From 733001b0753466fefed16541b42765adff393f0c Mon Sep 17 00:00:00 2001 From: Lucas Gameiro Date: Mon, 18 Nov 2024 18:14:31 -0300 Subject: [PATCH] [DPE-5484] Add TLS flag + TLS CA fields (#185) * add tls and tls-ca * Update interfaces/postgresql_client/v0/README.md Co-authored-by: Tony Meyer Signed-off-by: Lucas Gameiro * chore: update saml and smtp interfaces maintainer (#197) update saml and smtp interface maintainer. * ci: dynamic matrix for interfaces test (#196) * ci: dynamic matrix for interfaces * chore: update job name and use jq --------- Signed-off-by: Tiexin Guo * Update interfaces/postgresql_client/v0/schemas/provider.json Co-authored-by: Tony Meyer Signed-off-by: Lucas Gameiro --------- Signed-off-by: Lucas Gameiro Signed-off-by: Tiexin Guo Co-authored-by: Tony Meyer Co-authored-by: Tiexin Guo Co-authored-by: Tony Meyer --- interfaces/postgresql_client/v0/README.md | 1 + .../v0/schemas/provider.json | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/interfaces/postgresql_client/v0/README.md b/interfaces/postgresql_client/v0/README.md index ab4c71a1..5c590e34 100644 --- a/interfaces/postgresql_client/v0/README.md +++ b/interfaces/postgresql_client/v0/README.md @@ -35,6 +35,7 @@ If any side, Provider or Requirer doesn't support Juju Secrets, sensitive inform - Is expected to provide the `uris` field with the connection string, in libpq's URI format, which can be used for direct connection to the db. - Is expected to provide optional `read-only-endpoints` field with a comma-separated list of hosts or one Kubernetes Service, which can be used for Read-only queries. - Is expected to provide the `version` field whenever database charm wants to communicate its database version. +- Is expected to provide the `tls` field flag, indicating whether the provider has TLS enabled or not. - Is expected to provide the CA chain in the `tls-ca` field of a Juju Secret, whenever the provider has TLS enabled (such as using the [TLS Certificates Operator](https://github.com/canonical/tls-certificates-operator)). - Is expected to share the TLS Juju Secret URI through the `secret-tls` field of the databag. - If the Requirer asks for additional secrets (via `requested-secrets`, see below) other than those stored in the `user` and `tls` secrets, Provider is expected to define a `secret-extra` field holding the URI of the Juju Secret containing all additional secret fields. diff --git a/interfaces/postgresql_client/v0/schemas/provider.json b/interfaces/postgresql_client/v0/schemas/provider.json index de5f51c6..456902fe 100644 --- a/interfaces/postgresql_client/v0/schemas/provider.json +++ b/interfaces/postgresql_client/v0/schemas/provider.json @@ -102,6 +102,27 @@ "examples": [ "ready" ] + }, + "tls": { + "$id": "#/properties/tls", + "title": "TLS", + "description": "Flag that indicates whether TLS is being used by the PostgreSQL charm or not", + "type": "string", + "default": "", + "examples": [ + "True", + "False" + ] + }, + "tls-ca": { + "$id": "#/properties/tls-ca", + "title": "TLS CA", + "description": "The TLS CA chain of certificates, if TLS is set", + "type": "string", + "default": "", + "examples": [ + "-----BEGIN CERTIFICATE-----\nabcdexample\n-----END CERTIFICATE-----" + ] } }, "examples": [{