[DPE-8395] Remove old revision of secret #1195
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
marceloneppel
added
the
not bug or enhancement
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1195 +/- ##
==========================================
- Coverage 75.76% 75.73% -0.04%
==========================================
Files 16 16
Lines 4163 4170 +7
Branches 629 629
==========================================
+ Hits 3154 3158 +4
- Misses 789 792 +3
Partials 220 220 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
…ision Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
jameinel
reviewed
Oct 4, 2025
| return self._unit_ip | ||
|
|
||
| def _on_secret_remove(self, event: SecretRemoveEvent) -> None: | ||
| event.remove_revision() |
There was a problem hiding this comment.
When I was testing an implementation like this with my own charms, I ran into an issue with juju 3.6.9. We have a bugfix prepared that should make this implementation ok, but we might want to be defensive in how we write our charm.
juju/juju#20796 is the bug fix and
juju/juju#20794 is the issue.
Specifically, the issue is that older versions of juju, when a secret is fully-removed, will trigger secret-remove with the old revisions of the secret. However, that secret no longer exists, so that will cause the hook to fail, because it tries to delete something that doesn't exist.
I do see that you have some code to try and handle some of that:
def remove(self, label: str) -> None:
"""Remove a secret from the cache."""
if secret := self.get(label):
try:
secret.remove()
self._secrets.pop(label)
except (SecretsUnavailableError, KeyError):
pass
else:
return
logging.debug("Non-existing Juju Secret was attempted to be removed %s", label)
However, in my testing, because Juju tries to make the removal of a secret revision transaction consistent, it doesn't actually do anything until the hook completes, at which point, the charm has no way of resolving it (hence the above bug).
The fix that I did in my test charm was:
val=`secret-get $JUJU_SECRET_ID`
if [ -n "$val" ] ; then
secret-remove --revision $JUJU_SECRET_REVISION $JUJU_SECRET_ID;
else
juju-log -l WARNING secret $JUJU_SECRET_ID already deleted;
fi
I'm not a huge fan of the workaround. (Not least of which, it means that your application now becomes an observer of the charm content, so it will also get secret-changed events. I suppose you might be able to use --peek? I'm not sure if that sets you as an observer.)
src/upgrade.py
Outdated
| "--revision", | ||
| str(revision), | ||
| secret_id, | ||
| ] |
There was a problem hiding this comment.
This also won't work.
I tested this with just manually running hooks, and juju "queues up" a single revision to be removed. So if you just do:
juju exec --unit u/0 -- secret-remove --revision 1 $secret; secret-remove --revision 2 $secretThen juju will only remove revision 2.
There was a problem hiding this comment.
I filed a bug about this behavior:
juju/juju#20805
and a PR to fix it:
juju/juju#20806
I don't know how you would work around this fact for existing versions of juju, as without the PR, you can only delete 1 revision per hook event.
There was a problem hiding this comment.
I noticed a different behaviour between the approach you commented about and the one that uses /usr/bin/juju-exec u/0 -- secret-remove --revision 1 $secret; /usr/bin/juju-exec u/0 -- secret-remove --revision 2 $secret from inside the unit SSH or ops hook context.
The latter approach "queues up" all the revisions to be removed.
There was a problem hiding this comment.
I removed this upgrade logic on fec93f2 after syncing with @taurus-forever and agreeing that it's safer not to have it in the charm.
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
This reverts commit 0e29e0e. Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
This reverts commit 0e23c96. Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
dragomirp
approved these changes
Oct 7, 2025
Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
|
@taurus-forever, I removed the upgrade logic on fec93f2 and tested the remaining workaround in the
It's working on all of them (the revisions are correctly removed, and no error happens when a secret is removed entirely, and the charm runs the |
taurus-forever
approved these changes
Oct 8, 2025
There was a problem hiding this comment.
@dragomirp let's merge this to deploy PS6 and see the real production behavior in the test model for 14/edge. Tnx!
Also, @jameinel is not reachable till the end of the week, so assuming his comments have been addressed in full in the latest commits. John, please share your ACK/NACK once you are reachable.
