From 08c5307320cc0be55c471c18eb5d95a4c8051816 Mon Sep 17 00:00:00 2001
From: Mateusz Kulewicz <mateusz.kulewicz@canonical.com>
Date: Wed, 14 Aug 2024 15:56:26 +0200
Subject: [PATCH] Catch SecretNotFoundError when privkey shouldn't be here
 (#48)

* Catch SecretNotFoundError when privkey shouldn't be here

* Bring back if self.tls_available check from pre-refactor times

* lint
---
 src/cosl/coordinated_workers/coordinator.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/cosl/coordinated_workers/coordinator.py b/src/cosl/coordinated_workers/coordinator.py
index c2a6a75..1bad301 100644
--- a/src/cosl/coordinated_workers/coordinator.py
+++ b/src/cosl/coordinated_workers/coordinator.py
@@ -576,7 +576,11 @@ def update_cluster(self):
             # all arguments below are optional:
             ca_cert=self.cert_handler.ca_cert,
             server_cert=self.cert_handler.server_cert,
-            privkey_secret_id=self.cluster.grant_privkey(VAULT_SECRET_LABEL),
+            # FIXME tls_available check is due to fetching secret from vault. We should be generating a new secret.
+            # see https://github.com/canonical/cos-lib/issues/49 for full context
+            privkey_secret_id=(
+                self.cluster.grant_privkey(VAULT_SECRET_LABEL) if self.tls_available else None
+            ),
             tracing_receivers=(
                 self._tracing_receivers_getter() if self._tracing_receivers_getter else None
             ),