From 38ccc280343291df8f362e648c87847c99743f6a Mon Sep 17 00:00:00 2001 From: Dragomir Penev Date: Mon, 11 Nov 2024 17:02:42 +0200 Subject: [PATCH 1/2] Merge update_tls_flag into update_endpoints --- src/charm.py | 6 ++---- src/relations/postgresql_provider.py | 30 +++++++------------------- tests/unit/test_postgresql_provider.py | 9 +++++--- 3 files changed, 16 insertions(+), 29 deletions(-) diff --git a/src/charm.py b/src/charm.py index 16390b2385..f975d1aa03 100755 --- a/src/charm.py +++ b/src/charm.py @@ -1709,9 +1709,7 @@ def update_config(self, is_creating_backup: bool = False) -> bool: # in a bundle together with the TLS certificates operator. This flag is used to # know when to call the Patroni API using HTTP or HTTPS. self.unit_peer_data.update({"tls": "enabled" if enable_tls else ""}) - self.postgresql_client_relation.update_tls_flag( - "True" if self.is_tls_enabled else "False" - ) + self.postgresql_client_relation.update_endpoints() logger.debug("Early exit update_config: Workload not started yet") return True @@ -1787,7 +1785,7 @@ def _handle_postgresql_restart_need(self, enable_tls: bool) -> None: # Ignore the error, as it happens only to indicate that the configuration has not changed. pass self.unit_peer_data.update({"tls": "enabled" if enable_tls else ""}) - self.postgresql_client_relation.update_tls_flag("True" if self.is_tls_enabled else "False") + self.postgresql_client_relation.update_endpoints() # Restart PostgreSQL if TLS configuration has changed # (so the both old and new connections use the configuration). diff --git a/src/relations/postgresql_provider.py b/src/relations/postgresql_provider.py index 3b10f801c8..6b462124ba 100644 --- a/src/relations/postgresql_provider.py +++ b/src/relations/postgresql_provider.py @@ -108,17 +108,6 @@ def _on_database_requested(self, event: DatabaseRequestedEvent) -> None: # Set the database name self.database_provides.set_database(event.relation.id, database) - # Set TLS flag - self.database_provides.set_tls( - event.relation.id, - "True" if self.charm.is_tls_enabled else "False", - ) - - # Set TLS CA - if self.charm.is_tls_enabled: - _, ca, _ = self.charm.tls.get_tls_files() - self.database_provides.set_tls_ca(event.relation.id, ca) - # Update the read/write and read-only endpoints. self.update_endpoints(event) @@ -201,6 +190,12 @@ def update_endpoints(self, event: DatabaseRequestedEvent = None) -> None: else "" ) + tls = "True" if self.charm.is_tls_enabled else "False" + if tls == "True": + _, ca, _ = self.charm.tls.get_tls_files() + else: + ca = "" + for relation_id in rel_data: user = f"relation-{relation_id}" database = rel_data[relation_id].get("database") @@ -226,17 +221,8 @@ def update_endpoints(self, event: DatabaseRequestedEvent = None) -> None: f"postgresql://{user}:{password}@{self.charm.primary_endpoint}:{DATABASE_PORT}/{database}", ) - def update_tls_flag(self, tls: str) -> None: - """Update TLS flag and CA in relation databag.""" - relations = self.model.relations[self.relation_name] - if tls == "True": - _, ca, _ = self.charm.tls.get_tls_files() - else: - ca = "" - - for relation in relations: - self.database_provides.set_tls(relation.id, tls) - self.database_provides.set_tls_ca(relation.id, ca) + self.database_provides.set_tls(relation_id, tls) + self.database_provides.set_tls_ca(relation_id, ca) def _check_multiple_endpoints(self) -> bool: """Checks if there are relations with other endpoints.""" diff --git a/tests/unit/test_postgresql_provider.py b/tests/unit/test_postgresql_provider.py index 0a77509742..ab8cf5d00c 100644 --- a/tests/unit/test_postgresql_provider.py +++ b/tests/unit/test_postgresql_provider.py @@ -142,7 +142,6 @@ def test_on_database_requested(harness): "password": "test-password", "version": POSTGRESQL_VERSION, "database": f"{DATABASE}", - "tls": "False", } # Assert no BlockedStatus was set. @@ -154,7 +153,6 @@ def test_on_database_requested(harness): # No data is set in the databag by the database. assert harness.get_relation_data(rel_id, harness.charm.app.name) == { "data": f'{{"database": "{DATABASE}", "extra-user-roles": "{EXTRA_USER_ROLES}"}}', - "tls": "False", } # BlockedStatus due to a PostgreSQLCreateDatabaseError. @@ -163,7 +161,6 @@ def test_on_database_requested(harness): # No data is set in the databag by the database. assert harness.get_relation_data(rel_id, harness.charm.app.name) == { "data": f'{{"database": "{DATABASE}", "extra-user-roles": "{EXTRA_USER_ROLES}"}}', - "tls": "False", } # BlockedStatus due to a PostgreSQLGetPostgreSQLVersionError. @@ -256,6 +253,7 @@ def test_update_endpoints_with_event(harness): "endpoints": "1.1.1.1:5432", "read-only-endpoints": "2.2.2.2:5432", "uris": "postgresql://relation-2:test_password@1.1.1.1:5432/test_db", + "tls": "False", } assert harness.get_relation_data(another_rel_id, harness.charm.app.name) == {} _fetch_my_relation_data.assert_called_once_with([2], ["password"]) @@ -265,6 +263,7 @@ def test_update_endpoints_with_event(harness): assert harness.get_relation_data(rel_id, harness.charm.app.name) == { "endpoints": "1.1.1.1:5432", "uris": "postgresql://relation-2:test_password@1.1.1.1:5432/test_db", + "tls": "False", } assert harness.get_relation_data(another_rel_id, harness.charm.app.name) == {} @@ -331,11 +330,13 @@ def test_update_endpoints_without_event(harness): "endpoints": "1.1.1.1:5432", "read-only-endpoints": "2.2.2.2:5432", "uris": "postgresql://relation-2:test_password@1.1.1.1:5432/test_db", + "tls": "False", } assert harness.get_relation_data(another_rel_id, harness.charm.app.name) == { "endpoints": "1.1.1.1:5432", "read-only-endpoints": "2.2.2.2:5432", "uris": "postgresql://relation-3:test_password@1.1.1.1:5432/test_db2", + "tls": "False", } _fetch_my_relation_data.assert_called_once_with(None, ["password"]) @@ -344,8 +345,10 @@ def test_update_endpoints_without_event(harness): assert harness.get_relation_data(rel_id, harness.charm.app.name) == { "endpoints": "1.1.1.1:5432", "uris": "postgresql://relation-2:test_password@1.1.1.1:5432/test_db", + "tls": "False", } assert harness.get_relation_data(another_rel_id, harness.charm.app.name) == { "endpoints": "1.1.1.1:5432", "uris": "postgresql://relation-3:test_password@1.1.1.1:5432/test_db2", + "tls": "False", } From 0eeb3b5155226bc79c564126cb5b0e7307d78bc4 Mon Sep 17 00:00:00 2001 From: Dragomir Penev Date: Mon, 11 Nov 2024 22:41:53 +0200 Subject: [PATCH 2/2] No peer data --- src/charm.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/charm.py b/src/charm.py index f975d1aa03..37fbfb1552 100755 --- a/src/charm.py +++ b/src/charm.py @@ -822,6 +822,8 @@ def _units_ips(self) -> set[str]: @property def members_ips(self) -> set[str]: """Returns the list of IPs addresses of the current members of the cluster.""" + if not self._peers: + return set() return set(json.loads(self._peers.data[self.app].get("members_ips", "[]"))) def _add_to_members_ips(self, ip: str) -> None: