Fetch-lib. Fix for #315

lib/charms/observability_libs/v0/cert_handler.py

@@ -37,22 +37,25 @@
 import json
 import socket
 from itertools import filterfalse
-from typing import List, Optional, Union
+from typing import List, Optional, Union, cast
 
 try:
-    from charms.tls_certificates_interface.v2.tls_certificates import (  # type: ignore
+    from charms.tls_certificates_interface.v3.tls_certificates import (  # type: ignore
         AllCertificatesInvalidatedEvent,
         CertificateAvailableEvent,
         CertificateExpiringEvent,
         CertificateInvalidatedEvent,
-        TLSCertificatesRequiresV2,
+        TLSCertificatesRequiresV3,
         generate_csr,
         generate_private_key,
     )
-except ImportError:
+except ImportError as e:
     raise ImportError(
-        "charms.tls_certificates_interface.v2.tls_certificates is missing; please get it through charmcraft fetch-lib"
-    )
+        "failed to import charms.tls_certificates_interface.v3.tls_certificates; "
+        "Either the library itself is missing (please get it through charmcraft fetch-lib) "
+        "or one of its dependencies is unmet."
+    ) from e
+
 import logging
 
 from ops.charm import CharmBase, RelationBrokenEvent
@@ -64,7 +67,7 @@
 
 LIBID = "b5cd5cd580f3428fa5f59a8876dcbe6a"
 LIBAPI = 0
-LIBPATCH = 9
+LIBPATCH = 12
 
 
 def is_ip_address(value: str) -> bool:
@@ -129,7 +132,7 @@ def __init__(
         self.peer_relation_name = peer_relation_name
         self.certificates_relation_name = certificates_relation_name
 
-        self.certificates = TLSCertificatesRequiresV2(self.charm, self.certificates_relation_name)
+        self.certificates = TLSCertificatesRequiresV3(self.charm, self.certificates_relation_name)
 
         self.framework.observe(
             self.charm.on.config_changed,
@@ -237,6 +240,13 @@ def _generate_csr(
 
         This method intentionally does not emit any events, leave it for caller's responsibility.
         """
+        # if we are in a relation-broken hook, we might not have a relation to publish the csr to.
+        if not self.charm.model.get_relation(self.certificates_relation_name):
+            logger.warning(
+                f"No {self.certificates_relation_name!r} relation found. " f"Cannot generate csr."
+            )
+            return
+
         # At this point, assuming "peer joined" and "certificates joined" have already fired
         # (caller must guard) so we must have a private_key entry in relation data at our disposal.
         # Otherwise, traceback -> debug.
@@ -279,7 +289,7 @@ def _generate_csr(
         if clear_cert:
             self._ca_cert = ""
             self._server_cert = ""
-            self._chain = []
+            self._chain = ""
 
     def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
         """Get the certificate from the event and store it in a peer relation.
@@ -301,7 +311,7 @@ def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
         if event_csr == self._csr:
             self._ca_cert = event.ca
             self._server_cert = event.certificate
-            self._chain = event.chain
+            self._chain = event.chain_as_pem()
             self.on.cert_changed.emit()  # pyright: ignore
 
     @property
@@ -372,21 +382,29 @@ def _server_cert(self, value: str):
         rel.data[self.charm.unit].update({"certificate": value})
 
     @property
-    def _chain(self) -> List[str]:
+    def _chain(self) -> str:
         if self._peer_relation:
-            if chain := self._peer_relation.data[self.charm.unit].get("chain", []):
-                return json.loads(chain)
-        return []
+            if chain := self._peer_relation.data[self.charm.unit].get("chain", ""):
+                chain = json.loads(chain)
+
+                # In a previous version of this lib, chain used to be a list.
+                # Convert the List[str] to str, per
+                # https://github.com/canonical/tls-certificates-interface/pull/141
+                if isinstance(chain, list):
+                    chain = "\n\n".join(reversed(chain))
+
+                return cast(str, chain)
+        return ""
 
     @_chain.setter
-    def _chain(self, value: List[str]):
+    def _chain(self, value: str):
         # Caller must guard. We want the setter to fail loudly. Failure must have a side effect.
         rel = self._peer_relation
         assert rel is not None  # For type checker
         rel.data[self.charm.unit].update({"chain": json.dumps(value)})
 
     @property
-    def chain(self) -> List[str]:
+    def chain(self) -> str:
         """Return the ca chain."""
         return self._chain
 

lib/charms/prometheus_k8s/v0/prometheus_scrape.py

@@ -362,7 +362,7 @@ def _on_scrape_targets_changed(self, event):
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version
-LIBPATCH = 44
+LIBPATCH = 46
 
 PYDEPS = ["cosl"]
 
@@ -521,8 +521,8 @@ def expand_wildcard_targets_into_individual_jobs(
                         # for such a target. Therefore labeling with Juju topology, excluding the
                         # unit name.
                         non_wildcard_static_config["labels"] = {
-                            **non_wildcard_static_config.get("labels", {}),
                             **topology.label_matcher_dict,
+                            **non_wildcard_static_config.get("labels", {}),
                         }
 
                     non_wildcard_static_configs.append(non_wildcard_static_config)
@@ -547,9 +547,9 @@ def expand_wildcard_targets_into_individual_jobs(
                         if topology:
                             # Add topology labels
                             modified_static_config["labels"] = {
-                                **modified_static_config.get("labels", {}),
                                 **topology.label_matcher_dict,
                                 **{"juju_unit": unit_name},
+                                **modified_static_config.get("labels", {}),
                             }
 
                             # Instance relabeling for topology should be last in order.
@@ -1537,12 +1537,11 @@ def set_scrape_job_spec(self, _=None):
             relation.data[self._charm.app]["scrape_metadata"] = json.dumps(self._scrape_metadata)
             relation.data[self._charm.app]["scrape_jobs"] = json.dumps(self._scrape_jobs)
 
-            if alert_rules_as_dict:
-                # Update relation data with the string representation of the rule file.
-                # Juju topology is already included in the "scrape_metadata" field above.
-                # The consumer side of the relation uses this information to name the rules file
-                # that is written to the filesystem.
-                relation.data[self._charm.app]["alert_rules"] = json.dumps(alert_rules_as_dict)
+            # Update relation data with the string representation of the rule file.
+            # Juju topology is already included in the "scrape_metadata" field above.
+            # The consumer side of the relation uses this information to name the rules file
+            # that is written to the filesystem.
+            relation.data[self._charm.app]["alert_rules"] = json.dumps(alert_rules_as_dict)
 
     def _set_unit_ip(self, _=None):
         """Set unit host address.

lib/charms/tempo_k8s/v2/tracing.py

@@ -104,7 +104,7 @@ def __init__(self, *args):
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version
-LIBPATCH = 2
+LIBPATCH = 3
 
 PYDEPS = ["pydantic"]
 
@@ -117,15 +117,13 @@ def __init__(self, *args):
     "zipkin",
     "kafka",
     "opencensus",
-    "tempo",  # legacy, renamed to tempo_http
     "tempo_http",
     "tempo_grpc",
     "otlp_grpc",
     "otlp_http",
-    "jaeger_grpc",
+    # "jaeger_grpc",
     "jaeger_thrift_compact",
     "jaeger_thrift_http",
-    "jaeger_http_thrift",  # legacy, renamed to jaeger_thrift_http
     "jaeger_thrift_binary",
 ]
 
@@ -302,11 +300,14 @@ class TracingProviderAppData(DatabagModel):  # noqa: D101
     """Application databag model for the tracing provider."""
 
     host: str
-    """Server hostname."""
+    """Server hostname (local fqdn)."""
 
     receivers: List[Receiver]
     """Enabled receivers and ports at which they are listening."""
 
+    external_url: Optional[str] = None
+    """Server url. If an ingress is present, it will be the ingress address."""
+
 
 class TracingRequirerAppData(DatabagModel):  # noqa: D101
     """Application databag model for the tracing requirer."""
@@ -492,13 +493,16 @@ def __init__(
         self,
         charm: CharmBase,
         host: str,
+        external_url: Optional[str] = None,
         relation_name: str = DEFAULT_RELATION_NAME,
     ):
         """Initialize.
 
         Args:
             charm: a `CharmBase` instance that manages this instance of the Tempo service.
             host: address of the node hosting the tempo server.
+            external_url: external address of the node hosting the tempo server,
+                if an ingress is present.
             relation_name: an optional string name of the relation between `charm`
                 and the Tempo charmed service. The default is "tracing".
 
@@ -519,6 +523,7 @@ def __init__(
         super().__init__(charm, relation_name + "tracing-provider-v2")
         self._charm = charm
         self._host = host
+        self._external_url = external_url
         self._relation_name = relation_name
         self.framework.observe(
             self._charm.on[relation_name].relation_joined, self._on_relation_event
@@ -585,6 +590,7 @@ def publish_receivers(self, receivers: Sequence[RawReceiver]):
             try:
                 TracingProviderAppData(
                     host=self._host,
+                    external_url=self._external_url,
                     receivers=[
                         Receiver(port=port, protocol=protocol) for protocol, port in receivers
                     ],
@@ -612,16 +618,17 @@ class EndpointRemovedEvent(RelationBrokenEvent):
 class EndpointChangedEvent(_AutoSnapshotEvent):
     """Event representing a change in one of the receiver endpoints."""
 
-    __args__ = ("host", "_ingesters")
+    __args__ = ("host", "external_url", "_receivers")
 
     if TYPE_CHECKING:
         host = ""  # type: str
-        _ingesters = []  # type: List[dict]
+        external_url = ""  # type: str
+        _receivers = []  # type: List[dict]
 
     @property
     def receivers(self) -> List[Receiver]:
         """Cast receivers back from dict."""
-        return [Receiver(**i) for i in self._ingesters]
+        return [Receiver(**i) for i in self._receivers]
 
 
 class TracingEndpointRequirerEvents(CharmEvents):
@@ -776,7 +783,9 @@ def _on_tracing_relation_changed(self, event):
             return
 
         data = TracingProviderAppData.load(relation.data[relation.app])
-        self.on.endpoint_changed.emit(relation, data.host, [i.dict() for i in data.receivers])  # type: ignore
+        self.on.endpoint_changed.emit(  # type: ignore
+            relation, data.host, data.external_url, [i.dict() for i in data.receivers]
+        )
 
     def _on_tracing_relation_broken(self, event: RelationBrokenEvent):
         """Notify the providers that the endpoint is broken."""
@@ -787,28 +796,43 @@ def get_all_endpoints(
         self, relation: Optional[Relation] = None
     ) -> Optional[TracingProviderAppData]:
         """Unmarshalled relation data."""
-        if not self.is_ready(relation or self._relation):
+        relation = relation or self._relation
+        if not self.is_ready(relation):
             return
         return TracingProviderAppData.load(relation.data[relation.app])  # type: ignore
 
     def _get_endpoint(
-        self, relation: Optional[Relation], protocol: ReceiverProtocol, ssl: bool = False
-    ):
-        ep = self.get_all_endpoints(relation)
-        if not ep:
+        self, relation: Optional[Relation], protocol: ReceiverProtocol
+    ) -> Optional[str]:
+        app_data = self.get_all_endpoints(relation)
+        if not app_data:
             return None
-        try:
-            receiver: Receiver = next(filter(lambda i: i.protocol == protocol, ep.receivers))
-            if receiver.protocol in ["otlp_grpc", "jaeger_grpc"]:
-                if ssl:
-                    logger.warning("unused ssl argument - was the right protocol called?")
-                return f"{ep.host}:{receiver.port}"
-            if ssl:
-                return f"https://{ep.host}:{receiver.port}"
-            return f"http://{ep.host}:{receiver.port}"
-        except StopIteration:
+        receivers: List[Receiver] = list(
+            filter(lambda i: i.protocol == protocol, app_data.receivers)
+        )
+        if not receivers:
             logger.error(f"no receiver found with protocol={protocol!r}")
-            return None
+            return
+        if len(receivers) > 1:
+            logger.error(
+                f"too many receivers with protocol={protocol!r}; using first one. Found: {receivers}"
+            )
+            return
+
+        receiver = receivers[0]
+        # if there's an external_url argument (v2.5+), use that. Otherwise, we use the tempo local fqdn
+        if app_data.external_url:
+            url = app_data.external_url
+        else:
+            # FIXME: if we don't get an external url but only a
+            #  hostname, we don't know what scheme we need to be using. ASSUME HTTP
+            url = f"http://{app_data.host}:{receiver.port}"
+
+        if receiver.protocol.endswith("grpc"):
+            # TCP protocols don't want an http/https scheme prefix
+            url = url.split("://")[1]
+
+        return url
 
     def get_endpoint(
         self, protocol: ReceiverProtocol, relation: Optional[Relation] = None