Replace hardcoded password strings with secrets.token_hex in tests

[Copilot]

Applicable spec: N/A

Overview

Replace all hardcoded password strings in test files with dynamically generated tokens using secrets.token_hex(16).

Rationale

Addresses review feedback from #185. Hardcoded test passwords ("HELLO", "WORLD", "test_value", etc.) flagged by Bandit are replaced with cryptographically secure random tokens, improving test security posture without changing functionality.

Juju Events Changes

None

Module Changes

None - test-only changes

Library Changes

None

Implementation

Updated test files and factories:

• Unit tests: Direct replacement of string literals with secrets.token_hex(16) calls
• Factories: Use factory.LazyFunction(lambda: secrets.token_hex(16)) to generate unique tokens per instance
• Integration tests: Same approach as unit tests

Example change:

# Before
script_secrets={"TEST_SECRET_ONE": "HELLO"}  # nosec: hardcoded_password_string

# After  
script_secrets={"TEST_SECRET_ONE": secrets.token_hex(16)}

Checklist

• The charm style guide was applied
• The contributing guide was applied
• The changes are compliant with ISD054 - Managing Charm Complexity
• The documentation for charmhub is updated.
• The PR is tagged with appropriate label (urgent, trivial, senior-review-required, documentation)
• The docs/changelog.md is updated with user-relevant changes in the format of keep a changelog v1.1.0
• The application version is incremented in app/pyproject.toml

Documentation, changelog, and version updates not applicable - test-only changes with no user-facing impact.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.