feat!: add ingress_per_unit integration

BREAKING CHANGES: Updates the return type of the `ldap_url` property from `LdapIntegration` to `List[str]` from `str` to support retrieving multiple ingress urls for `glauth-k8s`. Ingress is required for glauth-k8s to be publicly addressable from outside Kubernetes. Does not change the `ldap` interface implementation as `url` was already provided as a list object within the `ldap` charm library, so it just moves the `List[str]` type casting in `provider_data`. Signed-off-by: Jason C. Nucciarone <[email protected]>
canonical · Dec 17, 2024 · cb2d8a0 · cb2d8a0
1 parent 0d7c063
commit cb2d8a0
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 6 deletions.
diff --git a/charmcraft.yaml b/charmcraft.yaml
@@ -28,6 +28,10 @@ requires:
     interface: postgresql_client
     optional: false
     limit: 1
+  ingress:
+    interface: ingress_per_unit
+    limit: 1
+    optional: true
   logging:
     interface: loki_push_api
     optional: true

diff --git a/src/charm.py b/src/charm.py
@@ -26,6 +26,7 @@
 from charms.observability_libs.v0.kubernetes_service_patch import KubernetesServicePatch
 from charms.observability_libs.v1.cert_handler import CertChanged
 from charms.prometheus_k8s.v0.prometheus_scrape import MetricsEndpointProvider
+from charms.traefik_k8s.v1.ingress_per_unit import IngressPerUnitRequirer
 from lightkube import Client
 from ops.charm import (
     CharmBase,
@@ -97,6 +98,13 @@ def __init__(self, *args: Any):
             extra_user_roles="SUPERUSER",
         )
 
+        self.ingress_per_unit = IngressPerUnitRequirer(
+            self,
+            "ingress",
+            port=GLAUTH_LDAP_PORT,
+            mode="tcp",
+        )
+
         self.ldap_provider = LdapProvider(self)
         self.framework.observe(
             self.ldap_provider.on.ldap_requested,

diff --git a/src/integrations.py b/src/integrations.py
@@ -8,7 +8,7 @@
 from contextlib import suppress
 from dataclasses import dataclass
 from secrets import token_hex
-from typing import Optional
+from typing import List, Optional
 
 from charms.certificate_transfer_interface.v0.certificate_transfer import (
     CertificateTransferProvides,
@@ -113,9 +113,12 @@ def load_bind_account_from_remote_ldap(self) -> None:
         )
 
     @property
-    def ldap_url(self) -> str:
-        hostname = self._charm.config.get("hostname") or socket.getfqdn()
-        return f"ldap://{hostname}:{GLAUTH_LDAP_PORT}"
+    def ldap_url(self) -> List[str]:
+        if ingress := self._charm.ingress_per_unit.urls:
+            return [f"ldap://{url}" for url in ingress.values()]
+        else:
+            url = self._charm.config.get("hostname") or socket.getfqdn()
+            return [f"ldap://{url}:{GLAUTH_LDAP_PORT}"]
 
     @property
     def base_dn(self) -> str:
@@ -128,7 +131,7 @@ def starttls_enabled(self) -> bool:
     @property
     def provider_base_data(self) -> LdapProviderBaseData:
         return LdapProviderBaseData(
-            urls=[self.ldap_url],
+            urls=self.ldap_url,
             base_dn=self.base_dn,
             starttls=self.starttls_enabled,
         )
@@ -139,7 +142,7 @@ def provider_data(self) -> Optional[LdapProviderData]:
             return None
 
         return LdapProviderData(
-            urls=[self.ldap_url],
+            urls=self.ldap_url,
             base_dn=self.base_dn,
             bind_dn=f"cn={self._bind_account.cn},ou={self._bind_account.ou},{self.base_dn}",
             bind_password=self._bind_account.password,