moved granting secrets to opensearch_secrets

canonical · Oct 21, 2024 · e4d2229 · e4d2229
1 parent 14dcd4a
commit e4d2229
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 4 deletions.
diff --git a/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py b/lib/charms/opensearch/v0/opensearch_relation_peer_cluster.py
@@ -589,14 +589,13 @@ def _grant_rel_data_secrets(
         """Grant the secrets to all the related apps."""
         credentials = rel_data_secret_content["credentials"]
         for key, secret_id in credentials.items():
-            # s3 and admin-username are not secrets
+            # admin-username is not secrets
             if key == "admin_username":
                 continue
 
-            secret = self.model.get_secret(id=secret_id)
             for rel_id in all_rel_ids:
                 if relation := self.get_rel(rel_id=rel_id):
-                    secret.grant(relation)
+                    self.secrets.grant_secret_to_relation(secret_id, relation)
 
 
 class OpenSearchPeerClusterRequirer(OpenSearchPeerClusterRelation):

diff --git a/lib/charms/opensearch/v0/opensearch_secrets.py b/lib/charms/opensearch/v0/opensearch_secrets.py
@@ -27,7 +27,7 @@
     Scope,
     SecretCache,
 )
-from ops import JujuVersion, Secret, SecretNotFoundError
+from ops import JujuVersion, Relation, Secret, SecretNotFoundError
 from ops.charm import SecretChangedEvent
 from ops.framework import Object
 from overrides import override
@@ -373,3 +373,8 @@ def get_secret_id(self, scope: Scope, key: str) -> Optional[str]:
         """Get the secret ID from the cache."""
         label = self.label(scope, key)
         return self._charm.peers_data.get(scope, label)
+
+    def grant_secret_to_relation(self, secret_id: int, relation: Relation):
+        """Grant a secret to a relation."""
+        secret = self._charm.model.get_secret(id=secret_id)
+        secret.grant(relation)