[DPE-6344] Remove CA transferred check (#932)

Author: sinclert-canonical

src/charm.py

@@ -1760,7 +1760,7 @@ def _generate_ldap_service(self) -> dict:
 
         ldap_base_dn = ldap_params["ldapbasedn"]
         ldap_bind_username = ldap_params["ldapbinddn"]
-        ldap_bing_password = ldap_params["ldapbindpasswd"]
+        ldap_bind_password = ldap_params["ldapbindpasswd"]
         ldap_group_mappings = self.postgresql.build_postgresql_group_map(self.config.ldap_map)
 
         return {
@@ -1773,7 +1773,7 @@ def _generate_ldap_service(self) -> dict:
                 "LDAP_PORT": ldap_port,
                 "LDAP_BASE_DN": ldap_base_dn,
                 "LDAP_BIND_USERNAME": ldap_bind_username,
-                "LDAP_BIND_PASSWORD": ldap_bing_password,
+                "LDAP_BIND_PASSWORD": ldap_bind_password,
                 "LDAP_GROUP_IDENTITY": json.dumps(ACCESS_GROUP_IDENTITY),
                 "LDAP_GROUP_MAPPINGS": json.dumps(ldap_group_mappings),
                 "POSTGRES_HOST": "127.0.0.1",
@@ -1991,7 +1991,7 @@ def _restart_ldap_sync_service(self) -> None:
 
         if not self.is_primary and sync_service[0].is_running():
             logger.debug("Stopping LDAP sync service. It must only run in the primary")
-            container.stop(self.pg_ldap_sync_service)
+            container.stop(self.ldap_sync_service)
 
         if self.is_primary and not self.is_ldap_enabled:
             logger.debug("Stopping LDAP sync service")

src/ldap.py

@@ -11,12 +11,9 @@
     LdapRequirer,
     LdapUnavailableEvent,
 )
-from charms.postgresql_k8s.v0.postgresql_tls import (
-    TLS_TRANSFER_RELATION,
-)
 from ops import Relation
 from ops.framework import Object
-from ops.model import ActiveStatus, BlockedStatus
+from ops.model import ActiveStatus
 
 logger = logging.getLogger(__name__)
 
@@ -35,29 +32,13 @@ def __init__(self, charm, relation_name: str):
         self.framework.observe(self.ldap.on.ldap_ready, self._on_ldap_ready)
         self.framework.observe(self.ldap.on.ldap_unavailable, self._on_ldap_unavailable)
 
-    @property
-    def ca_transferred(self) -> bool:
-        """Return whether the CA certificate has been transferred."""
-        ca_transferred_relations = self.model.relations[TLS_TRANSFER_RELATION]
-
-        for relation in ca_transferred_relations:
-            if relation.app.name == self._relation.app.name:
-                return True
-
-        return False
-
     @property
     def _relation(self) -> Relation:
         """Return the relation object."""
         return self.model.get_relation(self.relation_name)
 
-    def _on_ldap_ready(self, event: LdapReadyEvent) -> None:
+    def _on_ldap_ready(self, _: LdapReadyEvent) -> None:
         """Handler for the LDAP ready event."""
-        if not self.ca_transferred:
-            self.charm.unit.status = BlockedStatus("LDAP insecure. Send LDAP server certificate")
-            event.defer()
-            return
-
         logger.debug("Enabling LDAP connection")
         if self.charm.unit.is_leader():
             self.charm.app_peer_data.update({"ldap_enabled": "True"})

tests/unit/test_ldap.py

@@ -3,7 +3,6 @@
 
 from unittest.mock import (
     MagicMock,
-    PropertyMock,
     patch,
 )
 
@@ -29,14 +28,10 @@ def harness():
     harness.cleanup()
 
 
-def test_on_ldap_ready_with_certificate(harness):
+def test_on_ldap_ready(harness):
     mock_event = MagicMock()
 
-    with (
-        patch("charm.PostgresqlOperatorCharm.update_config") as _update_config,
-        patch("charm.PostgreSQLLDAP.ca_transferred", new_callable=PropertyMock) as _ca_transferred,
-    ):
-        _ca_transferred.return_value = True
+    with patch("charm.PostgresqlOperatorCharm.update_config") as _update_config:
         harness.charm.ldap._on_ldap_ready(mock_event)
         _update_config.assert_called_once()
 
@@ -45,22 +40,6 @@ def test_on_ldap_ready_with_certificate(harness):
         assert "ldap_enabled" in app_databag
 
 
-def test_on_ldap_ready_without_certificate(harness):
-    mock_event = MagicMock()
-
-    with (
-        patch("charm.PostgresqlOperatorCharm.update_config") as _update_config,
-        patch("charm.PostgreSQLLDAP.ca_transferred", new_callable=PropertyMock) as _ca_transferred,
-    ):
-        _ca_transferred.return_value = False
-        harness.charm.ldap._on_ldap_ready(mock_event)
-        _update_config.assert_not_called()
-
-        peer_rel_id = harness.model.get_relation(PEER).id
-        app_databag = harness.get_relation_data(peer_rel_id, harness.charm.app)
-        assert "ldap_enabled" not in app_databag
-
-
 def test_on_ldap_unavailable(harness):
     mock_event = MagicMock()