From 4fccd71076c5b7e1e523b711840edb3ee3342776 Mon Sep 17 00:00:00 2001
From: Samuel Walladge <samuel.walladge@canonical.com>
Date: Fri, 17 Jun 2022 08:37:29 +0930
Subject: [PATCH] Reload vault on configure

Always reload reload on configure.
This ensures any certificates changed on disk will be reloaded.
(Such as the tcp listener certificate files.)

Closes-Bug: #1912261
Change-Id: Ic254f38d86c0e8323ed10a2eaa22462797d48605
---
 src/reactive/vault_handlers.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/reactive/vault_handlers.py b/src/reactive/vault_handlers.py
index 68ecd36..2baed15 100644
--- a/src/reactive/vault_handlers.py
+++ b/src/reactive/vault_handlers.py
@@ -43,6 +43,7 @@ from charmhelpers.core.hookenv import (
 
 from charmhelpers.core.host import (
     service,
+    service_reload,
     service_restart,
     service_running,
     write_file,
@@ -238,6 +239,12 @@ def configure_vault(context):
     if any_file_changed([VAULT_CONFIG, VAULT_SYSTEMD_CONFIG]):
         # force a restart if config has changed
         clear_flag('started')
+    else:
+        # If vault isn't going to be totally restarted, reload it.
+        # This will pick up things like certificates changed on disk.
+        # It is inexpensive and doesn't cause vault to be resealed,
+        # so we can always reload it here.
+        service_reload(service_name='vault')
 
 
 @when_not("is-update-status-hook")