For the history: due to the stable release time pressure and the list of Juju issues with secrets removal, we are NOT going to remove ALL old secrets on charm refresh (at least for now), as the code there was risky longterm. Therefor this PR removes the PREVIOUS revision only (once new secret revision has been applied). It will stop secrets grow.
However, manually cleanup will be necessary from Juju controller for all old revision. It will be necessary once only.
|
Fixed for 14/edge (merged) and porting to PG16 VM and PG K8s 14+16 (and PGB). P.S. See the last messages: |
marceloneppel
changed the title
This was referenced Oct 8, 2025
2 tasks
marceloneppel
added a commit
that referenced
this pull request
Oct 13, 2025
This reverts commit 27c5225. Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
taurus-forever
pushed a commit
that referenced
this pull request
Oct 13, 2025
dragomirp
added a commit
that referenced
this pull request
Oct 16, 2025
* [MISC] Use latest/stable lxd (#804) * Use latest stable lxd * Test tweaks * Test tweaks * Update canonical/data-platform-workflows action to v31.0.1 (#805) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-6874] Poll all members in the cluster topology script (#810) * Poll all members in the cluster topology script * Dual branch config * Unit tests and bugfixes * Add peers when starting the observer * Retry sync up checks * [DPE-6572] Add wal_keep_size config option (#799) * Add wal_keep_size config option Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Remove parameter addition Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Reset durability_wal_keep_size value to PG default Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Create pull_request_template.md (#814) * Create SECURITY.md (#822) * Update README file's security section (#827) * Refactor headings for syntax best practice * Update the Security section * Sync docs from Discourse (#796) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * [MISC] Conditional checksum calculation (#812) * Bump boto * Conditional checksum calculation * [DPE-6218] Static code analysis (#828) * Create tiobe_scan.yaml * Remove push trigger * [MISC] Disable landscape subordinate test lxd (#831) * Set series for ubuntu-advantage test and disable the landscape test * Revert to LTS LXD * Update charmcraft.yaml build tools (#815) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Update snapped PostgreSQL (#832) * [DPE-6345] LDAP I: Create access groups (#823) * [DPE-6345] LDAP II: Include charm libs (#824) * [DPE-6345] LDAP III: Define config and handlers (#825) * [DPE-6345] LDAP IV: Define snap service (#838) * [DPE-6345] LDAP V: Define mapping option (#849) * [MISC] Disable network cut tests on arm (#844) * Disable network cut tests on arm * Back to LXD 5 * [DPE-6815] disable pgaudit during extensions changes (#842) * disable pgaudit during extensions changes * Bump libs * Lock file maintenance Python dependencies (main) (#816) * Lock file maintenance Python dependencies * Fix linting --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> * Update dependency uv to v0.6.16 (#847) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-6664] Make username mandatory in set-password (#846) * Make username mandatory * Second get password method * Default in get-password * Add conditional expose directive (#853) * Lock file maintenance Python dependencies (#854) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Mandatory scope for promote action (#856) * Update charmcraft.yaml build tools (#860) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Lock file maintenance Python dependencies (#861) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Sync docs from Discourse (#850) Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * [MISC] Extend relation-user listing syntax (#868) * Sync libs (#884) * Remove runner password (#913) * [DPE-6898] User->databases pg_hba rules (#885) * Restrict each user to their allowed databases Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Fix unit tests Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Fix sync users on replicas Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Fix unit test Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Add default landscape user permission Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Increase sleep time in pg_hba test, fix user->database mapping for upgrade from stable and skip event trigger function code when not a superuser Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Improve users list check Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Fix raft reinitialisation in tests Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Decrease the amount of API calls by one Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Check users list directly Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Tweak test fast interval Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Improvements to avoid replica restart while syncing from primary Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Fix linting Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Update charmcraft.yaml build tools (#871) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Remove