New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JUJU-1684] Commit secret updates, deletes, access changes at end of hook execution #14500
Conversation
e01db67
to
22dc1c1
Compare
@@ -2718,6 +2720,43 @@ func (u *UniterAPI) commitHookChangesForOneUnit(unitTag names.UnitTag, changes p | |||
modelOps = append(modelOps, modelOp) | |||
} | |||
|
|||
if len(changes.SecretDeletes) > 0 { | |||
result, err := u.SecretsManagerAPI.RemoveSecrets(params.SecretURIArgs{Args: changes.SecretDeletes}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
obviously would be great to get these into the txn
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah. we're getting into 2 phase commit territory if the backend is not juju etc.
i'd like to come back to this when the design has evolved a bit, will leave a todo
22dc1c1
to
cd2eb4c
Compare
/merge |
cd2eb4c
to
a1b81db
Compare
/merge |
a1b81db
to
c0f98ad
Compare
/merge |
c0f98ad
to
84a7858
Compare
/merge |
/merge |
Secret updates, deletes, access changes are cached on the hook context and committed when the hook has finished running.
Creates still need to happen immediately since the returned URI is needed for subsequent operations.
Also fix some unit agent context API calls to use a secret uri not a string.
Checklist
[ ] Integration tests, with comments saying what you're testing[ ] doc.go added or updated in changed packagesQA steps