Update issue and enhancement templates

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,6 +1,6 @@
 name: Bug Report
 description: File a bug report
-labels: ["Type: Bug", "Status: Triage"]
+labels: ["bug"]
 body:
   - type: markdown
     attributes:
@@ -16,6 +16,25 @@ body:
         If applicable, add screenshots to help explain the problem you are facing.
     validations:
       required: true
+  - type: dropdown
+    id: impact
+    attributes:
+      label: Impact
+      description: How severe is the business impact of this bug?
+      options:
+        - Low (minor issue or cosmetic problem)
+        - Medium (functionality degraded, workaround exists)
+        - High (major functionality broken, no workaround)
+        - Critical (system down, data loss, affecting deployment in production)
+    validations:
+      required: true
+  - type: textarea
+    id: impact-rationale
+    attributes:
+      label: Impact Rationale
+      description: >
+        If impact is high or critical, please provide the rationale behind your assessment, impacted
+        project reference and any relevant project deadline dates which will be affected by this bug.
   - type: textarea
     id: reproduction
     attributes:
@@ -46,12 +65,11 @@ body:
       description: >
         Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
         Fetch the logs using `juju debug-log --replay` and `kubectl logs ...`. Additional details available in the juju docs 
-        at https://juju.is/docs/olm/juju-logs
+        at https://documentation.ubuntu.com/juju/3.6/howto/manage-logs/#manage-logs
       render: shell
     validations:
       required: true
   - type: textarea
     id: additional-context
     attributes:
       label: Additional context
-

.github/ISSUE_TEMPLATE/enhancement_proposal.yml

@@ -1,6 +1,6 @@
 name: Enhancement Proposal
 description: File an enhancement proposal
-labels: ["Type: Enhancement", "Status: Triage"]
+labels: ["enhancement"]
 body:
   - type: markdown
     attributes:
@@ -15,3 +15,22 @@ body:
         Describe the enhancement you would like to see in as much detail as needed.      
     validations:
       required: true
+  - type: dropdown
+    id: impact
+    attributes:
+      label: Impact
+      description: What is the impact of this feature?
+      options:
+        - Low (The feature is nice to have)
+        - Medium (The feature may be helpful in the future)
+        - High (The feature has short-term technical value)
+        - Critical (The feature has big short-term business value)
+    validations:
+      required: true
+  - type: textarea
+    id: impact-rationale
+    attributes:
+      label: Impact Rationale
+      description: >
+        If impact is high or critical, please provide the rationale behind your assessment with as
+        much context as possible.

http-proxy-policy-operator/src/relay.py

@@ -2,6 +2,7 @@
 # See LICENSE file for licensing details.
 
 """HTTP proxy request relay."""
+
 import dataclasses
 import logging
 

http-proxy-policy-operator/tests/integration/any_charm.py

@@ -36,7 +36,7 @@ def provide_proxy(self, _) -> None:
             request = proxy_requests.get(requirer)
             auth = request.auth[0]
             if http_proxy.AUTH_METHOD_USERPASS in auth:
-                user = {"username": "test", "password": "test"}
+                user = {"username": "test", "password": "test"}  # nosec: hardcoded_password_string
             else:
                 user = None
             responses.add_or_replace(

http-proxy-policy-operator/tests/integration/conftest.py

@@ -2,6 +2,7 @@
 # See LICENSE file for licensing details.
 
 """Integration test charm fixtures."""
+
 import asyncio
 import json
 import os.path

