of all replicas being down at the same time. assert await helpers.all_db_processes_down(ops_test), "Not all units down at the same time." diff --git a/tests/integration/relation_tests/new_relations/application-charm/lib/charms/data_platform_libs/v0/data_interfaces.py b/tests/integration/relation_tests/new_relations/application-charm/lib/charms/data_platform_libs/v0/data_interfaces.py index 9fa0021ec..1925c3cb2 100644 --- a/tests/integration/relation_tests/new_relations/application-charm/lib/charms/data_platform_libs/v0/data_interfaces.py +++ b/tests/integration/relation_tests/new_relations/application-charm/lib/charms/data_platform_libs/v0/data_interfaces.py @@ -320,7 +320,7 @@ def _on_topic_requested(self, event: TopicRequestedEvent): # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 18 +LIBPATCH = 19 PYDEPS = ["ops>=2.0.0"] @@ -377,12 +377,19 @@ class SecretsIllegalUpdateError(SecretError): """Secrets aren't yet available for Juju version used.""" -def get_encoded_field(relation, member, field) -> Dict[str, str]: +def get_encoded_field( + relation: Relation, member: Union[Unit, Application], field +) -> Union[str, List[str], Dict[str, str]]: """Retrieve and decode an encoded field from relation data.""" return json.loads(relation.data[member].get(field, "{}")) -def set_encoded_field(relation, member, field, value) -> None: +def set_encoded_field( + relation: Relation, + member: Union[Unit, Application], + field: str, + value: Union[str, list, Dict[str, str]], +) -> None: """Set an encoded field from relation data.""" relation.data[member].update({field: json.dumps(value)}) @@ -400,6 +407,15 @@ def diff(event: RelationChangedEvent, bucket: Union[Unit, Application]) -> Diff: """ # Retrieve the old data from the data key in the application relation databag. old_data = get_encoded_field(event.relation, bucket, "data") + + if not old_data: + old_data = {} + + if not isinstance(old_data, dict): + # We should never get here, added to re-assure pyright + logger.error("Previous databag diff is of a wrong type.") + old_data = {} + # Retrieve the new data from the event relation databag. new_data = ( {key: value for key, value in event.relation.data[event.app].items() if key != "data"} @@ -408,12 +424,16 @@ def diff(event: RelationChangedEvent, bucket: Union[Unit, Application]) -> Diff: ) # These are the keys that were added to the databag and triggered this event. - added = new_data.keys() - old_data.keys() + added = new_data.keys() - old_data.keys() # pyright: ignore [reportGeneralTypeIssues] # These are the keys that were removed from the databag and triggered this event. - deleted = old_data.keys() - new_data.keys() + deleted = old_data.keys() - new_data.keys() # pyright: ignore [reportGeneralTypeIssues] # These are the keys that already existed in the databag, # but had their values changed. - changed = {key for key in old_data.keys() & new_data.keys() if old_data[key] != new_data[key]} + changed = { + key + for key in old_data.keys() & new_data.keys() # pyright: ignore [reportGeneralTypeIssues] + if old_data[key] != new_data[key] # pyright: ignore [reportGeneralTypeIssues] + } # Convert the new_data to a serializable format and save it for a next diff check. set_encoded_field(event.relation, bucket, "data", new_data) @@ -592,6 +612,13 @@ def _fetch_specific_relation_data( """Fetch data available (directily or indirectly -- i.e. secrets) from the relation.""" raise NotImplementedError + @abstractmethod + def _fetch_my_specific_relation_data( + self, relation, fields: Optional[List[str]] + ) -> Dict[str, str]: + """Fetch data available (directily or indirectly -- i.e. secrets) from the relation for owner/this_app.""" + raise NotImplementedError + # Internal helper methods @staticmethod @@ -658,6 +685,22 @@ def _group_secret_fields(secret_fields: List[str]) -> Dict[SecretGroup, List[str secret_fieldnames_grouped.setdefault(SecretGroup.EXTRA, []).append(key) return secret_fieldnames_grouped + def _retrieve_group_secret_contents( + self, + relation_id, + group: SecretGroup, + secret_fields: Optional[Union[Set[str], List[str]]] = None, + ) -> Dict[str, str]: + """Helper function to retrieve collective, requested contents of a secret.""" + if not secret_fields: + secret_fields = [] + + if (secret := self._get_relation_secret(relation_id, group)) and ( + secret_data := secret.get_content() + ): + return {k: v for k, v in secret_data.items() if k in secret_fields} + return {} + @juju_secrets_only def _get_relation_secret_data( self, relation_id: int, group_mapping: SecretGroup, relation_name: Optional[str] = None @@ -667,6 +710,58 @@ def _get_relation_secret_data( if secret: return secret.get_content() + def _fetch_relation_data_without_secrets( + self, app: Application, relation, fields: Optional[List[str]] + ) -> dict: + if fields: + return {k: relation.data[app].get(k) for k in fields} + else: + return relation.data[app] + + def _fetch_relation_data_with_secrets( + self, + app: Application, + req_secret_fields: Optional[List[str]], + relation, + fields: Optional[List[str]] = None, + ) -> Dict[str, str]: + result = {} + + normal_fields = fields + if not normal_fields: + normal_fields = list(relation.data[app].keys()) + + if req_secret_fields and self.secrets_enabled: + if fields: + # Processing from what was requested + normal_fields = set(fields) - set(req_secret_fields) + secret_fields = set(fields) - set(normal_fields) + + secret_fieldnames_grouped = self._group_secret_fields(list(secret_fields)) + + for group in secret_fieldnames_grouped: + if contents := self._retrieve_group_secret_contents( + relation.id, group, secret_fields + ): + result.update(contents) + else: + # If it wasn't found as a secret, let's give it a 2nd chance as "normal" field + normal_fields |= set(secret_fieldnames_grouped[group]) + else: + # Processing from what is given, i.e. retrieving all + normal_fields = [ + f for f in relation.data[app].keys() if not self._is_secret_field(f) + ] + secret_fields = [f for f in relation.data[app].keys() if self._is_secret_field(f)] + for group in SecretGroup: + result.update( + self._retrieve_group_secret_contents(relation.id, group, req_secret_fields) + ) + + # Processing "normal" fields. May include leftover from what we couldn't retrieve as a secret. + result.update({k: relation.data[app].get(k) for k in normal_fields}) + return result + # Public methods def get_relation(self, relation_name, relation_id) -> Relation: @@ -716,6 +811,50 @@ def fetch_relation_data( data[relation.id] = self._fetch_specific_relation_data(relation, fields) return data + def fetch_relation_field( + self, relation_id: int, field: str, relation_name: Optional[str] = None + ) -> Optional[str]: + """Get a single field from the relation data.""" + return ( + self.fetch_relation_data([relation_id], [field], relation_name) + .get(relation_id, {}) + .get(field) + ) + + def fetch_my_relation_data( + self, + relation_ids: Optional[List[int]] = None, + fields: Optional[List[str]] = None, + relation_name: Optional[str] = None, + ): + """Fetch data of the 'owner' (or 'this app') side of the relation.""" + if not relation_name: + relation_name = self.relation_name + + relations = [] + if relation_ids: + relations = [ + self.get_relation(relation_name, relation_id) for relation_id in relation_ids + ] + else: + relations = self.relations + + data = {} + for relation in relations: + if not relation_ids or (relation_ids and relation.id in relation_ids): + data[relation.id] = self._fetch_my_specific_relation_data(relation, fields) + return data + + def fetch_my_relation_field( + self, relation_id: int, field: str, relation_name: Optional[str] = None + ) -> Optional[str]: + """Get a single field from the relation data -- owner side.""" + return ( + self.fetch_my_relation_data([relation_id], [field], relation_name) + .get(relation_id, {}) + .get(field) + ) + # Public methods - mandatory override @abstractmethod @@ -823,18 +962,32 @@ def _get_relation_secret( if secret_uri := relation.data[self.local_app].get(secret_field): return self.secrets.get(label, secret_uri) - def _fetch_specific_relation_data(self, relation, fields: Optional[List[str]]) -> dict: + def _fetch_specific_relation_data( + self, relation: Relation, fields: Optional[List[str]] + ) -> dict: """Fetching relation data for Provides. - NOTE: Since all secret fields are in the Requires side of the databag, we don't need to worry about that + NOTE: Since all secret fields are in the Provides side of the databag, we don't need to worry about that """ if not relation.app: return {} - if fields: - return {k: relation.data[relation.app].get(k) for k in fields} - else: - return relation.data[relation.app] + return self._fetch_relation_data_without_secrets(relation.app, relation, fields) + + def _fetch_my_specific_relation_data( + self, relation: Relation, fields: Optional[List[str]] + ) -> dict: + """Fetching our own relation data.""" + secret_fields = None + if relation.app: + secret_fields = get_encoded_field(relation, relation.app, REQ_SECRET_FIELDS) + + return self._fetch_relation_data_with_secrets( + self.local_app, + secret_fields if isinstance(secret_fields, list) else None, + relation, + fields, + ) # Public methods -- mandatory overrides @@ -843,7 +996,10 @@ def update_relation_data(self, relation_id: int, fields: Dict[str, str]) -> None """Set values for fields not caring whether it's a secret or not.""" relation = self.get_relation(self.relation_name, relation_id) - relation_secret_fields = get_encoded_field(relation, relation.app, REQ_SECRET_FIELDS) + if relation.app: + relation_secret_fields = get_encoded_field(relation, relation.app, REQ_SECRET_FIELDS) + else: + relation_secret_fields = [] normal_fields = list(fields) if relation_secret_fields and self.secrets_enabled: @@ -1021,22 +1177,6 @@ def is_resource_created(self, relation_id: Optional[int] = None) -> bool: else False ) - def _retrieve_group_secret_contents( - self, - relation_id, - group: SecretGroup, - secret_fields: Optional[Union[Set[str], List[str]]] = None, - ) -> Dict[str, str]: - """Helper function to retrieve collective, requested contents of a secret.""" - if not secret_fields: - secret_fields = [] - - if (secret := self._get_relation_secret(relation_id, group)) and ( - secret_data := secret.get_content() - ): - return {k: v for k, v in secret_data.items() if k in secret_fields} - return {} - # Event handlers def _on_relation_created_event(self, event: RelationCreatedEvent) -> None: @@ -1070,49 +1210,14 @@ def _get_relation_secret( def _fetch_specific_relation_data( self, relation, fields: Optional[List[str]] = None ) -> Dict[str, str]: - if not relation.app: - return {} - - result = {} - - normal_fields = fields - if not normal_fields: - normal_fields = list(relation.data[relation.app].keys()) - - if self.secret_fields and self.secrets_enabled: - if fields: - # Processing from what was requested - normal_fields = set(fields) - set(self.secret_fields) - secret_fields = set(fields) - set(normal_fields) - - secret_fieldnames_grouped = self._group_secret_fields(list(secret_fields)) - - for group in secret_fieldnames_grouped: - if contents := self._retrieve_group_secret_contents( - relation.id, group, secret_fields - ): - result.update(contents) - else: - # If it wasn't found as a secret, let's give it a 2nd chance as "normal" field - normal_fields |= set(secret_fieldnames_grouped[group]) - else: - # Processing from what is given, i.e. retrieving all - normal_fields = [ - f for f in relation.data[relation.app].keys() if not self._is_secret_field(f) - ] - secret_fields = [ - f for f in relation.data[relation.app].keys() if self._is_secret_field(f) - ] - for group in SecretGroup: - result.update( - self._retrieve_group_secret_contents( - relation.id, group, self.secret_fields - ) - ) + """Fetching Requires data -- that may include secrets.""" + return self._fetch_relation_data_with_secrets( + relation.app, self.secret_fields, relation, fields + ) - # Processing "normal" fields. May include leftover from what we couldn't retrieve as a secret. - result.update({k: relation.data[relation.app].get(k) for k in normal_fields}) - return result + def _fetch_my_specific_relation_data(self, relation, fields: