patch(DPE-9772): CI Green

.github/workflows/ci-quick.yaml

@@ -14,7 +14,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Install tox & poetry
@@ -37,6 +37,30 @@ jobs:
         run: |
           poetry run pre-commit run --all-files
 
+  check-pyproject-dynamic-versioning:
+    name: Poetry dynamic versioning check
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+      - name: Install deps
+        run: sudo snap install yq
+      - name: Check versioning
+        run: |
+          VERSION=$(yq -p toml -oy '.tool.poetry.version' ./pyproject.toml)
+          DYNAMIC_FIELDS=$(yq -p toml -oc '.project.dynamic'  ./pyproject.toml)
+          if [[ $VERSION != *"0.0.0"* ]]
+          then
+            exit 1
+          fi
+          if [[ $DYNAMIC_FIELDS != *"version"* ]]
+          then
+            exit 1
+          fi
+
   actionlint:
     name: Lint .github/workflows/
     runs-on: ubuntu-latest

single_kernel_mongo/managers/cluster.py

@@ -7,7 +7,7 @@
 
 import json
 from logging import getLogger
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, final
 
 from data_platform_helpers.advanced_statuses.models import StatusObject
 from ops.framework import Object
@@ -234,6 +234,7 @@ def update_ldap_user_to_dn_mapping(self) -> None:
             )
 
 
+@final
 class ClusterRequirer(Object):
     """Manage relations between the config server and mongos router on the mongos side."""
 
@@ -272,6 +273,7 @@ def assert_pass_hook_checks(self) -> None:
             raise DeferrableFailedHookChecksError(
                 "Mongos was waiting for config-server to enable TLS. Wait for TLS to be enabled until starting mongos."
             )
+
         if self.dependent.refresh_in_progress:
             logger.warning(
                 "Processing client applications is not supported during an upgrade. The charm may be in a broken, unrecoverable state."
@@ -309,6 +311,11 @@ def share_credentials_to_clients(self, username: str | None, password: str | Non
     def update_mongos_and_restart(self) -> None:
         """Start/restarts mongos with config server information."""
         self.assert_pass_hook_checks()
+
+        # Wait for
+        if not self.state.cluster.username or not self.state.cluster.password:
+            raise WaitingForSecretsError("Waiting for username and password.")
+
         key_file_contents = self.state.cluster.keyfile
         config_server_db_uri = self.state.cluster.config_server_uri
 
@@ -493,7 +500,7 @@ def is_client_ca_compatible(self) -> bool:
     def mongos_and_config_server_peer_tls_status(self) -> tuple[bool, bool]:
         """Returns the peer TLS integration status for mongos and config-server."""
         if self.state.mongos_cluster_relation:
-            mongos_has_tls = self.state.peer_tls_relation is not None
+            mongos_has_tls = self.state.tls.peer_enabled
             config_server_has_tls = self.state.cluster.internal_ca_secret is not None
             return mongos_has_tls, config_server_has_tls
 
@@ -502,7 +509,7 @@ def mongos_and_config_server_peer_tls_status(self) -> tuple[bool, bool]:
     def mongos_and_config_server_client_tls_status(self) -> tuple[bool, bool]:
         """Returns the client TLS integration status for mongos and config-server."""
         if self.state.mongos_cluster_relation:
-            mongos_has_tls = self.state.client_tls_relation is not None
+            mongos_has_tls = self.state.tls.client_enabled
             config_server_has_tls = self.state.cluster.external_ca_secret is not None
             return mongos_has_tls, config_server_has_tls
 

single_kernel_mongo/managers/config.py

@@ -657,13 +657,9 @@ def config_server_db_parameter(self) -> dict[str, Any]:
         """The config server DB parameter."""
         # In case we are integrated with a config-server, we need to provide
         # it's URI to mongos so it can configure_and_restart to it.
-        if uri := self.state.cluster.config_server_uri:
+        if uri := self.state.config_server_uri:
             return {"sharding": {"configDB": uri}}
-        return {
-            "sharding": {
-                "configDB": f"{self.state.app_peer_data.replica_set}/{self.state.unit_peer_data.internal_address}:{MongoPorts.MONGODB_PORT.value}"
-            }
-        }
+        return {}
 
     @property
     @override

single_kernel_mongo/state/charm_state.py

@@ -595,6 +595,15 @@ def config_server_name(self) -> str | None:
         )
         return None
 
