revert TLS changes + update TLS to show failures (#340)

## Issue Current TLS options result in the charm not being functional TLS tests pass even though the charm is not functional ## Solution Revert options Update TLS code to prevent the tests from succeeding when the charm is in-fact broken
canonical · Jan 23, 2024 · 3652eed · 3652eed
1 parent 36c0612
commit 3652eed
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/lib/charms/mongodb/v0/mongodb_tls.py b/lib/charms/mongodb/v0/mongodb_tls.py
@@ -13,6 +13,7 @@
 import socket
 from typing import List, Optional, Tuple
 
+from charms.mongodb.v0.mongodb import MongoDBConnection
 from charms.tls_certificates_interface.v1.tls_certificates import (
     CertificateAvailableEvent,
     CertificateExpiringEvent,
@@ -22,7 +23,7 @@
 )
 from ops.charm import ActionEvent, RelationBrokenEvent, RelationJoinedEvent
 from ops.framework import Object
-from ops.model import ActiveStatus, MaintenanceStatus, Unit
+from ops.model import ActiveStatus, MaintenanceStatus, Unit, WaitingStatus
 
 from config import Config
 
@@ -39,7 +40,7 @@
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version
-LIBPATCH = 6
+LIBPATCH = 7
 
 logger = logging.getLogger(__name__)
 
@@ -195,7 +196,12 @@ def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
         self.charm.push_tls_certificate_to_workload()
         self.charm.unit.status = MaintenanceStatus("enabling TLS")
         self.charm.restart_mongod_service()
-        self.charm.unit.status = ActiveStatus()
+
+        with MongoDBConnection(self.charm.mongodb_config) as mongo:
+            if not mongo.is_ready:
+                self.charm.unit.status = WaitingStatus("Waiting for MongoDB to start")
+            else:
+                self.charm.unit.status = ActiveStatus()
 
     def _waiting_for_certs(self):
         """Returns a boolean indicating whether additional certs are needed."""

diff --git a/lib/charms/mongodb/v1/helpers.py b/lib/charms/mongodb/v1/helpers.py
@@ -29,7 +29,7 @@
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version
-LIBPATCH = 2
+LIBPATCH = 3
 
 # path to store mongodb ketFile
 KEY_FILE = "keyFile"
@@ -174,7 +174,7 @@ def get_mongod_args(
                 f"--tlsCAFile={full_conf_dir}/{TLS_EXT_CA_FILE}",
                 f"--tlsCertificateKeyFile={full_conf_dir}/{TLS_EXT_PEM_FILE}",
                 # allow non-TLS connections
-                "--tlsMode=requireTLS",
+                "--tlsMode=preferTLS",
                 "--tlsDisabledProtocols=TLS1_0,TLS1_1",
             ]
         )
@@ -184,6 +184,7 @@ def get_mongod_args(
         cmd.extend(
             [
                 "--clusterAuthMode=x509",
+                "--tlsAllowInvalidCertificates",
                 f"--tlsClusterCAFile={full_conf_dir}/{TLS_INT_CA_FILE}",
                 f"--tlsClusterFile={full_conf_dir}/{TLS_INT_PEM_FILE}",
             ]