PyPI - mongo-charms-single-kernel - Versions diffs - 1.8.7__py3-none-any.whl → 1.8.9__py3-none-any.whl - Mend

mongo-charms-single-kernel 1.8.7py3-none-any.whl → 1.8.9py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of mongo-charms-single-kernel might be problematic. Click here for more details.

Files changed (31) hide show

{mongo_charms_single_kernel-1.8.7.dist-info → mongo_charms_single_kernel-1.8.9.dist-info}/METADATA +1 -1
{mongo_charms_single_kernel-1.8.7.dist-info → mongo_charms_single_kernel-1.8.9.dist-info}/RECORD +30 -28
single_kernel_mongo/config/literals.py +8 -3
single_kernel_mongo/config/models.py +12 -0
single_kernel_mongo/config/relations.py +2 -1
single_kernel_mongo/config/statuses.py +127 -20
single_kernel_mongo/core/operator.py +68 -1
single_kernel_mongo/core/structured_config.py +2 -0
single_kernel_mongo/core/workload.py +10 -4
single_kernel_mongo/events/cluster.py +5 -0
single_kernel_mongo/events/sharding.py +3 -1
single_kernel_mongo/events/tls.py +183 -157
single_kernel_mongo/exceptions.py +0 -8
single_kernel_mongo/lib/charms/operator_libs_linux/v1/systemd.py +288 -0
single_kernel_mongo/lib/charms/tls_certificates_interface/v4/tls_certificates.py +1995 -0
single_kernel_mongo/managers/cluster.py +70 -28
single_kernel_mongo/managers/config.py +14 -8
single_kernel_mongo/managers/mongo.py +1 -1
single_kernel_mongo/managers/mongodb_operator.py +53 -56
single_kernel_mongo/managers/mongos_operator.py +18 -20
single_kernel_mongo/managers/sharding.py +154 -127
single_kernel_mongo/managers/tls.py +223 -206
single_kernel_mongo/state/charm_state.py +39 -16
single_kernel_mongo/state/cluster_state.py +8 -0
single_kernel_mongo/state/config_server_state.py +9 -0
single_kernel_mongo/state/tls_state.py +39 -12
single_kernel_mongo/templates/enable-transparent-huge-pages.service.j2 +14 -0
single_kernel_mongo/utils/helpers.py +4 -19
single_kernel_mongo/lib/charms/tls_certificates_interface/v3/tls_certificates.py +0 -2123
{mongo_charms_single_kernel-1.8.7.dist-info → mongo_charms_single_kernel-1.8.9.dist-info}/WHEEL +0 -0
{mongo_charms_single_kernel-1.8.7.dist-info → mongo_charms_single_kernel-1.8.9.dist-info}/licenses/LICENSE +0 -0

single_kernel_mongo/managers/cluster.py CHANGED Viewed

@@ -105,6 +105,9 @@ class ClusterProvider(Object):
         if int_tls_ca := self.state.tls.get_secret(label_name=SECRET_CA_LABEL, internal=True):
             relation_data[ClusterStateKeys.INT_CA_SECRET.value] = int_tls_ca
+        if ext_tls_ca := self.state.tls.get_secret(label_name=SECRET_CA_LABEL, internal=False):
+            relation_data[ClusterStateKeys.EXT_CA_SECRET.value] = ext_tls_ca
         if hashed_data := self.dependent.ldap_manager.get_hash():
             relation_data[ClusterStateKeys.LDAP_HASH.value] = hashed_data
@@ -253,19 +256,19 @@ class ClusterRequirer(Object):
     def assert_pass_hook_checks(self) -> None:
         """Runs pre-hook checks, raises if one fails."""
-        mongos_has_tls, config_server_has_tls = self.tls_status()
-        match (mongos_has_tls, config_server_has_tls):
+        mongos_peer_tls, config_server_peer_tls = self.mongos_and_config_server_peer_tls_status()
+        match (mongos_peer_tls, config_server_peer_tls):
             case False, True:
                 raise DeferrableFailedHookChecksError(
-                    "Config-Server uses TLS but mongos does not. Please synchronise encryption method."
+                    "Config-Server uses peer TLS but mongos does not. Please synchronise encryption method."
                 )
             case True, False:
                 raise DeferrableFailedHookChecksError(
-                    "Mongos uses TLS but config-server does not. Please synchronise encryption method."
+                    "Mongos uses peer TLS but config-server does not. Please synchronise encryption method."
                 )
             case _:
                 pass
-        if self.is_waiting_to_request_certs():
+        if self.dependent.tls_manager.is_waiting_for_a_cert():
             raise DeferrableFailedHookChecksError(
                 "Mongos was waiting for config-server to enable TLS. Wait for TLS to be enabled until starting mongos."
             )
@@ -431,10 +434,10 @@ class ClusterRequirer(Object):
         with MongoConnection(self.state.mongo_config) as mongo:
             mongo.drop_user(mongo.config.username)
-    def is_ca_compatible(self) -> bool:
-        """Returns true if both the mongos and the config-server use the same CA.
+    def is_peer_ca_compatible(self) -> bool:
+        """Returns true if both the mongos and the config-server use the same peer CA.
-        Using the same CA is a requirement for sharded clusters.
+        Using the same peer CA is a requirement for sharded clusters.
         """
         if not self.state.mongos_cluster_relation:
             return True
@@ -445,38 +448,77 @@ class ClusterRequirer(Object):
         return config_server_tls_ca == mongos_tls_ca
-    def is_waiting_to_request_certs(self) -> bool:
-        """Returns True if mongos has been waiting for config server in order to request certs."""
-        if not self.state.tls_relation:
-            return False
-        mongos_tls_ca = self.state.tls.get_secret(internal=True, label_name=SECRET_CA_LABEL)
+    def is_client_ca_compatible(self) -> bool:
+        """Returns true if both the mongos and the config-server use the same client CA.
-        # our CA is none until certs have been requested. We cannot request certs until integrated
-        # to config-server.
-        return not mongos_tls_ca
+        Using the same client CA is a requirement for sharded clusters.
+        """
+        if not self.state.mongos_cluster_relation:
+            return True
+        config_server_tls_ca = self.state.cluster.external_ca_secret
+        mongos_tls_ca = self.state.tls.get_secret(internal=False, label_name=SECRET_CA_LABEL)
+        if not config_server_tls_ca or not mongos_tls_ca:
+            return True
-    def tls_status(self) -> tuple[bool, bool]:
-        """Returns the TLS integration status for mongos and config-server."""
+        return config_server_tls_ca == mongos_tls_ca
+    def mongos_and_config_server_peer_tls_status(self) -> tuple[bool, bool]:
+        """Returns the peer TLS integration status for mongos and config-server."""
         if self.state.mongos_cluster_relation:
-            mongos_has_tls = self.state.tls_relation is not None
+            mongos_has_tls = self.state.peer_tls_relation is not None
             config_server_has_tls = self.state.cluster.internal_ca_secret is not None
             return mongos_has_tls, config_server_has_tls
         return False, False
-    def get_tls_statuses(self) -> StatusObject | None:
-        """Return statuses relevant to TLS."""
-        mongos_has_tls, config_server_has_tls = self.tls_status()
-        match (mongos_has_tls, config_server_has_tls):
+    def mongos_and_config_server_client_tls_status(self) -> tuple[bool, bool]:
+        """Returns the client TLS integration status for mongos and config-server."""
+        if self.state.mongos_cluster_relation:
+            mongos_has_tls = self.state.client_tls_relation is not None
+            config_server_has_tls = self.state.cluster.external_ca_secret is not None
+            return mongos_has_tls, config_server_has_tls
+        return False, False
+    def get_tls_status(self, internal: bool):
+        """Computes the TLS status for the scope.
+        Args:
+            internal: (bool) if true, represents the internal TLS, otherwise external TLS.
+        """
+        if internal:
+            shard_tls, config_server_tls = self.mongos_and_config_server_peer_tls_status()
+            is_ca_compatible = self.is_peer_ca_compatible()
+        else:
+            shard_tls, config_server_tls = self.mongos_and_config_server_client_tls_status()
+            is_ca_compatible = self.is_client_ca_compatible()
+        match (shard_tls, config_server_tls):
             case False, True:
-                return MongosStatuses.MISSING_TLS_REL.value
+                logger.warning(
+                    "Config-Server uses peer TLS but mongos does not. Please synchronise encryption method."
+                )
+                return MongosStatuses.missing_tls(internal=internal)
             case True, False:
-                return MongosStatuses.INVALID_TLS_REL.value
+                logger.warning(
+                    "Mongos uses peer TLS but config-server does not. Please synchronise encryption method."
+                )
+                return MongosStatuses.invalid_tls(internal=internal)
             case _:
                 pass
-        if not self.is_ca_compatible():
+        if not is_ca_compatible:
             logger.error(
-                "mongos is integrated to a different CA than the config server. Please use the same CA for all cluster components."
+                "Mongos is integrated to a different CA than the config server. Please use the same CA for all cluster components."
             )
-            return MongosStatuses.CA_MISMATCH.value
+            return MongosStatuses.incompatible_ca(internal=internal)
         return None
+    def tls_statuses(self) -> list[StatusObject]:
+        """Return statuses relevant to TLS."""
+        statuses = []
+        for internal in True, False:
+            if status := self.get_tls_status(internal=internal):
+                statuses.append(status)
+        return statuses

