diff --git a/charms/jimm-k8s/lib/charms/openfga_k8s/v0/openfga.py b/charms/jimm-k8s/lib/charms/openfga_k8s/v0/openfga.py index f72189656..8160715ce 100644 --- a/charms/jimm-k8s/lib/charms/openfga_k8s/v0/openfga.py +++ b/charms/jimm-k8s/lib/charms/openfga_k8s/v0/openfga.py @@ -49,6 +49,11 @@ def _on_openfga_store_created(self, event: OpenFGAStoreCreateEvent): logger.info("address {}".format(event.address)) logger.info("port {}".format(event.port)) logger.info("scheme {}".format(event.scheme)) + + if event.token_secret_id: + secret = self.model.get_secret(id=event.token_secret_id) + content = secret.get_content() + # and get the token with content["token"] ``` """ @@ -71,7 +76,7 @@ def _on_openfga_store_created(self, event: OpenFGAStoreCreateEvent): # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 2 +LIBPATCH = 3 logger = logging.getLogger(__name__) @@ -86,8 +91,8 @@ def store_id(self): return self.relation.data[self.relation.app].get("store_id") @property - def token(self): - return self.relation.data[self.relation.app].get("token") + def token_secret_id(self): + return self.relation.data[self.relation.app].get("token_secret_id") @property def address(self): @@ -149,5 +154,7 @@ def _on_relation_changed(self, event: RelationChangedEvent): """Handle the relation-changed event.""" if self.model.unit.is_leader(): self.on.openfga_store_created.emit( - event.relation, app=event.app, unit=event.unit + event.relation, + app=event.app, + unit=event.unit, ) diff --git a/charms/jimm/lib/charms/openfga_k8s/v0/openfga.py b/charms/jimm/lib/charms/openfga_k8s/v0/openfga.py index f72189656..8160715ce 100644 --- a/charms/jimm/lib/charms/openfga_k8s/v0/openfga.py +++ b/charms/jimm/lib/charms/openfga_k8s/v0/openfga.py @@ -49,6 +49,11 @@ def _on_openfga_store_created(self, event: OpenFGAStoreCreateEvent): logger.info("address {}".format(event.address)) logger.info("port {}".format(event.port)) logger.info("scheme {}".format(event.scheme)) + + if event.token_secret_id: + secret = self.model.get_secret(id=event.token_secret_id) + content = secret.get_content() + # and get the token with content["token"] ``` """ @@ -71,7 +76,7 @@ def _on_openfga_store_created(self, event: OpenFGAStoreCreateEvent): # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 2 +LIBPATCH = 3 logger = logging.getLogger(__name__) @@ -86,8 +91,8 @@ def store_id(self): return self.relation.data[self.relation.app].get("store_id") @property - def token(self): - return self.relation.data[self.relation.app].get("token") + def token_secret_id(self): + return self.relation.data[self.relation.app].get("token_secret_id") @property def address(self): @@ -149,5 +154,7 @@ def _on_relation_changed(self, event: RelationChangedEvent): """Handle the relation-changed event.""" if self.model.unit.is_leader(): self.on.openfga_store_created.emit( - event.relation, app=event.app, unit=event.unit + event.relation, + app=event.app, + unit=event.unit, ) diff --git a/charms/jimm/requirements.txt b/charms/jimm/requirements.txt index 653a0cc68..222ed3a3d 100644 --- a/charms/jimm/requirements.txt +++ b/charms/jimm/requirements.txt @@ -1,6 +1,6 @@ markupsafe>=2.0.1 Jinja2 >= 2.11.3 -ops >= 1.4.0 +ops >= 2.0.0 charmhelpers >= 0.20.22 hvac >= 0.11.0 pydantic diff --git a/charms/jimm/src/charm.py b/charms/jimm/src/charm.py index 9ad61d981..09d11d981 100755 --- a/charms/jimm/src/charm.py +++ b/charms/jimm/src/charm.py @@ -409,15 +409,16 @@ def _on_openfga_store_created(self, event: OpenFGAStoreCreateEvent): if not event.store_id: return - # secret = self.model.get_secret(id=event.token_secret_id) - # secret_content = secret.get_content() + logger.error("token secret {}".format(event.token_secret_id)) + secret = self.model.get_secret(id=event.token_secret_id) + secret_content = secret.get_content() args = { "openfga_host": event.address, "openfga_port": event.port, "openfga_scheme": event.scheme, "openfga_store": event.store_id, - "openfga_token": event.token, # secret_content["token"], + "openfga_token": secret_content["token"], } with open(self._env_filename("openfga"), "wt") as f: diff --git a/charms/jimm/tests/test_charm.py b/charms/jimm/tests/test_charm.py index ea8d82123..3598cf129 100644 --- a/charms/jimm/tests/test_charm.py +++ b/charms/jimm/tests/test_charm.py @@ -534,12 +534,15 @@ def test_openfga_relation_changed(self): id = self.harness.add_relation("openfga", "openfga") self.harness.add_relation_unit(id, "openfga/0") + ofga = self.harness.model.get_app("openfga") + secret = ofga.add_secret({"token": "test-secret-token"}) + self.harness.update_relation_data( id, "openfga", { "store_id": "test-store", - "token": "test-token", + "token_secret_id": secret.id, "address": "test-address", "port": "8080", "scheme": "http", @@ -556,7 +559,7 @@ def test_openfga_relation_changed(self): self.assertEqual(lines[1].strip(), "OPENFGA_PORT=8080") self.assertEqual(lines[2].strip(), "OPENFGA_SCHEME=http") self.assertEqual(lines[3].strip(), "OPENFGA_STORE=test-store") - self.assertEqual(lines[4].strip(), "OPENFGA_TOKEN=test-token") + self.assertEqual(lines[4].strip(), "OPENFGA_TOKEN=test-secret-token") class VersionHTTPRequestHandler(BaseHTTPRequestHandler):