PyPI - postgresql-charms-single-kernel - Versions diffs - 16.1.5__tar.gz → 16.1.7__tar.gz - Mend

postgresql-charms-single-kernel 16.1.5tar.gz → 16.1.7tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

{postgresql_charms_single_kernel-16.1.5 → postgresql_charms_single_kernel-16.1.7}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: postgresql-charms-single-kernel
-Version: 16.1.5
+Version: 16.1.7
 Summary: Shared and reusable code for PostgreSQL-related charms
 Author: Canonical Data Platform
 Author-email: Canonical Data Platform <data-platform@lists.launchpad.net>
@@ -209,6 +209,9 @@ License:
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers
 Classifier: Operating System :: POSIX :: Linux
+Requires-Dist: ops>=2.0.0
+Requires-Dist: psycopg2>=2.9.10
+Requires-Dist: tenacity>=9.0.0
 Requires-Python: >=3.8, <4.0
 Description-Content-Type: text/markdown

{postgresql_charms_single_kernel-16.1.5 → postgresql_charms_single_kernel-16.1.7}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@
 [project]
 name = "postgresql-charms-single-kernel"
 description = "Shared and reusable code for PostgreSQL-related charms"
-version = "16.1.5"
+version = "16.1.7"
 readme = "README.md"
 license = {file = "LICENSE"}
 authors = [
@@ -16,6 +16,11 @@ classifiers = [
  "Operating System :: POSIX :: Linux",
 ]
 requires-python = ">=3.8,<4.0"
+dependencies = [
+    "ops>=2.0.0",
+    "psycopg2>=2.9.10",
+    "tenacity>=9.0.0",
+]
 [build-system]
 requires = ["uv_build>=0.9.9,<0.10.0"]
@@ -26,20 +31,16 @@ module-name = "single_kernel_postgresql"
 module-root = ""
 [dependency-groups]
-lib = [
-    "ops>=2.0.0",
-    "psycopg2>=2.9.10",
-]
 format = [
-    "ruff==0.14.9"
+    "ruff==0.14.14; python_version >= '3.12'"
 ]
 lint = [
-    "codespell==2.4.1",
-    "pyright==1.1.407"
+    "codespell==2.4.1; python_version >= '3.12'",
+    "ty==0.0.14; python_version >= '3.12'"
 ]
 unit = [
-    "coverage[toml]==7.13.0; python_version >= '3.10'",
-    "pytest==9.0.2; python_version >= '3.10'"
+    "coverage[toml]==7.13.2; python_version >= '3.12'",
+    "pytest==9.0.2; python_version >= '3.12'"
 ]
 # Testing tools configuration
@@ -102,12 +103,8 @@ max-complexity = 10
 [tool.ruff.lint.pydocstyle]
 convention = "google"
-[tool.pyright]
-include = ["single_kernel_postgresql"]
-pythonVersion = "3.8"
-pythonPlatform = "All"
-typeCheckingMode = "basic"
-reportIncompatibleMethodOverride = false
-reportImportCycles = false
-reportMissingModuleSource = true
-stubPath = ""
+[tool.ty.environment]
+python = ".tox/lint/"
+[tool.ty.src]
+exclude = ["tests"]

postgresql_charms_single_kernel-16.1.7/single_kernel_postgresql/events/tls_transfer.py ADDED Viewed

