mongo-charms-single-kernel 1.8.6__py3-none-any.whl → 1.8.7__py3-none-any.whl

single_kernel_mongo/state/charm_state.py

@@ -23,7 +23,6 @@ from pymongo.errors import (
 
 from single_kernel_mongo.config.literals import (
     SECRETS_UNIT,
-    SNAP,
     CharmKind,
     MongoPorts,
     Scope,
@@ -67,13 +66,8 @@ from single_kernel_mongo.state.tls_state import TLSState
 from single_kernel_mongo.state.unit_peer_state import (
     UnitPeerReplicaSet,
 )
-from single_kernel_mongo.state.upgrade_state import (
-    AppUpgradePeerData,
-    UnitUpgradePeerData,
-)
 from single_kernel_mongo.utils.helpers import (
     generate_relation_departed_key,
-    unit_number,
 )
 from single_kernel_mongo.utils.mongo_config import MongoConfiguration
 from single_kernel_mongo.utils.mongo_connection import MongoConnection
@@ -143,12 +137,6 @@ class CharmState(Object, StatusesStateProtocol):
             self.ldap_peer_relation_name,
         )
 
-        self.upgrade_app_interface = DataPeerData(
-            self.model, relation_name=RelationNames.UPGRADE_VERSION.value
-        )
-        self.upgrade_unit_interface = DataPeerUnitData(
-            self.model, relation_name=RelationNames.UPGRADE_VERSION.value
-        )
         self.paths = MongoPaths(self.charm_role)
 
         self.k8s_manager = K8sManager(
@@ -184,6 +172,13 @@ class CharmState(Object, StatusesStateProtocol):
             return set()
         return self.peer_relation.units
 
+    @property
+    def reverse_order_peer_units(self) -> list[Unit]:
+        """Units sorted in reverse order."""
+        return sorted(
+            self.peers_units, key=lambda unit: int(unit.name.split("/")[-1]), reverse=True
+        )
+
     @property
     def client_relations(self) -> set[Relation]:
         """The set of client relations.
@@ -196,11 +191,6 @@ class CharmState(Object, StatusesStateProtocol):
             return set(self.model.relations[RelationNames.MONGOS_PROXY.value])
         return set(self.model.relations[RelationNames.DATABASE.value])
 
-    @property
-    def upgrade_relation(self) -> Relation | None:
-        """The set of upgrade relations."""
-        return self.model.get_relation(RelationNames.UPGRADE_VERSION.value)
-
     @property
     def mongos_cluster_relation(self) -> Relation | None:
         """The Mongos side of the cluster relation."""
@@ -283,48 +273,6 @@ class CharmState(Object, StatusesStateProtocol):
             k8s_manager=self.k8s_manager,
         )
 
-    @property
-    def unit_upgrade_peer_data(self) -> UnitUpgradePeerData:
-        """This unit upgrade databag."""
-        return UnitUpgradePeerData(
-            relation=self.upgrade_relation,
-            data_interface=self.upgrade_unit_interface,
-            component=self.model.unit,
-            substrate=self.substrate,
-        )
-
-    @property
-    def app_upgrade_peer_data(self) -> AppUpgradePeerData:
-        """The app upgrade databag."""
-        return AppUpgradePeerData(
-            relation=self.upgrade_relation,
-            data_interface=self.upgrade_app_interface,
-            component=self.model.app,
-            substrate=self.substrate,
-        )
-
-    @property
-    def units_upgrade_peer_data(self) -> list[UnitUpgradePeerData]:
-        """Grabs all units in the current peer relation, including this unit.
-
-        Returns:
-            Sorted list of UnitUpgradePeerData in the current upgrade relation,
-            including this unit.
-        """
-        _units = []
-        for unit, data_interface in self.upgrade_units_data_interfaces.items():
-            _units.append(
-                UnitUpgradePeerData(
-                    relation=self.upgrade_relation,
-                    data_interface=data_interface,
-                    component=unit,
-                    substrate=self.substrate,
-                )
-            )
-        _units.append(self.unit_upgrade_peer_data)
-
-        return sorted(_units, key=unit_number, reverse=True)
-
     @property
     def units(self) -> set[UnitPeerReplicaSet]:
         """Grabs all units in the current peer relation, including this unit.
@@ -432,63 +380,6 @@ class CharmState(Object, StatusesStateProtocol):
     def db_initialised(self, other: bool):
         self.app_peer_data.db_initialised = other
 
