Skip to content

Commit

Permalink
chore: update charm libraries (#267)
Browse files Browse the repository at this point in the history
  • Loading branch information
observability-noctua-bot authored Jun 18, 2024
1 parent cf6a822 commit 5f3bd38
Show file tree
Hide file tree
Showing 2 changed files with 77 additions and 5 deletions.
13 changes: 9 additions & 4 deletions lib/charms/observability_libs/v1/cert_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@

LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a"
LIBAPI = 1
LIBPATCH = 9
LIBPATCH = 10

VAULT_SECRET_LABEL = "cert-handler-private-vault"

Expand Down Expand Up @@ -274,6 +274,7 @@ def __init__(
*,
key: str,
certificates_relation_name: str = "certificates",
peer_relation_name: str = "peers",
cert_subject: Optional[str] = None,
sans: Optional[List[str]] = None,
):
Expand All @@ -285,7 +286,11 @@ def __init__(
charm: The owning charm.
key: A manually-crafted, static, unique identifier used by ops to identify events.
It shouldn't change between one event to another.
certificates_relation_name: Must match metadata.yaml.
certificates_relation_name: Name of the certificates relation over which we obtain TLS certificates.
Must match metadata.yaml.
peer_relation_name: Name of a peer relation used to store our secrets.
Only used on older Juju versions where secrets are not supported.
Must match metadata.yaml.
cert_subject: Custom subject. Name collisions are under the caller's responsibility.
sans: DNS names. If none are given, use FQDN.
"""
Expand All @@ -309,7 +314,7 @@ def __init__(
# self.framework.observe(self.charm.on.secret_remove, self._rotate_csr)

else:
vault_backend = _RelationVaultBackend(charm, relation_name="peers")
vault_backend = _RelationVaultBackend(charm, relation_name=peer_relation_name)
self.vault = Vault(vault_backend)

self.certificates_relation_name = certificates_relation_name
Expand Down Expand Up @@ -514,7 +519,7 @@ def _csr(self) -> Optional[str]:
# ignoring all but the last one.
if len(csrs) > 1:
logger.warning(
"Multiple CSRs found in `certificates` relation. "
f"Multiple CSRs found in {self.certificates_relation_name!r} relation. "
"cert_handler is not ready to expect it."
)

Expand Down
69 changes: 68 additions & 1 deletion lib/charms/tempo_k8s/v2/tracing.py
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ def __init__(self, *args):
import enum
import json
import logging
from pathlib import Path
from typing import (
TYPE_CHECKING,
Any,
Expand All @@ -82,6 +83,7 @@ def __init__(self, *args):
Optional,
Sequence,
Tuple,
Union,
cast,
)

Expand All @@ -105,7 +107,7 @@ def __init__(self, *args):

# Increment this PATCH version before using `charmcraft publish-lib` or reset
# to 0 if you are raising the major API version
LIBPATCH = 6
LIBPATCH = 7

PYDEPS = ["pydantic"]

Expand Down Expand Up @@ -921,3 +923,68 @@ def get_endpoint(

return None
return endpoint


def charm_tracing_config(
endpoint_requirer: TracingEndpointRequirer, cert_path: Optional[Union[Path, str]]
) -> Tuple[Optional[str], Optional[str]]:
"""Utility function to determine the charm_tracing config you will likely want.
If no endpoint is provided:
disable charm tracing.
If https endpoint is provided but cert_path is not found on disk:
disable charm tracing.
If https endpoint is provided and cert_path is None:
ERROR
Else:
proceed with charm tracing (with or without tls, as appropriate)
Usage:
If you are using charm_tracing >= v1.9:
>>> from lib.charms.tempo_k8s.v1.charm_tracing import trace_charm
>>> from lib.charms.tempo_k8s.v2.tracing import charm_tracing_config
>>> @trace_charm(tracing_endpoint="my_endpoint", cert_path="cert_path")
>>> class MyCharm(...):
>>> _cert_path = "/path/to/cert/on/charm/container.crt"
>>> def __init__(self, ...):
>>> self.tracing = TracingEndpointRequirer(...)
>>> self.my_endpoint, self.cert_path = charm_tracing_config(
... self.tracing, self._cert_path)
If you are using charm_tracing < v1.9:
>>> from lib.charms.tempo_k8s.v1.charm_tracing import trace_charm
>>> from lib.charms.tempo_k8s.v2.tracing import charm_tracing_config
>>> @trace_charm(tracing_endpoint="my_endpoint", cert_path="cert_path")
>>> class MyCharm(...):
>>> _cert_path = "/path/to/cert/on/charm/container.crt"
>>> def __init__(self, ...):
>>> self.tracing = TracingEndpointRequirer(...)
>>> self._my_endpoint, self._cert_path = charm_tracing_config(
... self.tracing, self._cert_path)
>>> @property
>>> def my_endpoint(self):
>>> return self._my_endpoint
>>> @property
>>> def cert_path(self):
>>> return self._cert_path
"""
if not endpoint_requirer.is_ready():
return None, None

endpoint = endpoint_requirer.get_endpoint("otlp_http")
if not endpoint:
return None, None

is_https = endpoint.startswith("https://")

if is_https:
if cert_path is None:
raise TracingError("Cannot send traces to an https endpoint without a certificate.")
elif not Path(cert_path).exists():
# if endpoint is https BUT we don't have a server_cert yet:
# disable charm tracing until we do to prevent tls errors
return None, None
return endpoint, str(cert_path)
else:
return endpoint, None

0 comments on commit 5f3bd38

Please sign in to comment.