@@ -0,0 +1,89 @@
+# Copyright 2022 Canonical Ltd.
+# See LICENSE file for licensing details.
+"""TLS Transfer Handler."""
+import logging
+from collections.abc import Iterator
+# Charmlib import. Should be made available in the charm itself
+from charms.certificate_transfer_interface.v0.certificate_transfer import (  # type: ignore
+    CertificateAvailableEvent,
+    CertificateRemovedEvent,
+    CertificateTransferRequires,
+)
+from ops.framework import Object
+from ops.pebble import ConnectionError as PebbleConnectionError
+from ops.pebble import PathError, ProtocolError
+from tenacity import RetryError
+logger = logging.getLogger(__name__)
+SCOPE = "unit"
+TLS_TRANSFER_RELATION = "receive-ca-cert"
+class TLSTransfer(Object):
+    """In this class we manage certificate transfer relation."""
+    def __init__(self, charm, peer_relation: str):
+        super().__init__(charm, "client-relations")
+        self.charm = charm
+        self.peer_relation = peer_relation
+        self.certs_transfer = CertificateTransferRequires(self.charm, TLS_TRANSFER_RELATION)
+        self.framework.observe(
+            self.certs_transfer.on.certificate_available, self._on_certificate_available
+        )
+        self.framework.observe(
+            self.certs_transfer.on.certificate_removed, self._on_certificate_removed
+        )
+    def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
+        """Enable TLS when TLS certificate is added."""
+        relation = self.charm.model.get_relation(TLS_TRANSFER_RELATION, event.relation_id)
+        if relation is None:
+            logger.error("Relationship not established anymore.")
+            return
+        secret_name = f"ca-{relation.app.name}"
+        self.charm.set_secret(SCOPE, secret_name, event.ca)
+        try:
+            if not self.charm.push_ca_file_into_workload(secret_name):
+                logger.debug("Cannot push TLS certificates at this moment")
+                event.defer()
+                return
+        except (PebbleConnectionError, PathError, ProtocolError, RetryError) as e:
+            logger.error("Cannot push TLS certificates: %r", e)
+            event.defer()
+            return
+    def _on_certificate_removed(self, event: CertificateRemovedEvent) -> None:
+        """Disable TLS when TLS certificate is removed."""
+        relation = self.charm.model.get_relation(TLS_TRANSFER_RELATION, event.relation_id)
+        if relation is None:
+            logger.error("Relationship not established anymore.")
+            return
+        secret_name = f"ca-{relation.app.name}"
+        self.charm.set_secret(SCOPE, secret_name, None)
+        try:
+            if not self.charm.clean_ca_file_from_workload(secret_name):
+                logger.debug("Cannot clean CA certificates at this moment")
+                event.defer()
+                return
+        except (PebbleConnectionError, PathError, ProtocolError, RetryError) as e:
+            logger.error("Cannot clean CA certificates: %r", e)
+            event.defer()
+            return
+    def get_ca_secret_names(self) -> Iterator[str]:
+        """Get a secret-name for each relation fulfilling the CA transfer interface.
+        Returns:
+            Secret name for a CA transfer fulfilled interface.
+        """
+        relations = self.charm.model.relations.get(TLS_TRANSFER_RELATION, [])
+        for relation in relations:
+            yield f"ca-{relation.app.name}"

postgresql_charms_single_kernel-16.1.7/single_kernel_postgresql/utils/__init__.py ADDED Viewed

@@ -0,0 +1,3 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+"""Utils and helpers for PostgreSQL charms."""

{postgresql_charms_single_kernel-16.1.5 → postgresql_charms_single_kernel-16.1.7}/single_kernel_postgresql/utils/postgresql.py RENAMED Viewed

