Skip to content

Commit

Permalink
Save the secret URI ID not the schema.
Browse files Browse the repository at this point in the history
When interacting with secrets, most do not know there is a schema
associated with it. To ensure we don't get mismatches between the two
types with terraform doing a string comparision, only save the ID. The
risk is with the Access Secret resource where we cannot guarentee how
the secret id is provided. Related docs will be updated to be more
clear.
  • Loading branch information
hmlanigan committed Apr 22, 2024
1 parent 6c744a8 commit d8a8f72
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
8 changes: 6 additions & 2 deletions internal/juju/secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,8 +130,12 @@ func (c *secretsClient) CreateSecret(input *CreateSecretInput) (CreateSecretOutp
if err != nil {
return CreateSecretOutput{}, typedError(err)
}
secretURI, err := coresecrets.ParseURI(secretId)
if err != nil {
return CreateSecretOutput{}, typedError(err)
}
return CreateSecretOutput{
SecretId: secretId,
SecretId: secretURI.ID,
}, nil
}

Expand Down Expand Up @@ -181,7 +185,7 @@ func (c *secretsClient) ReadSecret(input *ReadSecretInput) (ReadSecretOutput, er
applications := getApplicationsFromAccessInfo(results[0].Access)

return ReadSecretOutput{
SecretId: results[0].Metadata.URI.String(),
SecretId: results[0].Metadata.URI.ID,
Name: results[0].Metadata.Label,
Value: decodedValue,
Applications: applications,
Expand Down
10 changes: 8 additions & 2 deletions internal/juju/secrets_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,12 @@ func (s *SecretSuite) TestCreateSecret() {
decodedValue := map[string]string{"key": "value"}
encodedValue := map[string]string{"key": base64.StdEncoding.EncodeToString([]byte("value"))}

secretId := "secret:9m4e2mr0ui3e8a215n4g"
secretURI, err := coresecrets.ParseURI(secretId)
s.Require().NoError(err)
s.mockSecretClient.EXPECT().CreateSecret(
"test-secret", "test info", encodedValue,
).Return("secret-id", nil).AnyTimes()
).Return(secretURI.ID, nil).AnyTimes()

client := s.getSecretsClient()
output, err := client.CreateSecret(&CreateSecretInput{
Expand All @@ -65,7 +68,7 @@ func (s *SecretSuite) TestCreateSecret() {
s.Require().NoError(err)

s.Assert().NotNil(output)
s.Assert().Equal("secret-id", output.SecretId)
s.Assert().Equal(secretURI.ID, output.SecretId)
}

func (s *SecretSuite) TestCreateSecretError() {
Expand Down Expand Up @@ -114,6 +117,7 @@ func (s *SecretSuite) TestReadSecret() {
).Return([]apisecrets.SecretDetails{
{
Metadata: coresecrets.SecretMetadata{
URI: secretURI,
Version: 1,
},
Revisions: []coresecrets.SecretRevisionMetadata{
Expand Down Expand Up @@ -204,6 +208,7 @@ func (s *SecretSuite) TestUpdateSecretWithRenaming() {
).Return([]apisecrets.SecretDetails{
{
Metadata: coresecrets.SecretMetadata{
URI: secretURI,
Version: 1,
},
Revisions: []coresecrets.SecretRevisionMetadata{
Expand Down Expand Up @@ -259,6 +264,7 @@ func (s *SecretSuite) TestUpdateSecret() {
).Return([]apisecrets.SecretDetails{
{
Metadata: coresecrets.SecretMetadata{
URI: secretURI,
Version: 1,
Description: secretInfo,
},
Expand Down

0 comments on commit d8a8f72

Please sign in to comment.