Skip to content

feat(garm): add get-credentials action#254

Open
Thanhphan1147 wants to merge 10 commits into
mainfrom
feat/garm-show-credentials-action
Open

feat(garm): add get-credentials action#254
Thanhphan1147 wants to merge 10 commits into
mainfrom
feat/garm-show-credentials-action

Conversation

@Thanhphan1147

@Thanhphan1147 Thanhphan1147 commented Jun 24, 2026

Copy link
Copy Markdown

Summary

  • Adds the get-credentials Juju action to the GARM charm, exposing the admin credentials stored in the garm-admin-credentials Juju secret to the operator
  • Adds unit tests covering the success path (credentials returned via `event.set_results`) and the failure path (credentials not yet available, `event.fail` called)
  • Adds an integration test that runs the action against a live GARM unit and asserts all four credential fields are returned
  • Adds a how-to guide under `docs/how-to/retrieve-garm-credentials.md`

Usage

juju run garm/0 get-credentials

@cbartz cbartz left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGMT. This was not planned, but seems indeed like a useful feature.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a get-credentials Juju action to the garm charm to expose the admin credentials stored in the garm-admin-credentials Juju secret, along with unit/integration test coverage and a new how-to guide documenting usage.

Changes:

  • Add get-credentials action wiring in the charm and declare it in charmcraft.yaml.
  • Add unit + integration tests for the action’s success/failure behavior.
  • Add a new how-to guide and link it from the docs how-to index; update .gitignore entries.

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
charms/garm/src/charm.py Observes and implements the get-credentials action handler that returns admin secret content.
charms/garm/charmcraft.yaml Declares the get-credentials action.
charms/garm/tests/unit/test_charm.py Adds unit tests covering action success and failure paths.
charms/tests/integration/test_garm.py Adds an integration test that runs the action and validates returned fields.
docs/how-to/retrieve-garm-credentials.md Adds a how-to guide describing how to run the action and interpret output.
docs/how-to/index.rst Adds the new how-to page to the toctree.
.gitignore Fixes .vscode/ ignore entry and adds .worktrees/.

Comment thread docs/how-to/retrieve-garm-credentials.md
Comment thread docs/how-to/retrieve-garm-credentials.md Outdated
Comment thread charms/tests/integration/test_garm.py Outdated
Comment thread docs/how-to/retrieve-garm-credentials.md

@florentianayuwono florentianayuwono left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you!

GarmCharm._on_get_credentials_action(charm, event)

event.set_results.assert_called_once_with(credentials)
event.fail.assert_not_called()

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we add assertion that the credentials returned is as expected

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's what the event.set_results.assert_called_once_with(credentials) is doing. Since we're mocking the event and not using scenario we don't have a way to actually get the output ( the hook methods always return None )

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i see, is there a reason why we cannot use scenario? ideally it's better to test the state, not interaction

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No particular reason aside from that I like to keep tests simple if it's only a single method. And using scenario we'd still only call the hook method so it's a bit more overhead. But I can switch to scenario if needed, wdyt?

Comment thread .gitignore Outdated
@Thanhphan1147 Thanhphan1147 enabled auto-merge (squash) June 25, 2026 16:22
Comment thread charms/tests/integration/test_garm.py Outdated
auto-merge was automatically disabled June 26, 2026 13:23

Head branch was pushed to by a user without write access

Comment thread charms/garm/charmcraft.yaml Outdated

@erinecon erinecon left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for adding a how-to guide!! Some nits from me. Giving an approval since @cbartz has approved already

Comment thread docs/how-to/retrieve-garm-credentials.md Outdated
Comment thread docs/how-to/retrieve-garm-credentials.md Outdated
Co-authored-by: Erin Conley <erin.conley@canonical.com>
Co-authored-by: Erin Conley <erin.conley@canonical.com>

@yhaliaw yhaliaw left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Posting three minor findings from a code review pass — all cosmetic/convention issues, none blocking.

"""
arrange: Admin credentials secret exists and contains valid content.
act: Call _on_get_credentials_action().
"""

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This docstring is missing its assert: section — it only has arrange:/act:, while the test body performs two assertions. The sibling test added in the same commit (test_get_credentials_action_fails_when_credentials_unavailable) includes all three sections, as does every other test in this file.

Suggestion:

Suggested change
"""
assert: event.set_results is called once with the credentials dict and
event.fail is not called.
"""

event.fail.assert_called_once()
fail_message = event.fail.call_args[0][0]
assert "not yet available" in fail_message
event.set_results.assert_not_called()

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are zero blank lines between the end of this test and the next top-level def test_reconcile_scalesets_skips_when_no_admin_credentials(): — PEP 8 / ruff E302 expects two. This won't fail CI (this charm's tox -e lint only checks src, not tests/), but it will get reformatted the next time someone runs tox -e fmt, producing unrelated churn in a future PR.

Suggested change
event.set_results.assert_not_called()
event.set_results.assert_not_called()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants