canonical
diff --git a/‎.github/workflows/ci.yaml‎
Lines changed: 74 additions & 1 deletion b/‎.github/workflows/ci.yaml‎
Lines changed: 74 additions & 1 deletion
diff --git a/‎lib/charms/data_platform_libs/v1/data_interfaces.py‎
Lines changed: 129 additions & 50 deletions b/‎lib/charms/data_platform_libs/v1/data_interfaces.py‎
Lines changed: 129 additions & 50 deletions
diff --git a/‎pyproject.toml‎
Lines changed: 1 addition & 1 deletion b/‎pyproject.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎requirements/v1/requirements.txt‎
Lines changed: 1 addition & 1 deletion b/‎requirements/v1/requirements.txt‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎tests/conftest.py‎ renamed to ‎tests/v0/conftest.py‎ b/‎tests/conftest.py‎ renamed to ‎tests/v0/conftest.py‎
@@ -40,6 +40,9 @@ jobs:
         juju-version:
           - libjuju-version: "2.9.49.1"
           - libjuju-version: "3.6.1.0"
+        exclude:
+          - libs-version: 1
+            juju-version: {libjuju-version: "2.9.49.1"}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -51,7 +54,7 @@ jobs:
         env:
           LIBJUJU_VERSION_SPECIFIER: "==${{ matrix.juju-version.libjuju-version }}"
 
-  integration-test:
+  integration-test-v0:
     strategy:
       fail-fast: false
       matrix:
@@ -155,3 +158,73 @@ jobs:
         with:
           app: data-platform-libs
           model: testing
+
+  integration-test-v1:
+    strategy:
+      fail-fast: false
+      matrix:
+        ubuntu-versions:
+          # Update whenever charmcraft.yaml is changed
+          - series: jammy 
+            bases-index: 0
+          - series: noble
+            bases-index: 1
+        tox-environments:
+          - integration-db-v1
+          - integration-opensearch-v1
+          - integration-kafka-v1
+          - integration-kafka-connect-v1
+          - integration-backward-compatibility-v1
+        juju-version:
+          - juju-bootstrap-option: "3.6.1"
+            juju-snap-channel: "3.6/stable"
+            libjuju-version: "3.6.1.0"
+    name: V1 -- ${{ matrix.tox-environments }} Juju ${{ matrix.juju-version.juju-snap-channel}} -- ${{ matrix.ubuntu-versions.series }}
+    needs:
+      - lint
+      - unit-test
+    runs-on: ubuntu-latest
+    timeout-minutes: 120
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup operator environment
+        # TODO: Replace with custom image on self-hosted runner
+        uses: charmed-kubernetes/actions-operator@main
+        with:
+          provider: microk8s
+          channel: "1.27-strict/stable"
+          bootstrap-options: "--agent-version ${{ matrix.juju-version.juju-bootstrap-option }}"
+          juju-channel: ${{ matrix.juju-version.juju-snap-channel }}
+          charmcraft-channel: "3.x/stable"
+      - name: Download packed charm(s)
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ needs.build.outputs.artifact-name }}
+      - name: Select tests
+        id: select-tests
+        run: |
+          if [ "${{ github.event_name }}" == "schedule" ]
+          then
+            echo Running unstable and stable tests
+            echo "mark_expression=" >> $GITHUB_OUTPUT
+          else
+            echo Skipping unstable tests
+            echo "mark_expression=not unstable" >> $GITHUB_OUTPUT
+          fi
+      - name: Run integration tests
+        # set a predictable model name so it can be consumed by charm-logdump-action
+        run: tox run -e ${{ matrix.tox-environments }} -- -m '${{ steps.select-tests.outputs.mark_expression }}' --model testing  --os-series=${{ matrix.ubuntu-versions.series }} --build-bases-index=${{ matrix.ubuntu-versions.bases-index }}
+        env:
+          CI_PACKED_CHARMS: ${{ needs.build.outputs.charms }}
+          LIBJUJU_VERSION_SPECIFIER: "==${{ matrix.juju-version.libjuju-version }}"
+          WEBSOCKETS_VERSION_SPECIFIER: ${{ env.WEBSOCKETS_VERSION_SPECIFIER }}
+      - name: Print debug-log
+        if: failure()
+        run: juju switch testing; juju debug-log --replay --no-tail
+      - name: Dump logs
+        uses: canonical/charm-logdump-action@main
+        if: failure()
+        with:
+          app: data-platform-libs
+          model: testing
@@ -170,7 +170,7 @@ def _on_cluster1_resource_created(self, event: ResourceCreatedEvent) -> None:
 
