diff --git a/charms/barbican-k8s/src/charm.py b/charms/barbican-k8s/src/charm.py index 9e18c587..b120f2e4 100755 --- a/charms/barbican-k8s/src/charm.py +++ b/charms/barbican-k8s/src/charm.py @@ -175,7 +175,7 @@ class VaultKvRequiresHandler(sunbeam_rhandlers.RelationHandler): if not unit_credentials: return {} secret = self.model.get_secret(id=unit_credentials) - secret_content = secret.get_content() + secret_content = secret.get_content(refresh=True) return { "kv_mountpoint": self.interface.get_mount(vault_kv_relation), "vault_url": self.interface.get_vault_url(vault_kv_relation), @@ -499,7 +499,7 @@ class BarbicanVaultOperatorCharm(BarbicanOperatorCharm): """Return nonce stored in secret.""" try: secret = self.model.get_secret(label=NONCE_SECRET_LABEL) - return secret.get_content()["nonce"] + return secret.get_content(refresh=True)["nonce"] except ops.SecretNotFoundError: return None diff --git a/charms/cinder-ceph-k8s/src/charm.py b/charms/cinder-ceph-k8s/src/charm.py index 394b957d..ea439802 100755 --- a/charms/cinder-ceph-k8s/src/charm.py +++ b/charms/cinder-ceph-k8s/src/charm.py @@ -367,7 +367,7 @@ class CinderCephOperatorCharm(charm.OSBaseOperatorCharmK8S): rbd_secret_uuid_id = self.peers.get_app_data(self.client_secret_key) if rbd_secret_uuid_id: secret = self.model.get_secret(id=rbd_secret_uuid_id) - secret_data = secret.get_content() + secret_data = secret.get_content(refresh=True) if secret_data.get("key") != ceph_key: secret_data["key"] = ceph_key secret.set_content(secret_data) @@ -396,7 +396,7 @@ class CinderCephOperatorCharm(charm.OSBaseOperatorCharmK8S): rbd_secret_uuid_id = self.peers.get_app_data(self.client_secret_key) if rbd_secret_uuid_id: secret = self.model.get_secret(id=rbd_secret_uuid_id) - secret_data = secret.get_content() + secret_data = secret.get_content(refresh=True) uuid = secret_data["uuid"] return uuid diff --git a/charms/designate-bind-k8s/src/charm.py b/charms/designate-bind-k8s/src/charm.py index f83cbcfe..c1f6a244 100755 --- a/charms/designate-bind-k8s/src/charm.py +++ b/charms/designate-bind-k8s/src/charm.py @@ -158,7 +158,7 @@ class BindRndcProvidesRelationHandler(sunbeam_rhandlers.RelationHandler): rndc_keys_current = {} for name, value in rndc_keys_secret.items(): secret = self.charm.model.get_secret(id=value["secret"]) - key_value = secret.get_content()["secret"] + key_value = secret.get_content(refresh=True)["secret"] name = relation.name + ":" + str(relation.id) + "_" + name rndc_keys_current[name] = value rndc_keys_current[name]["secret"] = key_value diff --git a/charms/designate-k8s/src/charm.py b/charms/designate-k8s/src/charm.py index f059e0a0..96a01f4b 100755 --- a/charms/designate-k8s/src/charm.py +++ b/charms/designate-k8s/src/charm.py @@ -263,7 +263,7 @@ class BindRndcRequiresRelationHandler(sunbeam_rhandlers.RelationHandler): secret = self.charm.model.get_secret( id=rndc_key["secret"], label=RNDC_SECRET_PREFIX + unit_name ) - secret_value = secret.get_content()["secret"] + secret_value = secret.get_content(refresh=True)["secret"] rndc_key["secret"] = secret_value rndc_key["name"] = self.interface.nonce(self._relation) @@ -477,7 +477,7 @@ class DesignateOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm): """Return nonce stored in secret.""" try: secret = self.model.get_secret(label=NONCE_SECRET_LABEL) - return secret.get_content()["nonce"] + return secret.get_content(refresh=True)["nonce"] except ops.SecretNotFoundError: return None diff --git a/charms/heat-k8s/src/charm.py b/charms/heat-k8s/src/charm.py index 730ca4cb..a725e5ad 100755 --- a/charms/heat-k8s/src/charm.py +++ b/charms/heat-k8s/src/charm.py @@ -368,7 +368,9 @@ class HeatOperatorCharm(sunbeam_charm.OSBaseOperatorAPICharm): secret_id = self.leader_get(self.heat_auth_encryption_key) if secret_id: key = self.model.get_secret(id=secret_id) - return key.get_content().get(self.heat_auth_encryption_key) + return key.get_content(refresh=True).get( + self.heat_auth_encryption_key + ) return None diff --git a/charms/keystone-k8s/src/charm.py b/charms/keystone-k8s/src/charm.py