postgresql-charms-single-kernel 16.1.5__py3-none-any.whl → 16.1.7__py3-none-any.whl

{postgresql_charms_single_kernel-16.1.5.dist-info → postgresql_charms_single_kernel-16.1.7.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: postgresql-charms-single-kernel
-Version: 16.1.5
+Version: 16.1.7
 Summary: Shared and reusable code for PostgreSQL-related charms
 Author: Canonical Data Platform
 Author-email: Canonical Data Platform <data-platform@lists.launchpad.net>
@@ -209,6 +209,9 @@ License:
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers
 Classifier: Operating System :: POSIX :: Linux
+Requires-Dist: ops>=2.0.0
+Requires-Dist: psycopg2>=2.9.10
+Requires-Dist: tenacity>=9.0.0
 Requires-Python: >=3.8, <4.0
 Description-Content-Type: text/markdown
 

{postgresql_charms_single_kernel-16.1.5.dist-info → postgresql_charms_single_kernel-16.1.7.dist-info}/RECORD

@@ -3,9 +3,11 @@ single_kernel_postgresql/abstract_charm.py,sha256=jWYV7nTZLiwxCZEedMZwyXzU3iNDRU
 single_kernel_postgresql/charmcraft.yaml,sha256=TbqNxQtjeAB-xPLpZXOnolxEnP75Rmgb7066k6HaOkU,454
 single_kernel_postgresql/config/__init__.py,sha256=k9Ud5ZZNd3l0nn8xi8AIlT45oZk8hJ542BjAFGDJzuc,140
 single_kernel_postgresql/config/literals.py,sha256=88r33TBX7SXqgpV6EEXtZmSJrfOtsFiVJ_omop0RuBo,643
+single_kernel_postgresql/events/__init__.py,sha256=VwAEW3wYjs99q38bid47aS6Os4s3catK4H5HfdPkp94,121
+single_kernel_postgresql/events/tls_transfer.py,sha256=Z1u2Y7d1rKyve4WGVTjlmNkCOy7P3MEgi8Fqv3mYtX0,3404
 single_kernel_postgresql/utils/__init__.py,sha256=VwAEW3wYjs99q38bid47aS6Os4s3catK4H5HfdPkp94,121
 single_kernel_postgresql/utils/filesystem.py,sha256=7sMR64DavtuIKlwf8p5UWG5l1x0B3NgCSV8Yg52mpb4,1832
-single_kernel_postgresql/utils/postgresql.py,sha256=JkthsMDB9kzF-UNQuR3ShxeNWKwxgcEaQKPLJpXizGE,83334
-postgresql_charms_single_kernel-16.1.5.dist-info/WHEEL,sha256=xDCZ-UyfvkGuEHPeI7BcJzYKIZzdqN8A8o1M5Om8IyA,79
-postgresql_charms_single_kernel-16.1.5.dist-info/METADATA,sha256=LXXeKnVtFD0n55PYaThWI7iuK4jqqD6dQhDUdGLBU5M,13662
-postgresql_charms_single_kernel-16.1.5.dist-info/RECORD,,
+single_kernel_postgresql/utils/postgresql.py,sha256=M59s3KbyDYdQHT3u1g1L1o6lKN4ZXGsGIRw08DTvw-c,83409
+postgresql_charms_single_kernel-16.1.7.dist-info/WHEEL,sha256=fAguSjoiATBe7TNBkJwOjyL1Tt4wwiaQGtNtjRPNMQA,80
+postgresql_charms_single_kernel-16.1.7.dist-info/METADATA,sha256=zxSiilN6bgr45B1CPIpfOy-sJMlmNPZbErM-EDVuwYQ,13751
+postgresql_charms_single_kernel-16.1.7.dist-info/RECORD,,

{postgresql_charms_single_kernel-16.1.5.dist-info → postgresql_charms_single_kernel-16.1.7.dist-info}/WHEEL

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: uv 0.9.17
+Generator: uv 0.9.28
 Root-Is-Purelib: true
-Tag: py3-none-any
+Tag: py3-none-any

single_kernel_postgresql/events/__init__.py

@@ -0,0 +1,3 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+"""Utils and helpers for PostgreSQL charms."""

