© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Seems like there are two potential issues here:
1) deployments taking some time to complete and wrapping tokens expiring before they are used.
2) leadership changing in vault and consuming charms still attempting to access using the older tokens provided by the previous leader(s).
I think this all points to the fact that we need to be more resilient to these situations in the client code.
If 1) is encountered then the unit should go into a blocked state OR we should add relation semantics for the consuming unit to request a new wrapping token.
If 2) is encountered then two potential routes - when units become non-leader they could clear any previously set tokens - this will generate quite a bit of hook execution. OR clients could look at all presented tokens and deal with any exceptions of this type that are raised. Slightly awkward as its not a specific exception that is raised.