         # Create configuration file for app
         config_file = self._render_app_config_file(
-            event.respones.username,
+            event.response.username,
             event.response.password,
             event.response.endpoints,
         )
@@ -286,6 +286,11 @@ def _on_database_requested(self, event: DatabaseRequestedEvent) -> None:
 from pydantic_core import CoreSchema, core_schema
 from typing_extensions import TypeAliasType, override
 
+try:
+    import psycopg
+except ImportError:
+    psycopg = None
+
 # The unique Charmhub library identifier, never change it
 LIBID = "6c3e6b6680d64e9c89e611d1a15f65be"
 
@@ -693,31 +698,36 @@ def serialize_model(self, handler: SerializerFunctionWrapHandler, info: Serializ
                 if not secret_group:
                     raise SecretsUnavailableError(field)
 
-                if (value := getattr(self, field)) is None:
-                    continue
-
                 aliased_field = field_info.serialization_alias or field
                 secret = repository.get_secret(secret_group, secret_uri=None)
+
+                value = getattr(self, field)
+
                 actual_value = (
                     value.get_secret_value() if issubclass(value.__class__, _SecretBase) else value
                 )
-                if not isinstance(actual_value, str):
-                    actual_value = json.dumps(actual_value)
 
-                if secret:
-                    content = secret.get_content()
-                    full_content = copy.deepcopy(content)
-                    full_content.update({aliased_field: actual_value})
-                    secret.set_content(full_content)
-                else:
-                    secret = repository.add_secret(
-                        aliased_field,
-                        actual_value,
-                        secret_group,
-                    )
-                    if not secret or not secret.meta:
-                        raise SecretError("No secret to send back")
+                if secret is None:
+                    if actual_value:
+                        secret = repository.add_secret(
+                            aliased_field,
+                            actual_value,
+                            secret_group,
+                        )
+                        if not secret or not secret.meta:
+                            raise SecretError("No secret to send back")
+                    continue
 
+                content = secret.get_content()
+                full_content = copy.deepcopy(content)
+
+                if actual_value is None:
+                    full_content.pop(field, None)
+                else:
+                    if not isinstance(actual_value, str):
+                        actual_value = json.dumps(actual_value)
+                    full_content.update({aliased_field: actual_value})
+                secret.set_content(full_content)
         return handler(self)
 
 
@@ -783,6 +793,7 @@ def extract_secrets(self, info: ValidationInfo):
     @model_serializer(mode="wrap")
     def serialize_model(self, handler: SerializerFunctionWrapHandler, info: SerializationInfo):
         """Serializes the model writing the secrets in their respective secrets."""
+        _encountered_secrets: set[tuple[CachedSecret, str]] = set()
         if not info.context or not isinstance(info.context.get("repository"), AbstractRepository):
             logger.debug("No secret parsing serialization as we're lacking context here.")
             return handler(self)
@@ -797,8 +808,6 @@ def serialize_model(self, handler: SerializerFunctionWrapHandler, info: Serializ
                 secret_group = field_info.metadata[0]
                 if not secret_group:
                     raise SecretsUnavailableError(field)
-                if (value := getattr(self, field)) is None:
-                    continue
                 aliased_field = field_info.serialization_alias or field
                 secret_field = repository.secret_field(secret_group, aliased_field).replace(
                     "-", "_"
@@ -807,24 +816,41 @@ def serialize_model(self, handler: SerializerFunctionWrapHandler, info: Serializ
                 secret = repository.get_secret(
                     secret_group, secret_uri=secret_uri, short_uuid=short_uuid
                 )
+
+                value = getattr(self, field)
+
                 actual_value = (
                     value.get_secret_value() if issubclass(value.__class__, _SecretBase) else value
                 )
-                if not isinstance(actual_value, str):
-                    actual_value = json.dumps(actual_value)
 
