From 51a762ad8675c3ee516f3196f5a79e93eeed3506 Mon Sep 17 00:00:00 2001
From: Daniela Plascencia <daniela.plascencia@canonical.com>
Date: Thu, 28 Sep 2023 21:58:46 +0200
Subject: [PATCH] skip: refactor

---
 charms/istio-pilot/src/charm.py | 33 +++++++++++++--------------------
 1 file changed, 13 insertions(+), 20 deletions(-)

diff --git a/charms/istio-pilot/src/charm.py b/charms/istio-pilot/src/charm.py
index 32f983f7..e60e0e08 100755
--- a/charms/istio-pilot/src/charm.py
+++ b/charms/istio-pilot/src/charm.py
@@ -106,7 +106,7 @@ def __init__(self, *args):
 
         # Observe this custom event emitted by the cert_handler library on certificate
         # available, revoked, invalidated, or if the certs relation is broken
-        self.framework.observe(self.cert.on.cert_changed, self._on_cert_changed)
+        self.framework.observe(self.cert.on.cert_changed, self.reconcile)
 
         # Event handling for managing the Istio control plane
         self.framework.observe(self.on.install, self.install)
@@ -177,16 +177,6 @@ def _get_image_config(self):
         image_config = yaml.safe_load(self.model.config[IMAGE_CONFIGURATION])
         return image_config
 
-    def _on_cert_changed(self, _) -> None:
-        """Handle the cert changes to configure the Gateway and Secret resources."""
-        if _xor(self._cert_handler.cert, self._cert_handler.key):
-            # Return if only cert or key are provided, this is most likely an issue
-            self.log.info("Missing cert or key, TLS cannot be configured.")
-            self.unit.status = WaitingStatus("Waiting for the CA cert/key to be provided.")
-            return
-
-        self._reconcile_gateway(configure_tls=True)
-
     def install(self, _):
         """Install charm."""
         self._log_and_set_status(MaintenanceStatus("Deploying Istio control plane"))
@@ -544,19 +534,22 @@ def _send_gateway_info(self):
             gateway_up=self._is_gateway_up,
         )
 
-    def _reconcile_gateway(self, configure_tls=False):
+    def _reconcile_gateway(self):
         """Creates or updates the Gateway resources.
 
             Args:
               configure_tls(bool): If True, this also deploys a secret with the certificate and key.
         """
-        # Secure the gateway, if enabled
-        if configure_tls:
-            ssl_crt = self._cert_handler.cert
-            ssl_key = self._cert_handler.key
-        else:
-            ssl_crt = None
-            ssl_key = None
+        ssl_crt = None
+        ssl_key = None
+        secure = False
+
+        # Secure the gateway, if certificates relation is enabled
+        if self._cert_handler.enabled:
+            if not _xor(self._cert_handler.cert, self._cert_handler.key):
+                ssl_crt = self._cert_handler.cert
+                ssl_key = self._cert_handler.key
+                secure = True
 
         context = {
             "gateway_name": self._gateway_name,
@@ -564,7 +557,7 @@ def _reconcile_gateway(self, configure_tls=False):
             "port": self._gateway_port,
             "ssl_crt": ssl_crt,
             "ssl_key": ssl_key,
-            "secure": configure_tls,
+            "secure": secure,
         }
 
         krh = KubernetesResourceHandler(