[DPE-5484] Add TLS flag + TLS CA fields (#185)

* add tls and tls-ca * Update interfaces/postgresql_client/v0/README.md Co-authored-by: Tony Meyer <[email protected]> Signed-off-by: Lucas Gameiro <[email protected]> * chore: update saml and smtp interfaces maintainer (#197) update saml and smtp interface maintainer. * ci: dynamic matrix for interfaces test (#196) * ci: dynamic matrix for interfaces * chore: update job name and use jq --------- Signed-off-by: Tiexin Guo <[email protected]> * Update interfaces/postgresql_client/v0/schemas/provider.json Co-authored-by: Tony Meyer <[email protected]> Signed-off-by: Lucas Gameiro <[email protected]> --------- Signed-off-by: Lucas Gameiro <[email protected]> Signed-off-by: Tiexin Guo <[email protected]> Co-authored-by: Tony Meyer <[email protected]> Co-authored-by: Tiexin Guo <[email protected]> Co-authored-by: Tony Meyer <[email protected]>
canonical · Nov 18, 2024 · 733001b · 733001b
1 parent 632a3e2
commit 733001b
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/interfaces/postgresql_client/v0/README.md b/interfaces/postgresql_client/v0/README.md
@@ -35,6 +35,7 @@ If any side, Provider or Requirer doesn't support Juju Secrets, sensitive inform
 - Is expected to provide the `uris` field with the connection string, in libpq's URI format, which can be used for direct connection to the db.
 - Is expected to provide optional `read-only-endpoints` field with a comma-separated list of hosts or one Kubernetes Service, which can be used for Read-only queries.
 - Is expected to provide the `version` field whenever database charm wants to communicate its database version.
+- Is expected to provide the `tls` field flag, indicating whether the provider has TLS enabled or not.
 - Is expected to provide the CA chain in the `tls-ca` field of a Juju Secret, whenever the provider has TLS enabled (such as using the [TLS Certificates Operator](https://github.com/canonical/tls-certificates-operator)).
 - Is expected to share the TLS Juju Secret URI through the `secret-tls` field of the databag.
 - If the Requirer asks for additional secrets (via `requested-secrets`, see below) other than those stored in the `user` and `tls` secrets, Provider is expected to define a `secret-extra` field holding the URI of the Juju Secret containing all additional secret fields.

diff --git a/interfaces/postgresql_client/v0/schemas/provider.json b/interfaces/postgresql_client/v0/schemas/provider.json
@@ -102,6 +102,27 @@
             "examples": [
                 "ready"
             ]
+        },
+        "tls": {
+            "$id": "#/properties/tls",
+            "title": "TLS",
+            "description": "Flag that indicates whether TLS is being used by the PostgreSQL charm or not",
+            "type": "string",
+            "default": "",
+            "examples": [
+                "True",
+                "False"
+            ]
+        },
+        "tls-ca": {
+            "$id": "#/properties/tls-ca",
+            "title": "TLS CA",
+            "description": "The TLS CA chain of certificates, if TLS is set",
+            "type": "string",
+            "default": "",
+            "examples": [
+                "-----BEGIN CERTIFICATE-----\nabcdexample\n-----END CERTIFICATE-----"
+            ]
         }
     },
     "examples": [{