chore: update charm libraries

canonical · May 1, 2024 · a6c5caf · a6c5caf
1 parent 7838752
commit a6c5caf
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 25 deletions.
diff --git a/lib/charms/observability_libs/v1/cert_handler.py b/lib/charms/observability_libs/v1/cert_handler.py
@@ -65,7 +65,7 @@
 
 LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a"
 LIBAPI = 1
-LIBPATCH = 5
+LIBPATCH = 6
 
 
 def is_ip_address(value: str) -> bool:
@@ -92,6 +92,10 @@ class CertHandler(Object):
 
     on = CertHandlerEvents()  # pyright: ignore
 
+    _ca_cert_chain_secret_label = "ca-certificate-chain"
+    _csr_secret_id = "csr-secret-id"
+    _privkey_secret_id = "private-key-secret-id"
+
     def __init__(
         self,
         charm: CharmBase,
@@ -199,7 +203,7 @@ def _generate_privkey(self):
             private_key = generate_private_key()
             secret = self.charm.unit.add_secret({"private-key": private_key.decode()})
             secret.grant(relation)
-            relation.data[self.charm.unit]["private-key-secret-id"] = secret.id  # pyright: ignore
+            relation.data[self.charm.unit][self._privkey_secret_id] = secret.id  # pyright: ignore
 
     def _on_config_changed(self, _):
         relation = self.charm.model.get_relation(self.certificates_relation_name)
@@ -265,7 +269,7 @@ def _generate_csr(
 
         if clear_cert:
             try:
-                secret = self.model.get_secret(label="ca-certificate-chain")
+                secret = self.model.get_secret(label=self._ca_cert_chain_secret_label)
                 secret.remove_all_revisions()
             except SecretNotFoundError:
                 logger.debug("Secret with label: 'ca-certificate-chain' not found")
@@ -287,19 +291,22 @@ def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
                 "chain": event.chain_as_pem(),
                 "csr": event_csr,
             }
+            if not (relation := self.charm.model.get_relation(self.certificates_relation_name)):
+                logger.error("Relation %s not found", self.certificates_relation_name)
+                return
+
+            # if we have a secret from a previous certificates relation already, keep it and reuse it.
             try:
-                secret = self.model.get_secret(label="ca-certificate-chain")
+                secret = self.model.get_secret(label=self._ca_cert_chain_secret_label)
+                secret.set_content(content)
             except SecretNotFoundError:
-                if not (
-                    relation := self.charm.model.get_relation(self.certificates_relation_name)
-                ):
-                    logger.error("Relation %s not found", self.certificates_relation_name)
-                    return
+                secret = self.charm.unit.add_secret(
+                    content, label=self._ca_cert_chain_secret_label
+                )
 
-                secret = self.charm.unit.add_secret(content, label="ca-certificate-chain")
-                secret.grant(relation)
-                relation.data[self.charm.unit]["secret-id"] = secret.id  # pyright: ignore
-                self.on.cert_changed.emit()  # pyright: ignore
+            secret.grant(relation)
+            relation.data[self.charm.unit]["secret-id"] = secret.id  # pyright: ignore
+            self.on.cert_changed.emit()  # pyright: ignore
 
     def _retrieve_secret_id(self, secret_id_name: str) -> Optional[str]:
         if not (relation := self.charm.model.get_relation(self.certificates_relation_name)):
@@ -323,26 +330,26 @@ def _retrieve_from_secret(self, value: str, secret_id_name: str) -> Optional[str
     @property
     def private_key(self) -> Optional[str]:
         """Private key."""
-        return self._retrieve_from_secret("private-key", "private-key-secret-id")
+        return self._retrieve_from_secret("private-key", self._privkey_secret_id)
 
     @property
     def private_key_secret_id(self) -> Optional[str]:
         """ID of the Juju Secret for the Private key."""
-        return self._retrieve_secret_id("private-key-secret-id")
+        return self._retrieve_secret_id(self._privkey_secret_id)
 
     @property
     def _csr(self) -> Optional[str]:
-        return self._retrieve_from_secret("csr", "csr-secret-id")
+        return self._retrieve_from_secret("csr", self._csr_secret_id)
 
     @_csr.setter
     def _csr(self, value: str):
         if not (relation := self.charm.model.get_relation(self.certificates_relation_name)):
             return
 
