From 91c9b882521a20ae91c79f0a9041b64becfb2651 Mon Sep 17 00:00:00 2001 From: Noctua Date: Thu, 19 Dec 2024 12:08:35 +0000 Subject: [PATCH] chore: update charm libraries --- .../v0/certificate_transfer.py | 11 ++++++++++- .../observability_libs/v1/cert_handler.py | 17 ++++++++++++----- lib/charms/tempo_coordinator_k8s/v0/tracing.py | 10 ++++++---- .../v3/tls_certificates.py | 4 ++-- 4 files changed, 30 insertions(+), 12 deletions(-) diff --git a/lib/charms/certificate_transfer_interface/v0/certificate_transfer.py b/lib/charms/certificate_transfer_interface/v0/certificate_transfer.py index caa6e228..72cc9a26 100644 --- a/lib/charms/certificate_transfer_interface/v0/certificate_transfer.py +++ b/lib/charms/certificate_transfer_interface/v0/certificate_transfer.py @@ -101,6 +101,7 @@ def _on_certificate_removed(self, event: CertificateRemovedEvent): from typing import List, Mapping from jsonschema import exceptions, validate # type: ignore[import-untyped] +from ops import Relation from ops.charm import CharmBase, CharmEvents, RelationBrokenEvent, RelationChangedEvent from ops.framework import EventBase, EventSource, Handle, Object @@ -112,7 +113,7 @@ def _on_certificate_removed(self, event: CertificateRemovedEvent): # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 8 +LIBPATCH = 9 PYDEPS = ["jsonschema"] @@ -391,3 +392,11 @@ def _on_relation_broken(self, event: RelationBrokenEvent) -> None: None """ self.on.certificate_removed.emit(relation_id=event.relation.id) + + def is_ready(self, relation: Relation) -> bool: + """Check if the relation is ready by checking that it has valid relation data.""" + relation_data = _load_relation_data(relation.data[relation.app]) + if not self._relation_data_is_valid(relation_data): + logger.warning("Provider relation data did not pass JSON Schema validation: ") + return False + return True diff --git a/lib/charms/observability_libs/v1/cert_handler.py b/lib/charms/observability_libs/v1/cert_handler.py index 26be8793..7fcc3258 100644 --- a/lib/charms/observability_libs/v1/cert_handler.py +++ b/lib/charms/observability_libs/v1/cert_handler.py @@ -68,7 +68,7 @@ LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a" LIBAPI = 1 -LIBPATCH = 14 +LIBPATCH = 15 VAULT_SECRET_LABEL = "cert-handler-private-vault" @@ -127,7 +127,7 @@ class _RelationVaultBackend(_VaultBackend): _NEST_UNDER = "lib.charms.observability_libs.v1.cert_handler::vault" # This key needs to be relation-unique. If someone ever creates multiple Vault(_RelationVaultBackend) # instances backed by the same (peer) relation, they'll need to set different _NEST_UNDERs - # for each _RelationVaultBackend instance or they'll be fighting over it. + # for each _RelationVaultBackend instance, or they'll be fighting over it. def __init__(self, charm: CharmBase, relation_name: str): self.charm = charm @@ -344,6 +344,13 @@ def __init__( self.charm.on[self.certificates_relation_name].relation_joined, # pyright: ignore self._on_certificates_relation_joined, ) + # The following observer is a workaround. The tls-certificates lib sometimes fails to emit the custom + # "certificate_available" event on relation changed. Not sure why this was happening. We certainly have some + # tech debt here to address, but this workaround proved to work. + self.framework.observe( + self.charm.on[self.certificates_relation_name].relation_changed, # pyright: ignore + self._on_certificate_available, + ) self.framework.observe( self.certificates.on.certificate_available, # pyright: ignore self._on_certificate_available, @@ -366,7 +373,7 @@ def __init__( ) if refresh_events: - logger.warn( + logger.warning( "DEPRECATION WARNING. `refresh_events` is now deprecated. CertHandler will automatically refresh the CSR when necessary." ) @@ -429,7 +436,7 @@ def enabled(self) -> bool: See also the `available` property. """ # We need to check for units as a temporary workaround because of https://bugs.launchpad.net/juju/+bug/2024583 - # This could in theory not work correctly on scale down to 0 but it is necessary for the moment. + # This could in theory not work correctly on scale down to 0, but it is necessary for the moment. if not self.relation: return False @@ -636,7 +643,7 @@ def _on_all_certificates_invalidated(self, _: AllCertificatesInvalidatedEvent) - # Note: assuming "limit: 1" in metadata # The "certificates_relation_broken" event is converted to "all invalidated" custom # event by the tls-certificates library. Per convention, we let the lib manage the - # relation and we do not observe "certificates_relation_broken" directly. + # relation, and we do not observe "certificates_relation_broken" directly. self.vault.clear() # We do not generate a CSR here because the relation is gone. self.on.cert_changed.emit() # pyright: ignore diff --git a/lib/charms/tempo_coordinator_k8s/v0/tracing.py b/lib/charms/tempo_coordinator_k8s/v0/tracing.py index 2035dffd..734a4ca0 100644 --- a/lib/charms/tempo_coordinator_k8s/v0/tracing.py +++ b/lib/charms/tempo_coordinator_k8s/v0/tracing.py @@ -110,7 +110,7 @@ def __init__(self, *args): # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 3 +LIBPATCH = 4 PYDEPS = ["pydantic"] @@ -891,13 +891,15 @@ def _get_endpoint( filter(lambda i: i.protocol.name == protocol, app_data.receivers) ) if not receivers: - logger.error(f"no receiver found with protocol={protocol!r}") + # it can happen if the charm requests tracing protocols, but the relay (such as grafana-agent) isn't yet + # connected to the tracing backend. In this case, it's not an error the charm author can do anything about + logger.warning(f"no receiver found with protocol={protocol!r}.") return if len(receivers) > 1: - logger.error( + # if we have more than 1 receiver that matches, it shouldn't matter which receiver we'll be using. + logger.warning( f"too many receivers with protocol={protocol!r}; using first one. Found: {receivers}" ) - return receiver = receivers[0] return receiver.url diff --git a/lib/charms/tls_certificates_interface/v3/tls_certificates.py b/lib/charms/tls_certificates_interface/v3/tls_certificates.py index 141412b0..8cab7133 100644 --- a/lib/charms/tls_certificates_interface/v3/tls_certificates.py +++ b/lib/charms/tls_certificates_interface/v3/tls_certificates.py @@ -318,7 +318,7 @@ def _on_all_certificates_invalidated(self, event: AllCertificatesInvalidatedEven # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 23 +LIBPATCH = 24 PYDEPS = ["cryptography", "jsonschema"] @@ -526,7 +526,7 @@ def chain_as_pem(self) -> str: class CertificateExpiringEvent(EventBase): """Charm Event triggered when a TLS certificate is almost expired.""" - def __init__(self, handle, certificate: str, expiry: str): + def __init__(self, handle: Handle, certificate: str, expiry: str): """CertificateExpiringEvent. Args: