diff --git a/src/charm.py b/src/charm.py index 23745ff75..b3cf0fb0c 100755 --- a/src/charm.py +++ b/src/charm.py @@ -277,6 +277,12 @@ def get_secret(self, scope: Scopes, key: str) -> Optional[str]: return None secret_key = self._translate_field_to_secret_key(key) + # Old translation in databag is to be taken + if key != secret_key and ( + result := self.peer_relation_data(scope).fetch_my_relation_field(peers.id, key) + ): + return result + return self.peer_relation_data(scope).get_secret(peers.id, secret_key) def set_secret(self, scope: Scopes, key: str, value: Optional[str]) -> Optional[str]: @@ -289,6 +295,11 @@ def set_secret(self, scope: Scopes, key: str, value: Optional[str]) -> Optional[ peers = self.model.get_relation(PEER_RELATION_NAME) secret_key = self._translate_field_to_secret_key(key) + # Old translation in databag is to be deleted + if key != secret_key and self.peer_relation_data(scope).fetch_my_relation_field( + peers.id, key + ): + self.peer_relation_data(scope).delete_relation_data(peers.id, [key]) self.peer_relation_data(scope).set_secret(peers.id, secret_key, value) def remove_secret(self, scope: Scopes, key: str) -> None: diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py index 91777cf79..acbcaec57 100644 --- a/tests/unit/test_charm.py +++ b/tests/unit/test_charm.py @@ -674,27 +674,27 @@ def test_delete_existing_password_secrets(self, _): in self._caplog.text ) - # @parameterized.expand([("app", True), ("unit", True), ("unit", False)]) - # @patch_network_get(private_address="1.1.1.1") - # @patch("charm.JujuVersion.has_secrets", new_callable=PropertyMock, return_value=True) - # def test_migration_from_databag(self, scope, is_leader, _, __): - # """Check if we're moving on to use secrets when live upgrade from databag to Secrets usage.""" - # # App has to be leader, unit can be either - # with self.harness.hooks_disabled(): - # self.harness.set_leader(is_leader) - # - # # Getting current password - # entity = getattr(self.charm, scope) - # self.harness.update_relation_data(self.rel_id, entity.name, {"monitoring_password": "bla"}) - # assert self.harness.charm.get_secret(scope, "monitoring_password") == "bla" - # - # # Reset new secret - # self.harness.charm.set_secret(scope, "monitoring-password", "blablabla") - # assert self.harness.charm.model.get_secret(label=f"{PEER_RELATION_NAME}.pgbouncer.{scope}") - # assert self.harness.charm.get_secret(scope, "monitoring-password") == "blablabla" - # assert "monitoring-password" not in self.harness.get_relation_data( - # self.rel_id, getattr(self.charm, scope).name - # ) + @parameterized.expand([("app", True), ("unit", True), ("unit", False)]) + @patch_network_get(private_address="1.1.1.1") + @patch("charm.JujuVersion.has_secrets", new_callable=PropertyMock, return_value=True) + def test_migration_from_databag(self, scope, is_leader, _, __): + """Check if we're moving on to use secrets when live upgrade from databag to Secrets usage.""" + # App has to be leader, unit can be either + with self.harness.hooks_disabled(): + self.harness.set_leader(is_leader) + + # Getting current password + entity = getattr(self.charm, scope) + self.harness.update_relation_data(self.rel_id, entity.name, {"monitoring_password": "bla"}) + assert self.harness.charm.get_secret(scope, "monitoring_password") == "bla" + + # Reset new secret + self.harness.charm.set_secret(scope, "monitoring-password", "blablabla") + assert self.harness.charm.model.get_secret(label=f"{PEER_RELATION_NAME}.pgbouncer.{scope}") + assert self.harness.charm.get_secret(scope, "monitoring-password") == "blablabla" + assert "monitoring-password" not in self.harness.get_relation_data( + self.rel_id, getattr(self.charm, scope).name + ) @parameterized.expand([("app", True), ("unit", True), ("unit", False)]) @patch_network_get(private_address="1.1.1.1")