diff --git a/config.yaml b/config.yaml index ed0af3b..410c612 100644 --- a/config.yaml +++ b/config.yaml @@ -2,10 +2,10 @@ # See LICENSE file for licensing details. options: - admin-password: + system-users: type: secret description: | - Configure the admin user's password. The password will be auto-generated - if this option is not set. It is for internal use only and SHOULD NOT - be used by applications. This needs to be a Juju Secret URI pointing - to a secret that contains the following key: `admin-password`. \ No newline at end of file + Configure the internal system user and it's password. The password will + be auto-generated if this option is not set. It is for internal use only + and SHOULD NOT be used by applications. This needs to be a Juju Secret URI pointing + to a secret that contains the following content: `root: `. \ No newline at end of file diff --git a/src/events/etcd.py b/src/events/etcd.py index 6126b33..ed5fe5e 100644 --- a/src/events/etcd.py +++ b/src/events/etcd.py @@ -158,13 +158,13 @@ def update_admin_password(self, admin_secret_id: str) -> None: """Compare current admin password and update in etcd if required.""" try: if new_password := get_secret_from_id(self.charm.model, admin_secret_id).get( - INTERNAL_USER_PASSWORD_CONFIG + INTERNAL_USER ): # only update admin credentials if the password has changed if new_password != self.charm.state.cluster.internal_user_credentials.get( INTERNAL_USER ): - logger.debug(f"{INTERNAL_USER_PASSWORD_CONFIG} has changed.") + logger.debug(f"{INTERNAL_USER_PASSWORD_CONFIG} have changed.") try: self.charm.cluster_manager.update_credentials( username=INTERNAL_USER, password=new_password diff --git a/src/literals.py b/src/literals.py index 385ccfc..270a843 100644 --- a/src/literals.py +++ b/src/literals.py @@ -22,7 +22,7 @@ PEER_PORT = 2380 INTERNAL_USER = "root" -INTERNAL_USER_PASSWORD_CONFIG = "admin-password" +INTERNAL_USER_PASSWORD_CONFIG = "system-users" SECRETS_APP = ["root-password"] DebugLevel = Literal["DEBUG", "INFO", "WARNING", "ERROR"] diff --git a/tests/integration/test_charm.py b/tests/integration/test_charm.py index 453604e..4f5db4c 100644 --- a/tests/integration/test_charm.py +++ b/tests/integration/test_charm.py @@ -7,7 +7,7 @@ import pytest from pytest_operator.plugin import OpsTest -from literals import INTERNAL_USER, PEER_RELATION +from literals import INTERNAL_USER, INTERNAL_USER_PASSWORD_CONFIG, PEER_RELATION from .helpers import ( APP_NAME, @@ -103,12 +103,14 @@ async def test_update_admin_password(ops_test: OpsTest) -> None: new_password = "some-password" secret_id = await ops_test.model.add_secret( - name=secret_name, data_args=[f"admin-password={new_password}"] + name=secret_name, data_args=[f"{INTERNAL_USER}={new_password}"] ) await ops_test.model.grant_secret(secret_name=secret_name, application=APP_NAME) # update the application config to include the secret - await ops_test.model.applications[APP_NAME].set_config({"admin-password": secret_id}) + await ops_test.model.applications[APP_NAME].set_config( + {INTERNAL_USER_PASSWORD_CONFIG: secret_id} + ) await ops_test.model.wait_for_idle(apps=[APP_NAME], status="active", timeout=1000) # perform read operation with the updated password @@ -120,7 +122,7 @@ async def test_update_admin_password(ops_test: OpsTest) -> None: ) # update the config again and remove the option `admin-password` - await ops_test.model.applications[APP_NAME].reset_config(["admin-password"]) + await ops_test.model.applications[APP_NAME].reset_config([INTERNAL_USER_PASSWORD_CONFIG]) await ops_test.model.wait_for_idle(apps=[APP_NAME], status="active", timeout=1000) # make sure we can still read data with the previously set password diff --git a/tests/unit/test_charm.py b/tests/unit/test_charm.py index 7eb7927..76be2d6 100644 --- a/tests/unit/test_charm.py +++ b/tests/unit/test_charm.py @@ -11,7 +11,7 @@ from ops import testing from charm import EtcdOperatorCharm -from literals import CLIENT_PORT, INTERNAL_USER, PEER_RELATION +from literals import CLIENT_PORT, INTERNAL_USER, INTERNAL_USER_PASSWORD_CONFIG, PEER_RELATION METADATA = yaml.safe_load(Path("./metadata.yaml").read_text()) APP_NAME = METADATA["name"] @@ -141,7 +141,7 @@ def test_get_leader(): def test_config_changed(): - secret_key = "admin-password" + secret_key = "root" secret_value = "123" secret_content = {secret_key: secret_value} secret = ops.testing.Secret(tracked_content=secret_content, remote_grants=APP_NAME) @@ -149,7 +149,10 @@ def test_config_changed(): ctx = testing.Context(EtcdOperatorCharm) state_in = testing.State( - secrets=[secret], config={secret_key: secret.id}, relations={relation}, leader=True + secrets=[secret], + config={INTERNAL_USER_PASSWORD_CONFIG: secret.id}, + relations={relation}, + leader=True, ) with patch("subprocess.run"):