[DPE-2646] - POC Rotate password

CONTRIBUTING.md

@@ -70,7 +70,7 @@ Testing high availability on a production cluster can be done with:
 tox run -e ha-integration -- --model=<model_name>
 ```
 
-Note if you'd like to test storage re-use in ha-testing, your storage must not be of the type `rootfs`. `rootfs` storage is tied to the machine lifecycle and does not stick around after unit removal. `rootfs` storage is used by default with `tox run -e ha-integration`. To test ha-testing for storage re-use: 
+Note if you'd like to test storage reuse in ha-testing, your storage must not be of the type `rootfs`. `rootfs` storage is tied to the machine lifecycle and does not stick around after unit removal. `rootfs` storage is used by default with `tox run -e ha-integration`. To test ha-testing for storage reuse: 
 ```shell
 juju create-storage-pool mongodb-ebs ebs volume-type=standard # create a storage pool
 juju deploy ./*charm --storage mongodb=mongodb-ebs,7G,1 # deploy 1 or more units of application with said storage pool

lib/charms/mongodb/v0/mongodb.py

@@ -308,7 +308,7 @@ def create_role(self, role_name: str, privileges: dict, roles: dict = []):
 
         Args:
             role_name: name of the role to be added.
-            privileges: privledges to be associated with the role.
+            privileges: privileges to be associated with the role.
             roles: List of roles from which this role inherits privileges.
         """
         try:

lib/charms/mongodb/v0/mongodb_backups.py

@@ -505,7 +505,7 @@ def _try_to_restore(self, backup_id: str) -> None:
 
         If PBM is resyncing, the function will retry to create backup
         (up to  BACKUP_RESTORE_MAX_ATTEMPTS times) with BACKUP_RESTORE_ATTEMPT_COOLDOWN
-        time between attepts.
+        time between attempts.
 
         If PMB returen any other error, the function will raise RestoreError.
         """
@@ -541,7 +541,7 @@ def _try_to_backup(self):
 
         If PBM is resyncing, the function will retry to create backup
         (up to BACKUP_RESTORE_MAX_ATTEMPTS times)
-        with BACKUP_RESTORE_ATTEMPT_COOLDOWN time between attepts.
+        with BACKUP_RESTORE_ATTEMPT_COOLDOWN time between attempts.
 
         If PMB returen any other error, the function will raise BackupError.
         """

lib/charms/mongodb/v0/shards_interface.py

@@ -85,7 +85,11 @@ def _on_relation_joined(self, event):
         )
 
         # TODO Future PR, add shard to config server
-        # TODO Follow up PR, handle rotating passwords
+
+    def update_credentials(self, key: str, value: str) -> None:
+        """Sends new credentials, for a key value pair across all shards."""
+        for relation in self.charm.model.relations[self.relation_name]:
+            self._update_relation_data(relation.id, {key: value})
 
     def _update_relation_data(self, relation_id: int, data: dict) -> None:
         """Updates a set of key-value pairs in the relation.

src/charm.py

@@ -575,19 +575,8 @@ def _on_get_password(self, event: ActionEvent) -> None:
 
     def _on_set_password(self, event: ActionEvent) -> None:
         """Set the password for the admin user."""
-        if self.is_role(Config.Role.SHARD):
-            event.fail("Cannot set password on shard, please set password on config-server.")
-            return
-
-        # changing the backup password while a backup/restore is in progress can be disastrous
-        pbm_status = self.backups._get_pbm_status()
-        if isinstance(pbm_status, MaintenanceStatus):
-            event.fail("Cannot change password while a backup/restore is in progress.")
-            return
-
-        # only leader can write the new password into peer relation.
-        if not self.unit.is_leader():
-            event.fail("The action can be run only on leader unit.")
+        # check conditions for setting the password and fail if necessary
+        if not self.pass_pre_set_password_checks(event):
             return
 
         username = self._get_user_or_fail_event(
@@ -615,6 +604,14 @@ def _on_set_password(self, event: ActionEvent) -> None:
         if username == MonitorUser.get_username():
             self._connect_mongodb_exporter()
 
