Merge branch 'init-charm' into connectors

charmcraft.yaml

@@ -5,7 +5,7 @@ name: opencti
 title: OpenCTI Charm
 summary: OpenCTI charm.
 links:
-  documentation: https://discourse.charmhub.io
+  documentation: https://github.com/canonical/opencti-operator/blob/main/README.md
   issues: https://github.com/canonical/opencti-operator/issues
   source: https://github.com/canonical/opencti-operator
   contact: https://launchpad.net/~canonical-is-devops

src/charm.py

@@ -3,7 +3,7 @@
 # Copyright 2024 Canonical Ltd.
 # See LICENSE file for licensing details.
 
-"""OpenCTI charm the service."""
+"""OpenCTI charm."""
 
 import json
 import logging
@@ -113,6 +113,8 @@ def __init__(self, *args: typing.Any):
         self.framework.observe(
             self.on["opencti"].pebble_custom_notice, self._on_pebble_custom_notice
         )
+        self.framework.observe(self.on.opencti_peer_relation_broken, self._cleanup_secrets)
+        self.framework.observe(self.on.stop, self._cleanup_secrets)
 
     def _register_opensearch(self) -> OpenSearchRequires:
         """Create OpenSearchRequires instance and register related event handlers.
@@ -197,6 +199,22 @@ def _register_ingress(self) -> IngressPerAppRequirer:
         self.framework.observe(ingress.on.revoked, self._reconcile)
         return ingress
 
+    def _cleanup_secrets(self, event: ops.EventBase) -> None:
+        """Cleanup secrets created by the opencti charm"""
+        if not self.unit.is_leader():
+            return
+        integration = self.model.get_relation(_PEER_INTEGRATION_NAME)
+        if not integration:
+            return
+        secret_id = integration.data[self.app].get(_PEER_SECRET_FIELD)
+        if not secret_id:
+            return
+        try:
+            secret = self.model.get_secret(id=secret_id)
+        except ops.SecretNotFoundError:
+            return
+        secret.remove_all_revisions()
+
     def _amqp_relation_joined(self, event: ops.RelationJoinedEvent) -> None:
         """Handle amqp relation joined event.