-                if secret:
-                    content = secret.get_content()
-                    full_content = copy.deepcopy(content)
-                    full_content.update({aliased_field: actual_value})
-                    secret.set_content(full_content)
+                if secret is None:
+                    if actual_value:
+                        secret = repository.add_secret(
+                            aliased_field, actual_value, secret_group, short_uuid
+                        )
+                        if not secret or not secret.meta:
+                            raise SecretError("No secret to send back")
+                        setattr(self, secret_field, secret.meta.id)
+                    continue
+
+                content = secret.get_content()
+                full_content = copy.deepcopy(content)
+
+                if actual_value is None:
+                    full_content.pop(field, None)
+                    _encountered_secrets.add((secret, secret_field))
                 else:
-                    secret = repository.add_secret(
-                        aliased_field, actual_value, secret_group, short_uuid
-                    )
-                    if not secret or not secret.meta:
-                        raise SecretError("No secret to send back")
-                    setattr(self, secret_field, secret.meta.id)
+                    if not isinstance(actual_value, str):
+                        actual_value = json.dumps(actual_value)
+                    full_content.update({aliased_field: actual_value})
+                secret.set_content(full_content)
+
+        # Delete all empty secrets and clean up their fields.
+        for secret, secret_field in _encountered_secrets:
+            if not secret.get_content():
+                # Setting a field to '' deletes it
+                setattr(self, secret_field, "")
+                repository.delete_secret(secret.label)
 
         return handler(self)
 
@@ -1044,7 +1070,7 @@ def write_fields(self, mapping: dict[str, Any]) -> None:
         ...
 
     def write_secret_field(
-        self, field: str, value: Any, group: SecretGroup, uri_to_databag: bool = False
+        self, field: str, value: Any, group: SecretGroup
     ) -> CachedSecret | None:
         """Writes a secret field."""
         ...
@@ -1060,6 +1086,11 @@ def add_secret(
         """Gets a value for a field stored in a secret group."""
         ...
 
+    @abstractmethod
+    def delete_secret(self, label: str):
+        """Deletes a secret by its label."""
+        ...
+
     @abstractmethod
     def delete_field(self, field: str) -> None:
         """Deletes a field."""
@@ -1390,6 +1421,11 @@ def add_secret(
 
         return secret
 
+    @override
+    @ensure_leader_for_app
+    def delete_secret(self, label: str) -> None:
+        self.secrets.remove(label)
+
 
 @final
 class OpsRelationRepository(OpsRepository):
@@ -1841,13 +1877,11 @@ class ResourceProvidesEvents(CharmEvents, Generic[TRequirerCommonModel]):
     This class defines the events that the database can emit.
     """
 
-    bulk_resources_requested = EventSource(BulkResourcesRequestedEvent[TRequirerCommonModel])
-    resource_requested = EventSource(ResourceRequestedEvent[TRequirerCommonModel])
-    resource_entity_requested = EventSource(ResourceEntityRequestedEvent[TRequirerCommonModel])
-    resource_entity_permissions_changed = EventSource(
-        ResourceEntityPermissionsChangedEvent[TRequirerCommonModel]
-    )
-    mtls_cert_updated = EventSource(MtlsCertUpdatedEvent[TRequirerCommonModel])
+    bulk_resources_requested = EventSource(BulkResourcesRequestedEvent)
+    resource_requested = EventSource(ResourceRequestedEvent)
+    resource_entity_requested = EventSource(ResourceEntityRequestedEvent)
+    resource_entity_permissions_changed = EventSource(ResourceEntityPermissionsChangedEvent)
+    mtls_cert_updated = EventSource(MtlsCertUpdatedEvent)
 
 
 class ResourceRequirerEvent(EventBase, Generic[TResourceProviderModel]):
@@ -1934,12 +1968,10 @@ class ResourceRequiresEvents(CharmEvents, Generic[TResourceProviderModel]):
     This class defines the events that the database can emit.
     """
 
