[DPE-9315] add user-provided private key by reneradoi · Pull Request #20 · canonical/valkey-operator

reneradoi · 2026-03-12T07:27:12Z

This PR adds functionality + tests for having a private key for client certificates provided by users. The private key is added as a user secret and the secret URI configured to the charm. If the provided private key is invalid or the charm has no access, the previously used private key will be maintained.

…al secret-change to be performed before checking password-update

…ation

…n PR

skourta

Amazing work @reneradoi. No concerns from my part. The implementation is identical to the one we have and hardened on etcd.

# Conflicts: # src/events/tls.py # src/managers/tls.py # src/statuses.py # tests/integration/tls/test_certificate_rotation.py # tests/unit/test_tls.py

Mehdi-Bendriss

Thanks René!

src/core/models.py

reneradoi added 13 commits March 5, 2026 18:18

WIP: certificate and CA rotation

d92de15

unit test coverage

23b7a77

separate integration test file

6fbafae

workflow fix, add integration test for CA rotation

ccdcdf7

fix workflow for single units

caf9618

add spread config for VM test

0392e34

unrelated: improve integration test stability by waiting for the actu…

bb7f9f8

…al secret-change to be performed before checking password-update

adjust idle time

1ea3d98

Merge remote-tracking branch 'origin/9/edge' into add-certificate-rot…

4882def

…ation

refactor certificate validity check

107aeeb

fix return value for adjusted cert validity check

c0fa894

add private key functionality + tests

dd01efc

improve access to peer relation data by porting change from scale-dow…

7f8455c

…n PR

reneradoi requested review from Mehdi-Bendriss and skourta March 12, 2026 09:56

skourta approved these changes Mar 12, 2026

View reviewed changes

Base automatically changed from add-certificate-rotation to 9/edge March 18, 2026 08:14

reneradoi added 6 commits March 18, 2026 09:59

Merge remote-tracking branch 'origin/9/edge' into add-private-key

db9e3f7

# Conflicts: # src/events/tls.py # src/managers/tls.py # src/statuses.py # tests/integration/tls/test_certificate_rotation.py # tests/unit/test_tls.py

updates after merging 9/edge

058ab2f

Merge remote-tracking branch 'origin/9/edge' into add-private-key

d9c9220

unrelated: fix wait statement in fast_forward loop

3554949

unrelated: fix timeout for disabling client TLS

6309230

revert earlier timing change on test_charm.py

8bb916b

Mehdi-Bendriss approved these changes Mar 19, 2026

View reviewed changes

src/core/models.py Outdated Show resolved Hide resolved

apply suggestion

8bea7f3

reneradoi merged commit 74a68ce into 9/edge Mar 20, 2026
13 of 17 checks passed

reneradoi deleted the add-private-key branch March 20, 2026 08:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[DPE-9315] add user-provided private key#20

[DPE-9315] add user-provided private key#20
reneradoi merged 20 commits into9/edgefrom
add-private-key

reneradoi commented Mar 12, 2026

Uh oh!

skourta left a comment

Uh oh!

Mehdi-Bendriss left a comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

reneradoi commented Mar 12, 2026

Uh oh!

skourta left a comment

Choose a reason for hiding this comment

Uh oh!

Mehdi-Bendriss left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants