Open Mehdi-Bendriss opened 5 months ago
Adding the original comment for clarity:
We should consider extracting the logic of expiring into some method renew_certificates or similar and call it from here as well as from _on_certificate_expiring. The reason being that this is now fine, but only because we are not making use of the event: CertificateExpiringEvent that's normally passed as an argument of _on_certificate_expiring.
We are not using the event by policy . It's not a co-incidence.
The charm was doing this before the particular modification that triggered this thread (see _set_tls_private_key()
).
My question is: are there any risks implied by the current policy?
Context of issue here https://github.com/canonical/opensearch-dashboards-operator/pull/22#discussion_r1587298125