index 1454d96f..ad1250e0 100755 --- a/charms/keystone-k8s/src/charm.py +++ b/charms/keystone-k8s/src/charm.py @@ -484,7 +484,9 @@ export OS_AUTH_VERSION=3 try: credentials_id = self._retrieve_or_set_secret(username) credentials = self.model.get_secret(id=credentials_id) - user_password = credentials.get_content().get("password") + user_password = credentials.get_content(refresh=True).get( + "password" + ) except SecretNotFoundError: logger.warning("Secret for {username} not found") @@ -642,7 +644,7 @@ export OS_AUTH_VERSION=3 fernet_secret_id = self.peers.get_app_data("fernet-secret-id") if fernet_secret_id: fernet_secret = self.model.get_secret(id=fernet_secret_id) - keys = fernet_secret.get_content() + keys = fernet_secret.get_content(refresh=True) # Remove the prefix from keys retrieved from juju secrets # startswith can be replaced with removeprefix for python >= 3.9 @@ -668,7 +670,7 @@ export OS_AUTH_VERSION=3 credential_keys_secret = self.model.get_secret( id=credential_keys_secret_id ) - keys = credential_keys_secret.get_content() + keys = credential_keys_secret.get_content(refresh=True) # Remove the prefix from keys retrieved from juju secrets # startswith can be replaced with removeprefix for python >= 3.9 @@ -784,7 +786,7 @@ export OS_AUTH_VERSION=3 logger.info(f"Creating service account with username {username}") self.keystone_manager.create_service_account(username, password) - olduser = event.secret.get_content().get("username") + olduser = event.secret.get_content(refresh=True).get("username") event.secret.set_content( {"username": username, "password": password} ) @@ -1192,7 +1194,7 @@ export OS_AUTH_VERSION=3 add_suffix_to_username=True, ) credentials = self.model.get_secret(id=service_credentials) - credentials = credentials.get_content() + credentials = credentials.get_content(refresh=True) service_username = credentials.get("username") service_password = credentials.get("password") except SecretNotFoundError: @@ -1274,7 +1276,9 @@ export OS_AUTH_VERSION=3 try: credentials_id = self._retrieve_or_set_secret(username, scope) credentials = self.model.get_secret(id=credentials_id) - user_password = credentials.get_content().get("password") + user_password = credentials.get_content(refresh=True).get( + "password" + ) except SecretNotFoundError: logger.warning(f"Secret for {username} not found") @@ -1338,7 +1342,7 @@ export OS_AUTH_VERSION=3 try: credentials_id = self._retrieve_or_set_secret(self.admin_user) credentials = self.model.get_secret(id=credentials_id) - return credentials.get_content().get("password") + return credentials.get_content(refresh=True).get("password") except SecretNotFoundError: logger.warning("Secret for admin credentials not found") @@ -1369,7 +1373,7 @@ export OS_AUTH_VERSION=3 try: credentials_id = self._retrieve_or_set_secret(self.charm_user) credentials = self.model.get_secret(id=credentials_id) - return credentials.get_content().get("password") + return credentials.get_content(refresh=True).get("password") except SecretNotFoundError: logger.warning("Secret for charm credentials not found") @@ -1455,7 +1459,7 @@ export OS_AUTH_VERSION=3 # keys on the unit if necessary. if fernet_secret_id: fernet_secret = self.model.get_secret(id=fernet_secret_id) - keys = fernet_secret.get_content() + keys = fernet_secret.get_content(refresh=True) if keys and keys != existing_keys_: logger.info("Updating Fernet juju secret") fernet_secret.set_content(existing_keys_) @@ -1502,7 +1506,7 @@ export OS_AUTH_VERSION=3 credential_keys_secret = self.model.get_secret( id=credential_keys_secret_id ) - keys = credential_keys_secret.get_content() + keys = credential_keys_secret.get_content(refresh=True) if keys and keys != existing_keys_: logger.info("Updating Credential keys juju secret") credential_keys_secret.set_content(existing_keys_) @@ -1637,9 +1641,9 @@ export OS_AUTH_VERSION=3 if isinstance(value, str) and value.startswith(SECRET_PREFIX): try: credentials = self.model.get_secret(id=value) - op["params"][param] = credentials.get_content().get( - param - ) + op["params"][param] = credentials.get_content( + refresh=True + ).get(param) except (ModelError, SecretNotFoundError) as e: logger.debug( f"Not able to retrieve secret {value}: {str(e)}" diff --git a/charms/openstack-exporter-k8s/src/charm.py b/charms/openstack-exporter-k8s/src/charm.py index e92cb2fb..4ebf72e6 100755 --- a/charms/openstack-exporter-k8s/src/charm.py +++ b/charms/openstack-exporter-k8s/src/charm.py @@ -253,7 +253,7 @@ class OSExporterOperatorCharm(sunbeam_charm.OSBaseOperatorCharmK8S): if not secret_id: return None secret = self.model.get_secret(id=secret_id) - return secret.get_content()["auth-url"] + return secret.get_content(refresh=True)["auth-url"] def open_ports(self): """Register ports in underlying cloud.""" @@ -332,7 +332,7 @@ class OSExporterOperatorCharm(sunbeam_charm.OSBaseOperatorCharmK8S): credentials_id = self.leader_get(label) if credentials_id: secret = self.model.get_secret(id=credentials_id) - content = secret.get_content() + content = secret.get_content(refresh=True) if content[key] != value: content[key] = value secret.set_content(content) diff --git a/charms/tempest-k8s/src/handlers.py b/charms/tempest-k8s/src/handlers.py index db10355b..469cfd0a 100644 --- a/charms/tempest-k8s/src/handlers.py +++ b/charms/tempest-k8s/src/handlers.py @@ -341,7 +341,7 @@ class TempestUserIdentityRelationHandler(sunbeam_rhandlers.RelationHandler): logger.warning("Failed to get openstack credential for tempest.") return None secret = self.model.get_secret(id=credentials_id) - return secret.get_content() + return secret.get_content(refresh=True) def _hash_ops(self, ops: list) -> str: """Hash ops request.""" @@ -355,7 +355,7 @@ class TempestUserIdentityRelationHandler(sunbeam_rhandlers.RelationHandler): # simply return the id if credentials_id: secret = self.model.get_secret(id=credentials_id) - content = secret.get_content() + content = secret.get_content(refresh=True) if "password" in content: return credentials_id @@ -376,9 +376,9 @@ class TempestUserIdentityRelationHandler(sunbeam_rhandlers.RelationHandler): # update secret if credential_id exists if credential_id: secret = self.model.get_secret(id=credential_id) - content = secret.get_content() + content = secret.get_content(refresh=True) content.update(entries) - if content != secret.get_content(): + if content != secret.get_content(refresh=True): secret.set_content(content) return credential_id @@ -404,7 +404,7 @@ class TempestUserIdentityRelationHandler(sunbeam_rhandlers.RelationHandler): """Set up openstack resource ops.""" credential_id = self._ensure_credential() credential_secret = self.model.get_secret(id=credential_id) - content = credential_secret.get_content() + content = credential_secret.get_content(refresh=True) username = content.get("username") password = content.get("password") setup_ops = [ @@ -472,7 +472,7 @@ class TempestUserIdentityRelationHandler(sunbeam_rhandlers.RelationHandler): """Tear down openstack resource ops.""" credential_id = self._ensure_credential() credential_secret = self.model.get_secret(id=credential_id) - content = credential_secret.get_content() + content = credential_secret.get_content(refresh=True) username = content.get("username") teardown_ops = [ { diff --git a/libs/internal/lib/charms/cinder_ceph_k8s/v0/ceph_access.py b/libs/internal/lib/charms/cinder_ceph_k8s/v0/ceph_access.py index 53534305..cb1da925 100644 --- a/libs/internal/lib/charms/cinder_ceph_k8s/v0/ceph_access.py +++ b/libs/internal/lib/charms/cinder_ceph_k8s/v0/ceph_access.py @@ -62,7 +62,7 @@ LIBAPI = 0 # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 1 +LIBPATCH = 2 import logging from typing import Optional @@ -183,7 +183,7 @@ class CephAccessRequires(Object): secret = self._retrieve_secret() if not secret: return {} - return secret.get_content() + return secret.get_content(refresh=True) @property def ready(self) -> bool: diff --git a/libs/internal/lib/charms/keystone_k8s/v0/identity_credentials.py b/libs/internal/lib/charms/keystone_k8s/v0/identity_credentials.py