canonical
diff --git a/‎metadata.yaml
Lines changed: 1 addition & 1 deletion b/‎metadata.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎poetry.lock
Lines changed: 1 addition & 2 deletions b/‎poetry.lock
Lines changed: 1 addition & 2 deletions
diff --git a/‎pyproject.toml
Lines changed: 4 additions & 4 deletions b/‎pyproject.toml
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/abstract_charm.py
Lines changed: 44 additions & 35 deletions b/‎src/abstract_charm.py
Lines changed: 44 additions & 35 deletions
diff --git a/‎src/container.py
Lines changed: 2 additions & 0 deletions b/‎src/container.py
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/kubernetes_charm.py
Lines changed: 32 additions & 24 deletions b/‎src/kubernetes_charm.py
Lines changed: 32 additions & 24 deletions
diff --git a/‎src/kubernetes_logrotate.py
Lines changed: 1 addition & 1 deletion b/‎src/kubernetes_logrotate.py
Lines changed: 1 addition & 1 deletion
@@ -53,6 +53,6 @@ resources:
   mysql-router-image:
     type: oci-image
     description: OCI image for mysql-router
-    upstream-source: ghcr.io/canonical/charmed-mysql@sha256:5082c99baa7a77c82d73247674e270838dc0a8165c02f7619cf5642d1427cba7
+    upstream-source: ghcr.io/canonical/charmed-mysql@sha256:a1c81aab3e4ac53a2cb0454c6f3e8946d0586a97dba2585f2df1c7ef365ef437
 assumes:
   - k8s-api
@@ -10,7 +10,7 @@ authors = []
 
 [tool.poetry.dependencies]
 python = "^3.10"
-ops = "^2.6.0"
+ops = "<2.10.0"
 lightkube = "^0.14.0"
 tenacity = "^8.2.3"
 jinja2 = "^3.1.2"
@@ -19,7 +19,7 @@ requests = "^2.31.0"
 
 [tool.poetry.group.charm-libs.dependencies]
 # data_platform_libs/v0/data_interfaces.py
-ops = ">=2.0.0"
+ops = "<2.10.0"
 # tls_certificates_interface/v1/tls_certificates.py
 cryptography = "*"
 jsonschema = "*"
@@ -53,7 +53,7 @@ pytest = "^7.4.0"
 pytest-xdist = "^3.3.1"
 pytest-cov = "^4.1.0"
 ops-scenario = "^5.6.2"
-ops = ">=2.0.0"
+ops = "<2.10.0"
 pytest-mock = "^3.11.1"
 
 [tool.poetry.group.integration.dependencies]
@@ -65,7 +65,7 @@ juju = "^3.2.2"
 mysql-connector-python = "~8.0.33"
 pyyaml = "^6.0.1"
 tenacity = "^8.2.2"
-ops = "^2.6.0"
+ops = "<2.10.0"
 allure-pytest = "^2.13.2"
 
 
 
@@ -5,11 +5,9 @@
 
 import abc
 import logging
-import socket
 import typing
 
 import ops
-import tenacity
 
 import container
 import lifecycle
@@ -18,6 +16,7 @@
 import relations.cos
 import relations.database_provides
 import relations.database_requires
+import relations.tls
 import server_exceptions
 import upgrade
 import workload
@@ -28,6 +27,11 @@
 class MySQLRouterCharm(ops.CharmBase, abc.ABC):
     """MySQL Router charm"""
 
+    _READ_WRITE_PORT = 6446
+    _READ_ONLY_PORT = 6447
+    _READ_WRITE_X_PORT = 6448
+    _READ_ONLY_X_PORT = 6449
+
     def __init__(self, *args) -> None:
         super().__init__(*args)
         # Instantiate before registering other event observers
@@ -60,6 +64,7 @@ def __init__(self, *args) -> None:
             self.on[upgrade.PEER_RELATION_ENDPOINT_NAME].relation_created,
             self._upgrade_relation_created,
         )
+        self.tls = relations.tls.RelationEndpoint(self)
 
     @property
     @abc.abstractmethod
@@ -97,35 +102,39 @@ def _read_only_endpoint(self) -> str:
     @property
     @abc.abstractmethod
     def _exposed_read_write_endpoint(self) -> str:
-        pass
+        """The exposed read-write endpoint"""
 
