operator icon indicating copy to clipboard operation
operator copied to clipboard
verified publisher icon canonical

Should ops[testing] emulate secret info "rotates" field?

Open dimaqq opened this issue 4 months ago • 1 comments

Today, from charm's POV:

  • a secret can be created with rotate=DAILY
  • this secret's info can be gotten:
    • rotation: DAILY
    • rotates: None

Juju would set rotates = now + 24h in this case.

We should decide if we ought to replicate this behaviour in ops[testing]

dimaqq avatar Oct 15 '25 07:10 dimaqq

A caveat:

It seems that the rotation timestamp is set when unit agent commits secret metadata, which requires hook to exit.

Thus, info for a freshly minted secret (in the same dispatch) doesn't include rotates.

Info includes this field in subsequent dispatch:

⋊> dima@bb ⋊> ~ juju exec --unit test-secrets/0 'foo=$(secret-add foo=bar --rotate daily); secret-info-get $foo'                                                                    16:39:02
d3nkv6vmp25c786f8he0:
  revision: 1
  label: ""
  owner: application
  rotation: daily
⋊> dima@bb ⋊> ~ juju exec --unit test-secrets/0 'secret-info-get d3nkv6vmp25c786f8he0'                                                                                              16:39:07
d3nkv6vmp25c786f8he0:
  revision: 1
  label: ""
  owner: application
  rotation: daily
  rotates: 2025-10-16T07:39:07Z

dimaqq avatar Oct 15 '25 07:10 dimaqq