+    @property
+    def config_server_uri(self) -> str | None:
+        """Gets the config-server URI for Mongos."""
+        if self.charm_role.name == CharmKind.MONGOS:
+            return self.cluster.config_server_uri
+        if not self.is_role(MongoDBRoles.CONFIG_SERVER):
+            return None
+        return f"{self.app_peer_data.replica_set}/{self.unit_peer_data.internal_address}:{MongoPorts.MONGODB_PORT.value}"
+
     def get_subject_name(self) -> str:
         """Generate the subject name for CSR."""
         # In sharded MongoDB deployments it is a requirement that all subject names match across

single_kernel_mongo/state/cluster_state.py

@@ -27,6 +27,8 @@ class ClusterStateKeys(str, Enum):
     EXT_CA_SECRET = "ext-ca-secret"
     LDAP_USER_TO_DN_MAPPING = "ldap-user-to-dn-mapping"
     LDAP_HASH = "ldap-hash"
+    USERNAME = "username"
+    PASSWORD = "password"
 
 
 class ClusterState(AbstractRelationState[Data]):
@@ -43,6 +45,16 @@ def config_server_uri(self) -> str:
         """Return config-server URI in the databag."""
         return self.relation_data.get(ClusterStateKeys.CONFIG_SERVER_DB.value, "")
 
+    @property
+    def username(self) -> str:
+        """Return config-server URI in the databag."""
+        return self.relation_data.get(ClusterStateKeys.USERNAME.value, "")
+
+    @property
+    def password(self) -> str:
+        """Return config-server URI in the databag."""
+        return self.relation_data.get(ClusterStateKeys.PASSWORD.value, "")
+
     @property
     def database(self) -> str:
         """Return database value in the databag."""

tests/integration/mongos/ldap/test_ldap.py

@@ -2,7 +2,6 @@
 # Copyright 2025 Canonical Ltd.
 # See LICENSE file for licensing details.
 
-from pathlib import Path
 
 import pytest
 from juju.model import Model
@@ -93,7 +92,11 @@ async def test_build_and_deploy_mongodb_cluster(
 
 @pytest.mark.abort_on_fail
 async def test_build_and_deploy_mongos(
-    ops_test: OpsTest, mongos_charm: Path, substrate: Substrate, mongod_resource, base_app_name
+    ops_test: OpsTest,
+    mongos_charm: str,
+    substrate: Substrate,
+    mongos_resource: dict[str, str],
+    base_app_name: str,
 ) -> None:
     """Deploys mongos and data integrator, and integrates both.
 
@@ -106,7 +109,7 @@ async def test_build_and_deploy_mongos(
             ops_test=ops_test,
             charm=mongos_charm,
             substrate=substrate,
-            mongod_resource=mongod_resource,
+            mongod_resource=mongos_resource,
             app_name=base_app_name,
             num_units=1,
             subordinate=(substrate == "lxd"),
@@ -135,11 +138,46 @@ async def test_build_and_deploy_mongos(
         subordinate=(substrate == "lxd"),
     )
 
