Add secret configurations

[weiiwang01]

Overview

Users can now provide Juju user secrets as configuration values by using the secret-typed configuration options. For user-defined configurations, the secret value is flattened before being passed to the application via environment variables. For instance, if a user defines a new configuration option my-secret and sets its value to a Juju user secret ID containing {"foo-bar": "foobar", "bar": "bar"}, the environment variables passed to the application will be FLASK_MY_SECRET_FOO_BAR=foobar and FLASK_MY_SECRET_BAR=bar.

Additionally, we have introduced a new built-in configuration option for Flask, Django, Golang, and FastAPI, called *-secret-key-id, which replaces the older *-secret-key configuration option. The new *-secret-key-id option accepts a Juju secret ID containing {"value": "secret-key-..."}. While the older *-secret-key option is still supported, it will have lower priority compared to *-secret-key-id.

Checklist

• [x] The charm style guide was applied
• [x] The contributing guide was applied
• [x] The changes are compliant with ISD054 - Managing Charm Complexity
• [x] The documentation is generated using src-docs
• [x] The documentation for charmhub is updated
• [x] The PR is tagged with appropriate label (urgent, trivial, complex)

[github-actions[bot]]

Test coverage for 7143105cf43d92948dc9f2683b3711b6f3852036

Name                                            Stmts   Miss Branch BrPart  Cover   Missing
-------------------------------------------------------------------------------------------
paas_app_charmer/__init__.py                       32     17      0      0    47%   13-14, 19-20, 26-27, 33-37, 43-44, 50-51, 57-58
paas_app_charmer/_gunicorn/__init__.py              0      0      0      0   100%
paas_app_charmer/_gunicorn/charm.py                15      0      0      0   100%
paas_app_charmer/_gunicorn/webserver.py            83      4     16      1    95%   175, 187-193
paas_app_charmer/_gunicorn/workload_config.py       8      0      0      0   100%
paas_app_charmer/_gunicorn/wsgi_app.py             16      0      0      0   100%
paas_app_charmer/app.py                           157      0     68      3    99%   110->exit, 167->173, 341->343
paas_app_charmer/charm.py                         240     26     60      3    90%   34-35, 42-43, 205, 215-216, 218-219, 248-252, 309-311, 372-373, 378, 383, 388, 398, 403, 408, 413, 418, 443
paas_app_charmer/charm_state.py                   107      2     20      2    97%   187, 277
paas_app_charmer/charm_utils.py                    23      0      0      0   100%
paas_app_charmer/database_migration.py             35      0      2      0   100%
paas_app_charmer/databases.py                      25      2     11      1    92%   89-90
paas_app_charmer/django/__init__.py                 2      0      0      0   100%
paas_app_charmer/django/charm.py                   44      4     10      2    89%   48, 108, 123-124
paas_app_charmer/exceptions.py                      5      0      0      0   100%
paas_app_charmer/fastapi/__init__.py                2      0      0      0   100%
paas_app_charmer/fastapi/charm.py                  31      0      0      0   100%
paas_app_charmer/flask/__init__.py                  2      0      0      0   100%
paas_app_charmer/flask/charm.py                    26      0      0      0   100%
paas_app_charmer/framework.py                      23      4     12      2    77%   33, 46-48
paas_app_charmer/go/__init__.py                     2      0      0      0   100%
paas_app_charmer/go/charm.py                       28      0      0      0   100%
paas_app_charmer/observability.py                  24      3      8      1    81%   42->46, 73-77
paas_app_charmer/rabbitmq.py                       78      2     22      5    93%   117->exit, 122->exit, 157->exit, 159-160, 181->175
paas_app_charmer/secret_storage.py                 50      2     16      4    91%   55->54, 56->58, 86, 105
paas_app_charmer/utils.py                          44      7     22      5    76%   34, 36, 56-57, 75, 79, 104
-------------------------------------------------------------------------------------------
TOTAL                                            1102     73    267     29    92%

Static code analysis report

Run started:2024-09-26 14:51:55.606165

Test results:
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'secret_key'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b105_hardcoded_password_string.html
   Location: /home/ubuntu/actions-runner/_work/paas-app-charmer/paas-app-charmer/paas_app_charmer/framework.py:28:27
27          """
28          secret_key_field = "secret_key"
29          if secret_key_field not in cls.model_fields:

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'app_secret_key'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.7.10/plugins/b105_hardcoded_password_string.html
   Location: /home/ubuntu/actions-runner/_work/paas-app-charmer/paas-app-charmer/paas_app_charmer/framework.py:30:31
29          if secret_key_field not in cls.model_fields:
30              secret_key_field = "app_secret_key"
31          secret_key_config_name = cls.model_fields[secret_key_field].alias

--------------------------------------------------

Code scanned:
    Total lines of code: 2364
    Total lines skipped (#nosec): 1
    Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
    Total issues (by severity):
        Undefined: 0
        Low: 2
        Medium: 0
        High: 0
    Total issues (by confidence):
        Undefined: 0
        Low: 0
        Medium: 2
        High: 0
Files skipped (0):