single_kernel_mongo/managers/config.py CHANGED Viewed

@@ -269,7 +269,7 @@ class MongoConfigManager(FileBasedConfigManager, ABC):
                 self.binding_ips,
                 self.port_parameter,
                 self.auth_parameter,
-                self.tls_parameters,
+                self.client_tls_parameters,
                 self.log_options,
                 self.audit_options,
                 self.ldap_parameters,
@@ -332,16 +332,20 @@ class MongoConfigManager(FileBasedConfigManager, ABC):
     def auth_parameter(self) -> dict[str, Any]:
         """The auth mode."""
         cmd = {"security": {"authorization": "enabled"}} if self.auth else {}
-        if self.state.tls.internal_enabled and self.state.tls.external_enabled:
+        if self.state.tls.peer_enabled:
             return always_merger.merge(
                 cmd,
                 {
                     "security": {"clusterAuthMode": "x509"},
                     "net": {
                         "tls": {
+                            "mode": "preferTLS",
                             "allowInvalidCertificates": True,
-                            "clusterCAFile": f"{self.workload.paths.int_ca_file}",
+                            "certificateKeyFile": f"{self.workload.paths.int_pem_file}",
+                            "CAFile": f"{self.workload.paths.int_ca_file}",
+                            "disabledProtocols": "TLS1_0,TLS1_1",
                             "clusterFile": f"{self.workload.paths.int_pem_file}",
+                            "clusterCAFile": f"{self.workload.paths.int_ca_file}",
                             "clusterAuthX509": {
                                 "attributes": f"O={self.state.get_subject_name()}",
                             },
@@ -360,10 +364,11 @@ class MongoConfigManager(FileBasedConfigManager, ABC):
         )
     @property
-    def tls_parameters(self) -> dict[str, Any]:
-        """The TLS external parameters."""
-        if self.state.tls.external_enabled:
-            return {
+    def client_tls_parameters(self) -> dict[str, Any]:
+        """The client TLS parameters."""
+        params = {}
+        if self.state.tls.client_enabled:
+            params = {
                 "net": {
                     "tls": {
                         "CAFile": f"{self.workload.paths.ext_ca_file}",
@@ -373,7 +378,8 @@ class MongoConfigManager(FileBasedConfigManager, ABC):
                     }
                 },
             }
-        return {}
+        return params
     @property
     @abstractmethod

single_kernel_mongo/managers/mongo.py CHANGED Viewed

@@ -530,7 +530,7 @@ class MongoManager(Object, ManagerStatusProtocol):
             return charm_statuses
         except ServerSelectionTimeoutError as e:
-            # Usually it is du to ReplicaSetNoPrimary
+            # Usually it is due to ReplicaSetNoPrimary
             logger.debug(f"Got error {e} while checking replica set status")
             return [MongodStatuses.WAITING_ELECTION.value]
         except AutoReconnect as e:

