Merge pull request #23 from canonical/reduce-secrets

Reduce secrets in configuration to 1

Author: lvoytek

charmcraft.yaml

@@ -76,15 +76,10 @@ config:
         This user must be a member of ~git-ubuntu-import.
       default: "git-ubuntu-bot"
       type: string
-    lpuser_ssh_key:
+    lpuser_secret_id:
       description: |
-        An ssh private key that matches with a public key associated with the
-        lpuser account on Launchpad.
-      type: secret
-    lpuser_lp_key:
-      description: |
-        A Launchpad keyring entry that allows launchpadlib access, associated
-        with the lpuser account on Launchpad.
+        The secret ID for a vault containing the Launchpad user's lp key token
+        and SSH private key.
       type: secret
     publish:
       description: |

src/charm.py

@@ -100,9 +100,9 @@ def _num_workers(self) -> int:
     @property
     def _lpuser_ssh_key(self) -> str | None:
         try:
-            secret_id = str(self.config["lpuser_ssh_key"])
-            ssh_key_secret = self.model.get_secret(id=secret_id)
-            ssh_key_data = ssh_key_secret.get_content().get("sshkey")
+            secret_id = str(self.config["lpuser_secret_id"])
+            lpuser_secret = self.model.get_secret(id=secret_id)
+            ssh_key_data = lpuser_secret.get_content().get("sshkey")
 
             if ssh_key_data is not None:
                 return str(ssh_key_data)
@@ -115,9 +115,9 @@ def _lpuser_ssh_key(self) -> str | None:
     @property
     def _lpuser_lp_key(self) -> str | None:
         try:
-            secret_id = str(self.config["lpuser_lp_key"])
-            lp_key_secret = self.model.get_secret(id=secret_id)
-            lp_key_data = lp_key_secret.get_content().get("lpkey")
+            secret_id = str(self.config["lpuser_secret_id"])
+            lpuser_secret = self.model.get_secret(id=secret_id)
+            lp_key_data = lpuser_secret.get_content().get("lpkey")
 
             if lp_key_data is not None:
                 return str(lp_key_data)

tests/integration/test_charm.py

@@ -183,10 +183,10 @@ def test_update_config_with_ssh_key(app: str, juju: jubilant.Juju):
     with open("tests/integration/test-ssh-key", "r") as file:
         file_content = file.read()
 
-        secret_uri = juju.add_secret("lpuser-ssh-key", {"sshkey": file_content})
-        juju.grant_secret("lpuser-ssh-key", app)
+        secret_uri = juju.add_secret("lpuser-secret-id", {"sshkey": file_content})
+        juju.grant_secret("lpuser-secret-id", app)
 
-        juju.config(app, {"lpuser_ssh_key": secret_uri})
+        juju.config(app, {"lpuser_secret_id": secret_uri})
         juju.wait(jubilant.all_active)
 
         ssh_key = juju.ssh(