JujuVersion warning in 14/edge (#933) * Remove JujuVersion warning * Update libs * Refactor v14 documentation for Sphinx (#919) * initial starter pack transfer * update conf.py * import processed discourse pages * fix internal references and some broken URLs * fix some style errors * organize navigation * remove h1 heading anchors * add images to repository * edit home page * update .readthedocs.yaml * remove docs/requirements.txt from .gitignore scope * fix incorrect paths * remove shell syntax from code blocks * remove juju 2 banners * fix dropdown formatting * fix and polish admonitions, collapsible, and misc formatting * remove v16 docs * remove reference to nonexistant page * Join all tutorial pages * rename how-to-guides to how-to * polish cloud deployment guides and rename leftover how-to-guide references * polish and sync how-to guides with k8s * remove discourse sync workflow * specify channel on all deploy commands * misc polishing, add version to side nav * add pg 16 admonitions * ignore docs folder in charm workflows * sync misc. pages with k8s * Minor README update with new documentation link * add new section to CLI-helpers reference * pin commit for v16 tag on markdown lint workflow for added security * Update README.md * remove sphinx python dependency check workflow * Update index.md: add link to roles.md (#928) --------- Co-authored-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> Co-authored-by: Alex Lutay <1928266+taurus-forever@users.noreply.github.com> * [DPE-7511] Fix the auth username pattern (#941) * Fix auth username pattern Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Fix another ocurrence of the pattern Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Update PG to 14.18 (#943) * [DPE-7521] Fix HBA rules for Landscape related through PgBouncer (#946) * Fix HBA rules for Landscape related through PgBouncer Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Update comment Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Order users and databases Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Add unit test for relations_user_databases_map property Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Fix typo Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * DPE-6662 Fix pgbackrest logs names on logs rotation (#939) (#949) The pgBackRest activity (backup creation, stanza initialisation, etc) could take minutes, as a result every minute logs rotation could move the current log A.log to A.log_$date.log and will be moved further as logrorate rule operates all *.log files in the folder: > /var/snap/charmed-postgresql/common/var/log/pgbackrest/*.log { ... It results in: -rw------- 1 postgres postgres 0 Feb 18 09:25 all-server.log -rw------- 1 postgres postgres 0 Feb 18 09:19 all-server.log-20250218_09:18.log -rw------- 1 postgres postgres 0 Feb 18 09:20 all-server.log-20250218_09:18.log-20250218_09:19.log -rw------- 1 postgres postgres 0 Feb 18 09:21 all-server.log-20250218_09:18.log-20250218_09:19.log-20250218_09:20.log -rw------- 1 postgres postgres 0 Feb 18 09:22 all-server.log-20250218_09:18.log-20250218_09:19.log-20250218_09:20.log-20250218_09:21.log -rw------- 1 postgres postgres 0 Feb 18 09:23 all-server.log-20250218_09:18.log-20250218_09:19.log-20250218_09:20.log-20250218_09:21.log-20250218_09:22.log -rw------- 1 postgres postgres 1793 Feb 18 09:24 all-server.log-20250218_09:18.log-20250218_09:19.log-20250218_09:20.log-20250218_09:21.log-20250218_09:22.log-20250218_09:23.log The poposed fix: * move the log file to the new name without .log suffix. * use datetime format matching MySQL charms Example: -rw------- 1 postgres postgres 12 Feb 18 09:28 all-server.log -rw------- 1 postgres postgres 322 Feb 18 09:29 all-server.log-20250218_0918 -rw------- 1 postgres postgres 7344 Feb 18 09:30 all-server.log-20250218_0918 (cherry picked from commit ffa77b2) * Update Python dependencies (#904) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v31.1.1 (#872) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Add redirects for all charmhub pages (14) (#961) * feat: add rediraffe sphinx extension and discourse redirects for each page * convert tabs to single space * fix: minor style issues in README.md and CONTRIBUTING.md * comment out old redirect extension to avoid confusion * Update dependency requests to v2.32.4 [SECURITY] (#956) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Backport #959 to 14/edge (#963) * Lock file maintenance Python dependencies (#874) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * fix: add forward slash to redirect paths (#964) * fix typo (#965) * Update dependency uv to v0.7.13 (#951) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Rename team (#972) * [MISC] Check is_user_in_hba output (#973) * Check is_user_in_hba output * Drop extra parameter * Update canonical/data-platform-workflows action to v32 (main) (#873) * Update canonical/data-platform-workflows action to v32 * Update libs and release flow --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> * Lock file maintenance Python dependencies (#976) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.7.14 (#995) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Lock file