I helped write some of that code in the fix, but I admit that it is a little hard to follow.
When a charm is refreshed/upgraded to one that has this code, the first thing the leader does (during the upgrade/refresh hook) is populate the cert cache: [2]
This means that from then on, if a leadership election takes place, then the new leader will use the same cert cache. The cert cache is in leader settings and only the leader can set them.
So to answer your question; yes, it should work. Note, only the leader (at the time of upgrade) can populate the cache. It's possible that under some very rare failure mode that a non-leader could be elected during a refresh, but I'm struggling to see if it would happen due to the way that the hooks are sequenced (i.e. leadership election ought to come after upgrade even if there is a unit failure during the refresh.
From my comment in matrix: [1]
I helped write some of that code in the fix, but I admit that it is a little hard to follow.
When a charm is refreshed/upgraded to one that has this code, the first thing the leader does (during the upgrade/refresh hook) is populate the cert cache: [2]
This means that from then on, if a leadership election takes place, then the new leader will use the same cert cache. The cert cache is in leader settings and only the leader can set them.
So to answer your question; yes, it should work. Note, only the leader (at the time of upgrade) can populate the cache. It's possible that under some very rare failure mode that a non-leader could be elected during a refresh, but I'm struggling to see if it would happen due to the way that the hooks are sequenced (i.e. leadership election ought to come after upgrade even if there is a unit failure during the refresh.
[1] https:/ /matrix. to/#/!OqcMODbAe ESdsqrXYq: ubuntu. com/$uoNhceqoOM 9z_d_M2jdPbklTy yJAPtZmXGr5zyOg fk0?via= ubuntu. com&via= matrix. org&via= mx.aouss. it /opendev. org/openstack/ charm-vault/ src/commit/ 56ca825332964a5 8961f6df3a1ca52 df394f2d2c/ src/reactive/ vault_handlers. py#L1116
[2] https:/