No event for observing kratos relation

Bug Description

The config and access rules templates are not updated when kratos is related with oathkeeper, unless the kratos relation and its urls are available at the time Oathkeeper fires on-pebble-ready event. We should add an event guard for relation-changed.

To Reproduce

juju deploy oathkeeper juju deploy kratos juju relate oathkeeper kratos

juju ssh oathkeeper/0 "PYTHONPATH=agents/unit-oathkeeper-0/charm/venv/ python3 -c '
from ops import pebble
p = pebble.Client(\"/charm/containers/oathkeeper/pebble.socket\")
f = p.pull(\"/etc/config/oathkeeper.yaml\")
print(f.read())
'"

It can also be observed with unit tests: Modify the unit test to emit the pebble ready event before the relation joins:

def test_update_container_config_with_kratos_relation(harness: Harness) -> None:
    harness.set_can_connect(CONTAINER_NAME, True)
    harness.charm.on.oathkeeper_pebble_ready.emit(CONTAINER_NAME)
    kratos_relation_id = setup_kratos_relation(harness)

    # harness.charm.on.oathkeeper_pebble_ready.emit(CONTAINER_NAME)
    container = harness.model.unit.get_container(CONTAINER_NAME)

    with open("templates/oathkeeper.yaml.j2", "r") as file:
        template = Template(file.read())

    expected_config = template.render(
        kratos_session_url=harness.get_relation_data(kratos_relation_id, "kratos")[
            "sessions_endpoint"
        ],
        kratos_login_url=harness.get_relation_data(kratos_relation_id, "kratos")[
            "login_browser_endpoint"
        ],
    )

    container_config = container.pull(path="/etc/config/oathkeeper.yaml", encoding="utf-8")
    assert yaml.safe_load(container_config.read()) == yaml.safe_load(expected_config)

The templates are rendered with the default dummy values (http://default-kratos-url/).

Environment

juju 3.1.5 microk8s 1.26

Relevant log output

n/a

Additional context

No response

canonical / oathkeeper-operator