diff --git a/.changelog/10025.txt b/.changelog/10025.txt new file mode 100644 index 0000000000..589e2490bf --- /dev/null +++ b/.changelog/10025.txt @@ -0,0 +1,3 @@ +```release-note:bug +snapshot: fixes a bug that would cause snapshots to be missing all but the first ACL Auth Method. +``` diff --git a/agent/consul/fsm/snapshot_oss.go b/agent/consul/fsm/snapshot_oss.go index e1ca30b08e..a19b48ff19 100644 --- a/agent/consul/fsm/snapshot_oss.go +++ b/agent/consul/fsm/snapshot_oss.go @@ -1,11 +1,12 @@ package fsm import ( + "github.com/hashicorp/go-msgpack/codec" + "github.com/hashicorp/raft" + "github.com/hashicorp/consul/agent/consul/autopilot" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/go-msgpack/codec" - "github.com/hashicorp/raft" ) func init() { @@ -244,7 +245,7 @@ func (s *snapshot) persistACLs(sink raft.SnapshotSink, return err } - for method := methods.Next(); method != nil; method = rules.Next() { + for method := methods.Next(); method != nil; method = methods.Next() { if _, err := sink.Write([]byte{byte(structs.ACLAuthMethodSetRequestType)}); err != nil { return err } diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_oss_test.go index d721b7a4a0..37e4ae029a 100644 --- a/agent/consul/fsm/snapshot_oss_test.go +++ b/agent/consul/fsm/snapshot_oss_test.go @@ -125,6 +125,13 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) { } require.NoError(t, fsm.state.ACLAuthMethodSet(1, method)) + method = &structs.ACLAuthMethod{ + Name: "some-method2", + Type: "testing", + Description: "test snapshot auth method", + } + require.NoError(t, fsm.state.ACLAuthMethodSet(1, method)) + bindingRule := &structs.ACLBindingRule{ ID: "85184c52-5997-4a84-9817-5945f2632a17", Description: "test snapshot binding rule", @@ -519,10 +526,12 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) { require.NoError(t, err) require.Equal(t, bindingRule, bindingRule2) - // Verify ACL Auth Method is restored - _, method2, err := fsm2.state.ACLAuthMethodGetByName(nil, method.Name, nil) + // Verify ACL Auth Methods are restored + _, authMethods, err := fsm2.state.ACLAuthMethodList(nil, nil) require.NoError(t, err) - require.Equal(t, method, method2) + require.Len(t, authMethods, 2) + require.Equal(t, "some-method", authMethods[0].Name) + require.Equal(t, "some-method2", authMethods[1].Name) // Verify ACL Token is restored _, rtoken, err := fsm2.state.ACLTokenGetByAccessor(nil, token.AccessorID, nil)