Fix list of SANs and pg_rewind test

lib/charms/postgresql_k8s/v0/postgresql_tls.py

@@ -44,7 +44,7 @@
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version.
-LIBPATCH = 2
+LIBPATCH = 3
 
 logger = logging.getLogger(__name__)
 SCOPE = "unit"
@@ -167,6 +167,7 @@ def _get_sans(self) -> List[str]:
         unit_id = self.charm.unit.name.split("/")[1]
         return [
             f"{self.charm.app.name}-{unit_id}",
+            self.charm.get_hostname_by_unit(self.charm.unit.name),
             socket.getfqdn(),
             str(self.charm.model.get_binding(self.peer_relation).network.bind_address),
         ]

tests/integration/test_tls.py

@@ -3,6 +3,7 @@
 # See LICENSE file for licensing details.
 import pytest as pytest
 from pytest_operator.plugin import OpsTest
+from tenacity import Retrying, stop_after_delay, wait_exponential
 
 from tests.helpers import METADATA
 from tests.integration.helpers import (
@@ -13,10 +14,13 @@
     check_tls_patroni_api,
     deploy_and_relate_application_with_postgresql,
     enable_connections_logging,
+    get_password,
     get_primary,
+    get_unit_address,
     primary_changed,
     run_command_on_unit,
 )
+from tests.integration.test_charm import db_connect
 
 MATTERMOST_APP_NAME = "mattermost"
 TLS_CERTIFICATES_APP_NAME = "tls-certificates-operator"
@@ -70,12 +74,38 @@ async def test_mattermost_db(ops_test: OpsTest) -> None:
         # being used in a later step.
         await enable_connections_logging(ops_test, primary)
 
-        # Promote the replica to primary.
-        await run_command_on_unit(
-            ops_test,
-            replica,
-            'su postgres -c "/usr/lib/postgresql/14/bin/pg_ctl -D /var/lib/postgresql/data/pgdata promote"',
-        )
+        for attempt in Retrying(
+            stop=stop_after_delay(60), wait=wait_exponential(multiplier=1, min=2, max=30)
+        ):
+            with attempt:
+                # Promote the replica to primary.
+                await run_command_on_unit(
+                    ops_test,
+                    replica,
+                    'su postgres -c "/usr/lib/postgresql/14/bin/pg_ctl -D /var/lib/postgresql/data/pgdata promote"',
+                )
+
+                # Check that the replica was promoted.
+                host = await get_unit_address(ops_test, replica)
+                password = await get_password(ops_test)
+                with db_connect(host, password) as connection, connection.cursor() as cursor:
+                    cursor.execute("SELECT pg_is_in_recovery();")
+                    in_recovery = cursor.fetchone()[0]
+                    assert (
+                        not in_recovery
+                    )  # If the instance is not in recovery mode anymore it was successfully promoted.
+                connection.close()
+
+        # Write some data to the initial primary (this causes a divergence
+        # in the instances' timelines).
+        host = await get_unit_address(ops_test, primary)
+        password = await get_password(ops_test)
+        with db_connect(host, password) as connection:
+            connection.autocommit = True
+            with connection.cursor() as cursor:
+                cursor.execute("CREATE TABLE pgrewindtest (testcol INT);")
+                cursor.execute("INSERT INTO pgrewindtest SELECT generate_series(1,1000);")
+        connection.close()
 
         # Stop the initial primary.
         await run_command_on_unit(ops_test, primary, "/charm/bin/pebble stop postgresql")

tests/unit/test_postgresql_tls.py

@@ -185,7 +185,15 @@ def test_on_certificate_expiring(self, _request_certificate_renewal):
     @patch_network_get(private_address="1.1.1.1")
     def test_get_sans(self):
         sans = self.charm.tls._get_sans()
-        self.assertEqual(sans, ["postgresql-k8s-0", socket.getfqdn(), "1.1.1.1"])
+        self.assertEqual(
+            sans,
+            [
+                "postgresql-k8s-0",
+                "postgresql-k8s-0.postgresql-k8s-endpoints",
+                socket.getfqdn(),
+                "1.1.1.1",
+            ],
+        )
 
     def test_get_tls_extensions(self):
         extensions = self.charm.tls._get_tls_extensions()