diff --git a/lib/charms/postgresql_k8s/v0/postgresql.py b/lib/charms/postgresql_k8s/v0/postgresql.py index f2ceea76bb..f72a112a38 100644 --- a/lib/charms/postgresql_k8s/v0/postgresql.py +++ b/lib/charms/postgresql_k8s/v0/postgresql.py @@ -35,7 +35,7 @@ # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version -LIBPATCH = 53 +LIBPATCH = 52 # Groups to distinguish HBA access ACCESS_GROUP_IDENTITY = "identity_access" @@ -700,15 +700,22 @@ def list_valid_privileges_and_roles(self) -> Tuple[Set[str], Set[str]]: "superuser", }, {role[0] for role in cursor.fetchall() if role[0]} - def set_up_database(self) -> None: + def set_up_database(self, temp_location: Optional[str] = None) -> None: """Set up postgres database with the right permissions.""" connection = None + cursor = None try: - with self._connect_to_database() as connection, connection.cursor() as cursor: - cursor.execute("SELECT TRUE FROM pg_roles WHERE rolname='admin';") - if cursor.fetchone() is not None: - return + connection = self._connect_to_database() + cursor = connection.cursor() + if temp_location is not None: + cursor.execute("SELECT TRUE FROM pg_tablespace WHERE spcname='temp';") + if cursor.fetchone() is None: + cursor.execute(f"CREATE TABLESPACE temp LOCATION '{temp_location}';") + cursor.execute("GRANT CREATE ON TABLESPACE temp TO public;") + + cursor.execute("SELECT TRUE FROM pg_roles WHERE rolname='admin';") + if cursor.fetchone() is None: # Allow access to the postgres database only to the system users. cursor.execute("REVOKE ALL PRIVILEGES ON DATABASE postgres FROM PUBLIC;") cursor.execute("REVOKE CREATE ON SCHEMA public FROM PUBLIC;") @@ -727,6 +734,8 @@ def set_up_database(self) -> None: logger.error(f"Failed to set up databases: {e}") raise PostgreSQLDatabasesSetupError() from e finally: + if cursor is not None: + cursor.close() if connection is not None: connection.close() diff --git a/lib/charms/postgresql_k8s/v0/postgresql_tls.py b/lib/charms/postgresql_k8s/v0/postgresql_tls.py index 2aeaa52af6..9e79e881ef 100644 --- a/lib/charms/postgresql_k8s/v0/postgresql_tls.py +++ b/lib/charms/postgresql_k8s/v0/postgresql_tls.py @@ -23,7 +23,7 @@ import logging import re import socket -from typing import List, Optional +from typing import Iterator, List, Optional from charms.certificate_transfer_interface.v0.certificate_transfer import ( CertificateAvailableEvent as CertificateAddedEvent, @@ -55,7 +55,7 @@ # Increment this PATCH version before using `charmcraft publish-lib` or reset # to 0 if you are raising the major API version. -LIBPATCH = 14 +LIBPATCH = 15 logger = logging.getLogger(__name__) SCOPE = "unit" @@ -269,6 +269,17 @@ def is_ip_address(address: str) -> bool: "sans_dns": sans_dns, } + def get_ca_secret_names(self) -> Iterator[str]: + """Get a secret-name for each relation fulfilling the CA transfer interface. + + Returns: + Secret name for a CA transfer fulfilled interface. + """ + relations = self.charm.model.relations.get(TLS_TRANSFER_RELATION, []) + + for relation in relations: + yield f"ca-{relation.app.name}" + def get_tls_files(self) -> (Optional[str], Optional[str], Optional[str]): """Prepare TLS files in special PostgreSQL way.