Check if the workload is accessible before running hook

canonical · Dec 11, 2024 · 35cb92d · 35cb92d
1 parent f302619
commit 35cb92d
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/lib/charms/vault_k8s/v0/vault_managers.py b/lib/charms/vault_k8s/v0/vault_managers.py
@@ -162,6 +162,14 @@ def stop(self, process: str) -> None:
         """Stop a service in the workload."""
         pass
 
+    @abstractmethod
+    def is_accessible(self) -> bool:
+        """Return whether the workload is accessible.
+
+        For a container, this would check if we can connect to pebble.
+        """
+        pass
+
 
 class VaultCertsError(Exception):
     """Exception raised when a vault certificate is not found."""
@@ -269,6 +277,8 @@ def _get_mode(self) -> TLSMode:
 
     def _configure_self_signed_certificates(self, _: EventBase) -> None:
         """Configure the charm with self signed certificates."""
+        if not self.workload.is_accessible():
+            return
         if self.charm.unit.is_leader() and not self.ca_certificate_secret_exists():
             ca_private_key, ca_certificate = generate_vault_ca_certificate()
             self.juju_facade.set_app_secret_content(

diff --git a/src/container.py b/src/container.py
@@ -51,3 +51,7 @@ def restart(self, process: str) -> None:
     def stop(self, process: str) -> None:
         """Stop the workload."""
         self._container.stop(process)
+
+    def is_accessible(self) -> bool:
+        """Check if we can connect to pebble."""
+        return self._container.can_connect()