Thanks for catching this bug Liam. I wonder why this issue did not pop-up during my development/testing since the situation that "certificates.available" flag set but the vault is not "operational" also occurs before the vault initialization (which is common).
Regarding your proposed patch, this fixes the bug but unfortunately it also breaks the cache functionality. The flag "charm.vault.ca.ready" seems to be only set on the leader unit but the function "sync_cert_from_cache" needs to be run on the non-leaders to sync their data with the leader. I'm looking into alternative solution.
Thanks for catching this bug Liam. I wonder why this issue did not pop-up during my development/testing since the situation that "certificates. available" flag set but the vault is not "operational" also occurs before the vault initialization (which is common).
Regarding your proposed patch, this fixes the bug but unfortunately it also breaks the cache functionality. The flag "charm. vault.ca. ready" seems to be only set on the leader unit but the function "sync_cert_ from_cache" needs to be run on the non-leaders to sync their data with the leader. I'm looking into alternative solution.