-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DPE-2882] Addressing issues 108 and 111 #113
Conversation
c74c664
to
b390723
Compare
092d18f
to
5732814
Compare
try: | ||
self._secret_content = self.meta.get_content(refresh=True) | ||
except (ValueError, ModelError): | ||
# Due to: ValueError: Secret owner cannot use refresh=True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Turns out this is only a bug on the test framework... But --as much as I hate to do this-- I rather do a global safety measure here than disable corresponding, important unittests. (I know this is incorrect.)
I do my best to keep an eye -- and clean this up as the issue is fixed.
(Until than any volunteer is welcome to find a safe workaround to fix broken tests in a way that they return a meaninful, reliable result -- just pls do it fast, as MySQL Router is currently broken on the fix delivered here... ;-) )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is the ModelError
something else? catching all ModelErrors
could be dangerous
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great catch, thank you!!!!
I think it's left there by mistake.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just for the reference: no, it's not.
See https://github.com/canonical/data-platform-libs/pull/113/files#r1392489501
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be worth looking at the modelerror message and re-raising the exception if it's not what you expect—I believe modelerror is fairly generic
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All right I've followed up the thing, and remember now. ModelError
comes from another Juju (actually ops
) bug ;-)
canonical/operator#1058 / https://bugs.launchpad.net/juju/+bug/2042596
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, and to explain: the case above is somewhat NOT triggered when w/o refresh
. That's why catching and retrying with simple get_content()
actually solves the issue.
Tested against the following scenario, where local builds (
|
@@ -526,7 +526,11 @@ def get_content(self) -> Dict[str, str]: | |||
"""Getting cached secret content.""" | |||
if not self._secret_content: | |||
if self.meta: | |||
self._secret_content = self.meta.get_content() | |||
try: | |||
self._secret_content = self.meta.get_content(refresh=True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it safe to call with refresh=True for secret owner?
wondering given
This parameter is only meaningful for secret observers, not owners.
https://ops.readthedocs.io/en/latest/#ops.Secret.get_content
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the try-catch is's safe for sure 🤣
Joke aside according to Juju Team it only affects the Harness
: https://chat.charmhub.io/charmhub/pl/aekfocgk8tbtfcsda7311uurxe
Gotta confess I didn't verify that -- however with the security measure this PR is safe for sure. I'd confirm if I get a moment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might be misreading—my understanding of that thread is that a different error is thrown at runtime
I'm not sure exactly what error is raised on a real Juju deployment.
https://chat.charmhub.io/charmhub/pl/js96bnfhiifqtjyhsx9fwksqhe
but I might be missing something
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All right, you will be right. And the error raised for real was the ModelError
.
(Sry, I wrote this code a few days ago, and forgot these details.)
I took ModelError
from a real-life failure.
So all in all: I think this is the answer for following https://github.com/canonical/data-platform-libs/pull/113/files#r1391790655
Yes, this way it is safe to use refresh=True
-- even for secret owners.
(There are actually a bunch of intergation tests addressing this part of the code.)
try: | ||
self._secret_content = self.meta.get_content(refresh=True) | ||
except (ValueError, ModelError): | ||
# Due to: ValueError: Secret owner cannot use refresh=True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is the ModelError
something else? catching all ModelErrors
could be dangerous
|
||
@pytest.fixture(autouse=True) | ||
async def without_errors(caplog): | ||
"""This fixture is to list all those errors that mustn't occur during execution.""" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: maybe it should be the other way around? specify which errors are okay, otherwise if error unknown: fail the test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're totally right. I just checked integration test logs -- we don't seem to have fake ones.
I'm addressing this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All right, the previous version of this actually wasn't functional.
The new one is looking at juju logs.
I'm planning to re-view/re-fine this method (not flaky, etc) in my upcoming task next week.
https://warthogs.atlassian.net/browse/DPE-2994
But I think it's a good attempt to ensure we have nothing but "expected" errors
07f5bb4
to
d2c2655
Compare
d2c2655
to
560d868
Compare
560d868
to
55e88c1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
while testing, saw one issue with relation breaking
unit-mysql-router-k8s-0: 10:50:30 ERROR unit.mysql-router-k8s/0.juju-log backend-database:6: Non-existing secret was attempted to be removed 8, database
otherwise, looks good!
Lib tries to access app databag from non-leader unit · Issue #111 · canonical/data-platform-libs
Updated secret still at earlier content in observers (that labelled them) · Issue #108 · canonical/data-platform-libs HIGH IMPORTANCE !!!!!!!!!!!!!!!!!!