Catch SecretNotFoundError when privkey shouldn't be here (#48)

* Catch SecretNotFoundError when privkey shouldn't be here * Bring back if self.tls_available check from pre-refactor times * lint
canonical · Aug 14, 2024 · 08c5307 · 08c5307
1 parent abc2d62
commit 08c5307
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/cosl/coordinated_workers/coordinator.py b/src/cosl/coordinated_workers/coordinator.py
@@ -576,7 +576,11 @@ def update_cluster(self):
             # all arguments below are optional:
             ca_cert=self.cert_handler.ca_cert,
             server_cert=self.cert_handler.server_cert,
-            privkey_secret_id=self.cluster.grant_privkey(VAULT_SECRET_LABEL),
+            # FIXME tls_available check is due to fetching secret from vault. We should be generating a new secret.
+            # see https://github.com/canonical/cos-lib/issues/49 for full context
+            privkey_secret_id=(
+                self.cluster.grant_privkey(VAULT_SECRET_LABEL) if self.tls_available else None
+            ),
             tracing_receivers=(
                 self._tracing_receivers_getter() if self._tracing_receivers_getter else None
             ),