     @property
     @abc.abstractmethod
     def _exposed_read_only_endpoint(self) -> str:
-        pass
+        """The exposed read-only endpoint"""
+
+    @abc.abstractmethod
+    def is_externally_accessible(self, *, event) -> typing.Optional[bool]:
+        """Whether endpoints should be externally accessible.
+
+        Only defined in vm charm to return True/False. In k8s charm, returns None.
+        """
 
     @property
     def _tls_certificate_saved(self) -> bool:
         """Whether a TLS certificate is available to use"""
-        # TODO VM TLS: Update property after implementing TLS on machine_charm
-        return False
+        return self.tls.certificate_saved
 
     @property
     def _tls_key(self) -> typing.Optional[str]:
         """Custom TLS key"""
-        # TODO VM TLS: Update property after implementing TLS on machine_charm
-        return None
+        return self.tls.key
 
     @property
-    def _tls_certificate(self) -> typing.Optional[str]:
-        """Custom TLS certificate"""
-        # TODO VM TLS: Update property after implementing TLS on machine_charm
-        return None
+    def _tls_certificate_authority(self) -> typing.Optional[str]:
+        """Custom TLS certificate authority"""
+        return self.tls.certificate_authority
 
     @property
-    def _tls_certificate_authority(self) -> typing.Optional[str]:
-        # TODO VM TLS: Update property after implementing TLS on machine charm
-        return None
+    def _tls_certificate(self) -> typing.Optional[str]:
+        """Custom TLS certificate"""
+        return self.tls.certificate
 
     def _cos_exporter_config(self, event) -> typing.Optional[relations.cos.ExporterConfig]:
         """Returns the exporter config for MySQLRouter exporter if cos relation exists"""
@@ -201,36 +210,27 @@ def set_status(self, *, event, app=True, unit=True) -> None:
             self.unit.status = self._determine_unit_status(event=event)
             logger.debug(f"Set unit status to {self.unit.status}")
 
-    def wait_until_mysql_router_ready(self) -> None:
+    @abc.abstractmethod
+    def wait_until_mysql_router_ready(self, *, event) -> None:
         """Wait until a connection to MySQL Router is possible.
 
         Retry every 5 seconds for up to 30 seconds.
         """
-        logger.debug("Waiting until MySQL Router is ready")
-        self.unit.status = ops.MaintenanceStatus("MySQL Router starting")
-        try:
-            for attempt in tenacity.Retrying(
-                reraise=True,
-                stop=tenacity.stop_after_delay(30),
-                wait=tenacity.wait_fixed(5),
-            ):
-                with attempt:
-                    for port in (6446, 6447):
-                        with socket.socket() as s:
-                            assert s.connect_ex(("localhost", port)) == 0
-        except AssertionError:
-            logger.exception("Unable to connect to MySQL Router")
-            raise
-        else:
-            logger.debug("MySQL Router is ready")
 
     @abc.abstractmethod
-    def _reconcile_node_port(self, event) -> None:
+    def _reconcile_node_port(self, *, event) -> None:
         """Reconcile node port.
 
         Only applies to Kubernetes charm
         """
 
+    @abc.abstractmethod
+    def _reconcile_ports(self, *, event) -> None:
+        """Reconcile exposed ports.
+
+        Only applies to Machine charm
+        """
+
     # =======================
     #  Handlers
     # =======================
@@ -271,7 +271,10 @@ def reconcile(self, event=None) -> None:  # noqa: C901
             if self._upgrade.unit_state == "outdated":
                 if self._upgrade.authorized:
                     self._upgrade.upgrade_unit(
-                        workload_=workload_, tls=self._tls_certificate_saved
+                        event=event,
+                        workload_=workload_,
+                        tls=self._tls_certificate_saved,
+                        exporter_config=self._cos_exporter_config(event),
                     )
                 else:
                     self.set_status(event=event)
@@ -311,13 +314,19 @@ def reconcile(self, event=None) -> None:  # noqa: C901
                     )
             if workload_.container_ready:
                 workload_.reconcile(
+                    event=event,
                     tls=self._tls_certificate_saved,
                     unit_name=self.unit.name,
                     exporter_config=self._cos_exporter_config(event),
                     key=self._tls_key,
                     certificate=self._tls_certificate,
                     certificate_authority=self._tls_certificate_authority,
                 )
+                if not self._upgrade.in_progress and isinstance(
+                    workload_, workload.AuthenticatedWorkload
+                ):
+                    self._reconcile_ports(event=event)
+
             # Empty waiting status means we're waiting for database requires relation before
             # starting workload
             if not workload_.status or workload_.status == ops.WaitingStatus():
 
