Merge branch 'main' into renovate/pydantic-2.x

requirements-charmcraft.txt

@@ -1,5 +1,6 @@
 cryptography==43.0.1
 jsonschema==4.23.0
 ops==2.17.0
-pydantic==2.10.0
+pydantic==2.10.3
+requests==2.32.3
 rpds-py==0.20.0

src-docs/charm.py.md

@@ -7,7 +7,9 @@ Wazuh server charm.
 
 **Global Variables**
 ---------------
+- **WAZUH_API_CREDENTIALS**
 - **WAZUH_CLUSTER_KEY_SECRET_LABEL**
+- **WAZUH_DEFAULT_API_CREDENTIALS**
 - **WAZUH_PEER_RELATION_NAME**
 
 
@@ -23,7 +25,7 @@ Charm the service.
  - <b>`fqdns`</b>:  the unit FQDNs. 
  - <b>`state`</b>:  the charm state. 
 
-<a href="../src/charm.py#L41"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L43"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `__init__`
 
@@ -94,12 +96,12 @@ Unit that this execution is responsible for.
 
 ---
 
-<a href="../src/charm.py#L99"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/charm.py#L93"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `reconcile`
 
 ```python
-reconcile() → None
+reconcile(_: HookEvent) → None
 ```
 
 Reconcile Wazuh configuration with charm state. 

src-docs/opensearch_observer.py.md

@@ -15,7 +15,7 @@ The Certificates relation observer.
 ## <kbd>class</kbd> `OpenSearchObserver`
 The Opensearch relation observer. 
 
-<a href="../src/opensearch_observer.py#L21"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/opensearch_observer.py#L20"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `__init__`
 

src-docs/state.py.md

@@ -7,7 +7,9 @@ Wazuh server charm state.
 
 **Global Variables**
 ---------------
+- **WAZUH_API_CREDENTIALS**
 - **WAZUH_CLUSTER_KEY_SECRET_LABEL**
+- **WAZUH_DEFAULT_API_CREDENTIALS**
 
 
 ---
@@ -56,12 +58,12 @@ Unit that this execution is responsible for.
 
 ---
 
-<a href="../src/state.py#L26"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/state.py#L31"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `reconcile`
 
 ```python
-reconcile() → None
+reconcile(_: HookEvent) → None
 ```
 
 Reconcile configuration. 
@@ -134,8 +136,10 @@ The Wazuh server charm state.
 **Attributes:**
 
  - <b>`agent_password`</b>:  the agent password. 
+ - <b>`api_credentials`</b>:  a map containing the API credentials. 
  - <b>`cluster_key`</b>:  the Wazuh key for the cluster nodes. 
  - <b>`indexer_ips`</b>:  list of Wazuh indexer IPs. 
+ - <b>`is_default_api_password`</b>:  if the default API password is in use. 
  - <b>`filebeat_username`</b>:  the filebeat username. 
  - <b>`filebeat_password`</b>:  the filebeat password. 
  - <b>`certificate`</b>:  the TLS certificate. 
@@ -144,21 +148,22 @@ The Wazuh server charm state.
  - <b>`custom_config_ssh_key`</b>:  the SSH key for the git repository. 
  - <b>`proxy`</b>:  proxy configuration. 
 
-<a href="../src/state.py#L213"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/state.py#L243"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `__init__`
 
 ```python
 __init__(
-    agent_password: Optional[str],
+    agent_password: str | None,
+    api_credentials: dict[str, str],
     cluster_key: str,
     indexer_ips: list[str],
     filebeat_username: str,
     filebeat_password: str,
     certificate: str,
     root_ca: str,
     wazuh_config: WazuhConfig,
-    custom_config_ssh_key: Optional[str]
+    custom_config_ssh_key: str | None
 )
 ```
 
@@ -169,6 +174,7 @@ Initialize a new instance of the CharmState class.
 **Args:**
 
  - <b>`agent_password`</b>:  the agent password. 
+ - <b>`api_credentials`</b>:  a map ccontaining the API credentials. 
  - <b>`cluster_key`</b>:  the Wazuh key for the cluster nodes. 
  - <b>`indexer_ips`</b>:  list of Wazuh indexer IPs. 
  - <b>`filebeat_username`</b>:  the filebeat username. 
@@ -179,6 +185,14 @@ Initialize a new instance of the CharmState class.
  - <b>`custom_config_ssh_key`</b>:  the SSH key for the git repository. 
 
 
+---
+
+#### <kbd>property</kbd> is_default_api_password
+
+Check if the default API password is in use.. 
+
+Returns: True if the current password is the default 
+
 ---
 
 #### <kbd>property</kbd> model_extra
@@ -222,7 +236,7 @@ Get charm proxy configuration from juju charm environment.
 
 ---
 
-<a href="../src/state.py#L272"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/state.py#L305"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>classmethod</kbd> `from_charm`
 

src-docs/traefik_route_observer.py.md

@@ -22,7 +22,7 @@ The Traefik route relation observer.
 
  - <b>`hostname`</b>:  The unit's hostname. 
 
