[DPE-2882] Addressing issues 108 and 111

[juditnovak]

• Lib tries to access app databag from non-leader unit · Issue #111 · canonical/data-platform-libs

• Updated secret still at earlier content in observers (that labelled them) · Issue #108 · canonical/data-platform-libs HIGH IMPORTANCE !!!!!!!!!!!!!!!!!!

[juditnovak]

Turns out this is only a bug on the test framework... But --as much as I hate to do this-- I rather do a global safety measure here than disable corresponding, important unittests. (I know this is incorrect.)

I do my best to keep an eye -- and clean this up as the issue is fixed.

(Until than any volunteer is welcome to find a safe workaround to fix broken tests in a way that they return a meaninful, reliable result -- just pls do it fast, as MySQL Router is currently broken on the fix delivered here... ;-) )

[carlcsaposs-canonical]

is the ModelError something else? catching all ModelErrors could be dangerous

[juditnovak]

Great catch, thank you!!!!
I think it's left there by mistake.

[juditnovak]

Just for the reference: no, it's not.
See https://github.com/canonical/data-platform-libs/pull/113/files#r1392489501

[carlcsaposs-canonical]

It might be worth looking at the modelerror message and re-raising the exception if it's not what you expect—I believe modelerror is fairly generic

[juditnovak]

All right I've followed up the thing, and remember now. ModelError comes from another Juju (actually ops) bug ;-)

canonical/operator#1058 / https://bugs.launchpad.net/juju/+bug/2042596

[juditnovak]

Ah, and to explain: the case above is somewhat NOT triggered when w/o refresh. That's why catching and retrying with simple get_content() actually solves the issue.

[juditnovak]

Tested against the following scenario, where local builds (mysql-router-k8s and mysql-test-appare current latest/edge WITH this version of the library):

# Deploy
juju  deploy --trust  ./mysql-router-k8s_ubuntu-22.04-amd64.charm --resource mysql-router-image=ghcr.io/canonical/charmed-mysql@sha256:0f5fe7d7679b1881afde24ecfb9d14a9daade790ec787087aa5d8de1d7b00b21
juju deploy mysql-k8s --channel=8.0/edge
juju deploy --trust ./mysql-test-app_ubuntu-22.04-amd64_ubuntu-20.04-amd64.charm 

# Relate backend and router
juju relate mysql-k8s mysql-router-k8s

# Relate router test-app
juju relate mysql-test-app mysql-router-k8s

# Break backend-router relation
juju remove-relation mysql-router-k8s mysql-k8s

# Restore backnd-router relation
juju relate  mysql-router-k8s mysql-k8s

mysql-test-app continued function with no issues, everyone happy:

Model    Controller          Cloud/Region        Version  SLA          Timestamp
router3  microk8s-localhost  microk8s/localhost  3.1.6    unsupported  11:37:35+01:00

App               Version                  Status  Scale  Charm             Channel   Rev  Address         Exposed  Message
mysql-k8s         8.0.34-0ubuntu0.22.04.1  active      1  mysql-k8s         8.0/edge  110  10.152.183.107  no       
mysql-router-k8s  8.0.34-0ubuntu0.22.04.1  active      1  mysql-router-k8s              0  10.152.183.54   no       
mysql-test-app    0.0.2                    active      1  mysql-test-app                0  10.152.183.200  no       

Unit                 Workload  Agent  Address       Ports  Message
mysql-k8s/0*         active    idle   10.1.244.115         Primary
mysql-router-k8s/0*  active    idle   10.1.244.98          
mysql-test-app/0*    active    idle   10.1.244.116         

Integration provider                 Requirer                             Interface           Type     Message
mysql-k8s:database                   mysql-router-k8s:backend-database    mysql_client        regular  
mysql-k8s:database-peers             mysql-k8s:database-peers             mysql_peers         peer     
mysql-k8s:restart                    mysql-k8s:restart                    rolling_op          peer     
mysql-k8s:upgrade                    mysql-k8s:upgrade                    upgrade             peer     
mysql-router-k8s:database            mysql-test-app:database              mysql_client        regular  
mysql-router-k8s:mysql-router-peers  mysql-router-k8s:mysql-router-peers  mysql_router_peers  peer     
mysql-router-k8s:upgrade-version-a   mysql-router-k8s:upgrade-version-a   upgrade             peer     
mysql-test-app:application-peers     mysql-test-app:application-peers     application-peers   peer     

[carlcsaposs-canonical]

is it safe to call with refresh=True for secret owner?

wondering given

This parameter is only meaningful for secret observers, not owners.

https://ops.readthedocs.io/en/latest/#ops.Secret.get_content

[juditnovak]

With the try-catch is's safe for sure 🤣

Joke aside according to Juju Team it only affects the Harness: https://chat.charmhub.io/charmhub/pl/aekfocgk8tbtfcsda7311uurxe

Gotta confess I didn't verify that -- however with the security measure this PR is safe for sure. I'd confirm if I get a moment.

[carlcsaposs-canonical]

I might be misreading—my understanding of that thread is that a different error is thrown at runtime

I'm not sure exactly what error is raised on a real Juju deployment.

https://chat.charmhub.io/charmhub/pl/js96bnfhiifqtjyhsx9fwksqhe

but I might be missing something

[juditnovak]

All right, you will be right. And the error raised for real was the ModelError.
(Sry, I wrote this code a few days ago, and forgot these details.)
I took ModelError from a real-life failure.

So all in all: I think this is the answer for following https://github.com/canonical/data-platform-libs/pull/113/files#r1391790655

Yes, this way it is safe to use refresh=True -- even for secret owners.
(There are actually a bunch of intergation tests addressing this part of the code.)

[carlcsaposs-canonical]

is the ModelError something else? catching all ModelErrors could be dangerous

[carlcsaposs-canonical]

nit: maybe it should be the other way around? specify which errors are okay, otherwise if error unknown: fail the test

[juditnovak]

You're totally right. I just checked integration test logs -- we don't seem to have fake ones.
I'm addressing this.

[juditnovak]

All right, the previous version of this actually wasn't functional.
The new one is looking at juju logs.

I'm planning to re-view/re-fine this method (not flaky, etc) in my upcoming task next week.
https://warthogs.atlassian.net/browse/DPE-2994

But I think it's a good attempt to ensure we have nothing but "expected" errors

[carlcsaposs-canonical]

while testing, saw one issue with relation breaking
unit-mysql-router-k8s-0: 10:50:30 ERROR unit.mysql-router-k8s/0.juju-log backend-database:6: Non-existing secret was attempted to be removed 8, database

otherwise, looks good!