-    @property
-    def unit_workload_container_versions(self) -> dict[str, str]:
-        """{Unit name: unique identifier for unit's workload container version}.
-
-        If and only if this version changes, the workload will restart (during upgrade or
-        rollback).
-
-        On Kubernetes, the workload & charm are upgraded together
-        On machines, the charm is upgraded before the workload
-
-        VM: container version is the snap revision.
-        K8S: container version is the stateful set hash.
-
-        This identifier should be comparable to `_app_workload_container_version` to determine if
-        the unit & app are the same workload container version.
-        """
-        if self.substrate == Substrates.K8S:
-            return self.k8s_manager.list_revisions()
-        return {
-            unit.name: unit.snap_revision
-            for unit in self.units_upgrade_peer_data
-            if unit.snap_revision
-        }
-
-    @property
-    def unit_workload_container_version(self) -> str | None:
-        """Installed snap revision for this unit."""
-        if self.substrate == Substrates.K8S:
-            return self.k8s_manager.list_revisions().get(self.model.unit.name)
-        return self.unit_upgrade_peer_data.snap_revision
-
-    @unit_workload_container_version.setter
-    def unit_workload_container_version(self, value: str):
-        if self.substrate == Substrates.VM:
-            self.unit_upgrade_peer_data.snap_revision = value
-
-    @property
-    def app_workload_container_version(self) -> str:
-        """Unique identifier for the app's workload container version.
-
-        This should match the workload version in the current Juju app charm version.
-
-        This identifier should be comparable to `_unit_workload_container_versions` to determine if
-        the app & unit are the same workload container version.
-        """
-        if self.substrate == Substrates.K8S:
-            return self.k8s_manager.get_revision()
-        return SNAP.revision
-
-    @property
-    def upgrade_in_progress(self) -> bool:
-        """Is the charm in upgrade?"""
-        app_version = self.app_workload_container_version
-        unit_versions = self.unit_workload_container_versions
-        logger.debug(f"Upgrade in progress check: {app_version = } / {unit_versions = }")
-        return any(version != app_version for version in unit_versions.values())
-
     @property
     def bind_address(self) -> IPv4Address | IPv6Address | str:
         """The network binding address from the peer relation."""
@@ -541,18 +432,6 @@ class CharmState(Object, StatusesStateProtocol):
             for unit in self.peers_units
         }
 
-    @property
-    def upgrade_units_data_interfaces(self) -> dict[Unit, DataPeerOtherUnitData]:
-        """The cluster peer relation."""
-        return {
-            unit: DataPeerOtherUnitData(
-                model=self.model,
-                unit=unit,
-                relation_name=RelationNames.UPGRADE_VERSION.value,
-            )
-            for unit in self.peers_units
-        }
-
     @property
     def formatted_socket_path(self) -> str:
         """URL encoded socket path.
@@ -657,6 +536,17 @@ class CharmState(Object, StatusesStateProtocol):
         )
         return None
 
+    def get_subject_name(self) -> str:
+        """Generate the subject name for CSR."""
+        # In sharded MongoDB deployments it is a requirement that all subject names match across
+        # all cluster components. The config-server name is the source of truth across mongos and
+        # shard deployments.
+        if self.is_role(MongoDBRoles.REPLICATION) or self.is_role(MongoDBRoles.CONFIG_SERVER):
+            return self.model.app.name
+        # until integrated with config-server use current app name as
+        # subject name
+        return self.config_server_name or self.model.app.name
+
     def generate_config_server_db(self) -> str:
         """Generates the config server DB URI."""
         replica_set_name = self.model.app.name
@@ -709,19 +599,16 @@ class CharmState(Object, StatusesStateProtocol):
         self.unit_peer_data.update({rel_departed_key: json.dumps(scaling_down)})
         return scaling_down
 
-    @property
-    def upgrade_resumed(self) -> bool:
-        """Whether the user has resumed upgrade with juju action."""
-        if self.substrate == Substrates.K8S:
-            return self.k8s_manager.get_partition() < unit_number(self.units_upgrade_peer_data[0])
-        return self.app_upgrade_peer_data.upgrade_resumed
-
     def is_shard_added_to_cluster(self) -> bool:
         """Returns true if the shard has been added to the clusted."""
         # this information is required in order to check if we have been added
         if not self.config_server_name or not self.app_peer_data.mongos_hosts:
             return False
 