-<a href="../src/traefik_route_observer.py#L32"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/traefik_route_observer.py#L31"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ### <kbd>function</kbd> `__init__`
 

src-docs/wazuh.py.md

@@ -7,15 +7,15 @@ Wazuh operational logic.
 
 **Global Variables**
 ---------------
-- **WAZUH_USER**
-- **WAZUH_GROUP**
 - **KNOWN_HOSTS_PATH**
 - **RSA_PATH**
 - **REPOSITORY_PATH**
+- **WAZUH_GROUP**
+- **WAZUH_USER**
 
 ---
 
-<a href="../src/wazuh.py#L108"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/wazuh.py#L115"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `update_configuration`
 
@@ -50,7 +50,7 @@ Update the workload configuration.
 
 ---
 
-<a href="../src/wazuh.py#L137"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/wazuh.py#L144"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `install_certificates`
 
@@ -77,7 +77,7 @@ Update Wazuh filebeat certificates.
 
 ---
 
-<a href="../src/wazuh.py#L157"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/wazuh.py#L164"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `configure_agent_password`
 
@@ -97,7 +97,7 @@ Configure the agent password.
 
 ---
 
-<a href="../src/wazuh.py#L212"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/wazuh.py#L219"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `configure_git`
 
@@ -123,7 +123,7 @@ Configure git.
 
 ---
 
-<a href="../src/wazuh.py#L270"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/wazuh.py#L277"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `pull_configuration_files`
 
@@ -142,7 +142,7 @@ Pull configuration files from the repository.
 
 ---
 
-<a href="../src/wazuh.py#L302"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+<a href="../src/wazuh.py#L309"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
 
 ## <kbd>function</kbd> `configure_filebeat_user`
 
@@ -165,6 +165,49 @@ Configure the filebeat user.
  - <b>`password`</b>:  the password. 
 
 
+---
+
+<a href="../src/wazuh.py#L365"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+
+## <kbd>function</kbd> `change_api_password`
+
+```python
+change_api_password(username: str, old_password: str, new_password: str) → None
+```
+
+Change Wazuh's API password for a given user. 
+
+
+
+**Args:**
+
+ - <b>`username`</b>:  the username to change the user for. 
+ - <b>`old_password`</b>:  the old API password for the user. 
+ - <b>`new_password`</b>:  the new API password for the user. 
+
+
+
+**Raises:**
+
+ - <b>`WazuhAuthenticationError`</b>:  if an authentication error occurs. 
+ - <b>`WazuhInstallationError`</b>:  if an error occurs while processing the requests. 
+
+
+---
+
+<a href="../src/wazuh.py#L429"><img align="right" style="float:right;" src="https://img.shields.io/badge/-source-cccccc?style=flat-square"></a>
+
+## <kbd>function</kbd> `generate_api_credentials`
+
+```python
+generate_api_credentials() → dict[str, str]
+```
+
+Generate the credentials for the default API users. 
+
+Returns: a dict containing the new credentials. 
+
+
 ---
 
 ## <kbd>class</kbd> `NodeType`
@@ -176,6 +219,15 @@ Attrs:  WORKER: worker.  MASTER: master.
 
 
 
+---
+
+## <kbd>class</kbd> `WazuhAuthenticationError`
+Wazuh authentication errors. 
+
+
+
+
+
 ---
 
 ## <kbd>class</kbd> `WazuhInstallationError`

src/charm.py

@@ -17,7 +17,9 @@
 import traefik_route_observer
 import wazuh
 from state import (
+    WAZUH_API_CREDENTIALS,
     WAZUH_CLUSTER_KEY_SECRET_LABEL,
+    WAZUH_DEFAULT_API_CREDENTIALS,
     CharmBaseWithState,
     InvalidStateError,
     RecoverableStateError,
@@ -133,6 +135,14 @@ def reconcile(self, _: ops.HookEvent) -> None:
         )
         container.add_layer("wazuh", self._pebble_layer, combine=True)
         container.replan()
+
+        if self.state.is_default_api_password:
+            credentials = wazuh.generate_api_credentials()
+            for username, password in credentials.items():
+                wazuh.change_api_password(
+                    username, WAZUH_DEFAULT_API_CREDENTIALS[username], password
+                )
+            self.app.add_secret(credentials, label=WAZUH_API_CREDENTIALS)
         self.unit.status = ops.ActiveStatus()
 
     @property
@@ -161,7 +171,7 @@ def _pebble_layer(self) -> pebble.LayerDict:
                 },
                 "filebeat": {
                     "override": "replace",
-                    "summary": "filebear",
+                    "summary": "filebeat",
                     "command": (
                         "/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml "
                         "--path.home /usr/share/filebeat --path.config /etc/filebeat "
@@ -170,6 +180,18 @@ def _pebble_layer(self) -> pebble.LayerDict:
                     "startup": "enabled",
                 },
             },
+            "checks": {
+                "wazuh-alive": {
+                    "override": "replace",
+                    "level": "alive",
+                    "tcp": {"port": 55000},
+                },
+                "filebeat-alive": {
+                    "override": "replace",
+                    "level": "alive",
+                    "exec": {"command": "filebeat test output"},
+                },
+            },
         }
 
     @property