[MISC] Sync main to 16/edge (#958)

* Update charmcraft.yaml build tools (#903)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update canonical/data-platform-workflows action to v31.0.1 (#902)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* [DPE-6344] LDAP IV: Define pebble service (#897)

* Update ghcr.io/canonical/charmed-postgresql:14.17-22.04_edge Docker digest to 5f8d51a (#908)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* [DPE-6344] LDAP V: Define mapping option (#900)

* Update charmcraft.yaml build tools (#912)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* [DPE-6910] Remove duplicate parameters specification (#896)

* Remove duplicate parameters specification

Signed-off-by: Marcelo Henrique Neppel <[email protected]>

* Enable config test

Signed-off-by: Marcelo Henrique Neppel <[email protected]>

* Fix linting

Signed-off-by: Marcelo Henrique Neppel <[email protected]>

---------

Signed-off-by: Marcelo Henrique Neppel <[email protected]>

* [MISC] Conditional checksum calculation (#901)

* Conditional checksum calculation

* Converge s3 resource creation

* Tactically deployed sleep

* Early fail

* Update charmcraft.yaml build tools (#916)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Create SECURITY.md (#914)

* Update pull_request_template.md (#918)

* [MISC] Add missing connection vars (#920)

* Update README file's security section (#921)

* Add empty lines after headings

* Update security section

* Update link to make it clear that's not GitHub issues

* [DPE-6218] Static code analysis (#915)

* Create actionlint.yaml

* Create tiobe_scan.yaml

* Add push event to trigger the workflow once

* Install libpq-dev

* Remove push event

* Test adding unit venv to PATH

* Test sourcing unit venv

* Fix sourcing

* Test installing dependencies

* Activate virtual environment

* Add poetry dependency

* Fix TICS auth token variable

* Move results to the right folder

* Delete .github/actionlint.yaml

* Install ops

* Install dependencies through poetry

* Install extra dependencies

* Install dependencies from all groups

* Remove unnecessary step

* Remove permission

* Remove push trigger

* Add double quotes to environment variables

Signed-off-by: Marcelo Henrique Neppel <[email protected]>

* Add push trigger

* Remove push trigger

Signed-off-by: Marcelo Henrique Neppel <[email protected]>

---------

Signed-off-by: Marcelo Henrique Neppel <[email protected]>

* Update dependency uv to v0.6.14 (#924)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Disable pgaudit (#931)

* Lock file maintenance Python dependencies (main) (#904)

* Lock file maintenance Python dependencies

* Add a separate pyproj for libs

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Dragomir Penev <[email protected]>

* [DPE-6344] Remove CA transferred check (#932)

* [MISC] Don't set tls flag if relation isn't initialised (#933)

* Don't set tls flag if relation isn't initialised

* Unit test

* Update dependency uv to v0.6.16 (#936)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Lock file maintenance Python dependencies (#937)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update ghcr.io/canonical/charmed-postgresql:14.17-22.04_edge Docker digest to 1d771d2 (#935)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* [DPE-6664] Make username mandatory in set-password (#934)

* Make username mandatory

* Default in get_password

* Lock file maintenance Python dependencies (#944)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Mandatory scope (#947)

* Lock file maintenance Python dependencies (#949)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* Update charmcraft.yaml build tools (#948)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* [DPE-6344] Persist transferred certificates upon start (#953)

* [MISC] Extend relation-user listing syntax (#957)

---------

Signed-off-by: Marcelo Henrique Neppel <[email protected]>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Sinclert Pérez <[email protected]>
Co-authored-by: Marcelo Henrique Neppel <[email protected]>
Co-authored-by: Andreia <[email protected]>
Co-authored-by: Vladimir Izmalkov <[email protected]>

Author: 6 people

lib/charms/postgresql_k8s/v0/postgresql.py

@@ -672,7 +672,9 @@ def list_users_from_relation(self) -> Set[str]:
         try:
             with self._connect_to_database() as connection, connection.cursor() as cursor:
                 cursor.execute(
-                    "SELECT usename FROM pg_catalog.pg_user WHERE usename LIKE 'relation_id_%';"
+                    "SELECT usename "
+                    "FROM pg_catalog.pg_user "
+                    "WHERE usename LIKE 'relation_id_%' OR usename LIKE 'relation-%';"
                 )
                 usernames = cursor.fetchall()
                 return {username[0] for username in usernames}

lib/charms/postgresql_k8s/v0/postgresql_tls.py

@@ -23,7 +23,7 @@
 import logging
 import re
 import socket
-from typing import List, Optional
+from typing import Iterator, List, Optional
 
 from charms.certificate_transfer_interface.v0.certificate_transfer import (
     CertificateAvailableEvent as CertificateAddedEvent,
@@ -55,7 +55,7 @@
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version.
-LIBPATCH = 14
+LIBPATCH = 15
 
 logger = logging.getLogger(__name__)
 SCOPE = "unit"
@@ -269,6 +269,17 @@ def is_ip_address(address: str) -> bool:
             "sans_dns": sans_dns,
         }
 
+    def get_ca_secret_names(self) -> Iterator[str]:
+        """Get a secret-name for each relation fulfilling the CA transfer interface.
+
+        Returns:
+            Secret name for a CA transfer fulfilled interface.
+        """
+        relations = self.charm.model.relations.get(TLS_TRANSFER_RELATION, [])
+
+        for relation in relations:
+            yield f"ca-{relation.app.name}"
+
     def get_tls_files(self) -> (Optional[str], Optional[str], Optional[str]):
         """Prepare TLS files in special PostgreSQL way.
 

src/charm.py

@@ -1036,7 +1036,9 @@ def _on_postgresql_pebble_ready(self, event: WorkloadEvent) -> None:
             return
 
         try:
-            self.push_tls_files_to_workload(container)
+            self.push_tls_files_to_workload()
+            for ca_secret_name in self.tls.get_ca_secret_names():
+                self.push_ca_file_into_workload(ca_secret_name)
         except (PathError, ProtocolError) as e:
             logger.error(
                 "Deferring on_postgresql_pebble_ready: Cannot push TLS certificates: %r", e
@@ -1902,10 +1904,9 @@ def _push_file_to_workload(self, container: Container, file_path: str, file_data
             group=WORKLOAD_OS_GROUP,
         )
 
-    def push_tls_files_to_workload(self, container: Container = None) -> bool:
+    def push_tls_files_to_workload(self) -> bool:
         """Uploads TLS files to the workload container."""
-        if container is None:
-            container = self.unit.get_container("postgresql")
+        container = self.unit.get_container("postgresql")
 
         key, ca, cert = self.tls.get_tls_files()
 

tests/unit/test_postgresql.py

@@ -208,7 +208,11 @@ def test_grant_relation_access_group_memberships(harness):
         harness.charm.postgresql.grant_relation_access_group_memberships()
 
         execute.assert_has_calls([
-            call("SELECT usename FROM pg_catalog.pg_user WHERE usename LIKE 'relation_id_%';"),
+            call(
+                "SELECT usename "
+                "FROM pg_catalog.pg_user "
+                "WHERE usename LIKE 'relation_id_%' OR usename LIKE 'relation-%';"
+            ),
         ])