+        # rotate password to shards
+        # TODO in the future support rotating passwords of pbm across shards
+        if username == OperatorUser.get_username():
+            self.shard_relations.update_credentials(
+                MongoDBUser.get_password_key_name_for_user(username),
+                new_password,
+            )
+
         event.set_results(
             {Config.Actions.PASSWORD_PARAM_NAME: new_password, "secret-id": secret_id}
         )
@@ -782,6 +779,25 @@ def _get_user_or_fail_event(self, event: ActionEvent, default_username: str) ->
             return
         return username
 
+    def pass_pre_set_password_checks(self, event: ActionEvent) -> bool:
+        """Checks conditions for setting the password and fail if necessary."""
+        if self.is_role(Config.Role.SHARD):
+            event.fail("Cannot set password on shard, please set password on config-server.")
+            return
+
+        # changing the backup password while a backup/restore is in progress can be disastrous
+        pbm_status = self.backups._get_pbm_status()
+        if isinstance(pbm_status, MaintenanceStatus):
+            event.fail("Cannot change password while a backup/restore is in progress.")
+            return
+
+        # only leader can write the new password into peer relation.
+        if not self.unit.is_leader():
+            event.fail("The action can be run only on leader unit.")
+            return
+
+        return True
+
     def _check_or_set_user_password(self, user: MongoDBUser) -> None:
         key = user.get_password_key_name()
         if not self.get_secret(APP_SCOPE, key):
@@ -1242,7 +1258,7 @@ def _juju_secret_set(self, scope: Scopes, key: str, value: str) -> str:
 
         secret = self.secrets[scope].get(Config.Secrets.SECRET_LABEL)
 
-        # It's not the first secret for the scope, we can re-use the existing one
+        # It's not the first secret for the scope, we can reuse the existing one
         # that was fetched in the previous call, as fetching secrets from juju is
         # slow
         if secret:

tests/integration/ha_tests/test_ha.py

@@ -96,7 +96,7 @@ async def test_storage_re_use(ops_test, continuous_writes):
     app = await helpers.app_name(ops_test)
     if helpers.storage_type(ops_test, app) == "rootfs":
         pytest.skip(
-            "re-use of storage can only be used on deployments with persistent storage not on rootfs deployments"
+            "reuse of storage can only be used on deployments with persistent storage not on rootfs deployments"
         )
 
     # removing the only replica can be disastrous
@@ -117,7 +117,7 @@ async def test_storage_re_use(ops_test, continuous_writes):
 
     assert await helpers.reused_storage(
         ops_test, new_unit.public_address, removal_time
-    ), "attached storage not properly re-used by MongoDB."
+    ), "attached storage not properly reused by MongoDB."
 
     # verify that the no writes were skipped
     total_expected_writes = await helpers.stop_continous_writes(ops_test)
@@ -501,7 +501,7 @@ async def test_full_cluster_crash(ops_test: OpsTest, continuous_writes, reset_re
     )
 
     # This test serves to verify behavior when all replicas are down at the same time that when
-    # they come back online they operate as expected. This check verifies that we meet the criterea
+    # they come back online they operate as expected. This check verifies that we meet the criteria
     # of all replicas being down at the same time.
     assert await helpers.all_db_processes_down(ops_test), "Not all units down at the same time."
 
@@ -549,7 +549,7 @@ async def test_full_cluster_restart(ops_test: OpsTest, continuous_writes, reset_
     )
 
     # This test serves to verify behavior when all replicas are down at the same time that when
-    # they come back online they operate as expected. This check verifies that we meet the criterea
+    # they come back online they operate as expected. This check verifies that we meet the criteria
     # of all replicas being down at the same time.
     assert await helpers.all_db_processes_down(ops_test), "Not all units down at the same time."