DPE-4235, DPE-3262, DPE-4315 Common UX for replication

[paulomach]

Issue

• See issue async re-relation ofter switchover breaks charm #445
• async relation secret was not being removed on relation broken
• non-leader hooks were being run by the leader
• Without a common UX with PG
• Password is not propagated across clusters when rotated

Solution

• Block on relation from the "wrong" side, i.e., a blocked cluster cannot be the async-primary when creating the async relation.
• removes relation secret on relation broken
• implement password rotation from offer side only
• add assumes juju >=3.4.3 for full replication support

Fixes #445

[taurus-forever]

Nice! Will test this tomorrow in Madrid! See you there!

[taurus-forever]

Excellent!

[carlcsaposs-canonical]

question: does each juju application have its own secret? is it possible for them to all share the same secret (so that it only needs to be managed by the primary charm)?

[paulomach]

yes.
It should but that add extra complexity since we always deploy an app with it own secrets, so unifying old need to delete one, and recreating on relation broken.
giving the troubled history with secrets and CMR, I rather do some duplication that works for now.

[carlcsaposs-canonical]

giving the troubled history with secrets and CMR, I rather do some duplication that works for now.

👍

asking just for my understanding: not sure I understand—during primary switchover there's no way to transfer ownership of the secret to the new app?

[paulomach]

It can't. Juju design it thinking in a saas model, where a service is provider. In practice the relation offer side is the only one that can manipulate the secret granted to the relation. The consumer side can neither write nor grant a secret to the relation.

[carlcsaposs-canonical]

okay; then probably never a good idea to use a single secret

thank you!