chore: update charm libraries (#267)

canonical · Jun 18, 2024 · 5f3bd38 · 5f3bd38
1 parent cf6a822
commit 5f3bd38
Show file tree

Hide file tree

Showing 2 changed files with 77 additions and 5 deletions.
diff --git a/lib/charms/observability_libs/v1/cert_handler.py b/lib/charms/observability_libs/v1/cert_handler.py
@@ -67,7 +67,7 @@
 
 LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a"
 LIBAPI = 1
-LIBPATCH = 9
+LIBPATCH = 10
 
 VAULT_SECRET_LABEL = "cert-handler-private-vault"
 
@@ -274,6 +274,7 @@ def __init__(
         *,
         key: str,
         certificates_relation_name: str = "certificates",
+        peer_relation_name: str = "peers",
         cert_subject: Optional[str] = None,
         sans: Optional[List[str]] = None,
     ):
@@ -285,7 +286,11 @@ def __init__(
             charm: The owning charm.
             key: A manually-crafted, static, unique identifier used by ops to identify events.
              It shouldn't change between one event to another.
-            certificates_relation_name: Must match metadata.yaml.
+            certificates_relation_name: Name of the certificates relation over which we obtain TLS certificates.
+                Must match metadata.yaml.
+            peer_relation_name: Name of a peer relation used to store our secrets.
+                Only used on older Juju versions where secrets are not supported.
+                Must match metadata.yaml.
             cert_subject: Custom subject. Name collisions are under the caller's responsibility.
             sans: DNS names. If none are given, use FQDN.
         """
@@ -309,7 +314,7 @@ def __init__(
             # self.framework.observe(self.charm.on.secret_remove, self._rotate_csr)
 
         else:
-            vault_backend = _RelationVaultBackend(charm, relation_name="peers")
+            vault_backend = _RelationVaultBackend(charm, relation_name=peer_relation_name)
         self.vault = Vault(vault_backend)
 
         self.certificates_relation_name = certificates_relation_name
@@ -514,7 +519,7 @@ def _csr(self) -> Optional[str]:
         # ignoring all but the last one.
         if len(csrs) > 1:
             logger.warning(
-                "Multiple CSRs found in `certificates` relation. "
+                f"Multiple CSRs found in {self.certificates_relation_name!r} relation. "
                 "cert_handler is not ready to expect it."
             )
 

diff --git a/lib/charms/tempo_k8s/v2/tracing.py b/lib/charms/tempo_k8s/v2/tracing.py
@@ -72,6 +72,7 @@ def __init__(self, *args):
 import enum
 import json
 import logging
+from pathlib import Path
 from typing import (
     TYPE_CHECKING,
     Any,
@@ -82,6 +83,7 @@ def __init__(self, *args):
     Optional,
     Sequence,
     Tuple,
+    Union,
     cast,
 )
 
@@ -105,7 +107,7 @@ def __init__(self, *args):
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version
-LIBPATCH = 6
+LIBPATCH = 7
 
 PYDEPS = ["pydantic"]
 
@@ -921,3 +923,68 @@ def get_endpoint(
 
             return None
         return endpoint
+
+
+def charm_tracing_config(
+    endpoint_requirer: TracingEndpointRequirer, cert_path: Optional[Union[Path, str]]
+) -> Tuple[Optional[str], Optional[str]]:
+    """Utility function to determine the charm_tracing config you will likely want.
+
+    If no endpoint is provided:
+     disable charm tracing.
+    If https endpoint is provided but cert_path is not found on disk:
+     disable charm tracing.
+    If https endpoint is provided and cert_path is None:
+     ERROR
+    Else:
+     proceed with charm tracing (with or without tls, as appropriate)
+
+    Usage:
+      If you are using charm_tracing >= v1.9:
+    >>> from lib.charms.tempo_k8s.v1.charm_tracing import trace_charm
+    >>> from lib.charms.tempo_k8s.v2.tracing import charm_tracing_config
+    >>> @trace_charm(tracing_endpoint="my_endpoint", cert_path="cert_path")
+    >>> class MyCharm(...):
+    >>>     _cert_path = "/path/to/cert/on/charm/container.crt"
+    >>>     def __init__(self, ...):
+    >>>         self.tracing = TracingEndpointRequirer(...)
+    >>>         self.my_endpoint, self.cert_path = charm_tracing_config(
+    ...             self.tracing, self._cert_path)
+
+      If you are using charm_tracing < v1.9:
+    >>> from lib.charms.tempo_k8s.v1.charm_tracing import trace_charm
+    >>> from lib.charms.tempo_k8s.v2.tracing import charm_tracing_config
+    >>> @trace_charm(tracing_endpoint="my_endpoint", cert_path="cert_path")
+    >>> class MyCharm(...):
+    >>>     _cert_path = "/path/to/cert/on/charm/container.crt"
+    >>>     def __init__(self, ...):
+    >>>         self.tracing = TracingEndpointRequirer(...)
+    >>>         self._my_endpoint, self._cert_path = charm_tracing_config(
+    ...             self.tracing, self._cert_path)
+    >>>     @property
+    >>>     def my_endpoint(self):
+    >>>         return self._my_endpoint
+    >>>     @property
+    >>>     def cert_path(self):
+    >>>         return self._cert_path
+
+    """
+    if not endpoint_requirer.is_ready():
+        return None, None
+
+    endpoint = endpoint_requirer.get_endpoint("otlp_http")
+    if not endpoint:
+        return None, None
+
+    is_https = endpoint.startswith("https://")
+
+    if is_https:
+        if cert_path is None:
+            raise TracingError("Cannot send traces to an https endpoint without a certificate.")
+        elif not Path(cert_path).exists():
+            # if endpoint is https BUT we don't have a server_cert yet:
+            # disable charm tracing until we do to prevent tls errors
+            return None, None
+        return endpoint, str(cert_path)
+    else:
+        return endpoint, None