http-proxy-policy-operator/tests/unit/test_charm.py

@@ -6,6 +6,7 @@
 # pylint: disable=protected-access,line-too-long
 
 import json
+import secrets
 import unittest.mock
 import uuid
 from typing import cast
@@ -121,7 +122,7 @@ def test_reply_requests(mock_policy):
             "database": "http-proxy-policy",
             "endpoints": "postgresql.test:5432",
             "username": "postgres",
-            "password": "postgres",
+            "password": secrets.token_hex(),
         },
     )
     mock_policy.HttpProxyPolicyClient.refresh.return_value = EXAMPLE_EVALUATED_REQUESTS
@@ -192,7 +193,9 @@ def test_relay_responses(mock_policy):
         },
     )
     mock_policy.HttpProxyPolicyClient.refresh.return_value = [EXAMPLE_EVALUATED_REQUESTS[0]]
-    backend_secret = ops.testing.Secret(tracked_content={"username": "test", "password": "test"})
+    backend_secret = ops.testing.Secret(
+        tracked_content={"username": "test", "password": secrets.token_hex()}
+    )
     backend_relation = ops.testing.Relation(
         endpoint="http-proxy-backend",
         remote_app_data={
@@ -216,7 +219,7 @@ def test_relay_responses(mock_policy):
             "database": "http-proxy-policy",
             "endpoints": "postgresql.test:5432",
             "username": "postgres",
-            "password": "postgres",
+            "password": secrets.token_hex(),
         },
     )
     state_in = ops.testing.State(
@@ -277,7 +280,7 @@ def test_invalid_requests(mock_policy):
             "database": "http-proxy-policy",
             "endpoints": "postgresql.test:5432",
             "username": "postgres",
-            "password": "postgres",
+            "password": secrets.token_hex(),
         },
     )
     backend_relation = ops.testing.Relation(
@@ -363,7 +366,7 @@ def test_unsupported_requests(mock_policy):  # pylint: disable=unused-argument
             "database": "http-proxy-policy",
             "endpoints": "postgresql.test:5432",
             "username": "postgres",
-            "password": "postgres",
+            "password": secrets.token_hex(),
         },
     )
     backend_relation = ops.testing.Relation(
@@ -422,7 +425,7 @@ def test_ignore_duplicate_requests(mock_policy):
             "database": "http-proxy-policy",
             "endpoints": "postgresql.test:5432",
             "username": "postgres",
-            "password": "postgres",
+            "password": secrets.token_hex(),
         },
     )
     backend_relation = ops.testing.Relation(
@@ -469,7 +472,9 @@ def test_cleanup_responses(mock_policy):
         },
     )
     mock_policy.HttpProxyPolicyClient.refresh.return_value = [EXAMPLE_EVALUATED_REQUESTS[0]]
-    backend_secret = ops.testing.Secret(tracked_content={"username": "test", "password": "test"})
+    backend_secret = ops.testing.Secret(
+        tracked_content={"username": "test", "password": secrets.token_hex()}
+    )
     backend_relation = ops.testing.Relation(
         endpoint="http-proxy-backend",
         local_app_data={
@@ -504,7 +509,7 @@ def test_cleanup_responses(mock_policy):
             "database": "http-proxy-policy",
             "endpoints": "postgresql.test:5432",
             "username": "postgres",
-            "password": "postgres",
+            "password": secrets.token_hex(),
         },
     )
     state_in = ops.testing.State(
@@ -547,7 +552,9 @@ def test_invalid_backend_response(mock_policy):
         },
     )
     mock_policy.HttpProxyPolicyClient.refresh.return_value = [EXAMPLE_EVALUATED_REQUESTS[0]]
-    backend_secret = ops.testing.Secret(tracked_content={"username": "test", "password": "test"})
+    backend_secret = ops.testing.Secret(
+        tracked_content={"username": "test", "password": secrets.token_hex()}
+    )
     backend_relation = ops.testing.Relation(
         endpoint="http-proxy-backend",
         remote_app_data={
@@ -560,7 +567,7 @@ def test_invalid_backend_response(mock_policy):
             "database": "http-proxy-policy",
             "endpoints": "postgresql.test:5432",
             "username": "postgres",
-            "password": "postgres",
+            "password": secrets.token_hex(),
         },
     )
     state_in = ops.testing.State(
@@ -611,7 +618,7 @@ def test_missing_backend_relation(mock_policy):
             "database": "http-proxy-policy",
             "endpoints": "postgresql.test:5432",
             "username": "postgres",
-            "password": "postgres",
+            "password": secrets.token_hex(),
         },
     )
     state_in = ops.testing.State(

squid-forward-proxy-operator/src/squid.py

@@ -122,17 +122,15 @@ def generate_config(specs: list[HttpProxySpec], http_port: int = 3128) -> str:
         Squid configuration.
     """
     buffer = [
-        textwrap.dedent(
-            f"""\
+        textwrap.dedent(f"""\
             http_port {http_port}
             logfile_rotate 10000
 
             auth_param basic program /usr/lib/squid/basic_ncsa_auth {_HTPASSWD_PATH}
             auth_param basic credentialsttl 60 seconds
 
             cache deny all
-            """
-        ),
+            """),
         *sorted(
             [
                 _generate_http_access_snippet(
@@ -141,15 +139,13 @@ def generate_config(specs: list[HttpProxySpec], http_port: int = 3128) -> str:
                 for spec in specs
             ]
         ),
-        textwrap.dedent(
-            """\
+        textwrap.dedent("""\
             access_log /var/log/squid/access.log squid
 
             http_access allow localhost manager
             http_access deny manager
             http_access deny all
-            """
-        ),
+            """),
     ]
     return "\n".join(buffer)
 
@@ -236,8 +232,7 @@ def install() -> None:  # pragma: nocover
     apt.add_package(
         ["squid", "libcrypt1", "prometheus-squid-exporter", "logrotate"], update_cache=True
     )
-    logrotate_config = textwrap.dedent(
-        """
+    logrotate_config = textwrap.dedent("""
         /var/log/squid/*.log {
             daily
             rotate 180
@@ -251,8 +246,7 @@ def install() -> None:  # pragma: nocover
                 test ! -e /run/squid.pid || test ! -x /usr/sbin/squid || /usr/sbin/squid -k rotate
             endscript
         }
-        """
-    )
+        """)
     _SQUID_LOGROTATE_CONFIG_PATH.write_text(logrotate_config, encoding="utf-8")
 
 
@@ -354,11 +348,9 @@ def update_config_and_passwd(
         if old_passwd != new_passwd:
             write_passwd(new_passwd)
         reload()
-    exporter_config = textwrap.dedent(
-        f"""
+    exporter_config = textwrap.dedent(f"""
         ARGS="-squid-port {http_port} -listen 127.0.0.1:9301"
-        """
-    )
+        """)
     if exporter_config != read_exporter_config():
         write_exporter_config(exporter_config)
         restart_exporter()

squid-forward-proxy-operator/tests/integration/conftest.py

@@ -2,6 +2,7 @@
 # See LICENSE file for licensing details.
 
 """Integration test charm fixtures."""
+
 import asyncio
 import json
 import os.path

squid-forward-proxy-operator/tests/unit/test_charm.py

@@ -44,8 +44,7 @@ def test_squid_charm_basic(mock_squid):
         relations=[integration, ops.testing.PeerRelation(endpoint="squid-peer")],
     )
     state_out = ctx.run(ctx.on.config_changed(), state_in)
-    assert mock_squid.read_config() == textwrap.dedent(
-        """\
+    assert mock_squid.read_config() == textwrap.dedent("""\
         http_port 3128
         logfile_rotate 10000
 
@@ -71,8 +70,7 @@ def test_squid_charm_basic(mock_squid):
         http_access allow localhost manager
         http_access deny manager
         http_access deny all
-        """  # noqa: E501 (line too long)
-    )
+        """)  # noqa: E501 (line too long)
     assert len(list(state_out.secrets)) == 1
     secret = [
         secret