k8s charm: Fix for the vault relation.

Charm now persists vault data in unit state and ensures the file
is pushed to the workload container on every update.

charms/jimm-k8s/src/charm.py

@@ -79,6 +79,7 @@ def __init__(self, *args):
         super().__init__(*args)
 
         self._state = State(self.app, lambda: self.model.get_relation("peer"))
+        self._unit_state = State(self.unit, lambda: self.model.get_relation("peer"))
 
         self.framework.observe(self.on.peer_relation_changed, self._on_peer_relation_changed)
         self.framework.observe(self.on.jimm_pebble_ready, self._on_jimm_pebble_ready)
@@ -214,6 +215,7 @@ def _update_workload(self, event):
             return
 
         self._ensure_bakery_agent_file(event)
+        self._ensure_vault_file(event)
         self._install_dashboard(event)
 
         dns_name = self._get_dns_name(event)
@@ -282,6 +284,7 @@ def _update_workload(self, event):
         else:
             logger.info("workload container not ready - defering")
             event.defer()
+            return
 
         dashboard_relation = self.model.get_relation("dashboard")
         if dashboard_relation and self.unit.is_leader():
@@ -385,6 +388,7 @@ def _install_dashboard(self, event):
         # this event.
         if not container.can_connect():
             event.defer()
+            return
 
         # fetch the resource filename
         try:
@@ -465,10 +469,14 @@ def _on_vault_relation_joined(self, event):
         event.relation.data[self.unit]["access_address"] = json.dumps(self._get_network_address(event))
         event.relation.data[self.unit]["isolated"] = json.dumps(False)
 
-    @requires_state_setter
-    def _on_vault_relation_changed(self, event):
+    def _ensure_vault_file(self, event):
         container = self.unit.get_container(WORKLOAD_CONTAINER)
 
+        if not self._unit_state.is_ready():
+            logger.info("unit state not ready")
+            event.defer()
+            return
+
         # if we can't connect to the container we should defer
         # this event.
         if not container.can_connect():
@@ -478,6 +486,16 @@ def _on_vault_relation_changed(self, event):
         if container.exists(self._vault_secret_filename):
             container.remove_path(self._vault_secret_filename)
 
+        secret_data = self._unit_state.vault_secret_data
+        if secret_data:
+            self._push_to_workload(self._vault_secret_filename, secret_data, event)
+
+    def _on_vault_relation_changed(self, event):
+        if not self._unit_state.is_ready() or not self._state.is_ready():
+            logger.info("state not ready")
+            event.defer()
+            return
+
         addr = _json_data(event, "vault_url")
         if not addr:
             return
@@ -492,9 +510,13 @@ def _on_vault_relation_changed(self, event):
         secret["data"]["role_id"] = role_id
 
         secret_data = json.dumps(secret)
-        self._push_to_workload(self._vault_secret_filename, secret_data, event)
 
-        self._state.vault_address = addr
+        logger.error("setting unit state data {}".format(secret_data))
+        self._unit_state.vault_secret_data = secret_data
+        if self.unit.is_leader():
+            self._state.vault_address = addr
+
+        self._update_workload(event)
 
     def _path_exists_in_workload(self, path: str):
         """Returns true if the specified path exists in the

charms/jimm-k8s/tests/unit/test_charm.py

@@ -42,7 +42,8 @@ def setUp(self):
         self.addCleanup(self.tempdir.cleanup)
         self.harness.charm.framework.charm_dir = pathlib.Path(self.tempdir.name)
 
-        self.harness.add_relation("peer", "jimm")
+        jimm_id = self.harness.add_relation("peer", "juju-jimm-k8s")
+        self.harness.add_relation_unit(jimm_id, "juju-jimm-k8s/1")
         self.harness.container_pebble_ready("jimm")
 
         rel_id = self.harness.add_relation("ingress", "nginx-ingress")