Skip to content

Commit

Permalink
Refresh secrets after charm is authorized
Browse files Browse the repository at this point in the history 
Ensure any pending secrets backend requests are processes after
the charm is authorized for access to vault.

Also guard execution of the configure_secrets_backend handler
to when secrets relations actually exists via inspection of the
secrets.connected flag.

Change-Id: Ic0cb7786f2c02334778b1e1bf77d649d4db8c474
  • Loading branch information
@javacruft
javacruft committed Apr 22, 2020
1 parent 52e5041 commit b0a28b3
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
1 change: 1 addition & 0 deletions src/actions/actions.py
View file
Expand Up @@ -44,6 +44,7 @@ def authorize_charm_action(*args):
action_config = hookenv.action_get()
role_id = vault.setup_charm_vault_access(action_config['token'])
hookenv.leader_set({vault.CHARM_ACCESS_ROLE_ID: role_id})
set_flag('secrets.refresh')


def refresh_secrets(*args):
Expand Down
3 changes: 2 additions & 1 deletion src/reactive/vault_handlers.py
View file
Expand Up @@ -407,7 +407,8 @@ def _check_vault_running():
set_flag('failed.to.start')


@when('leadership.is_leader')
@when('leadership.is_leader',
'secrets.connected')
@when_any('endpoint.secrets.new-request', 'secrets.refresh')
def configure_secrets_backend():
""" Process requests for setup and access to simple kv secret backends """
Expand Down

0 comments on commit b0a28b3

Please sign in to comment.