Databag support

src/charm.py

@@ -277,6 +277,12 @@ def get_secret(self, scope: Scopes, key: str) -> Optional[str]:
             return None
 
         secret_key = self._translate_field_to_secret_key(key)
+        # Old translation in databag is to be taken
+        if key != secret_key and (
+            result := self.peer_relation_data(scope).fetch_my_relation_field(peers.id, key)
+        ):
+            return result
+
         return self.peer_relation_data(scope).get_secret(peers.id, secret_key)
 
     def set_secret(self, scope: Scopes, key: str, value: Optional[str]) -> Optional[str]:
@@ -289,6 +295,11 @@ def set_secret(self, scope: Scopes, key: str, value: Optional[str]) -> Optional[
 
         peers = self.model.get_relation(PEER_RELATION_NAME)
         secret_key = self._translate_field_to_secret_key(key)
+        # Old translation in databag is to be deleted
+        if key != secret_key and self.peer_relation_data(scope).fetch_my_relation_field(
+            peers.id, key
+        ):
+            self.peer_relation_data(scope).delete_relation_data(peers.id, [key])
         self.peer_relation_data(scope).set_secret(peers.id, secret_key, value)
 
     def remove_secret(self, scope: Scopes, key: str) -> None:

tests/unit/test_charm.py

@@ -674,27 +674,27 @@ def test_delete_existing_password_secrets(self, _):
                 in self._caplog.text
             )
 
-    # @parameterized.expand([("app", True), ("unit", True), ("unit", False)])
-    # @patch_network_get(private_address="1.1.1.1")
-    # @patch("charm.JujuVersion.has_secrets", new_callable=PropertyMock, return_value=True)
-    # def test_migration_from_databag(self, scope, is_leader, _, __):
-    #     """Check if we're moving on to use secrets when live upgrade from databag to Secrets usage."""
-    #     # App has to be leader, unit can be either
-    #     with self.harness.hooks_disabled():
-    #         self.harness.set_leader(is_leader)
-    #
-    #     # Getting current password
-    #     entity = getattr(self.charm, scope)
-    #     self.harness.update_relation_data(self.rel_id, entity.name, {"monitoring_password": "bla"})
-    #     assert self.harness.charm.get_secret(scope, "monitoring_password") == "bla"
-    #
-    #     # Reset new secret
-    #     self.harness.charm.set_secret(scope, "monitoring-password", "blablabla")
-    #     assert self.harness.charm.model.get_secret(label=f"{PEER_RELATION_NAME}.pgbouncer.{scope}")
-    #     assert self.harness.charm.get_secret(scope, "monitoring-password") == "blablabla"
-    #     assert "monitoring-password" not in self.harness.get_relation_data(
-    #         self.rel_id, getattr(self.charm, scope).name
-    #     )
+    @parameterized.expand([("app", True), ("unit", True), ("unit", False)])
+    @patch_network_get(private_address="1.1.1.1")
+    @patch("charm.JujuVersion.has_secrets", new_callable=PropertyMock, return_value=True)
+    def test_migration_from_databag(self, scope, is_leader, _, __):
+        """Check if we're moving on to use secrets when live upgrade from databag to Secrets usage."""
+        # App has to be leader, unit can be either
+        with self.harness.hooks_disabled():
+            self.harness.set_leader(is_leader)
+
+        # Getting current password
+        entity = getattr(self.charm, scope)
+        self.harness.update_relation_data(self.rel_id, entity.name, {"monitoring_password": "bla"})
+        assert self.harness.charm.get_secret(scope, "monitoring_password") == "bla"
+
+        # Reset new secret
+        self.harness.charm.set_secret(scope, "monitoring-password", "blablabla")
+        assert self.harness.charm.model.get_secret(label=f"{PEER_RELATION_NAME}.pgbouncer.{scope}")
+        assert self.harness.charm.get_secret(scope, "monitoring-password") == "blablabla"
+        assert "monitoring-password" not in self.harness.get_relation_data(
+            self.rel_id, getattr(self.charm, scope).name
+        )
 
     @parameterized.expand([("app", True), ("unit", True), ("unit", False)])
     @patch_network_get(private_address="1.1.1.1")