single_kernel_mongo/managers/mongodb_operator.py CHANGED Viewed

@@ -13,10 +13,7 @@ import charm_refresh
 from data_platform_helpers.advanced_statuses.models import StatusObject
 from data_platform_helpers.advanced_statuses.protocol import ManagerStatusProtocol
 from data_platform_helpers.advanced_statuses.types import Scope as DPHScope
-from data_platform_helpers.version_check import (
-    CrossAppVersionChecker,
-    get_charm_revision,
-)
+from data_platform_helpers.version_check import CrossAppVersionChecker, get_charm_revision
 from ops.framework import Object
 from ops.model import Container, ModelError, SecretNotFoundError, Unit
 from pymongo.errors import OperationFailure, PyMongoError, ServerSelectionTimeoutError
@@ -25,7 +22,6 @@ from typing_extensions import override
 from single_kernel_mongo.config.literals import (
     FEATURE_VERSION,
-    OS_REQUIREMENTS,
     CharmKind,
     MongoPorts,
     Scope,
@@ -37,7 +33,10 @@ from single_kernel_mongo.config.models import (
     PasswordManagementContext,
     PasswordManagementState,
 )
-from single_kernel_mongo.config.relations import ExternalRequirerRelations, RelationNames
+from single_kernel_mongo.config.relations import (
+    ExternalRequirerRelations,
+    RelationNames,
+)
 from single_kernel_mongo.config.statuses import (
     BackupStatuses,
     CharmStatuses,
@@ -51,19 +50,14 @@ from single_kernel_mongo.core.kubernetes_upgrades_v3 import KubernetesMongoDBRef
 from single_kernel_mongo.core.machine_upgrades_v3 import MachineMongoDBRefresh
 from single_kernel_mongo.core.operator import OperatorProtocol
 from single_kernel_mongo.core.secrets import generate_secret_label
-from single_kernel_mongo.core.structured_config import MongoDBRoles
+from single_kernel_mongo.core.structured_config import MongoDBCharmConfig, MongoDBRoles
 from single_kernel_mongo.core.version_checker import VersionChecker
-from single_kernel_mongo.events.backups import (
-    BackupEventsHandler,
-)
+from single_kernel_mongo.events.backups import BackupEventsHandler
 from single_kernel_mongo.events.cluster import ClusterConfigServerEventHandler
 from single_kernel_mongo.events.database import DatabaseEventsHandler
 from single_kernel_mongo.events.ldap import LDAPEventHandler
 from single_kernel_mongo.events.primary_action import PrimaryActionHandler
-from single_kernel_mongo.events.sharding import (
-    ConfigServerEventHandler,
-    ShardEventHandler,
-)
+from single_kernel_mongo.events.sharding import ConfigServerEventHandler, ShardEventHandler
 from single_kernel_mongo.events.tls import TLSEventsHandler
 from single_kernel_mongo.exceptions import (
     BalancerNotEnabledError,
@@ -103,10 +97,7 @@ from single_kernel_mongo.managers.tls import TLSManager
 from single_kernel_mongo.managers.upgrade_v3 import MongoDBUpgradesManager
 from single_kernel_mongo.managers.upgrade_v3_status import MongoDBUpgradesStatusManager
 from single_kernel_mongo.state.charm_state import CharmState
-from single_kernel_mongo.utils.helpers import (
-    is_valid_ldap_options,
-    is_valid_ldapusertodnmapping,
-)
+from single_kernel_mongo.utils.helpers import is_valid_ldap_options, is_valid_ldapusertodnmapping
 from single_kernel_mongo.utils.mongo_connection import MongoConnection, NotReadyError
 from single_kernel_mongo.utils.mongodb_users import (
     BackupUser,
@@ -179,12 +170,7 @@ class MongoDBOperator(OperatorProtocol, Object):
             self.state,
             container,
         )
-        self.tls_manager = TLSManager(
-            self,
-            self.workload,
-            self.state,
-            self.substrate,
-        )
+        self.tls_manager = TLSManager(self, self.workload, self.state)