-        if not (secret_id := relation.data[self.charm.unit].get("csr-secret-id", None)):
+        if not (secret_id := relation.data[self.charm.unit].get(self._csr_secret_id, None)):
             secret = self.charm.unit.add_secret({"csr": value})
             secret.grant(relation)
-            relation.data[self.charm.unit]["csr-secret-id"] = secret.id  # pyright: ignore
+            relation.data[self.charm.unit][self._csr_secret_id] = secret.id  # pyright: ignore
             return
 
         secret = self.model.get_secret(id=secret_id)
@@ -403,12 +410,12 @@ def _on_all_certificates_invalidated(self, _: AllCertificatesInvalidatedEvent) -
         self.on.cert_changed.emit()  # pyright: ignore
 
     def _on_certificates_relation_broken(self, _: RelationBrokenEvent) -> None:
-        """Clear the certificates data when removing the relation."""
+        """Clear all secrets data when removing the relation."""
         try:
-            secret = self.model.get_secret(label="csr-secret-id")
+            secret = self.model.get_secret(label=self._ca_cert_chain_secret_label)
             secret.remove_all_revisions()
         except SecretNotFoundError:
-            logger.debug("Secret 'csr-scret-id' not found")
+            logger.debug(f"Secret {self._ca_cert_chain_secret_label!r}' not found")
         self.on.cert_changed.emit()  # pyright: ignore
 
     def _check_juju_supports_secrets(self) -> None:

diff --git a/lib/charms/prometheus_k8s/v0/prometheus_scrape.py b/lib/charms/prometheus_k8s/v0/prometheus_scrape.py
@@ -178,7 +178,7 @@ def __init__(self, *args):
 - `scrape_timeout`
 - `proxy_url`
 - `relabel_configs`
-- `metrics_relabel_configs`
+- `metric_relabel_configs`
 - `sample_limit`
 - `label_limit`
 - `label_name_length_limit`
@@ -362,7 +362,7 @@ def _on_scrape_targets_changed(self, event):
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version
-LIBPATCH = 46
+LIBPATCH = 47
 
 PYDEPS = ["cosl"]
 
@@ -377,7 +377,7 @@ def _on_scrape_targets_changed(self, event):
     "scrape_timeout",
     "proxy_url",
     "relabel_configs",
-    "metrics_relabel_configs",
+    "metric_relabel_configs",
     "sample_limit",
     "label_limit",
     "label_name_length_limit",

diff --git a/lib/charms/tls_certificates_interface/v3/tls_certificates.py b/lib/charms/tls_certificates_interface/v3/tls_certificates.py
@@ -316,7 +316,7 @@ def _on_all_certificates_invalidated(self, event: AllCertificatesInvalidatedEven
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version
-LIBPATCH = 10
+LIBPATCH = 12
 
 PYDEPS = ["cryptography", "jsonschema"]
 
@@ -965,6 +965,8 @@ def generate_csr(  # noqa: C901
     organization: Optional[str] = None,
     email_address: Optional[str] = None,
     country_name: Optional[str] = None,
+    state_or_province_name: Optional[str] = None,
+    locality_name: Optional[str] = None,
     private_key_password: Optional[bytes] = None,
     sans: Optional[List[str]] = None,
     sans_oid: Optional[List[str]] = None,
@@ -983,6 +985,8 @@ def generate_csr(  # noqa: C901
         organization (str): Name of organization.
         email_address (str): Email address.
         country_name (str): Country Name.
+        state_or_province_name (str): State or Province Name.
+        locality_name (str): Locality Name.
         private_key_password (bytes): Private key password
         sans (list): Use sans_dns - this will be deprecated in a future release
             List of DNS subject alternative names (keeping it for now for backward compatibility)
@@ -1008,6 +1012,12 @@ def generate_csr(  # noqa: C901
         subject_name.append(x509.NameAttribute(x509.NameOID.EMAIL_ADDRESS, email_address))
     if country_name:
         subject_name.append(x509.NameAttribute(x509.NameOID.COUNTRY_NAME, country_name))
+    if state_or_province_name:
+        subject_name.append(
+            x509.NameAttribute(x509.NameOID.STATE_OR_PROVINCE_NAME, state_or_province_name)
+        )
+    if locality_name:
+        subject_name.append(x509.NameAttribute(x509.NameOID.LOCALITY_NAME, locality_name))
     csr = x509.CertificateSigningRequestBuilder(subject_name=x509.Name(subject_name))
 
     _sans: List[x509.GeneralName] = []
@@ -1793,6 +1803,7 @@ def _on_relation_changed(self, event: RelationChangedEvent) -> None:
                             expire=self._get_next_secret_expiry_time(certificate.certificate),
                         )
                     except SecretNotFoundError:
+                        logger.debug("Adding secret with label %s", f"{LIBID}-{certificate.csr}")
                         secret = self.charm.unit.add_secret(
                             {"certificate": certificate.certificate},
                             label=f"{LIBID}-{certificate.csr}",