From 989a34e0e247fead688fbfbd5d0344d8661b1df7 Mon Sep 17 00:00:00 2001
From: Lucas Gameiro Borges <lucas.borges@canonical.com>
Date: Mon, 16 Dec 2024 14:34:24 +0000
Subject: [PATCH 1/2] add extra try-catch

---
 src/backups.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/backups.py b/src/backups.py
index f661458467..5c4646317d 100644
--- a/src/backups.py
+++ b/src/backups.py
@@ -18,7 +18,7 @@
 
 import boto3 as boto3
 import botocore
-from botocore.exceptions import ClientError
+from botocore.exceptions import ClientError, ParamValidationError
 from charms.data_platform_libs.v0.s3 import (
     CredentialsChangedEvent,
     S3Requirer,
@@ -290,7 +290,7 @@ def _create_bucket_if_not_exists(self) -> None:
 
                 bucket.wait_until_exists()
                 logger.info("Created bucket '%s' in region=%s", bucket_name, region)
-            except ClientError as error:
+            except (ClientError, ParamValidationError) as error:
                 logger.exception(
                     "Couldn't create bucket named '%s' in region=%s.", bucket_name, region
                 )
@@ -783,7 +783,7 @@ def _on_s3_credential_changed_primary(self, event: HookEvent) -> bool:
 
         try:
             self._create_bucket_if_not_exists()
-        except (ClientError, ValueError):
+        except (ClientError, ValueError, ParamValidationError):
             self._s3_initialization_set_failure(FAILED_TO_ACCESS_CREATE_BUCKET_ERROR_MESSAGE)
             return False
 

From 75f876793bfa56f54ab14d08c42177f8b205b86c Mon Sep 17 00:00:00 2001
From: Lucas Gameiro Borges <lucas.borges@canonical.com>
Date: Thu, 9 Jan 2025 13:39:27 +0000
Subject: [PATCH 2/2] fix missing tls-ca-chain case

---
 charmcraft.yaml | 1 +
 pyproject.toml  | 1 +
 src/backups.py  | 7 +++++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/charmcraft.yaml b/charmcraft.yaml
index e5e0208749..43ecd1d8e0 100644
--- a/charmcraft.yaml
+++ b/charmcraft.yaml
@@ -23,6 +23,7 @@ parts:
 
       # Convert subset of poetry.lock to requirements.txt
       curl -sSL https://install.python-poetry.org | python3 -
+      /root/.local/bin/poetry self add poetry-plugin-export
       /root/.local/bin/poetry export --only main,charm-libs --output requirements.txt
 
       craftctl default
diff --git a/pyproject.toml b/pyproject.toml
index d3dcbb0d3e..733d04983e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -3,6 +3,7 @@
 
 [tool.poetry]
 package-mode = false
+requires-poetry = ">=2.0.0"
 
 [tool.poetry.dependencies]
 python = "^3.10"
diff --git a/src/backups.py b/src/backups.py
index 5c4646317d..c6dd50e0a8 100644
--- a/src/backups.py
+++ b/src/backups.py
@@ -18,7 +18,7 @@
 
 import boto3 as boto3
 import botocore
-from botocore.exceptions import ClientError, ParamValidationError
+from botocore.exceptions import ClientError, ParamValidationError, SSLError
 from charms.data_platform_libs.v0.s3 import (
     CredentialsChangedEvent,
     S3Requirer,
@@ -284,6 +284,9 @@ def _create_bucket_if_not_exists(self) -> None:
         except ClientError:
             logger.warning("Bucket %s doesn't exist or you don't have access to it.", bucket_name)
             exists = False
+        except SSLError as e:
+            logger.error(f"error: {e!s} - Is TLS enabled and CA chain set on S3?")
+            raise e
         if not exists:
             try:
                 bucket.create(CreateBucketConfiguration={"LocationConstraint": region})
@@ -783,7 +786,7 @@ def _on_s3_credential_changed_primary(self, event: HookEvent) -> bool:
 
         try:
             self._create_bucket_if_not_exists()
-        except (ClientError, ValueError, ParamValidationError):
+        except (ClientError, ValueError, ParamValidationError, SSLError):
             self._s3_initialization_set_failure(FAILED_TO_ACCESS_CREATE_BUCKET_ERROR_MESSAGE)
             return False