         self.mongo_manager = MongoManager(
             self,
             self.workload,
@@ -340,15 +326,15 @@ class MongoDBOperator(OperatorProtocol, Object):
             return
         logger.info("Restarting workloads")
         # always apply the current charm revision's config
-        self.dependent._configure_workloads()
-        self.dependent.start_charm_services()
+        self._configure_workloads()
+        self.start_charm_services()
         self.state.unit_peer_data.current_revision = self.cross_app_version_checker.version
-        if self.dependent.name == CharmKind.MONGOD:
-            self.dependent._restart_related_services()
+        if self.name == CharmKind.MONGOD:
+            self._restart_related_services()
-        if self.dependent.mongo_manager.mongod_ready():
+        if self.mongo_manager.mongod_ready():
             try:
                 self.upgrades_manager.wait_for_cluster_healthy()
                 refresh.next_unit_allowed_to_refresh = True
@@ -357,7 +343,8 @@ class MongoDBOperator(OperatorProtocol, Object):
                 return
     @property
-    def config(self):
+    @override
+    def config(self) -> MongoDBCharmConfig:
         """Returns the actual config."""
         return self.charm.parsed_config
@@ -405,6 +392,7 @@ class MongoDBOperator(OperatorProtocol, Object):
         return (
             self,
             self.mongo_manager,
+            self.tls_manager,
             self.shard_manager,
             self.config_server_manager,
             self.backup_manager,
@@ -499,7 +487,9 @@ class MongoDBOperator(OperatorProtocol, Object):
         except (NotReadyError, PyMongoError, WorkloadExecError) as e:
             logger.error(f"Deferring on start: error={e}")
             self.state.statuses.add(
-                MongodStatuses.WAITING_REPL_SET_INIT.value, scope="unit", component=self.name
+                MongodStatuses.WAITING_REPL_SET_INIT.value,
+                scope="unit",
+                component=self.name,
             )
             raise
@@ -891,22 +881,17 @@ class MongoDBOperator(OperatorProtocol, Object):
     @override
     def update_status(self) -> None:
         """Status update Handler."""
-        # TODO update the usage of this once the spec is approved and we have a consistent way of
-        # handling statuses
         if self.basic_statuses():
             logger.info("Early return invalid statuses.")
             return
+        if self.state.is_role(MongoDBRoles.SHARD) and self._should_skip_because_of_incomplete_tls():
+            return
         if self.cluster_version_checker.get_cluster_mismatched_revision_status():
             logger.info("Early return, cluster mismatch version.")
             return
-        if self.state.is_role(MongoDBRoles.SHARD):
-            shard_has_tls, config_server_has_tls = self.shard_manager.tls_status()
-            if config_server_has_tls and not shard_has_tls:
-                logger.info("Shard is missing TLS.")
-                return
         if not self.mongo_manager.mongod_ready():
             logger.info("Mongod not ready.")
             return
@@ -1013,19 +998,6 @@ class MongoDBOperator(OperatorProtocol, Object):
             logger.exception(f"Failed to open port: {e}")
             raise
-    def _set_os_config(self) -> None:
-        """Sets sysctl config for mongodb."""
-        try:
-            self.sysctl_config.configure(OS_REQUIREMENTS)
-        except (sysctl.ApplyError, sysctl.ValidationError, sysctl.CommandError) as e:
-            # we allow events to continue in the case that we are not able to correctly configure
-            # sysctl config, since we can  still run the workload with wrong sysctl parameters