+        # We can't check if we don't have a valid certificate
+        if self.shard_state.internal_ca_secret is not None and not self.tls.external_enabled:
+            return False
+
         try:
             # check our ability to use connect to mongos
             with MongoConnection(self.remote_mongos_config) as mongos:
@@ -778,8 +665,9 @@ class CharmState(Object, StatusesStateProtocol):
             hosts=hosts or user.hosts,
             port=MongoPorts.MONGODB_PORT.value,
             roles=user.roles,
-            tls_external=self.tls.external_enabled,
-            tls_internal=self.tls.internal_enabled,
+            tls_enabled=self.tls.external_enabled,
+            tls_external_keyfile=self.paths.ext_pem_file,
+            tls_external_ca=self.paths.ext_ca_file,
             standalone=standalone,
         )
 
@@ -807,8 +695,9 @@ class CharmState(Object, StatusesStateProtocol):
             hosts=hosts or user.hosts,
             port=MongoPorts.MONGOS_PORT.value,
             roles=user.roles,
-            tls_external=self.tls.external_enabled,
-            tls_internal=self.tls.internal_enabled,
+            tls_enabled=self.tls.external_enabled,
+            tls_external_keyfile=self.paths.ext_pem_file,
+            tls_external_ca=self.paths.ext_ca_file,
         )
 
     @property
@@ -862,8 +751,9 @@ class CharmState(Object, StatusesStateProtocol):
             # unlike the vm mongos charm, the K8s charm does not communicate with the unix socket
             port=port,
             roles={RoleNames.ADMIN},
-            tls_external=self.tls.external_enabled,
-            tls_internal=self.tls.internal_enabled,
+            tls_enabled=self.tls.external_enabled,
+            tls_external_keyfile=self.paths.ext_pem_file,
+            tls_external_ca=self.paths.ext_ca_file,
         )
 
     @property

single_kernel_mongo/state/config_server_state.py

@@ -39,12 +39,6 @@ SECRETS_FIELDS = [
 ]
 
 
-class UnitShardingComponentKeys(str, Enum):
-    """Config Server State Model for the unit."""
-
-    STATUS_READY_FOR_UPGRADE = "status-shows-ready-for-upgrade"
-
-
 class AppShardingComponentState(AbstractRelationState[Data]):
     """The stored state for the ConfigServer Relation."""
 
@@ -120,30 +114,3 @@ class UnitShardingComponentState(AbstractRelationState[Data]):
     def __init__(self, relation: Relation | None, data_interface: Data, component: Unit):
         super().__init__(relation, data_interface=data_interface, component=component)
         self.data_interface = data_interface
-
-    @property
-    def status_ready_for_upgrade(self) -> bool:
-        """Returns true if the shard is ready for upgrade.
-
-        Legacy: for old upgrades that require status from shards.
-        """
-        if not self.relation:
-            return True
-        # We get directly the data in the unit because it's hidden otherwise
-        return json.loads(
-            self.relation.data[self.component].get(
-                UnitShardingComponentKeys.STATUS_READY_FOR_UPGRADE.value, "false"
-            )
-        )
-
-    @status_ready_for_upgrade.setter
-    def status_ready_for_upgrade(self, value: bool):
-        """Sets old status.
-
-        Legacy: for old upgrades that require status from shards.
-        """
-        if not self.relation:
-            raise Exception("No databag to write in")
-        self.relation.data[self.component][
-            UnitShardingComponentKeys.STATUS_READY_FOR_UPGRADE.value
-        ] = json.dumps(value)

single_kernel_mongo/state/unit_peer_state.py

@@ -23,6 +23,7 @@ class UnitPeerRelationKeys(str, Enum):
     INGRESS_ADDRESS = "ingress-address"
     EGRESS_SUBNETS = "egress-subnets"
     DRAINED = "drained"
+    CURRENT_REVISION = "current_revision"
 
