feat(DPE-6723): LDAP Support (#401)

* feat: first integration testing of ldap on charm side

* fix: integration testing fails to download self-signed-certificates

* fix: bump lib + tiny test

* fix: rel name + relock

* fix: upgrade errors

* fix: resources path

* fix: also for sharded upgrades

* fix: upgrade tests?

* feat: Use released library

Author: Gu1nness

metadata.yaml

@@ -23,6 +23,9 @@ peers:
     interface: mongodb-peers
   upgrade-version-a:
     interface: upgrade
+  ldap-peers:
+    # Stores the data for the ldap relation.
+    interface: ldap-peers
 
 provides:
   database:
@@ -52,6 +55,14 @@ requires:
     interface: shards
     # shards can only relate to one config-server
     limit: 1
+  ldap:
+    interface: ldap
+    limit: 1
+    optional: true
+  ldap-certificate-transfer:
+    interface: certificate_transfer
+    limit: 1
+    optional: true
 
 containers:
   mongod:
@@ -64,7 +75,7 @@ resources:
     type: oci-image
     description: OCI image for mongodb
     # TODO: Update sha whenever upstream rock changes
-    upstream-source: ghcr.io/canonical/charmed-mongodb@sha256:c24916ddf111da240dd3d5508ba8d42f611e9167bb9be67a3acc392a25883047
+    upstream-source: ghcr.io/canonical/charmed-mongodb@sha256:7ddb80a3b5ddffa95704a8980fc11037ba1a23273a9805214bc42be9f507107f
 storage:
   mongodb:
     type: filesystem

poetry.lock

@@ -8,8 +8,7 @@ requires-poetry = ">=2.0.0"
 
 [tool.poetry.dependencies]
 python = "^3.10.12"
-mongo-charms-single-kernel = "~0.0.4"
-dacite = "==1.8.0"
+mongo-charms-single-kernel = "==0.0.6"
 ops = "~2.15.0"
 pymongo = "^4.7.3"
 tenacity = "^8.2.3"
@@ -57,14 +56,12 @@ coverage = {extras = ["toml"], version = "^7.5.0"}
 pytest = "^8.1.1"
 pytest-mock = "*"
 parameterized = "^0.9.0"
-mongo-charms-single-kernel = "~0.0.4"
-dacite = "==1.8.0"
+mongo-charms-single-kernel = "==0.0.6"
 
 [tool.poetry.group.integration.dependencies]
 allure-pytest = "^2.13.5"
 ops = "~2.15.0"
-mongo-charms-single-kernel = "~0.0.4"
-dacite = "==1.8.0"
+mongo-charms-single-kernel = "==0.0.6"
 tenacity = "^8.2.3"
 pymongo = "^4.7.3"
 parameterized = "^0.9.0"

