Migration from v3 to v4 - Add a charm provided private key

[gruyaume]

Enhancement Proposal

As users transition to use v4 instead of v3 and migrate a deployed charm, they may want to re-use and existing private key instead of having it be re-generated by the lib. To support this, the lib should accept a private_key as an argument, though we will discourage users from using this in the long run.

Usage

private_key = self.get_private_key_from_workload()
self._certificates = TLSCertificatesRequiresV4(
    charm=self,
    relationship_name=TLS_RELATION_NAME,
    certificate_requests=[self._get_certificate_request()],
    private_key=PrivateKey.from_string(private_key)  # New argument
)

Where

class TLSCertificatesRequiresV4(Object):

    def __init__(
        self,
        ...
        private_key: Optional[PrivateKey] = None,
    ):
        """Create a new instance of the TLSCertificatesRequiresV4 class.

        Args:
            ...
            private_key (PrivateKey): We do not recommend using this parameter. If provided, the library 
              will used the provided private key for creating certificate requests.
        """
        ...
        self.private_key = private_key

[skourta]

+1
As part of our product specification, we need to provide the end user the option of setting their private key. Currently, we are doing this by using the private function from the library and replacing the content of the secret used by it manually. We believe this is error-prone and can break anytime you make a change to your API that touches the used function.

  secret = self.charm.model.get_secret(
      label=tls_relation._get_private_key_secret_label()
  )
  secret.set_content({"private-key": private_key})
  tls_relation._cleanup_certificate_requests()
  tls_relation._send_certificate_requests()