connect: Fix a case where the active root would get unset even when there wasn't a new one

This commit is contained in:
Kyle Havlovitz 2020-12-02 11:42:23 -08:00
parent de2b3a11dd
commit 88d669c0e0
2 changed files with 22 additions and 1 deletions

View File

@ -624,6 +624,27 @@ func TestConnectCAConfig_UpdateSecondary(t *testing.T) {
assert.Equal("web", reply.Service) assert.Equal("web", reply.Service)
assert.Equal(spiffeId.URI().String(), reply.ServiceURI) assert.Equal(spiffeId.URI().String(), reply.ServiceURI)
} }
// Update a minor field in the config that doesn't trigger an intermediate refresh.
{
newConfig := &structs.CAConfiguration{
Provider: "consul",
Config: map[string]interface{}{
"PrivateKey": newKey,
"RootCert": "",
"RotationPeriod": 180 * 24 * time.Hour,
},
}
{
args := &structs.CARequest{
Datacenter: "secondary",
Config: newConfig,
}
var reply interface{}
require.NoError(msgpackrpc.CallWithCodec(codec, "ConnectCA.ConfigurationSet", args, &reply))
}
}
} }
// Test CA signing // Test CA signing

View File

@ -579,7 +579,7 @@ func (c *CAManager) persistNewRootAndConfig(provider ca.Provider, newActiveRoot
var newRoots structs.CARoots var newRoots structs.CARoots
for _, r := range oldRoots { for _, r := range oldRoots {
newRoot := *r newRoot := *r
if newRoot.Active { if newRoot.Active && newActiveRoot != nil {
newRoot.Active = false newRoot.Active = false
newRoot.RotatedOutAt = time.Now() newRoot.RotatedOutAt = time.Now()
} }