postgresql-charms-single-kernel 16.1.6__tar.gz → 16.1.7__tar.gz

{postgresql_charms_single_kernel-16.1.6 → postgresql_charms_single_kernel-16.1.7}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: postgresql-charms-single-kernel
-Version: 16.1.6
+Version: 16.1.7
 Summary: Shared and reusable code for PostgreSQL-related charms
 Author: Canonical Data Platform
 Author-email: Canonical Data Platform <data-platform@lists.launchpad.net>
@@ -209,6 +209,9 @@ License:
 Classifier: Development Status :: 3 - Alpha
 Classifier: Intended Audience :: Developers
 Classifier: Operating System :: POSIX :: Linux
+Requires-Dist: ops>=2.0.0
+Requires-Dist: psycopg2>=2.9.10
+Requires-Dist: tenacity>=9.0.0
 Requires-Python: >=3.8, <4.0
 Description-Content-Type: text/markdown
 

{postgresql_charms_single_kernel-16.1.6 → postgresql_charms_single_kernel-16.1.7}/pyproject.toml

@@ -4,7 +4,7 @@
 [project]
 name = "postgresql-charms-single-kernel"
 description = "Shared and reusable code for PostgreSQL-related charms"
-version = "16.1.6"
+version = "16.1.7"
 readme = "README.md"
 license = {file = "LICENSE"}
 authors = [
@@ -16,6 +16,11 @@ classifiers = [
  "Operating System :: POSIX :: Linux",
 ]
 requires-python = ">=3.8,<4.0"
+dependencies = [
+    "ops>=2.0.0",
+    "psycopg2>=2.9.10",
+    "tenacity>=9.0.0",
+]
 
 [build-system]
 requires = ["uv_build>=0.9.9,<0.10.0"]
@@ -26,20 +31,16 @@ module-name = "single_kernel_postgresql"
 module-root = ""
 
 [dependency-groups]
-lib = [
-    "ops>=2.0.0",
-    "psycopg2>=2.9.10",
-]
 format = [
-    "ruff==0.14.10"
+    "ruff==0.14.14; python_version >= '3.12'"
 ]
 lint = [
-    "codespell==2.4.1",
-    "pyright==1.1.407"
+    "codespell==2.4.1; python_version >= '3.12'",
+    "ty==0.0.14; python_version >= '3.12'"
 ]
 unit = [
-    "coverage[toml]==7.13.1; python_version >= '3.10'",
-    "pytest==9.0.2; python_version >= '3.10'"
+    "coverage[toml]==7.13.2; python_version >= '3.12'",
+    "pytest==9.0.2; python_version >= '3.12'"
 ]
 
 # Testing tools configuration
@@ -102,12 +103,8 @@ max-complexity = 10
 [tool.ruff.lint.pydocstyle]
 convention = "google"
 
-[tool.pyright]
-include = ["single_kernel_postgresql"]
-pythonVersion = "3.8"
-pythonPlatform = "All"
-typeCheckingMode = "basic"
-reportIncompatibleMethodOverride = false
-reportImportCycles = false
-reportMissingModuleSource = true
-stubPath = ""
+[tool.ty.environment]
+python = ".tox/lint/"
+
+[tool.ty.src]
+exclude = ["tests"]

postgresql_charms_single_kernel-16.1.7/single_kernel_postgresql/events/tls_transfer.py

@@ -0,0 +1,89 @@
+# Copyright 2022 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+"""TLS Transfer Handler."""
+
+import logging
+from collections.abc import Iterator
+
+# Charmlib import. Should be made available in the charm itself
+from charms.certificate_transfer_interface.v0.certificate_transfer import (  # type: ignore
+    CertificateAvailableEvent,
+    CertificateRemovedEvent,
+    CertificateTransferRequires,
+)
+from ops.framework import Object
+from ops.pebble import ConnectionError as PebbleConnectionError
+from ops.pebble import PathError, ProtocolError
+from tenacity import RetryError
+
+logger = logging.getLogger(__name__)
+SCOPE = "unit"
+TLS_TRANSFER_RELATION = "receive-ca-cert"
+
+
+class TLSTransfer(Object):
+    """In this class we manage certificate transfer relation."""
+
+    def __init__(self, charm, peer_relation: str):
+        super().__init__(charm, "client-relations")
+        self.charm = charm
+        self.peer_relation = peer_relation
+        self.certs_transfer = CertificateTransferRequires(self.charm, TLS_TRANSFER_RELATION)
+        self.framework.observe(
+            self.certs_transfer.on.certificate_available, self._on_certificate_available
+        )
+        self.framework.observe(
+            self.certs_transfer.on.certificate_removed, self._on_certificate_removed
+        )
+
+    def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
+        """Enable TLS when TLS certificate is added."""
+        relation = self.charm.model.get_relation(TLS_TRANSFER_RELATION, event.relation_id)
+        if relation is None:
+            logger.error("Relationship not established anymore.")
+            return
+
+        secret_name = f"ca-{relation.app.name}"
+        self.charm.set_secret(SCOPE, secret_name, event.ca)
+
+        try:
+            if not self.charm.push_ca_file_into_workload(secret_name):
+                logger.debug("Cannot push TLS certificates at this moment")
+                event.defer()
+                return
+        except (PebbleConnectionError, PathError, ProtocolError, RetryError) as e:
+            logger.error("Cannot push TLS certificates: %r", e)
+            event.defer()
+            return
+
+    def _on_certificate_removed(self, event: CertificateRemovedEvent) -> None:
+        """Disable TLS when TLS certificate is removed."""
+        relation = self.charm.model.get_relation(TLS_TRANSFER_RELATION, event.relation_id)
+        if relation is None:
+            logger.error("Relationship not established anymore.")
+            return
+
+        secret_name = f"ca-{relation.app.name}"
+        self.charm.set_secret(SCOPE, secret_name, None)
+
+        try:
+            if not self.charm.clean_ca_file_from_workload(secret_name):
+                logger.debug("Cannot clean CA certificates at this moment")
+                event.defer()
+                return
+        except (PebbleConnectionError, PathError, ProtocolError, RetryError) as e:
+            logger.error("Cannot clean CA certificates: %r", e)
+            event.defer()
+            return
+
+    def get_ca_secret_names(self) -> Iterator[str]:
+        """Get a secret-name for each relation fulfilling the CA transfer interface.
+
+        Returns:
+            Secret name for a CA transfer fulfilled interface.
+        """
+        relations = self.charm.model.relations.get(TLS_TRANSFER_RELATION, [])
+
+        for relation in relations:
+            yield f"ca-{relation.app.name}"

postgresql_charms_single_kernel-16.1.7/single_kernel_postgresql/utils/__init__.py

@@ -0,0 +1,3 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+"""Utils and helpers for PostgreSQL charms."""

{postgresql_charms_single_kernel-16.1.6 → postgresql_charms_single_kernel-16.1.7}/single_kernel_postgresql/utils/postgresql.py

@@ -27,6 +27,8 @@ from datetime import datetime, timezone
 from typing import Dict, List, Optional, Set, Tuple
 
 import psycopg2
+import psycopg2.errors
+import psycopg2.extensions
 from ops import ConfigData
 from psycopg2.sql import SQL, Identifier, Literal
 
@@ -430,11 +432,10 @@ class PostgreSQL:
                         cursor.execute(connect_statement)
 
                 # Add extra user roles to the new user.
-                if roles:
-                    for role in roles:
-                        cursor.execute(
-                            SQL("GRANT {} TO {};").format(Identifier(role), Identifier(user))
-                        )
+                for role in roles:
+                    cursor.execute(
+                        SQL("GRANT {} TO {};").format(Identifier(role), Identifier(user))
+                    )
         except psycopg2.Error as e:
             logger.error(f"Failed to create user: {e}")
             raise PostgreSQLCreateUserError() from e
@@ -498,9 +499,10 @@ class PostgreSQL:
 
     def _process_extra_user_roles(
         self, user: str, extra_user_roles: Optional[List[str]] = None
-    ) -> Tuple[Optional[List[str]], Optional[Set[str]]]:
+    ) -> Tuple[List[str], Set[str]]:
         # Separate roles and privileges from the provided extra user roles.
-        roles = privileges = None
+        roles = []
+        privileges = set()
         if extra_user_roles:
             if len(extra_user_roles) > 2 and sorted(extra_user_roles) != [
                 ROLE_ADMIN,
@@ -825,9 +827,9 @@ class PostgreSQL:
                             else f"DROP EXTENSION IF EXISTS {extension};"
                         )
             self._configure_pgaudit(ordered_extensions.get("pgaudit", False))
-        except psycopg2.errors.UniqueViolation:
+        except psycopg2.errors.UniqueViolation:  # type: ignore
             pass
-        except psycopg2.errors.DependentObjectsStillExist:
+        except psycopg2.errors.DependentObjectsStillExist:  # type: ignore
             raise
         except psycopg2.Error as e:
             raise PostgreSQLEnableDisableExtensionError() from e
@@ -841,7 +843,7 @@ class PostgreSQL:
             with self._connect_to_database() as connection, connection.cursor() as cursor:
                 # Should always be present
                 cursor.execute("SELECT last_archived_wal FROM pg_stat_archiver;")
-                return cursor.fetchone()[0]  # type: ignore
+                return cursor.fetchone()[0]
         except psycopg2.Error as e:
             logger.error(f"Failed to get PostgreSQL last archived WAL: {e}")
             raise PostgreSQLGetLastArchivedWALError() from e
@@ -852,7 +854,7 @@ class PostgreSQL:
             with self._connect_to_database() as connection, connection.cursor() as cursor:
                 cursor.execute("SELECT timeline_id FROM pg_control_checkpoint();")
                 # There should always be a timeline
-                return cursor.fetchone()[0]  # type: ignore
+                return cursor.fetchone()[0]
         except psycopg2.Error as e:
             logger.error(f"Failed to get PostgreSQL current timeline id: {e}")
             raise PostgreSQLGetCurrentTimelineError() from e
@@ -909,7 +911,7 @@ class PostgreSQL:
             ) as connection, connection.cursor() as cursor:
                 cursor.execute("SELECT version();")
                 # Split to get only the version number. There should always be a version.
-                return cursor.fetchone()[0].split(" ")[1]  # type:ignore
+                return cursor.fetchone()[0].split(" ")[1]
         except psycopg2.Error as e:
             logger.error(f"Failed to get PostgreSQL version: {e}")
             raise PostgreSQLGetPostgreSQLVersionError() from e
@@ -930,7 +932,7 @@ class PostgreSQL:
             ) as connection, connection.cursor() as cursor:
                 cursor.execute("SHOW ssl;")
                 # SSL state should always be set
-                return "on" in cursor.fetchone()[0]  # type: ignore
+                return "on" in cursor.fetchone()[0]
         except psycopg2.Error:
             # Connection errors happen when PostgreSQL has not started yet.
             return False