@@ -27,6 +27,8 @@ from datetime import datetime, timezone
 from typing import Dict, List, Optional, Set, Tuple
 import psycopg2
+import psycopg2.errors
+import psycopg2.extensions
 from ops import ConfigData
 from psycopg2.sql import SQL, Identifier, Literal
@@ -430,11 +432,10 @@ class PostgreSQL:
                         cursor.execute(connect_statement)
                 # Add extra user roles to the new user.
-                if roles:
-                    for role in roles:
-                        cursor.execute(
-                            SQL("GRANT {} TO {};").format(Identifier(role), Identifier(user))
-                        )
+                for role in roles:
+                    cursor.execute(
+                        SQL("GRANT {} TO {};").format(Identifier(role), Identifier(user))
+                    )
         except psycopg2.Error as e:
             logger.error(f"Failed to create user: {e}")
             raise PostgreSQLCreateUserError() from e
@@ -498,9 +499,10 @@ class PostgreSQL:
     def _process_extra_user_roles(
         self, user: str, extra_user_roles: Optional[List[str]] = None
-    ) -> Tuple[Optional[List[str]], Optional[Set[str]]]:
+    ) -> Tuple[List[str], Set[str]]:
         # Separate roles and privileges from the provided extra user roles.
-        roles = privileges = None
+        roles = []
+        privileges = set()
         if extra_user_roles:
             if len(extra_user_roles) > 2 and sorted(extra_user_roles) != [
                 ROLE_ADMIN,
@@ -644,6 +646,7 @@ class PostgreSQL:
                 with self._connect_to_database(
                     database
                 ) as connection, connection.cursor() as cursor:
+                    cursor.execute(SQL("RESET ROLE;"))
                     cursor.execute(
                         SQL("REASSIGN OWNED BY {} TO {};").format(
                             Identifier(user), Identifier(self.user)
@@ -653,6 +656,7 @@ class PostgreSQL:
             # Delete the user.
             with self._connect_to_database() as connection, connection.cursor() as cursor:
+                cursor.execute(SQL("RESET ROLE;"))
                 cursor.execute(SQL("DROP ROLE {};").format(Identifier(user)))
         except psycopg2.Error as e:
             logger.error(f"Failed to delete user: {e}")
@@ -823,9 +827,9 @@ class PostgreSQL:
                             else f"DROP EXTENSION IF EXISTS {extension};"
                         )
             self._configure_pgaudit(ordered_extensions.get("pgaudit", False))
-        except psycopg2.errors.UniqueViolation:
+        except psycopg2.errors.UniqueViolation:  # type: ignore
             pass
-        except psycopg2.errors.DependentObjectsStillExist:
+        except psycopg2.errors.DependentObjectsStillExist:  # type: ignore
             raise
         except psycopg2.Error as e:
             raise PostgreSQLEnableDisableExtensionError() from e
@@ -839,7 +843,7 @@ class PostgreSQL:
             with self._connect_to_database() as connection, connection.cursor() as cursor:
                 # Should always be present
                 cursor.execute("SELECT last_archived_wal FROM pg_stat_archiver;")
-                return cursor.fetchone()[0]  # type: ignore
+                return cursor.fetchone()[0]
         except psycopg2.Error as e:
             logger.error(f"Failed to get PostgreSQL last archived WAL: {e}")
             raise PostgreSQLGetLastArchivedWALError() from e
@@ -850,7 +854,7 @@ class PostgreSQL:
             with self._connect_to_database() as connection, connection.cursor() as cursor:
                 cursor.execute("SELECT timeline_id FROM pg_control_checkpoint();")
                 # There should always be a timeline
-                return cursor.fetchone()[0]  # type: ignore
+                return cursor.fetchone()[0]
         except psycopg2.Error as e:
             logger.error(f"Failed to get PostgreSQL current timeline id: {e}")
             raise PostgreSQLGetCurrentTimelineError() from e
@@ -907,7 +911,7 @@ class PostgreSQL:
             ) as connection, connection.cursor() as cursor:
                 cursor.execute("SELECT version();")
                 # Split to get only the version number. There should always be a version.
-                return cursor.fetchone()[0].split(" ")[1]  # type:ignore
+                return cursor.fetchone()[0].split(" ")[1]
         except psycopg2.Error as e:
             logger.error(f"Failed to get PostgreSQL version: {e}")
             raise PostgreSQLGetPostgreSQLVersionError() from e
@@ -928,7 +932,7 @@ class PostgreSQL:
             ) as connection, connection.cursor() as cursor:
                 cursor.execute("SHOW ssl;")
                 # SSL state should always be set
-                return "on" in cursor.fetchone()[0]  # type: ignore
+                return "on" in cursor.fetchone()[0]
         except psycopg2.Error:
             # Connection errors happen when PostgreSQL has not started yet.
             return False