[MISC] Hold database created hook for pg_hba changes (#1002)

* Hold database requested hook for pg_hba changes

* Remove dead code

* Bump expected python version to 3.12

* Set stale patch version

Author: dragomirp

lib/charms/postgresql_k8s/v0/postgresql.py

@@ -35,7 +35,7 @@
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version
-LIBPATCH = 55
+LIBPATCH = 52
 
 # Groups to distinguish HBA access
 ACCESS_GROUP_IDENTITY = "identity_access"
@@ -751,7 +751,7 @@ def list_users_from_relation(self, current_host=False) -> Set[str]:
                     "SELECT usename "
                     "FROM pg_catalog.pg_user "
                     "WHERE usename LIKE 'relation_id_%' OR usename LIKE 'relation-%' "
-                    "OR usename LIKE 'pgbouncer_auth_relation_id_%' OR usename LIKE '%_user_%_%';"
+                    "OR usename LIKE 'pgbouncer_auth_relation_%' OR usename LIKE '%_user_%_%';"
                 )
                 usernames = cursor.fetchall()
                 return {username[0] for username in usernames}
@@ -831,7 +831,7 @@ def set_up_database(self, temp_location: Optional[str] = None) -> None:
                   END IF;
                 END LOOP;
                 -- Remove users that don't exist anymore from the pg_hba file.
-                FOR rec IN SELECT h.lines FROM pg_hba AS h LEFT JOIN relation_users AS r ON SPLIT_PART(h.lines, ' ', 3) = r.user WHERE r.user IS NULL AND (SPLIT_PART(h.lines, ' ', 3) LIKE 'relation_id_%' OR SPLIT_PART(h.lines, ' ', 3) LIKE 'pgbouncer_auth_relation_id_%' OR SPLIT_PART(h.lines, ' ', 3) LIKE '%_user_%_%')
+                FOR rec IN SELECT h.lines FROM pg_hba AS h LEFT JOIN relation_users AS r ON SPLIT_PART(h.lines, ' ', 3) = r.user WHERE r.user IS NULL AND (SPLIT_PART(h.lines, ' ', 3) LIKE 'relation_id_%' OR SPLIT_PART(h.lines, ' ', 3) LIKE 'pgbouncer_auth_relation_%' OR SPLIT_PART(h.lines, ' ', 3) LIKE '%_user_%_%')
                 LOOP
                   DELETE FROM pg_hba WHERE lines = rec.lines;
                   changes := changes + 1;
@@ -1081,3 +1081,21 @@ def validate_group_map(self, group_map: Optional[str]) -> bool:
                     return False
 
         return True
+
+    def is_user_in_hba(self, username: str) -> bool:
+        """Check if user was added in pg_hba."""
+        connection = None
+        try:
+            with self._connect_to_database() as connection, connection.cursor() as cursor:
+                cursor.execute(
+                    SQL(
+                        "SELECT COUNT(*) FROM pg_hba_file_rules WHERE {} = ANY(user_name);"
+                    ).format(Literal(username))
+                )
+                return cursor.fetchone()[0] > 0
+        except psycopg2.Error as e:
+            logger.debug(f"Failed to check pg_hba: {e}")
+            return False
+        finally:
+            if connection:
+                connection.close()

poetry.lock

@@ -6,7 +6,7 @@ package-mode = false
 requires-poetry = ">=2.0.0"
 
 [tool.poetry.dependencies]
-python = "^3.10"
+python = "^3.12"
 ops = "^2.22.0"
 boto3 = "^1.38.27"
 pgconnstr = "^1.0.1"
@@ -94,7 +94,7 @@ markers = ["juju3", "juju_secrets"]
 [tool.ruff]
 # preview and explicit preview are enabled for CPY001
 preview = true
-target-version = "py310"
+target-version = "py312"
 src = ["src", "."]
 line-length = 99
 

pyproject.toml

@@ -9,7 +9,7 @@
 import re
 import tempfile
 import time
-from datetime import datetime, timezone
+from datetime import UTC, datetime
 from io import BytesIO
 
 import boto3
@@ -371,9 +371,7 @@ def _generate_backup_list_output(self) -> str:
                 backup_reference, _ = self._parse_backup_id(backup["reference"][-1])
             lsn_start_stop = f"{backup['lsn']['start']} / {backup['lsn']['stop']}"
             time_start, time_stop = (
-                datetime.strftime(
-                    datetime.fromtimestamp(stamp, timezone.utc), "%Y-%m-%dT%H:%M:%SZ"
-                )
+                datetime.strftime(datetime.fromtimestamp(stamp, UTC), "%Y-%m-%dT%H:%M:%SZ")
                 for stamp in backup["timestamp"].values()
             )
             backup_timeline = (
@@ -465,7 +463,7 @@ def _list_timelines(self) -> dict[str, tuple[str, str]]:
 
         return dict[str, tuple[str, str]]({
             datetime.strftime(
-                datetime.fromtimestamp(timeline_object["time"], timezone.utc),
+                datetime.fromtimestamp(timeline_object["time"], UTC),
                 "%Y-%m-%dT%H:%M:%SZ",
             ): (
                 timeline.split("/")[1],
@@ -513,8 +511,8 @@ def _parse_psql_timestamp(self, timestamp: str) -> datetime:
         t = re.sub(r"\.(\d+)", lambda x: f".{x[1]:06}", t)
         dt = datetime.fromisoformat(t)
         # Convert to the timezone-naive
-        if dt.tzinfo is not None and dt.tzinfo is not timezone.utc:
-            dt = dt.astimezone(tz=timezone.utc)
+        if dt.tzinfo is not None and dt.tzinfo is not UTC:
+            dt = dt.astimezone(tz=UTC)
         return dt.replace(tzinfo=None)
 
     def _parse_backup_id(self, label) -> tuple[str, str]:

src/backups.py

@@ -54,8 +54,4 @@
 
 DATABASE = "database"
 
-ENDPOINT_SIMULTANEOUSLY_BLOCKING_MESSAGE = (
-    "Please choose one endpoint to use. No need to relate all of them simultaneously!"
-)
-
 PGBACKREST_LOGROTATE_FILE = "/etc/logrotate.d/pgbackrest.logrotate"