Optional[List[str]]) -> dict: + """Fetching our own relation data.""" + return self._fetch_relation_data_without_secrets(self.local_app, relation, fields) # Public methods -- mandatory overrides @@ -1135,18 +1240,6 @@ def update_relation_data(self, relation_id: int, data: dict) -> None: if relation: relation.data[self.local_app].update(data) - # "Native" public methods - - def fetch_relation_field( - self, relation_id: int, field: str, relation_name: Optional[str] = None - ) -> Optional[str]: - """Get a single field from the relation data.""" - return ( - self.fetch_relation_data([relation_id], [field], relation_name) - .get(relation_id, {}) - .get(field) - ) - # General events diff --git a/tests/integration/relation_tests/new_relations/helpers.py b/tests/integration/relation_tests/new_relations/helpers.py index cdf0588f7..60212e978 100644 --- a/tests/integration/relation_tests/new_relations/helpers.py +++ b/tests/integration/relation_tests/new_relations/helpers.py @@ -98,8 +98,9 @@ async def verify_application_data( return True + async def get_secret_data(ops_test, secret_uri): secret_unique_id = secret_uri.split("/")[-1] complete_command = f"show-secret {secret_uri} --reveal --format=json" _, stdout, _ = await ops_test.juju(*complete_command.split()) - return json.loads(stdout)[secret_unique_id]["content"]["Data"] \ No newline at end of file + return json.loads(stdout)[secret_unique_id]["content"]["Data"] diff --git a/tests/integration/relation_tests/new_relations/test_charm_relations.py b/tests/integration/relation_tests/new_relations/test_charm_relations.py index 1fda45c1b..23c908a20 100644 --- a/tests/integration/relation_tests/new_relations/test_charm_relations.py +++ b/tests/integration/relation_tests/new_relations/test_charm_relations.py @@ -13,7 +13,11 @@ from tenacity import RetryError from ...ha_tests.helpers import replica_set_primary -from .helpers import get_application_relation_data, get_secret_data, verify_application_data +from .helpers import ( + get_application_relation_data, + get_secret_data, + verify_application_data, +) MEDIAN_REELECTION_TIME = 12 APPLICATION_APP_NAME = "application" @@ -37,42 +41,47 @@ async def test_deploy_charms(ops_test: OpsTest, application_charm, database_char ops_test.model.deploy( application_charm, application_name=APPLICATION_APP_NAME, - num_units=1, + num_units=2, ), ops_test.model.deploy( database_charm, application_name=DATABASE_APP_NAME, - num_units=1, + num_units=2, + ), + ops_test.model.deploy( + database_charm, + application_name=ANOTHER_DATABASE_APP_NAME, ), - # ops_test.model.deploy( - # database_charm, - # application_name=ANOTHER_DATABASE_APP_NAME, - # ), ) await ops_test.model.wait_for_idle(apps=APP_NAMES, status="active", wait_for_at_least_units=1) +async def _get_connection_string(ops_test: OpsTest, app_name, relation_name) -> str: + secret_uri = await get_application_relation_data( + ops_test, app_name, relation_name, "secret-user" + ) + + first_relation_user_data = await get_secret_data(ops_test, secret_uri) + return first_relation_user_data.get("uris") + + @pytest.mark.abort_on_fail async def test_database_relation_with_charm_libraries(ops_test: OpsTest): """Test basic functionality of database relation interface.""" # Relate the charms and wait for them exchanging some connection data. - import pdb; pdb.set_trace() await ops_test.model.add_relation( f"{APPLICATION_APP_NAME}:{FIRST_DATABASE_RELATION_NAME}", DATABASE_APP_NAME ) await ops_test.model.wait_for_idle(apps=APP_NAMES, status="active") - - secret_uri = await get_application_relation_data( - ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME, "secret-user" - ) - first_relation_user_data = await get_secret_data(ops_test, secret_uri) - connection_string = first_relation_user_data.get("uris") + connection_string = await _get_connection_string( + ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME + ) database = await get_application_relation_data( ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME, "database" ) - + client = MongoClient( connection_string, directConnection=False, @@ -169,8 +178,8 @@ async def test_app_relation_metadata_change(ops_test: OpsTest) -> None: ), "Primary is not present in DB endpoints." # test crud operations - connection_string = await get_application_relation_data( - ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME, "uris" + connection_string = await _get_connection_string( + ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME ) database = await get_application_relation_data( ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME, "database" @@ -209,8 +218,8 @@ async def test_app_relation_metadata_change(ops_test: OpsTest) -> None: async def test_user_with_extra_roles(ops_test: OpsTest): """Test superuser actions (ie creating a new user and creating a new database).""" - connection_string = await get_application_relation_data( - ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME, "uris" + connection_string = await _get_connection_string( + ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME ) database = await get_application_relation_data( ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME, "database" @@ -253,15 +262,17 @@ async def test_two_applications_doesnt_share_the_same_relation_data( await ops_test.model.wait_for_idle(apps=all_app_names, status="active") # Assert the two application have different relation (connection) data. - application_connection_string = await get_application_relation_data( - ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME, "uris" + application_connection_string = await _get_connection_string( + ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME ) - another_application_connection_string = await get_application_relation_data( - ops_test, another_application_app_name, FIRST_DATABASE_RELATION_NAME, "uris" + + another_application_connection_string = await _get_connection_string( + ops_test, another_application_app_name, FIRST_DATABASE_RELATION_NAME ) assert application_connection_string != another_application_connection_string +@pytest.mark.skip("Skip") async def test_an_application_can_connect_to_multiple_database_clusters(ops_test: OpsTest): """Test that an application can connect to different clusters of the same database.""" # Relate the application with both database clusters @@ -296,6 +307,7 @@ async def test_an_application_can_connect_to_multiple_database_clusters(ops_test assert application_connection_string != another_application_connection_string +@pytest.mark.skip("Skip") async def test_an_application_can_connect_to_multiple_aliased_database_clusters( ops_test: OpsTest, database_charm ): @@ -345,11 +357,11 @@ async def test_an_application_can_request_multiple_databases(ops_test: OpsTest, await ops_test.model.wait_for_idle(apps=APP_NAMES, status="active") # Get the connection strings to connect to both databases. - first_database_connection_string = await get_application_relation_data( - ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME, "uris" + first_database_connection_string = await _get_connection_string( + ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME ) - second_database_connection_string = await get_application_relation_data( - ops_test, APPLICATION_APP_NAME, SECOND_DATABASE_RELATION_NAME, "uris" + second_database_connection_string = await _get_connection_string( + ops_test, APPLICATION_APP_NAME, SECOND_DATABASE_RELATION_NAME ) # Assert the two application have different relation (connection) data. @@ -359,8 +371,8 @@ async def test_an_application_can_request_multiple_databases(ops_test: OpsTest, async def test_removed_relation_no_longer_has_access(ops_test: OpsTest): """Verify removed applications no longer have access to the database.""" # before removing relation we need its authorisation via connection string - connection_string = await get_application_relation_data( - ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME, "uris" + connection_string = await _get_connection_string( + ops_test, APPLICATION_APP_NAME, FIRST_DATABASE_RELATION_NAME ) await ops_test.model.applications[DATABASE_APP_NAME].remove_relation(