pyproject.toml

@@ -43,7 +43,9 @@ async def get_related_username_password(
 
 
 async def deploy_cluster_components(
-    ops_test: OpsTest, num_units_cluster_config: dict | None = None, channel: str | None = None
+    ops_test: OpsTest,
+    num_units_cluster_config: dict | None = None,
+    channel: str | None = None,
 ) -> None:
     if not num_units_cluster_config:
         num_units_cluster_config = {
@@ -62,44 +64,105 @@ async def deploy_cluster_components(
         if channel
         else {"mongodb-image": METADATA["resources"]["mongodb-image"]["upstream-source"]}
     )
-    await ops_test.model.deploy(
-        my_charm,
-        resources=resources,
-        num_units=num_units_cluster_config[CONFIG_SERVER_APP_NAME],
-        config={"role": "config-server"},
-        application_name=CONFIG_SERVER_APP_NAME,
-        channel=channel,
-        series="jammy",
-        trust=True,
-    )
-    await ops_test.model.deploy(
-        my_charm,
-        resources=resources,
-        num_units=num_units_cluster_config[SHARD_ONE_APP_NAME],
-        config={"role": "shard"},
-        application_name=SHARD_ONE_APP_NAME,
-        channel=channel,
-        series="jammy",
-        trust=True,
-    )
-    await ops_test.model.deploy(
-        my_charm,
-        resources=resources,
-        num_units=num_units_cluster_config[SHARD_TWO_APP_NAME],
-        config={"role": "shard"},
-        application_name=SHARD_TWO_APP_NAME,
-        channel=channel,
-        series="jammy",
-        trust=True,
-    )
-
-    await ops_test.model.wait_for_idle(
-        apps=CLUSTER_COMPONENTS,
-        idle_period=20,
-        timeout=TIMEOUT,
-        raise_on_blocked=False,
-        raise_on_error=False,
-    )
+    if channel is None:
+        await ops_test.model.deploy(
+            my_charm,
+            resources=resources,
+            num_units=num_units_cluster_config[CONFIG_SERVER_APP_NAME],
+            config={"role": "config-server"},
+            application_name=CONFIG_SERVER_APP_NAME,
+            channel=channel,
+            series="jammy",
+            trust=True,
+        )
+        await ops_test.model.deploy(
+            my_charm,
+            resources=resources,
+            num_units=num_units_cluster_config[SHARD_ONE_APP_NAME],
+            config={"role": "shard"},
+            application_name=SHARD_ONE_APP_NAME,
+            channel=channel,
+            series="jammy",
+            trust=True,
+        )
+        await ops_test.model.deploy(
+            my_charm,
+            resources=resources,
+            num_units=num_units_cluster_config[SHARD_TWO_APP_NAME],
+            config={"role": "shard"},
+            application_name=SHARD_TWO_APP_NAME,
+            channel=channel,
+            series="jammy",
+            trust=True,
+        )
+
+        await ops_test.model.wait_for_idle(
+            apps=CLUSTER_COMPONENTS,
+            idle_period=20,
+            timeout=TIMEOUT,
+            raise_on_blocked=False,
+            raise_on_error=False,
+        )
+    # FIXME: (revert this) Deploy 1 and scale up due to silly bug fixed but unreleased
+    else:
+        await ops_test.model.deploy(
+            my_charm,
+            resources=resources,
+            num_units=1,
+            config={"role": "config-server"},
+            application_name=CONFIG_SERVER_APP_NAME,
+            channel=channel,
+            series="jammy",
+            trust=True,
+        )
+        await ops_test.model.deploy(
+            my_charm,
+            resources=resources,
+            num_units=1,
+            config={"role": "shard"},
+            application_name=SHARD_ONE_APP_NAME,
+            channel=channel,
+            series="jammy",
+            trust=True,
+        )
+        await ops_test.model.deploy(
+            my_charm,
+            resources=resources,
+            num_units=1,
+            config={"role": "shard"},
+            application_name=SHARD_TWO_APP_NAME,
+            channel=channel,
+            series="jammy",
+            trust=True,
+        )
+        # Wait a bit before scaling up
+        await ops_test.model.wait_for_idle(
+            apps=CLUSTER_COMPONENTS,
+            idle_period=20,
+            timeout=TIMEOUT,
+            raise_on_blocked=False,
+            raise_on_error=False,
+        )
+        if num_units_cluster_config[CONFIG_SERVER_APP_NAME] != 1:
+            await ops_test.model.applications[CONFIG_SERVER_APP_NAME].scale(
+                num_units_cluster_config[CONFIG_SERVER_APP_NAME]
+            )
+
+        if num_units_cluster_config[SHARD_ONE_APP_NAME] != 1:
+            await ops_test.model.applications[SHARD_ONE_APP_NAME].scale(
+                num_units_cluster_config[SHARD_ONE_APP_NAME]
+            )
+        if num_units_cluster_config[SHARD_TWO_APP_NAME] != 1:
+            await ops_test.model.applications[SHARD_TWO_APP_NAME].scale(
+                num_units_cluster_config[SHARD_TWO_APP_NAME]
+            )
+        await ops_test.model.wait_for_idle(
+            apps=CLUSTER_COMPONENTS,
+            idle_period=20,
+            timeout=TIMEOUT,
+            raise_on_blocked=False,
+            raise_on_error=False,
+        )
 
 
 async def integrate_cluster(ops_test: OpsTest) -> None:

tests/integration/sharding_tests/helpers.py

@@ -43,7 +43,7 @@ async def test_build_and_deploy(ops_test: OpsTest) -> None:
     await deploy_cluster_components(ops_test)
 
     # deploy the self-signed-certificates charm
-    await ops_test.model.deploy(CERTS_APP_NAME, channel="stable")
+    await ops_test.model.deploy(CERTS_APP_NAME, channel="latest/stable", base="[email protected]")
 
     await ops_test.model.wait_for_idle(
         apps=[
@@ -129,7 +129,10 @@ async def test_tls_then_build_cluster(ops_test: OpsTest) -> None:
 @pytest.mark.abort_on_fail
 async def test_tls_inconsistent_rels(ops_test: OpsTest) -> None:
     await ops_test.model.deploy(
-        CERTS_APP_NAME, application_name=DIFFERENT_CERTS_APP_NAME, channel="stable"
+        CERTS_APP_NAME,
+        application_name=DIFFERENT_CERTS_APP_NAME,
+        channel="latest/stable",
+        base="[email protected]",
     )
 
     # CASE 1: Config-server has TLS enabled - but shard does not

tests/integration/tls_tests/test_sharding_tls.py

@@ -63,9 +63,9 @@ async def test_build_and_deploy(ops_test: OpsTest) -> None:
             config = {"ca-common-name": "Test CA"}
             await ops_test.model.deploy(
                 TLS_CERTIFICATES_APP_NAME,
-                channel="stable",
+                channel="latest/stable",
                 config=config,
-                series="jammy",
+                base="[email protected]",
             )
             await ops_test.model.wait_for_idle(
                 apps=[TLS_CERTIFICATES_APP_NAME],
@@ -80,7 +80,9 @@ async def test_enable_tls(ops_test: OpsTest) -> None:
     # Relate it to the MongoDB to enable TLS.
     app_name = await get_app_name(ops_test)
     # check if relation exists
-    await ops_test.model.integrate(app_name, TLS_CERTIFICATES_APP_NAME)
+    await ops_test.model.integrate(
+        f"{app_name}:certificates", f"{TLS_CERTIFICATES_APP_NAME}:certificates"
+    )
 
     async with ops_test.fast_forward():
         await ops_test.model.wait_for_idle(status="active", timeout=1000)

tests/integration/tls_tests/test_tls.py

@@ -8,6 +8,7 @@
 from pytest_operator.plugin import OpsTest
 
 from ..backup_tests import helpers as backup_helpers
+from ..helpers import METADATA
 
 logger = logging.getLogger(__name__)
 
