Re-introduce the concept of adding secrets on the fly.
Up to this point PeerRelation and descendants only allowed for secret fields to be declared at instantiation time.
Support for multiple secrets are supported STRICTLY if declared at instantiation time
Muiltiple secrets are currently only used by Opensearch that has multiple TLS secrets, however it's a valid scenario potentially for other charms as well in the future.
Since we want to strictly control the number of secrets "hanging around", dynamic secret creation is not allowed. A charm with multiple secrets should know precisely what additional secrets it may want to have further than the default ones.
Terminology
Multiple secret groups may contain the same fields. Which means that we need to know which TLS ca do we want to get -- once we have 3 TLS secrets? Therefore the following options were introduced:
For the new add_secret() and get_secret() functions there is a group option to specify the group in case it's different from the default one
For the unified fetch_relation_data(), update_relation_data(), etc. functions it may rather be desirable to keep the signature intact. Thus a secret_field@group (i.e. ca-cert@tls-https) notation is introduced.
NOTE2: Implementation detail: this change still relies on the databag, however that's likely to change in the future, and secrets fields would be retrieved dynamically.
Enhancements for Peer Relation Interfaces
As detailed in Peer Relation Data spec.
Changes
PeerRelation
and descendants only allowed for secret fields to be declared at instantiation time.Terminology
Multiple secret groups may contain the same fields. Which means that we need to know which TLS
ca
do we want to get -- once we have 3 TLS secrets? Therefore the following options were introduced:For the new
add_secret()
andget_secret()
functions there is agroup
option to specify the group in case it's different from the default oneFor the unified
fetch_relation_data()
,update_relation_data()
, etc. functions it may rather be desirable to keep the signature intact. Thus asecret_field@group
(i.e.ca-cert@tls-https
) notation is introduced.NOTE2: Implementation detail: this change still relies on the databag, however that's likely to change in the future, and secrets fields would be retrieved dynamically.