[JUJU-2426] Secrets support (#791)

* Add support for secret* facades.

* Update app facade version to 16.

Author: juanmanuel-tirado

.github/workflows/test.yaml

@@ -49,7 +49,7 @@ jobs:
   integration:
     name: Integration
     needs: [lint, unit-tests]
-    timeout-minutes: 120
+    timeout-minutes: 150
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -64,7 +64,7 @@ jobs:
       uses: charmed-kubernetes/actions-operator@main
       with:
         provider: lxd
-        juju-channel: 3.0/stable
+        juju-channel: 3.1/beta
     # 2023-01-11 Commented until we discover a 
     # clear approach for this.
     # - name: Set proxy in controller

.github/workflows/test_candidate.yaml

@@ -7,7 +7,7 @@ on:
 jobs:
   candidate-integration:
     name: Edge integration
-    timeout-minutes: 120
+    timeout-minutes: 150
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -26,7 +26,7 @@ jobs:
     - name: Check if there is a new candidate
       shell: bash
       run: |
-        candidate=$(snap info juju | grep 3.0/candidate | awk '{print $2}')
+        candidate=$(snap info juju | grep 3.1/candidate | awk '{print $2}')
         last_tested=NA
         if [ -f juju-last-candidate-version ]; then
           last_tested=$(cat juju-last-candidate-version)
@@ -54,7 +54,7 @@ jobs:
       uses: charmed-kubernetes/actions-operator@main
       with:
         provider: lxd
-        juju-channel: 3.0/candidate
+        juju-channel: 3.1/candidate
     - name: Setup Python
       if: ${{ env.next-test != 'NA' }}
       uses: actions/setup-python@v4

.github/workflows/test_edge.yaml

@@ -7,7 +7,7 @@ on:
 jobs:
   candidate-integration:
     name: Edge integration
-    timeout-minutes: 120
+    timeout-minutes: 150
     runs-on: ubuntu-latest
     strategy:
       matrix:
@@ -26,7 +26,7 @@ jobs:
     - name: Check if there is a new candidate
       shell: bash
       run: |
-        edge=$(snap info juju | grep 3.0/edge | awk '{print $2}')
+        edge=$(snap info juju | grep 3.1/edge | awk '{print $2}')
         last_tested=NA
         if [ -f juju-last-edge-version ]; then
           last_tested=$(cat juju-last-edge-version)
@@ -54,7 +54,7 @@ jobs:
       uses: charmed-kubernetes/actions-operator@main
       with:
         provider: lxd
-        juju-channel: 3.0/edge
+        juju-channel: 3.1/edge
     - name: Setup Python
       if: ${{ env.next-test != 'NA' }}
       uses: actions/setup-python@v4

VERSION

@@ -1 +1 @@
-3.1.0-b1
+3.1.0b1

examples/add_secrets_backend.py

@@ -0,0 +1,66 @@
+from juju import jasyncio
+from juju.model import Model
+
+import hvac
+
+
+async def main():
+    """This is a complete example that deploys vault, uses a
+    vault client to initialize it, and registers the backend.
+    """
+
+    m = Model()
+    await m.connect_current()
+
+    # deploy postgresql
+    await m.deploy('postgresql')
+    # deploy vault
+    await m.deploy("vault", series="focal")
+    # relate/integrate
+    await m.relate("vault:db", "postgresql:db")
+    # wait for the
+    await m.wait_for_idle(["vault"])
+    # expose vault
+    vault_app = m.applications["vault"]
+    await vault_app.expose()
+
+    # Get a vault client
+    # Deploy this entire thing
+    status = await m.get_status()
+    target = ""
+    for unit in status.applications['vault'].units.values():
+        target = unit.public_address
+
+    vault_url = "http://%s:8200" % target
+    vault_client = hvac.Client(url=vault_url)
+
+    # Initialize vault
+    keys = vault_client.sys.initialize(3, 2)
+
+    # Unseal vault
+    vault_client.sys.submit_unseal_keys(keys["keys"])
+
+    # Add the secret backend
+    c = await m.get_controller()
+    response = await c.add_secret_backends("1000", "myvault", "vault", {"endpoint": vault_url})
+    print("Output from add secret backends")
+    print(response["results"])
+
+    # List the secrets backend
+    list = await c.list_secret_backends()
+    print("Output from list secret backends")
+    print(list["results"])
+
+    # Remove it
+    await c.remove_secret_backends("myvault")
+
+    # Finally after removing
+    list = await c.list_secret_backends()
+    print("Output from list secret backends after removal")
+    print(list["results"])
+
+    await m.disconnect()
+
+
+if __name__ == '__main__':
+    jasyncio.run(main())

examples/list_secrets.py

@@ -0,0 +1,16 @@
+from juju import jasyncio
+from juju.model import Model
+
+
+async def main():
+
+    m = Model()
+    await m.connect()
+
+    secrets = await m.list_secrets()
+    print(secrets)
+    await m.disconnect()
+
+
+if __name__ == '__main__':
+    jasyncio.run(main())

juju/client/_client.py

@@ -4,7 +4,7 @@
 from juju.client._definitions import *
 
 
-from juju.client import _client7, _client1, _client3, _client4, _client2, _client15, _client6, _client5, _client11, _client9, _client18
+from juju.client import _client7, _client1, _client3, _client4, _client2, _client16, _client6, _client11, _client10, _client5, _client9, _client18
 
 
 CLIENTS = {
@@ -13,10 +13,11 @@
     "3": _client3,
     "4": _client4,
     "2": _client2,
-    "15": _client15,
+    "16": _client16,
     "6": _client6,
-    "5": _client5,
     "11": _client11,
+    "10": _client10,
+    "5": _client5,
     "9": _client9,
     "18": _client18
 }
@@ -456,6 +457,10 @@ class SSHClientFacade(TypeFactory):
     pass
 
 
+class SecretBackendsFacade(TypeFactory):
+    pass
+
+
 class SecretsFacade(TypeFactory):
     pass