-            # even if it is not optimal.
-            logger.error(f"Error setting values on sysctl: {e.message}")
-            # containers share the kernel with the host system, and some sysctl parameters are
-            # set at kernel level.
-            logger.warning("sysctl params cannot be set. Is the machine running on a container?")
     @property
     def primary_unit_name(self) -> str | None:
         """Retrieves the primary unit with the primary replica."""
@@ -1080,7 +1052,9 @@ class MongoDBOperator(OperatorProtocol, Object):
         except WorkloadServiceError as e:
             logger.error("An exception occurred when starting mongod agent, error: %s.", str(e))
             self.charm.state.statuses.add(
-                MongoDBStatuses.WAITING_FOR_MONGODB_START.value, scope="unit", component=self.name
+                MongoDBStatuses.WAITING_FOR_MONGODB_START.value,
+                scope="unit",
+                component=self.name,
             )
             raise
@@ -1100,7 +1074,9 @@ class MongoDBOperator(OperatorProtocol, Object):
             self.backup_manager.configure_and_restart()
         except WorkloadServiceError:
             self.state.statuses.add(
-                BackupStatuses.WAITING_FOR_PBM_START.value, scope="unit", component=self.name
+                BackupStatuses.WAITING_FOR_PBM_START.value,
+                scope="unit",
+                component=self.name,
             )
             raise
@@ -1141,7 +1117,10 @@ class MongoDBOperator(OperatorProtocol, Object):
             logger.error("Charm is in sharding mode. Does not support %s interface.", rel_name)
             return MongoDBStatuses.INVALID_CFG_SRV_ON_SHARD_REL.value
         if self.state.is_role(MongoDBRoles.CONFIG_SERVER) and rel_name == RelationNames.SHARDING:
-            logger.error("Charm is in config-server mode. Does not support %s interface.", rel_name)
+            logger.error(
+                "Charm is in config-server mode. Does not support %s interface.",
+                rel_name,
+            )
             return MongoDBStatuses.INVALID_SHARD_ON_CFG_SRV_REL.value
         if not self.state.is_role(MongoDBRoles.CONFIG_SERVER) and rel_name == RelationNames.CLUSTER:
             logger.error("Charm is not a config-server, cannot integrate mongos")
@@ -1161,7 +1140,9 @@ class MongoDBOperator(OperatorProtocol, Object):
         self.build_local_tls_directory()
         # Push TLS files if necessary
-        self.tls_manager.push_tls_files_to_workload()
+        for internal in [True, False]:
+            self.tls_manager.push_tls_files_to_workload(internal)
         self.ldap_manager.save_certificates(self.state.ldap.chain)
         # Update licenses
@@ -1379,3 +1360,19 @@ class MongoDBOperator(OperatorProtocol, Object):
                 scope="app",
                 component=self.name,
             )
+    def _should_skip_because_of_incomplete_tls(self) -> bool:
+        """Checks if the update status hook needs skipping due to an incomplete TLS integration."""
+        shard_has_peer_tls, config_server_has_peer_tls = (
+            self.shard_manager.shard_and_config_server_peer_tls_status()
+        )
+        if config_server_has_peer_tls and not shard_has_peer_tls:
+            logger.info("Shard is missing peer TLS.")
+            return True
+        shard_has_client_tls, config_server_has_client_tls = (
+            self.shard_manager.shard_and_config_server_client_tls_status()
+        )
+        if config_server_has_client_tls and not shard_has_client_tls:
+            logger.info("Shard is missing client TLS.")
+            return True
+        return False