index e3f4565d..c65b8ee8 100644 --- a/libs/internal/lib/charms/keystone_k8s/v0/identity_credentials.py +++ b/libs/internal/lib/charms/keystone_k8s/v0/identity_credentials.py @@ -97,7 +97,7 @@ LIBAPI = 0 # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 3 +LIBPATCH = 4 logger = logging.getLogger(__name__) @@ -233,7 +233,7 @@ class IdentityCredentialsRequires(Object): try: credentials = self.charm.model.get_secret(id=credentials_id) - return credentials.get_content().get("username") + return credentials.get_content(refresh=True).get("username") except SecretNotFoundError: logger.warning(f"Secret {credentials_id} not found") return None @@ -246,7 +246,7 @@ class IdentityCredentialsRequires(Object): try: credentials = self.charm.model.get_secret(id=credentials_id) - return credentials.get_content().get("password") + return credentials.get_content(refresh=True).get("password") except SecretNotFoundError: logger.warning(f"Secret {credentials_id} not found") return None diff --git a/libs/internal/lib/charms/keystone_k8s/v1/identity_service.py b/libs/internal/lib/charms/keystone_k8s/v1/identity_service.py index 2e60008b..69e82b57 100644 --- a/libs/internal/lib/charms/keystone_k8s/v1/identity_service.py +++ b/libs/internal/lib/charms/keystone_k8s/v1/identity_service.py @@ -100,7 +100,7 @@ LIBAPI = 1 # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 2 +LIBPATCH = 3 logger = logging.getLogger(__name__) @@ -290,7 +290,7 @@ class IdentityServiceRequires(Object): try: credentials = self.charm.model.get_secret(id=credentials_id) - return credentials.get_content().get("password") + return credentials.get_content(refresh=True).get("password") except SecretNotFoundError: logger.warning(f"Secret {credentials_id} not found") return None @@ -324,7 +324,7 @@ class IdentityServiceRequires(Object): try: credentials = self.charm.model.get_secret(id=credentials_id) - return credentials.get_content().get("username") + return credentials.get_content(refresh=True).get("username") except SecretNotFoundError: logger.warning(f"Secret {credentials_id} not found") return None diff --git a/ops-sunbeam/ops_sunbeam/relation_handlers.py b/ops-sunbeam/ops_sunbeam/relation_handlers.py index 7f63adad..3577c4cb 100644 --- a/ops-sunbeam/ops_sunbeam/relation_handlers.py +++ b/ops-sunbeam/ops_sunbeam/relation_handlers.py @@ -354,7 +354,7 @@ class DBHandler(RelationHandler): database_name = self.database_name database_host = data["endpoints"] user_secret = self.model.get_secret(id=data["secret-user"]) - secret_data = user_secret.get_content() + secret_data = user_secret.get_content(refresh=True) database_user = secret_data["username"] database_password = secret_data["password"] database_type = "mysql+pymysql" @@ -925,7 +925,9 @@ class TlsCertificatesHandler(RelationHandler): id=private_key_secret_id ) self._private_key = ( - private_key_secret.get_content().get("private-key").encode() + private_key_secret.get_content(refresh=True) + .get("private-key") + .encode() ) return @@ -1505,7 +1507,7 @@ class UserIdentityResourceRequiresHandler(RelationHandler): def _get_credentials(self) -> Tuple[str, str]: credentials_id = self._ensure_credentials() secret = self.model.get_secret(id=credentials_id) - content = secret.get_content() + content = secret.get_content(refresh=True) return content["username"], content["password"] def get_config_credentials(self) -> Optional[Tuple[str, str]]: @@ -1514,7 +1516,7 @@ class UserIdentityResourceRequiresHandler(RelationHandler): if not credentials_id: return None secret = self.model.get_secret(id=credentials_id) - content = secret.get_content() + content = secret.get_content(refresh=True) return content["username"], content["password"] def _update_config_credentials(self) -> bool: @@ -1533,7 +1535,7 @@ class UserIdentityResourceRequiresHandler(RelationHandler): return True secret = self.model.get_secret(id=credentials_id) - old_content = secret.get_content() + old_content = secret.get_content(refresh=True) if old_content != content: secret.set_content(content) return True