-    resource_created = EventSource(ResourceCreatedEvent[TResourceProviderModel])
-    resource_entity_created = EventSource(ResourceEntityCreatedEvent[TResourceProviderModel])
-    endpoints_changed = EventSource(ResourceEndpointsChangedEvent[TResourceProviderModel])
-    read_only_endpoints_changed = EventSource(
-        ResourceReadOnlyEndpointsChangedEvent[TResourceProviderModel]
-    )
+    resource_created = EventSource(ResourceCreatedEvent)
+    resource_entity_created = EventSource(ResourceEntityCreatedEvent)
+    endpoints_changed = EventSource(ResourceEndpointsChangedEvent)
+    read_only_endpoints_changed = EventSource(ResourceReadOnlyEndpointsChangedEvent)
 
 
 ##############################################################################
@@ -2027,7 +2059,6 @@ def compute_diff(
         new_data = request.model_dump(
             mode="json",
             exclude={"data"},
-            context={"repository": repository},
             exclude_none=True,
             exclude_defaults=True,
         )
@@ -2154,7 +2185,7 @@ def _handle_bulk_event(
         This allows for the developer to process the diff and store it themselves
         """
         for request in request_model.requests:
-            # Compute the diff withtout storing it so we can validate the diffs.
+            # Compute the diff without storing it so we can validate the diffs.
             _diff = self.compute_diff(event.relation, request, repository, store=False)
             self._validate_diff(event, _diff)
 
@@ -2435,6 +2466,54 @@ def are_all_resources_created(self, rel_id: int) -> bool:
             if request.request_id
         )
 
+    @staticmethod
+    def _is_pg_plugin_enabled(plugin: str, connection_string: str) -> bool:
+        # Actual checking method.
+        # No need to check for psycopg here, it's been checked before.
+        if not psycopg:
+            return False
+
+        try:
+            with psycopg.connect(connection_string) as connection:
+                with connection.cursor() as cursor:
+                    cursor.execute(
+                        "SELECT TRUE FROM pg_extension WHERE extname=%s::text;", (plugin,)
+                    )
+                    return cursor.fetchone() is not None
+        except psycopg.Error as e:
+            logger.exception(
+                f"failed to check whether {plugin} plugin is enabled in the database: %s",
+                str(e),
+            )
+            return False
+
+    def is_postgresql_plugin_enabled(self, plugin: str, relation_id: int = 0) -> bool:
+        """Returns whether a plugin is enabled in the database.
+
+        Args:
+            plugin: name of the plugin to check.
+            relation_id: Optional index to check the database (default: 0 - first relation).
+        """
+        if not psycopg:
+            return False
+
+        # Can't check a non existing relation.
+        if len(self.relations) <= relation_id:
+            return False
+
+        relation_id = self.relations[relation_id].id
+        model = self.interface.build_model(relation_id=relation_id)
+        for request in model.requests:
+            if request.endpoints and request.username and request.password:
+                host = request.endpoints.split(":")[0]
+                username = request.username.get_secret_value()
+                password = request.password.get_secret_value()
+
+                connection_string = f"host='{host}' dbname='{request.resource}' user='{username}' password='{password}'"
+                return self._is_pg_plugin_enabled(plugin, connection_string)
+        logger.info("No valid request to use to check for plugin.")
+        return False
+
     ##############################################################################
     # Helpers for aliases
     ##############################################################################
 
@@ -66,7 +66,7 @@ ignore = ["E501", "D107"]
 per-file-ignores = {"tests/*" = ["D100","D101","D102","D103","D104", "E999"]}
 
 [tool.ruff.lint.mccabe]
-max-complexity = 12
+max-complexity = 13
 
 [tool.pyright]
 include = ["src", "lib"]
 
@@ -1,2 +1,2 @@
 ops >= 2.1.1
-pydantic>=2,<3
+pydantic>=2.11,<3
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`ops >= 2.1.1`
`2`		`-pydantic>=2,<3`
	`2`	`+pydantic>=2.11,<3`