[data_interfaces][v1] `ModelError` raised on `secret_changed` with requirer on v0

[reneradoi]

Steps to reproduce

• deploy charmed-etcd
• deploy requirer-charm with config data-interfaces-version=0
• deploy TLS provider (for example self-signed-certificates)
• relate charmed-etcd:client-certificates with self-signed-certificates
• relate requirer-charm with self-signed-certificates
• relate charmed-etcd with requirer-charm
• wait for things to settle
• set self-signed-certificates config option ca-common-name=<new-value>

This will initiate a CA-rotation on both charmed-etcd and the requirer-charm.

Expected behavior

• requirer-charm updates its mtls-certificate with the new CA
• charmed-etcd updates its client truststore with the new CA and initiates a rolling restart

Actual behavior

• charmed-etcd encounters hook failed: "secret-changed" with the following error:

ops.model.ModelError: ERROR getting latest secret revision: secret label "etcd-client.10.2e72e7f4350be731.mtls.secret" for consumer "unit-charmed-etcd-0" already exists

See also canonical/charmed-etcd-operator#189

Versions

independent of juju agent version, happens with 3.6.9, 3.6.11 and 3.6.12

Log output

unit-charmed-etcd-0: 16:51:21 INFO unit.charmed-etcd/0.juju-log root:Received secret etcd-client.10.2e72e7f4350be731.mtls.secret but couldn't parse, seems i
unit-charmed-etcd-0: 16:51:21 ERROR unit.charmed-etcd/0.juju-log root:Uncaught exception while in charm code:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/model.py", line 3637, in _run
    result = subprocess.run(args, **kwargs)  # type: ignore
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '('/var/lib/juju/tools/unit-charmed-etcd-0/secret-get', 'secret:d4k86tpekrdpteeqk47g', '--label', 'etcd-client.10.2e7

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/src/charm.py", line 415, in <module>
    ops.main(EtcdOperatorCharm)  # type: ignore
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/__init__.py", line 356, in __call__
    return _main.main(charm_class=charm_class, use_juju_for_storage=use_juju_for_storage)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/_main.py", line 504, in main
    manager.run()
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/_main.py", line 488, in run
    self._emit()
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/_main.py", line 423, in _emit
    self._emit_charm_event(self.dispatcher.event_name)
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/_main.py", line 467, in _emit_charm_event
    event_to_emit.emit(*args, **kwargs)
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/framework.py", line 351, in emit
    framework._emit(event)
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/framework.py", line 924, in _emit
    self._reemit(event_path)
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/framework.py", line 1030, in _reemit
    custom_handler(event)
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/lib/charms/data_platform_libs/v1/data_interfaces.py", line 2403, in _on_secret_changed_event
    old_mtls_cert = event.secret.get_content().get("mtls-cert")
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/model.py", line 1487, in get_content
    self._content = self._backend.secret_get(id=self.id, label=self.label, refresh=refresh)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/model.py", line 4023, in secret_get
    result = self._run('secret-get', *args, return_output=True, use_json=True)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/var/lib/juju/agents/unit-charmed-etcd-0/charm/venv/lib/python3.12/site-packages/ops/model.py", line 3639, in _run
    raise ModelError(e.stderr) from e
ops.model.ModelError: ERROR getting latest secret revision: secret label "etcd-client.10.2e72e7f4350be731.mtls.secret" for consumer "unit-charmed-etcd-0" already exists

Additional context

• the issue is reproducable, see integration test run here
• the issue only occurs when the provider uses data-interfaces v1 and the requirer uses v0, if both use v1 it doesn't happen

[syncronize-issues-to-jira]

Thank you for reporting your feedback to us!

The internal ticket has been created: https://warthogs.atlassian.net/browse/DPE-9045.

This message was autogenerated