diff --git a/agent/cache-types/connect_ca_leaf.go b/agent/cache-types/connect_ca_leaf.go index 325423bec6..86807f316f 100644 --- a/agent/cache-types/connect_ca_leaf.go +++ b/agent/cache-types/connect_ca_leaf.go @@ -9,9 +9,10 @@ import ( "sync/atomic" "time" - "github.com/hashicorp/consul/lib" "github.com/mitchellh/hashstructure" + "github.com/hashicorp/consul/lib" + "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul" @@ -466,11 +467,7 @@ func (c *ConnectCALeaf) Fetch(opts cache.FetchOptions, req cache.Request) (cache func activeRootHasKey(roots *structs.IndexedCARoots, currentSigningKeyID string) bool { for _, ca := range roots.Roots { if ca.Active { - if ca.SigningKeyID == currentSigningKeyID { - return true - } - // Found the active CA but it has changed - return false + return ca.SigningKeyID == currentSigningKeyID } } // Shouldn't be possible since at least one root should be active. diff --git a/agent/cache-types/connect_ca_leaf_test.go b/agent/cache-types/connect_ca_leaf_test.go index 9dfa9763e1..20520ebc41 100644 --- a/agent/cache-types/connect_ca_leaf_test.go +++ b/agent/cache-types/connect_ca_leaf_test.go @@ -10,14 +10,14 @@ import ( "testing" "time" - "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul" "github.com/hashicorp/consul/agent/structs" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/sdk/testutil/retry" ) func TestCalculateSoftExpire(t *testing.T) { @@ -147,6 +147,9 @@ func TestCalculateSoftExpire(t *testing.T) { // Test that after an initial signing, new CA roots (new ID) will // trigger a blocking query to execute. func TestConnectCALeaf_changingRoots(t *testing.T) { + if testingRace { + t.Skip("fails with -race because caRoot.Active is modified concurrently") + } t.Parallel() require := require.New(t) @@ -693,6 +696,9 @@ func TestConnectCALeaf_CSRRateLimiting(t *testing.T) { // This test runs multiple concurrent callers watching different leaf certs and // tries to ensure that the background root watch activity behaves correctly. func TestConnectCALeaf_watchRootsDedupingMultipleCallers(t *testing.T) { + if testingRace { + t.Skip("fails with -race because caRoot.Active is modified concurrently") + } t.Parallel() rpc := TestRPC(t) diff --git a/agent/cache-types/norace_test.go b/agent/cache-types/norace_test.go new file mode 100644 index 0000000000..cac95de9dc --- /dev/null +++ b/agent/cache-types/norace_test.go @@ -0,0 +1,5 @@ +// +build !race + +package cachetype + +const testingRace = false diff --git a/agent/cache-types/race_test.go b/agent/cache-types/race_test.go new file mode 100644 index 0000000000..29774bf679 --- /dev/null +++ b/agent/cache-types/race_test.go @@ -0,0 +1,5 @@ +// +build race + +package cachetype + +const testingRace = true diff --git a/agent/cache-types/testing.go b/agent/cache-types/testing.go index fcffe45a95..461d8948b7 100644 --- a/agent/cache-types/testing.go +++ b/agent/cache-types/testing.go @@ -4,8 +4,9 @@ import ( "reflect" "time" - "github.com/hashicorp/consul/agent/cache" "github.com/mitchellh/go-testing-interface" + + "github.com/hashicorp/consul/agent/cache" ) // TestRPC returns a mock implementation of the RPC interface. @@ -23,7 +24,8 @@ func TestFetchCh( t testing.T, typ cache.Type, opts cache.FetchOptions, - req cache.Request) <-chan interface{} { + req cache.Request, +) <-chan interface{} { resultCh := make(chan interface{}) go func() { result, err := typ.Fetch(opts, req)