@@ -23,7 +24,11 @@ async def assert_successful_run_upgrade_sequence(
 
     logger.info(f"Upgrading {app_name}")
 
-    await ops_test.model.applications[app_name].refresh(path=new_charm)
+    resources = {"mongodb-image": METADATA["resources"]["mongodb-image"]["upstream-source"]}
+    await ops_test.model.applications[app_name].refresh(
+        path=new_charm,
+        resources=resources,  # We add resources in case the rock changed.
+    )
     # TODO future work, resolve flickering status of app
     await ops_test.model.wait_for_idle(apps=[app_name], timeout=1000, idle_period=90)
 

tests/integration/upgrades/helpers.py

@@ -78,7 +78,9 @@ async def test_build_and_deploy(ops_test: OpsTest) -> None:
     }
     await deploy_and_scale_application(ops_test)
 
-    await deploy_cluster_components(ops_test, num_units_cluster_config, channel="6/edge")
+    await deploy_cluster_components(
+        ops_test, num_units_cluster_config=num_units_cluster_config, channel="6/edge"
+    )
 
     await ops_test.model.wait_for_idle(
         apps=CLUSTER_COMPONENTS,
@@ -193,6 +195,8 @@ async def test_pre_upgrade_check_failure(ops_test: OpsTest, chaos_mesh) -> None:
             non_leader_unit = unit
             break
 
+    assert non_leader_unit, "No non leader unit found"
+
     isolate_instance_from_cluster(ops_test, non_leader_unit.name)
     await wait_until_unit_in_status(
         ops_test,

tests/integration/upgrades/test_sharding_upgrades.py

@@ -48,11 +48,22 @@ async def test_build_and_deploy(ops_test: OpsTest):
         await check_or_scale_app(ops_test, db_app_name, required_units=3)
         return
     else:
-        await ops_test.model.deploy(MONGODB_CHARM_NAME, channel="6/edge", num_units=3, trust=True)
+        # FIXME: (revert this) Deploy 1 and scale up due to silly bug fixed but unreleased.
+        await ops_test.model.deploy(MONGODB_CHARM_NAME, channel="6/edge", num_units=1, trust=True)
+
+        await ops_test.model.wait_for_idle(
+            apps=[MONGODB_CHARM_NAME], status="active", timeout=DEPLOYMENT_TIMEOUT
+        )
+
+        await ops_test.model.applications[MONGODB_CHARM_NAME].scale(3)
 
     db_app_name = await get_app_name(ops_test)
     await ops_test.model.wait_for_idle(
-        apps=[db_app_name], status="active", timeout=DEPLOYMENT_TIMEOUT, idle_period=120
+        apps=[db_app_name],
+        status="active",
+        timeout=DEPLOYMENT_TIMEOUT,
+        idle_period=120,
+        raise_on_blocked=False,
     )
 
     await relate_mongodb_and_application(ops_test, db_app_name, WRITE_APP)

tests/integration/upgrades/test_upgrades.py

@@ -116,34 +116,8 @@ def test_mongod_pebble_ready(
                     "group": "mongodb",
                     "override": "replace",
                     "summary": "mongod",
-                    "command": (
-                        "/usr/bin/mongod --bind_ip_all "
-                        "--port=27017 "
-                        "--auth --clusterAuthMode=keyFile "
-                        f"--keyFile={self.harness.charm.workload.paths.keyfile} "
-                        "--setParameter processUmask=037 "
-                        "--logRotate reopen --logappend --logpath=/var/log/mongodb/mongodb.log "
-                        "--auditDestination=file "
-                        "--auditFormat=JSON "
-                        "--auditPath=/var/log/mongodb/audit.log "
-                        "--replSet=mongodb-k8s "
-                        f"--dbpath={self.harness.charm.workload.paths.data_path}"
-                    ),
-                    "environment": {
-                        "MONGOD_ARGS": (
-                            "--bind_ip_all "
-                            "--port=27017 "
-                            "--auth --clusterAuthMode=keyFile "
-                            f"--keyFile={self.harness.charm.workload.paths.keyfile} "
-                            "--setParameter processUmask=037 "
-                            "--logRotate reopen --logappend --logpath=/var/log/mongodb/mongodb.log "
-                            "--auditDestination=file "
-                            "--auditFormat=JSON "
-                            "--auditPath=/var/log/mongodb/audit.log "
-                            "--replSet=mongodb-k8s "
-                            f"--dbpath={self.harness.charm.workload.paths.data_path}"
-                        )
-                    },
+                    "command": "/bin/bash /bin/start-mongod.sh",
+                    "environment": {"MONGOD_ARGS": ""},
                     "startup": "enabled",
                 },
             },