The real issue here is an unprotected call to charm.client_provider.update_app_relation_data which would create the password only for an invalid relation (integrating a shard as database).
This call is run in every status check.
Solution
Protect the call by running some sanity checks.
Update all tests that started failing due to this (needed to add some monkey patching for all methods used in this checks.
Bug fixes
The charm.db_initialised function was buggy: setting charm.db_initialised = False would still return charm.db_initialised == True. This is now fixed in a retro compatible way to ensure that nothing breaks with upgrades.
This fix needs to be ported to mongodb k8s as well.
Issue
charm.client_provider.update_app_relation_datawhich would create the password only for an invalid relation (integrating a shard as database).Solution
Bug fixes
charm.db_initialisedfunction was buggy: settingcharm.db_initialised = Falsewould still returncharm.db_initialised == True. This is now fixed in a retro compatible way to ensure that nothing breaks with upgrades.