canonical · dragomirp · May 26, 2026 · May 24, 2026 · May 24, 2026 · May 24, 2026
@@ -18,10 +18,9 @@ jinja2 = "^3.1.6"
 pysyncobj = "^0.3.15"
 psutil = "^7.2.2"
 charm-refresh = "^3.1.0.2"
-httpx = "^0.28.1"
 charmlibs-snap = "^1.0.1"
 charmlibs-interfaces-tls-certificates = "^1.8.1"
-postgresql-charms-single-kernel = "16.1.12"
+postgresql-charms-single-kernel = {extras = ["postgresql"], version="16.2.1"}
 
 [tool.poetry.group.charm-libs.dependencies]
 # data_platform_libs/v0/data_interfaces.py

@@ -27,6 +27,8 @@
 from ops.charm import ActionEvent, HookEvent
 from ops.framework import Object
 from ops.model import ActiveStatus, MaintenanceStatus
+from single_kernel_postgresql.config.literals import Substrates
+from single_kernel_postgresql.utils import render_file
 from tenacity import RetryError, Retrying, stop_after_attempt, wait_fixed
 
 from constants import (
@@ -46,7 +48,6 @@
     UNIT_SCOPE,
 )
 from relations.async_replication import REPLICATION_CONSUMER_RELATION, REPLICATION_OFFER_RELATION
-from utils import render_file
 
 logger = logging.getLogger(__name__)
 
@@ -1369,7 +1370,10 @@ def _render_pgbackrest_conf_file(self) -> bool:
 
         if self._tls_ca_chain_filename != "":
             render_file(
-                self._tls_ca_chain_filename, "\n".join(s3_parameters["tls-ca-chain"]), 0o644
+                Substrates.VM,
+                self._tls_ca_chain_filename,
+                "\n".join(s3_parameters["tls-ca-chain"]),
+                0o644,
             )
 
         with open("templates/pgbackrest.conf.j2") as file:
@@ -1395,12 +1399,14 @@ def _render_pgbackrest_conf_file(self) -> bool:
             process_max=max(self.charm.cpu_count - 2, 1),
         )
         # Render pgBackRest config file.
-        render_file(f"{PGBACKREST_CONF_PATH}/pgbackrest.conf", rendered, 0o640)
+        render_file(Substrates.VM, f"{PGBACKREST_CONF_PATH}/pgbackrest.conf", rendered, 0o640)
 
         # Render the logrotate configuration file.
         with open("templates/pgbackrest.logrotate.j2") as file:
             template = Template(file.read())
-        render_file(PGBACKREST_LOGROTATE_FILE, template.render(), 0o644, change_owner=False)
+        render_file(
+            Substrates.VM, PGBACKREST_LOGROTATE_FILE, template.render(), 0o644, change_owner=False
+        )
 
         return True
 

@@ -69,6 +69,7 @@
     Substrates,
 )
 from single_kernel_postgresql.events.tls_transfer import TLSTransfer
+from single_kernel_postgresql.utils import label2name, new_password, render_file
 from single_kernel_postgresql.utils.postgresql import (
     ACCESS_GROUP_IDENTITY,
     ACCESS_GROUPS,
@@ -140,7 +141,6 @@
 from relations.tls import TLS
 from relations.watcher import PostgreSQLWatcherRelation
 from rotate_logs import RotateLogs
-from utils import label2name, new_password, render_file
 
 logger = logging.getLogger(__name__)
 logging.getLogger("httpx").setLevel(logging.WARNING)
@@ -2290,22 +2290,25 @@ def push_tls_files_to_workload(self) -> bool:
         """Move TLS files to the PostgreSQL storage path and enable TLS."""
         key, ca, cert = self.tls.get_client_tls_files()
         if key is not None:
-            render_file(f"{PATRONI_CONF_PATH}/{TLS_KEY_FILE}", key, 0o600)
+            render_file(Substrates.VM, f"{PATRONI_CONF_PATH}/{TLS_KEY_FILE}", key, 0o600)
         if ca is not None:
-            render_file(f"{PATRONI_CONF_PATH}/{TLS_CA_FILE}", ca, 0o600)
+            render_file(Substrates.VM, f"{PATRONI_CONF_PATH}/{TLS_CA_FILE}", ca, 0o600)
         if cert is not None:
-            render_file(f"{PATRONI_CONF_PATH}/{TLS_CERT_FILE}", cert, 0o600)
+            render_file(Substrates.VM, f"{PATRONI_CONF_PATH}/{TLS_CERT_FILE}", cert, 0o600)
 