single_kernel_postgresql/events/tls_transfer.py

@@ -0,0 +1,89 @@
+# Copyright 2022 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+"""TLS Transfer Handler."""
+
+import logging
+from collections.abc import Iterator
+
+# Charmlib import. Should be made available in the charm itself
+from charms.certificate_transfer_interface.v0.certificate_transfer import (  # type: ignore
+    CertificateAvailableEvent,
+    CertificateRemovedEvent,
+    CertificateTransferRequires,
+)
+from ops.framework import Object
+from ops.pebble import ConnectionError as PebbleConnectionError
+from ops.pebble import PathError, ProtocolError
+from tenacity import RetryError
+
+logger = logging.getLogger(__name__)
+SCOPE = "unit"
+TLS_TRANSFER_RELATION = "receive-ca-cert"
+
+
+class TLSTransfer(Object):
+    """In this class we manage certificate transfer relation."""
+
+    def __init__(self, charm, peer_relation: str):
+        super().__init__(charm, "client-relations")
+        self.charm = charm
+        self.peer_relation = peer_relation
+        self.certs_transfer = CertificateTransferRequires(self.charm, TLS_TRANSFER_RELATION)
+        self.framework.observe(
+            self.certs_transfer.on.certificate_available, self._on_certificate_available
+        )
+        self.framework.observe(
+            self.certs_transfer.on.certificate_removed, self._on_certificate_removed
+        )
+
+    def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
+        """Enable TLS when TLS certificate is added."""
+        relation = self.charm.model.get_relation(TLS_TRANSFER_RELATION, event.relation_id)
+        if relation is None:
+            logger.error("Relationship not established anymore.")
+            return
+
+        secret_name = f"ca-{relation.app.name}"
+        self.charm.set_secret(SCOPE, secret_name, event.ca)
+
+        try:
+            if not self.charm.push_ca_file_into_workload(secret_name):
+                logger.debug("Cannot push TLS certificates at this moment")
+                event.defer()
+                return
+        except (PebbleConnectionError, PathError, ProtocolError, RetryError) as e:
+            logger.error("Cannot push TLS certificates: %r", e)
+            event.defer()
+            return
+
+    def _on_certificate_removed(self, event: CertificateRemovedEvent) -> None:
+        """Disable TLS when TLS certificate is removed."""
+        relation = self.charm.model.get_relation(TLS_TRANSFER_RELATION, event.relation_id)
+        if relation is None:
+            logger.error("Relationship not established anymore.")
+            return
+
+        secret_name = f"ca-{relation.app.name}"
+        self.charm.set_secret(SCOPE, secret_name, None)
+
+        try:
+            if not self.charm.clean_ca_file_from_workload(secret_name):
+                logger.debug("Cannot clean CA certificates at this moment")
+                event.defer()
+                return
+        except (PebbleConnectionError, PathError, ProtocolError, RetryError) as e:
+            logger.error("Cannot clean CA certificates: %r", e)
+            event.defer()
+            return
+
+    def get_ca_secret_names(self) -> Iterator[str]:
+        """Get a secret-name for each relation fulfilling the CA transfer interface.
+
+        Returns:
+            Secret name for a CA transfer fulfilled interface.
+        """
+        relations = self.charm.model.relations.get(TLS_TRANSFER_RELATION, [])
+
+        for relation in relations:
+            yield f"ca-{relation.app.name}"

single_kernel_postgresql/utils/postgresql.py

@@ -27,6 +27,8 @@ from datetime import datetime, timezone
 from typing import Dict, List, Optional, Set, Tuple
 
 import psycopg2
+import psycopg2.errors
+import psycopg2.extensions
 from ops import ConfigData
 from psycopg2.sql import SQL, Identifier, Literal
 
@@ -430,11 +432,10 @@ class PostgreSQL:
                         cursor.execute(connect_statement)
 
                 # Add extra user roles to the new user.
-                if roles:
-                    for role in roles:
-                        cursor.execute(
-                            SQL("GRANT {} TO {};").format(Identifier(role), Identifier(user))
-                        )
+                for role in roles:
+                    cursor.execute(
+                        SQL("GRANT {} TO {};").format(Identifier(role), Identifier(user))
+                    )
         except psycopg2.Error as e:
             logger.error(f"Failed to create user: {e}")
             raise PostgreSQLCreateUserError() from e
@@ -498,9 +499,10 @@ class PostgreSQL:
 
     def _process_extra_user_roles(
         self, user: str, extra_user_roles: Optional[List[str]] = None
-    ) -> Tuple[Optional[List[str]], Optional[Set[str]]]:
+    ) -> Tuple[List[str], Set[str]]:
         # Separate roles and privileges from the provided extra user roles.
-        roles = privileges = None
+        roles = []
+        privileges = set()
         if extra_user_roles:
             if len(extra_user_roles) > 2 and sorted(extra_user_roles) != [
                 ROLE_ADMIN,
@@ -644,6 +646,7 @@ class PostgreSQL:
                 with self._connect_to_database(
                     database
                 ) as connection, connection.cursor() as cursor:
+                    cursor.execute(SQL("RESET ROLE;"))
                     cursor.execute(
                         SQL("REASSIGN OWNED BY {} TO {};").format(
                             Identifier(user), Identifier(self.user)
@@ -653,6 +656,7 @@ class PostgreSQL:
 
             # Delete the user.
             with self._connect_to_database() as connection, connection.cursor() as cursor:
+                cursor.execute(SQL("RESET ROLE;"))
                 cursor.execute(SQL("DROP ROLE {};").format(Identifier(user)))
         except psycopg2.Error as e:
             logger.error(f"Failed to delete user: {e}")
@@ -823,9 +827,9 @@ class PostgreSQL:
                             else f"DROP EXTENSION IF EXISTS {extension};"
                         )
             self._configure_pgaudit(ordered_extensions.get("pgaudit", False))
-        except psycopg2.errors.UniqueViolation:
+        except psycopg2.errors.UniqueViolation:  # type: ignore
             pass
-        except psycopg2.errors.DependentObjectsStillExist:
+        except psycopg2.errors.DependentObjectsStillExist:  # type: ignore
             raise
         except psycopg2.Error as e:
             raise PostgreSQLEnableDisableExtensionError() from e
@@ -839,7 +843,7 @@ class PostgreSQL:
             with self._connect_to_database() as connection, connection.cursor() as cursor:
                 # Should always be present
                 cursor.execute("SELECT last_archived_wal FROM pg_stat_archiver;")
-                return cursor.fetchone()[0]  # type: ignore
+                return cursor.fetchone()[0]
         except psycopg2.Error as e:
             logger.error(f"Failed to get PostgreSQL last archived WAL: {e}")
             raise PostgreSQLGetLastArchivedWALError() from e
@@ -850,7 +854,7 @@ class PostgreSQL:
             with self._connect_to_database() as connection, connection.cursor() as cursor:
                 cursor.execute("SELECT timeline_id FROM pg_control_checkpoint();")
                 # There should always be a timeline
-                return cursor.fetchone()[0]  # type: ignore
+                return cursor.fetchone()[0]
         except psycopg2.Error as e:
             logger.error(f"Failed to get PostgreSQL current timeline id: {e}")
             raise PostgreSQLGetCurrentTimelineError() from e
@@ -907,7 +911,7 @@ class PostgreSQL:
             ) as connection, connection.cursor() as cursor:
                 cursor.execute("SELECT version();")
                 # Split to get only the version number. There should always be a version.
-                return cursor.fetchone()[0].split(" ")[1]  # type:ignore
+                return cursor.fetchone()[0].split(" ")[1]
         except psycopg2.Error as e:
             logger.error(f"Failed to get PostgreSQL version: {e}")
             raise PostgreSQLGetPostgreSQLVersionError() from e
@@ -928,7 +932,7 @@ class PostgreSQL:
             ) as connection, connection.cursor() as cursor:
                 cursor.execute("SHOW ssl;")
                 # SSL state should always be set
-                return "on" in cursor.fetchone()[0]  # type: ignore
+                return "on" in cursor.fetchone()[0]
         except psycopg2.Error:
             # Connection errors happen when PostgreSQL has not started yet.
             return False