skip: refactor

canonical · Sep 28, 2023 · 51a762a · 51a762a
1 parent 8037c86
commit 51a762a
Showing 1 changed file with 13 additions and 20 deletions.
diff --git a/charms/istio-pilot/src/charm.py b/charms/istio-pilot/src/charm.py
@@ -106,7 +106,7 @@ def __init__(self, *args):
 
         # Observe this custom event emitted by the cert_handler library on certificate
         # available, revoked, invalidated, or if the certs relation is broken
-        self.framework.observe(self.cert.on.cert_changed, self._on_cert_changed)
+        self.framework.observe(self.cert.on.cert_changed, self.reconcile)
 
         # Event handling for managing the Istio control plane
         self.framework.observe(self.on.install, self.install)
@@ -177,16 +177,6 @@ def _get_image_config(self):
         image_config = yaml.safe_load(self.model.config[IMAGE_CONFIGURATION])
         return image_config
 
-    def _on_cert_changed(self, _) -> None:
-        """Handle the cert changes to configure the Gateway and Secret resources."""
-        if _xor(self._cert_handler.cert, self._cert_handler.key):
-            # Return if only cert or key are provided, this is most likely an issue
-            self.log.info("Missing cert or key, TLS cannot be configured.")
-            self.unit.status = WaitingStatus("Waiting for the CA cert/key to be provided.")
-            return
-
-        self._reconcile_gateway(configure_tls=True)
-
     def install(self, _):
         """Install charm."""
         self._log_and_set_status(MaintenanceStatus("Deploying Istio control plane"))
@@ -544,27 +534,30 @@ def _send_gateway_info(self):
             gateway_up=self._is_gateway_up,
         )
 
-    def _reconcile_gateway(self, configure_tls=False):
+    def _reconcile_gateway(self):
         """Creates or updates the Gateway resources.
 
             Args:
               configure_tls(bool): If True, this also deploys a secret with the certificate and key.
         """
-        # Secure the gateway, if enabled
-        if configure_tls:
-            ssl_crt = self._cert_handler.cert
-            ssl_key = self._cert_handler.key
-        else:
-            ssl_crt = None
-            ssl_key = None
+        ssl_crt = None
+        ssl_key = None
+        secure = False
+
+        # Secure the gateway, if certificates relation is enabled
+        if self._cert_handler.enabled:
+            if not _xor(self._cert_handler.cert, self._cert_handler.key):
+                ssl_crt = self._cert_handler.cert
+                ssl_key = self._cert_handler.key
+                secure = True
 
         context = {
             "gateway_name": self._gateway_name,
             "namespace": self._gateway_namespace,
             "port": self._gateway_port,
             "ssl_crt": ssl_crt,
             "ssl_key": ssl_key,
-            "secure": configure_tls,
+            "secure": secure,
         }
 
         krh = KubernetesResourceHandler(