Skip to content

Commit

Permalink
rename config option to system-users, allow for storing multiple in…
Browse files Browse the repository at this point in the history
…ternal users in the referenced secret
  • Loading branch information
reneradoi committed Dec 10, 2024
1 parent fa8cee1 commit 66bee61
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 15 deletions.
10 changes: 5 additions & 5 deletions config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
# See LICENSE file for licensing details.

options:
admin-password:
system-users:
type: secret
description: |
Configure the admin user's password. The password will be auto-generated
if this option is not set. It is for internal use only and SHOULD NOT
be used by applications. This needs to be a Juju Secret URI pointing
to a secret that contains the following key: `admin-password`.
Configure the internal system user and it's password. The password will
be auto-generated if this option is not set. It is for internal use only
and SHOULD NOT be used by applications. This needs to be a Juju Secret URI pointing
to a secret that contains the following content: `root: <password>`.
4 changes: 2 additions & 2 deletions src/events/etcd.py
Original file line number Diff line number Diff line change
Expand Up @@ -158,13 +158,13 @@ def update_admin_password(self, admin_secret_id: str) -> None:
"""Compare current admin password and update in etcd if required."""
try:
if new_password := get_secret_from_id(self.charm.model, admin_secret_id).get(
INTERNAL_USER_PASSWORD_CONFIG
INTERNAL_USER
):
# only update admin credentials if the password has changed
if new_password != self.charm.state.cluster.internal_user_credentials.get(
INTERNAL_USER
):
logger.debug(f"{INTERNAL_USER_PASSWORD_CONFIG} has changed.")
logger.debug(f"{INTERNAL_USER_PASSWORD_CONFIG} have changed.")
try:
self.charm.cluster_manager.update_credentials(
username=INTERNAL_USER, password=new_password
Expand Down
2 changes: 1 addition & 1 deletion src/literals.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
PEER_PORT = 2380

INTERNAL_USER = "root"
INTERNAL_USER_PASSWORD_CONFIG = "admin-password"
INTERNAL_USER_PASSWORD_CONFIG = "system-users"
SECRETS_APP = ["root-password"]

DebugLevel = Literal["DEBUG", "INFO", "WARNING", "ERROR"]
Expand Down
10 changes: 6 additions & 4 deletions tests/integration/test_charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import pytest
from pytest_operator.plugin import OpsTest

from literals import INTERNAL_USER, PEER_RELATION
from literals import INTERNAL_USER, INTERNAL_USER_PASSWORD_CONFIG, PEER_RELATION

from .helpers import (
APP_NAME,
Expand Down Expand Up @@ -103,12 +103,14 @@ async def test_update_admin_password(ops_test: OpsTest) -> None:
new_password = "some-password"

secret_id = await ops_test.model.add_secret(
name=secret_name, data_args=[f"admin-password={new_password}"]
name=secret_name, data_args=[f"{INTERNAL_USER}={new_password}"]
)
await ops_test.model.grant_secret(secret_name=secret_name, application=APP_NAME)

# update the application config to include the secret
await ops_test.model.applications[APP_NAME].set_config({"admin-password": secret_id})
await ops_test.model.applications[APP_NAME].set_config(
{INTERNAL_USER_PASSWORD_CONFIG: secret_id}
)
await ops_test.model.wait_for_idle(apps=[APP_NAME], status="active", timeout=1000)

# perform read operation with the updated password
Expand All @@ -120,7 +122,7 @@ async def test_update_admin_password(ops_test: OpsTest) -> None:
)

# update the config again and remove the option `admin-password`
await ops_test.model.applications[APP_NAME].reset_config(["admin-password"])
await ops_test.model.applications[APP_NAME].reset_config([INTERNAL_USER_PASSWORD_CONFIG])
await ops_test.model.wait_for_idle(apps=[APP_NAME], status="active", timeout=1000)

# make sure we can still read data with the previously set password
Expand Down
9 changes: 6 additions & 3 deletions tests/unit/test_charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
from ops import testing

from charm import EtcdOperatorCharm
from literals import CLIENT_PORT, INTERNAL_USER, PEER_RELATION
from literals import CLIENT_PORT, INTERNAL_USER, INTERNAL_USER_PASSWORD_CONFIG, PEER_RELATION

METADATA = yaml.safe_load(Path("./metadata.yaml").read_text())
APP_NAME = METADATA["name"]
Expand Down Expand Up @@ -141,15 +141,18 @@ def test_get_leader():


def test_config_changed():
secret_key = "admin-password"
secret_key = "root"
secret_value = "123"
secret_content = {secret_key: secret_value}
secret = ops.testing.Secret(tracked_content=secret_content, remote_grants=APP_NAME)
relation = testing.PeerRelation(id=1, endpoint=PEER_RELATION)

ctx = testing.Context(EtcdOperatorCharm)
state_in = testing.State(
secrets=[secret], config={secret_key: secret.id}, relations={relation}, leader=True
secrets=[secret],
config={INTERNAL_USER_PASSWORD_CONFIG: secret.id},
relations={relation},
leader=True,
)

with patch("subprocess.run"):
Expand Down

0 comments on commit 66bee61

Please sign in to comment.