+
+@pytest.mark.abort_on_fail
+async def test_config_server_only_integrated_with_mongos(ops_test: OpsTest, substrate: Substrate):
+    app_name = await get_app_name(ops_test, charm_name="mongos")
+
+    await ops_test.model.integrate(f"{LDAP_OFFER}:ldap", f"{CONFIG_SERVER_APP_NAME}:ldap")
+    await ops_test.model.integrate(
+        f"{LDAP_CERT_OFFER}:send-ca-cert", f"{CONFIG_SERVER_APP_NAME}:ldap-certificate-transfer"
+    )
+    await ops_test.model.wait_for_idle(
+        apps=[CONFIG_SERVER_APP_NAME, SHARD_ONE_APP_NAME, SHARD_TWO_APP_NAME],
+        idle_period=20,
+        status="active",
+    )
+
     # connect sharded cluster to mongos
     await ops_test.model.integrate(
         f"{app_name}:{CLUSTER_REL_NAME}",
         f"{CONFIG_SERVER_APP_NAME}:{CLUSTER_REL_NAME}",
     )
+    await ops_test.model.wait_for_idle(
+        apps=[CONFIG_SERVER_APP_NAME, SHARD_ONE_APP_NAME, SHARD_TWO_APP_NAME],
+        idle_period=20,
+        status="active",
+    )
+    await wait_for_mongodb_units_blocked(
+        ops_test,
+        substrate,
+        app_name,
+        status="mongos and config-server not integrated with the same ldap server.",
+        timeout=300,
+        subordinate=(substrate == "lxd"),
+    )
+    await ops_test.model.applications[CONFIG_SERVER_APP_NAME].remove_relation(
+        f"{LDAP_OFFER}:ldap", f"{CONFIG_SERVER_APP_NAME}:ldap"
+    )
+    await ops_test.model.applications[CONFIG_SERVER_APP_NAME].remove_relation(
+        f"{LDAP_CERT_OFFER}:send-ca-cert", f"{CONFIG_SERVER_APP_NAME}:ldap-certificate-transfer"
+    )
+
     await ops_test.model.wait_for_idle(
         apps=[CONFIG_SERVER_APP_NAME, SHARD_ONE_APP_NAME, SHARD_TWO_APP_NAME, app_name],
         idle_period=20,
@@ -250,10 +288,10 @@ async def test_teardown(ops_test: OpsTest, kubernetes_model: Model):
     await ops_test.model.applications[app_name].remove_relation(
         f"{LDAP_CERT_OFFER}:send-ca-cert", f"{app_name}:ldap-certificate-transfer"
     )
-    await ops_test.model.applications[app_name].remove_relation(
+    await ops_test.model.applications[CONFIG_SERVER_APP_NAME].remove_relation(
         f"{LDAP_OFFER}:ldap", f"{CONFIG_SERVER_APP_NAME}:ldap"
     )
-    await ops_test.model.applications[app_name].remove_relation(
+    await ops_test.model.applications[CONFIG_SERVER_APP_NAME].remove_relation(
         f"{LDAP_CERT_OFFER}:send-ca-cert", f"{CONFIG_SERVER_APP_NAME}:ldap-certificate-transfer"
     )
 

tests/spread/mongodb/lxd/test_encryption_invalid_scenario.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large
   # TODO: Enable this when we have a stable arm64 vault charm.
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large

tests/spread/mongodb/lxd/test_encryption_valid_scenario.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large
   # TODO: Enable this when we have a stable arm64 vault charm.
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large

tests/spread/mongodb/lxd/test_ldap.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - ubuntu-22.04
+  - self-hosted-linux-amd64-noble-large
   # TODO: Re-enable this when glauth charm supports arm64
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large

tests/spread/mongodb/lxd/test_major_upgrades.py/task.yaml

@@ -6,4 +6,4 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large

tests/spread/mongodb/lxd/test_sharding_ldap.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large
   # TODO: Re-enable this when glauth charm supports arm64
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large

tests/spread/mongodb/lxd/test_sharding_major_upgrades.py/task.yaml

@@ -6,4 +6,4 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large

tests/spread/mongodb/microk8s/test_encryption_invalid_scenario.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large
   # TODO: Enable this when we have a stable arm64 vault charm.
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large

tests/spread/mongodb/microk8s/test_encryption_valid_scenario.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large
   # TODO: Enable this when we have a stable arm64 vault charm.
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large

tests/spread/mongodb/microk8s/test_ldap.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - ubuntu-22.04
+  - self-hosted-linux-amd64-noble-large
   # TODO: Re-enable this when glauth charm supports arm64
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large

tests/spread/mongodb/microk8s/test_major_upgrades.py/task.yaml

@@ -6,4 +6,4 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large

tests/spread/mongodb/microk8s/test_sharding_ldap.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large
   # TODO: Re-enable this when glauth charm supports arm64
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large

tests/spread/mongodb/microk8s/test_sharding_major_upgrades.py/task.yaml

@@ -6,4 +6,4 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - self-hosted-linux-amd64-noble-medium
+  - self-hosted-linux-amd64-noble-large

tests/spread/mongos/lxd/test_ldap.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - ubuntu-22.04
+  - self-hosted-linux-amd64-noble-large
   # TODO: Re-enable this when glauth charm supports arm64
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large

tests/spread/mongos/microk8s/test_ldap.py/task.yaml

@@ -6,6 +6,6 @@ execute: |
 artifacts:
   - allure-results
 systems:
-  - ubuntu-22.04
+  - self-hosted-linux-amd64-noble-large
   # TODO: Re-enable this when glauth charm supports arm64
-  #- self-hosted-linux-arm64-noble-medium
+  #- self-hosted-linux-arm64-noble-large