 
 class UnitPeerReplicaSet(AbstractRelationState[DataPeerUnitData]):
@@ -112,3 +113,12 @@ class UnitPeerReplicaSet(AbstractRelationState[DataPeerUnitData]):
         if not isinstance(value, bool):
             raise ValueError(f"drained value is not boolean but {value}")
         self.update({UnitPeerRelationKeys.DRAINED.value: json.dumps(value)})
+
+    @property
+    def current_revision(self) -> str:
+        """The revision of the charm that's running before the upgrade."""
+        return self.relation_data.get(UnitPeerRelationKeys.CURRENT_REVISION, "-1")
+
+    @current_revision.setter
+    def current_revision(self, value: str):
+        self.update({UnitPeerRelationKeys.CURRENT_REVISION.value: value})

single_kernel_mongo/utils/helpers.py

@@ -14,7 +14,6 @@ from pydantic import ValidationError
 from single_kernel_mongo.config.literals import CharmKind, Substrates
 from single_kernel_mongo.core.structured_config import LdapUserToDnMapping
 from single_kernel_mongo.exceptions import InvalidCharmKindError
-from single_kernel_mongo.state.upgrade_state import UnitUpgradePeerData
 
 logger = getLogger(__name__)
 
@@ -62,11 +61,6 @@ def hostname_from_shardname(host: str) -> str:
     return host.split("/")[0]
 
 
-def unit_number(unit: UnitUpgradePeerData) -> int:
-    """Gets the unit number from a unit upgrade peer data."""
-    return int(unit.component.name.split("/")[-1])
-
-
 def is_valid_ldapusertodnmapping(ldap_user_to_dn_mapping: str) -> bool:
     """Validates the mapping, returning a boolean."""
     if not ldap_user_to_dn_mapping:

single_kernel_mongo/utils/mongo_config.py

@@ -4,6 +4,7 @@
 
 from dataclasses import dataclass
 from itertools import chain
+from pathlib import Path
 from urllib.parse import quote_plus, urlencode
 
 from single_kernel_mongo.config.literals import MongoPorts
@@ -35,8 +36,9 @@ class MongoConfiguration:
     password: str
     hosts: set[str]
     roles: set[str]
-    tls_external: bool
-    tls_internal: bool
+    tls_enabled: bool
+    tls_external_keyfile: Path = Path("")
+    tls_external_ca: Path = Path("")
     port: int | None = None
     replset: str | None = None
     standalone: bool = False
@@ -63,27 +65,38 @@ class MongoConfiguration:
         return {}
 
     @property
-    def uri(self) -> str:
-        """Return URI concatenated from fields."""
+    def tls_config(self) -> dict:
+        """TLS Config."""
+        if not self.tls_enabled:
+            return {}
+        return {
+            "tls": "true",
+            "tlsCertificateKeyFile": f"{self.tls_external_keyfile}",
+            "tlsCaFile": f"{self.tls_external_ca}",
+        }
+
+    def _uri(self, tls: bool):
         if self.port == MongoPorts.MONGOS_PORT and self.replset:
             raise AmbiguousConfigError("Mongos cannot support replica set")
 
         if self.standalone and not self.port:
             raise AmbiguousConfigError("Standalone connection needs a port")
 
+        tls_config = self.tls_config if tls else {}
+        auth_source = self.formatted_auth_source
+
         if self.standalone:
             return (
                 f"mongodb://{quote_plus(self.username)}:"
                 f"{quote_plus(self.password)}@"
-                f"localhost:{self.port}/?authSource=admin"
+                f"localhost:{self.port}/?{urlencode(auth_source | tls_config)}"
             )
 
         complete_hosts = ",".join(sorted(self.formatted_hosts))
         replset = self.formatted_replset
-        auth_source = self.formatted_auth_source
 
         # Dict of all parameters.
-        parameters = replset | auth_source
+        parameters = replset | auth_source | tls_config
 
         return (
             f"mongodb://{quote_plus(self.username)}:"
@@ -92,6 +105,16 @@ class MongoConfiguration:
             f"{urlencode(parameters)}"
         )
 
+    @property
+    def uri(self) -> str:
+        """Return URI concatenated from fields."""
+        return self._uri(tls=True)
+
+    @property
+    def uri_without_tls(self) -> str:
+        """Return URI concatenated from fields without tls params."""
+        return self._uri(tls=False)
+
     @property
     def supported_roles(self) -> list[DBPrivilege]:
         """The supported roles for this configuration."""
@@ -112,5 +135,6 @@ EMPTY_CONFIGURATION = MongoConfiguration(
     set(),
     set(),
     False,
-    False,
+    Path(""),
+    Path(""),
 )