@@ -98,10 +98,12 @@ def __init__(
         mysql_router_command: str,
         mysql_shell_command: str,
         mysql_router_password_command: str,
+        unit_name: str,
     ) -> None:
         self._mysql_router_command = mysql_router_command
         self._mysql_shell_command = mysql_shell_command
         self._mysql_router_password_command = mysql_router_password_command
+        self._unit_name = unit_name
 
     @property
     @abc.abstractmethod
 
@@ -15,12 +15,12 @@
 import lightkube.models.meta_v1
 import lightkube.resources.core_v1
 import ops
+import tenacity
 
 import abstract_charm
 import kubernetes_logrotate
 import kubernetes_upgrade
 import logrotate
-import relations.tls
 import rock
 import upgrade
 
@@ -32,9 +32,6 @@
 class KubernetesRouterCharm(abstract_charm.MySQLRouterCharm):
     """MySQL Router Kubernetes charm"""
 
-    _READ_WRITE_PORT = 6446
-    _READ_ONLY_PORT = 6447
-
     def __init__(self, *args) -> None:
         super().__init__(*args)
         self._namespace = self.model.name
@@ -44,29 +41,11 @@ def __init__(self, *args) -> None:
             self.on[rock.CONTAINER_NAME].pebble_ready, self._on_workload_container_pebble_ready
         )
         self.framework.observe(self.on.stop, self._on_stop)
-        # TODO VM TLS: Move to super class
-        self.tls = relations.tls.RelationEndpoint(self)
 
     @property
     def _subordinate_relation_endpoint_names(self) -> typing.Optional[typing.Iterable[str]]:
         return
 
-    @property
-    def _tls_certificate_saved(self) -> bool:
-        return self.tls.certificate_saved
-
-    @property
-    def _tls_key(self) -> typing.Optional[str]:
-        return self.tls.key
-
-    @property
-    def _tls_certificate(self) -> typing.Optional[str]:
-        return self.tls.certificate
-
-    @property
-    def _tls_certificate_authority(self) -> typing.Optional[str]:
-        return self.tls.certificate_authority
-
     @property
     def _container(self) -> rock.Rock:
         return rock.Rock(unit=self.unit)
@@ -82,10 +61,39 @@ def _upgrade(self) -> typing.Optional[kubernetes_upgrade.Upgrade]:
         except upgrade.PeerRelationNotReady:
             pass
 
-    def _reconcile_node_port(self, event) -> None:
-        """Reconcile node port."""
+    def is_externally_accessible(self, *, event) -> typing.Optional[bool]:
+        """No-op since this charm is exposed with node-port"""
+
+    def _reconcile_node_port(self, *, event) -> None:
         self._patch_service(event)
 
+    def _reconcile_ports(self, *, event) -> None:
+        """Needed for VM, so no-op"""
+
+    def wait_until_mysql_router_ready(self, *, event=None) -> None:
+        logger.debug("Waiting until MySQL Router is ready")
+        self.unit.status = ops.MaintenanceStatus("MySQL Router starting")
+        try:
+            for attempt in tenacity.Retrying(
+                reraise=True,
+                stop=tenacity.stop_after_delay(30),
+                wait=tenacity.wait_fixed(5),
+            ):
+                with attempt:
+                    for port in (
+                        self._READ_WRITE_PORT,
+                        self._READ_ONLY_PORT,
+                        self._READ_WRITE_X_PORT,
+                        self._READ_ONLY_X_PORT,
+                    ):
+                        with socket.socket() as s:
+                            assert s.connect_ex(("localhost", port)) == 0
+        except AssertionError:
+            logger.exception("Unable to connect to MySQL Router")
+            raise
+        else:
+            logger.debug("MySQL Router is ready")
+
     @property
     def model_service_domain(self) -> str:
         """K8s service domain for Juju model"""
 
@@ -41,5 +41,5 @@ def disable(self) -> None:
 
         logger.debug("Removing logrotate config and executor files")
         super().disable()
-        self._logrotate_executor.unlink()
+        self._logrotate_executor.unlink(missing_ok=True)
         logger.debug("Removed logrotate config and executor files")