         key, ca, cert = self.tls.get_peer_tls_files()
         if key is not None:
-            render_file(f"{PATRONI_CONF_PATH}/peer_{TLS_KEY_FILE}", key, 0o600)
+            render_file(Substrates.VM, f"{PATRONI_CONF_PATH}/peer_{TLS_KEY_FILE}", key, 0o600)
         if ca is not None:
-            render_file(f"{PATRONI_CONF_PATH}/peer_{TLS_CA_FILE}", ca, 0o600)
+            render_file(Substrates.VM, f"{PATRONI_CONF_PATH}/peer_{TLS_CA_FILE}", ca, 0o600)
         if cert is not None:
-            render_file(f"{PATRONI_CONF_PATH}/peer_{TLS_CERT_FILE}", cert, 0o600)
+            render_file(Substrates.VM, f"{PATRONI_CONF_PATH}/peer_{TLS_CERT_FILE}", cert, 0o600)
 
         render_file(
-            f"{PATRONI_CONF_PATH}/{TLS_CA_BUNDLE_FILE}", self.tls.get_peer_ca_bundle(), 0o600
+            Substrates.VM,
+            f"{PATRONI_CONF_PATH}/{TLS_CA_BUNDLE_FILE}",
+            self.tls.get_peer_ca_bundle(),
+            0o600,
         )
 
         try:

@@ -26,10 +26,18 @@
 from pysyncobj.utility import TcpUtility, UtilityException
 from requests.auth import HTTPBasicAuth
 from single_kernel_postgresql.config.literals import (
+    API_REQUEST_TIMEOUT,
     PEER,
     POSTGRESQL_STORAGE_PERMISSIONS,
     REWIND_USER,
     USER,
+    Substrates,
+)
+from single_kernel_postgresql.utils import (
+    _change_owner,
+    label2name,
+    parallel_patroni_get_request,
+    render_file,
 )
 from tenacity import (
     Future,
@@ -44,7 +52,6 @@
 )
 
 from constants import (
-    API_REQUEST_TIMEOUT,
     PATRONI_CLUSTER_STATUS_ENDPOINT,
     PATRONI_CONF_PATH,
     PATRONI_LOGS_PATH,
@@ -57,7 +64,6 @@
     RAFT_PORT,
     TLS_CA_BUNDLE_FILE,
 )
-from utils import _change_owner, label2name, parallel_patroni_get_request, render_file
 
 logger = logging.getLogger(__name__)
 
@@ -221,7 +227,7 @@ def bootstrap_cluster(self) -> bool:
 
     def configure_patroni_on_unit(self):
         """Configure Patroni (configuration files and service) on the unit."""
-        _change_owner(POSTGRESQL_DATA_PATH)
+        _change_owner(Substrates.VM, POSTGRESQL_DATA_PATH)
 
         # Create empty base config
         open(PG_BASE_CONF_PATH, "a").close()
@@ -709,7 +715,7 @@ def render_patroni_yml_file(
             if self.charm.watcher_offer.is_active
             else None,
         )
-        render_file(f"{PATRONI_CONF_PATH}/patroni.yaml", rendered, 0o600)
+        render_file(Substrates.VM, f"{PATRONI_CONF_PATH}/patroni.yaml", rendered, 0o600)
 
     def start_patroni(self) -> bool:
         """Start Patroni service using snap.

@@ -12,7 +12,6 @@
 ALL_CLIENT_RELATIONS = [DATABASE]
 REPLICATION_CONSUMER_RELATION = "replication"
 REPLICATION_OFFER_RELATION = "replication-offer"
-API_REQUEST_TIMEOUT = 5
 PATRONI_CLUSTER_STATUS_ENDPOINT = "cluster"
 BACKUP_USER = "backup"
 TLS_KEY_FILE = "key.pem"

@@ -21,6 +21,7 @@
     RelationDepartedEvent,
 )
 from single_kernel_postgresql.config.literals import SYSTEM_USERS
+from single_kernel_postgresql.utils import label2name, new_password
 from single_kernel_postgresql.utils.postgresql import (
     ACCESS_GROUP_RELATION,
     ACCESS_GROUPS,
@@ -34,7 +35,6 @@
 )
 
 from constants import APP_SCOPE, DATABASE_MAPPING_LABEL, DATABASE_PORT, USERNAME_MAPPING_LABEL
-from utils import label2name, new_password
 
 logger = logging.getLogger(__name__)
 

@@ -27,6 +27,7 @@
     SecretNotFoundError,
 )
 from pysyncobj.utility import TcpUtility
+from single_kernel_postgresql.utils import new_password
 
 from constants import (
     RAFT_PARTNER_PREFIX,
@@ -39,7 +40,6 @@
     WATCHER_SECRET_LABEL,
     WATCHER_USER,
 )
-from utils import new_password
 
 if TYPE_CHECKING:
     from charm import PostgresqlOperatorCharm