maintenance Python dependencies (#996) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [MISC] Don't restart during initial sync (#1000) * Don't restart during initial sync * Catch relations map exceptions * Lock file maintenance Python dependencies (#1011) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-7549] Add compression and restore max-process (#1009) * Add compression and restore max-process * Update libs * typo: "chances" to "changes" (#1018) * remove markdown linter action (#1028) * Fix automatic doc checks (#1006) * Fix spellcheck * Fix some broken URLs * fix remaining broken urls * add missing backticks to toctrees * small spellcheck fix * DPE-7723: Update releases.md: fix arch for revs 429/430 (#1046) ## Issue https://canonical-charmed-postgresql.readthedocs-hosted.com/14/reference/releases/ says rev 430 is amd64 rev 429 is arm64 This is wrong: ``` juju download postgresql --revision 429 unp ./postgresql_r429.charm -d ./r429 grep amd ./r429/manifest.yaml - amd64 ``` ## Solution Update docs with proper pinning. Fixes: #1045 * [DPE-6259] pgbackrest config perms (#1038) * Remove read access to pgbackrest conf file * Update libs * Set extra user roles config for the test app * Fix data-int base * Set channel and series in ne rel tests * Fix MicroStack links (#1063) * [DPE-7594] Sync up pg_hba changes and remove trigger (#1070) * Port user hash * Blocking test app * Update canonical/data-platform-workflows action to v32.2.1 (#1065) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Lock file maintenance Python dependencies (#1020) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Migrate config .github/renovate.json5 (#1074) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update charmcraft.yaml build tools (#1010) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-7871] Reorder map logic (#1075) * Reorder map logic Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Remove unneeded check Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * [DPE-7594] Add custom users to pg_hba filter (#1073) * Add custom users to pg_hba filter * Fix unit test * Tests for async replication.py (#1033) * def test_can_promote_cluster(): * test_handle_database_start * _on_async_relation_changed * test_on_secret_changed first if * change a lit bit * add tests for stop database function * still need some upgrades * add this * add learning * test__configure_primary_cluster * clean up * we don't need import application * start test__on_async_relation_departed * format * done test__on_async_relation_departed * test_on_async_relation_joined * test_on_create_replication * test_promote_to_primary * add test * test_wait_for_standby_leader * formatize * formatize 2.0 * test_get_partner_addresses * test_handle_replication_change * test_handle_forceful_promotion * add tests * test_on_async_relation_broken * formatize * finishing * need some help * date * add aplications * format * promote_standby_cluster is none * add unit name --------- Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> * Lock file maintenance Python dependencies (#1077) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Add SNAP revisions to Releases page (#1086) * Add SNAP revisions to Releases page For end-users, it is hard to find the proper/expected SNAP revison for the specific Charm revision in Git. This should simplify it. * fix broken URLs --------- Co-authored-by: andreia <andreia.velasco@canonical.com> * Update canonical/data-platform-workflows action to v32.2.2 (#1088) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update GitHub actions to v5 (#1090) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Lock file maintenance Python dependencies (#1091) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update charmcraft.yaml build tools (#1089) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.8.12 (#1103) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * DPE-7968 Bump snap revision (remove python3-boto3 for CVE-2023-37920) (#1109) * Lock file maintenance Python dependencies (#1104) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update canonical/data-platform-workflows action to v32.2.3 (#1102) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update Charmhub home page (14) (#1110) * Update metadata.yaml * Update VM terminology * Lock file maintenance Python dependencies (#1121) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency uv to v0.8.13 (#1119) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update charm libs (#1127) * Update canonical/data-platform-workflows action to v35 (#1120) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Enable ceph test on arm (#1129) Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Update dependency uv to v0.8.14 (#1130) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Don't block if the snap cannot be installed (#1136) * Lock file maintenance Python dependencies (#1131) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Add back raft encryption check (#1146) * DPE-8299 Bump disk cleanup timeout 1=>10 (#1148) * [DPE-8005] Handle empty region (#1157) * Handle empty region * Handle invalid stanza name * DPE-8296 Bump PostgreSQL to 14.19 (#1147) * Lock file maintenance Python dependencies (#1143) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * DPE-8296 Downgrade promote.yaml to _promote_charm.yaml@v31.1.1 (#1161) D-p-w v32+ requires refresh v3 versioning, otherwise: https://github.com/canonical/postgresql-operator/actions/runs/17777132580 > Invalid workflow file: .github/workflows/promote.yaml#L28 > error parsing called workflow ".github/workflows/promote.yaml" -> > "canonical/data-platform-workflows/.github/workflows/_promote_charm.yaml@v35.0.2": > failed to fetch workflow: workflow was not found. * Remove reinits (#1168) * [MISC] Config hash (#1166) * Use Patroni API for is_restart_pending * Cached props * Magic sleep and legacy rel names * Hash config value and restart only on change * Tweaks * Legacy interface fix * Fix legacy test * Increase idle period * Wrong username * Remove copypasta * Update versions and release documentation (14) (#1158) * Refactor charm version explanation pages * refactor releases reference pages * Move all legacy information to legacy charm page * Add feature lists back to modern charm versions page * fix broken references * [MISC] Fix smoke test (#1184) * Volume tests * Manually deploying * [DPE-8337] Disable Patroni config to prevent possible data loss (#1173) * DPE-8337 Disable Patroni config to prevent possible dataloose Disable Patroni config options explecitely: remove_data_directory_on_rewind_failure and remove_data_directory_on_diverged_timelines. P.S. they are disabled by default in Patroni. * DPE-8337 Fix integration tests * Force set the rewind config --------- Co-authored-by: Dragomir Penev <dragomir.penev@canonical.com> * Lock file maintenance Python dependencies (#1176) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * [DPE-8430][DPE-8427] Mute error message to debug and creation of access roles (#1186) * Mute error message to debug * Create access roles * Move setup of access roles to upgrade granted * Try to use mnt for storage * Skip disk cleanup * Update charmcraft.yaml build tools (#1142) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * DPE-8470 Bump snap for Patroni to 3.3.8 (#1197) * [MISC] Set strict sync mode (#1196) * Set strict sync mode * Try bootstrapping with false strict mode * Move increase writes check * Try to cleanup only if the test didn't fail * Add checks for strict mode * Revert "Add checks for strict mode" This reverts commit 85b7f61. * Try using env to detect test failure * Remove redundant arg * Try stopping instead of cleaning * Only set strict mode if there are multiple active units * Check sync units as well * Update dependency ops to v3 (#1019) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Lock file maintenance Python dependencies (#1203) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * DPE-8395 Remove old revision of Juju Secret (#1195) * Remove old revision of secret Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Remove secrets' old revision on upgrade Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Remove all previous secret revisions Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Handle juju/juju#20782 Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Revert "Handle juju/juju#20782" This reverts commit 0e29e0e. Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Reapply "Handle juju/juju#20782" This reverts commit 0e23c96. Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Handle juju/juju#20794 Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Consider all secrets created by the charm Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Check for secrets support Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * Remove upgrade logic Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> * DPE-8470 Temporary revert to Ops 2 (#1208) Issue: Some tests start failing ops v3 (especially self-healing). It requires investigation, but 14/stable is long waited for PS6 fixes. Solution: Temporary reverting ops to previous version 2 to release the next 14/stable * Revert self healing 3 --------- Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com> Co-authored-by: Andreia <andreia.velasco@canonical.com> Co-authored-by: Vladimir Izmalkov <48120135+izmalk@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Sinclert Pérez <sinclert.perez@canonical.com> Co-authored-by: swetha1654 <swetha.swaminathan@canonical.com> Co-authored-by: Alex Lutay <1928266+taurus-forever@users.noreply.github.com> Co-authored-by: Mykola Marzhan <303592+delgod@users.noreply.github.com> Co-authored-by: Tushar <30565750+tushar5526@users.noreply.github.com> Co-authored-by: Gere_X <52193900+Gere321123@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
The charm does not remove the old revisions of a secret after updating it.
Solution
Implement the handler for the
secret-removeevent. juju/juju#20794 is taken into account.Implement the removal of the charm secrets' old revision in the upgrade logic. It's possible that not all the old revisions will be removed in an environment due to juju/juju#20782. For example, if the latest revision of a secret is 10 and there is an old one with the revision number equal to 1, that old revision won't be removed because its number is the prefix of the latest one.
Fixes #1180.
Checklist