single_kernel_mongo/managers/mongos_operator.py CHANGED Viewed

@@ -46,6 +46,7 @@ from single_kernel_mongo.exceptions import (
 from single_kernel_mongo.lib.charms.data_platform_libs.v0.data_interfaces import (
     DatabaseProviderData,
 )
+from single_kernel_mongo.lib.charms.operator_libs_linux.v0 import sysctl
 from single_kernel_mongo.managers.cluster import ClusterRequirer
 from single_kernel_mongo.managers.config import MongosConfigManager
 from single_kernel_mongo.managers.k8s import K8sManager
@@ -103,12 +104,7 @@ class MongosOperator(OperatorProtocol, Object):
             self.state,
             self.substrate,
         )
-        self.tls_manager = TLSManager(
-            self,
-            self.workload,
-            self.state,
-            self.substrate,
-        )
+        self.tls_manager = TLSManager(self, self.workload, self.state)
         self.cluster_manager = ClusterRequirer(
             self, self.workload, self.state, self.substrate, RelationNames.CLUSTER
         )
@@ -152,6 +148,7 @@ class MongosOperator(OperatorProtocol, Object):
             ExternalRequirerRelations.LDAP,
             ExternalRequirerRelations.LDAP_CERT,
         )
+        self.sysctl_config = sysctl.Config(name=self.charm.app.name)
         pod_name = self.model.unit.name.replace("/", "-")
         self.k8s = K8sManager(pod_name, self.model.name)
@@ -199,9 +196,10 @@ class MongosOperator(OperatorProtocol, Object):
     @property
     def components(self) -> tuple[ManagerStatusProtocol, ...]:
         """The ordered list of components for this operator."""
-        return (self, self.ldap_manager, self.upgrades_status_manager)
+        return (self, self.tls_manager, self.ldap_manager, self.upgrades_status_manager)
     @property
+    @override
     def config(self) -> MongosCharmConfig:
         """Returns the actual config."""
         return self.charm.parsed_config
@@ -220,8 +218,8 @@ class MongosOperator(OperatorProtocol, Object):
         # Instantiate the local directory for k8s
         self.build_local_tls_directory()
-        # Push certificates
-        self.tls_manager.push_tls_files_to_workload()
+        for internal in [True, False]:
+            self.tls_manager.push_tls_files_to_workload(internal)
         # Save LDAP certificates
         self.ldap_manager.save_certificates(self.state.ldap.chain)
@@ -299,8 +297,7 @@ class MongosOperator(OperatorProtocol, Object):
                 component=self.name,
             )
             self.update_k8s_external_services()
-            self.tls_manager.update_tls_sans()
+            self.tls_events.refresh_certificates()
             self.share_connection_info()
     @override
@@ -343,7 +340,7 @@ class MongosOperator(OperatorProtocol, Object):
             # our SANS as necessary.
             # The connection info will be updated when we receive the new certificates.
             if self.substrate == Substrates.K8S:
-                self.tls_manager.update_tls_sans()
+                self.tls_events.refresh_certificates()
     @override
     def new_peer(self) -> None:
@@ -388,11 +385,10 @@ class MongosOperator(OperatorProtocol, Object):
             self.mongos_config_manager.configure_and_restart(force=force)
         except WorkloadServiceError as e:
             logger.error("An exception occurred when starting mongos agent, error: %s.", str(e))
-            self.charm.status_handler.set_running_status(
+            self.charm.state.statuses.add(
                 MongosStatuses.WAITING_FOR_MONGOS_START.value,
                 scope="unit",
-                statuses_state=self.state.statuses,
-                component_name=self.name,
+                component=self.name,
             )
             raise
@@ -577,8 +573,9 @@ class MongosOperator(OperatorProtocol, Object):
             )
             return False
-        if status := self.cluster_manager.get_tls_statuses():
-            logger.info(f"Invalid TLS integration: {status.message}")
+        if statuses := self.cluster_manager.tls_statuses():
+            for status in statuses:
+                logger.info(f"Invalid TLS integration: {status.message}")
             return False
         if not self.is_mongos_running():
@@ -616,10 +613,11 @@ class MongosOperator(OperatorProtocol, Object):
             # don't bother checking remaining statuses if no config-server is present
             return charm_statuses
-        if status := self.cluster_manager.get_tls_statuses():
-            logger.info(f"Invalid TLS integration: {status.message}")
+        if statuses := self.cluster_manager.tls_statuses():
+            for status in statuses:
+                logger.info(f"Invalid TLS integration: {status.message}")
             # if TLS is misconfigured we will get redherrings on the remaining messages
-            charm_statuses.append(status)
+            charm_statuses += statuses
             return charm_statuses
         if self.state.mongos_cluster_relation and not self.state.cluster.config_server_uri:

mongo-charms-single-kernel 1.8.7__py3-none-any.whl → 1.8.9__py3-none-any.whl

Potentially problematic release.

mongo-charms-single-kernel 1.8.7py3-none-any.whl → 1.8.9py3-none-any.whl