mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 22:06:20 +00:00
connect: Fix a case where the active root would get unset even when there wasn't a new one
This commit is contained in:
parent
de2b3a11dd
commit
88d669c0e0
@ -624,6 +624,27 @@ func TestConnectCAConfig_UpdateSecondary(t *testing.T) {
|
|||||||
assert.Equal("web", reply.Service)
|
assert.Equal("web", reply.Service)
|
||||||
assert.Equal(spiffeId.URI().String(), reply.ServiceURI)
|
assert.Equal(spiffeId.URI().String(), reply.ServiceURI)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Update a minor field in the config that doesn't trigger an intermediate refresh.
|
||||||
|
{
|
||||||
|
newConfig := &structs.CAConfiguration{
|
||||||
|
Provider: "consul",
|
||||||
|
Config: map[string]interface{}{
|
||||||
|
"PrivateKey": newKey,
|
||||||
|
"RootCert": "",
|
||||||
|
"RotationPeriod": 180 * 24 * time.Hour,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
{
|
||||||
|
args := &structs.CARequest{
|
||||||
|
Datacenter: "secondary",
|
||||||
|
Config: newConfig,
|
||||||
|
}
|
||||||
|
var reply interface{}
|
||||||
|
|
||||||
|
require.NoError(msgpackrpc.CallWithCodec(codec, "ConnectCA.ConfigurationSet", args, &reply))
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test CA signing
|
// Test CA signing
|
||||||
|
@ -579,7 +579,7 @@ func (c *CAManager) persistNewRootAndConfig(provider ca.Provider, newActiveRoot
|
|||||||
var newRoots structs.CARoots
|
var newRoots structs.CARoots
|
||||||
for _, r := range oldRoots {
|
for _, r := range oldRoots {
|
||||||
newRoot := *r
|
newRoot := *r
|
||||||
if newRoot.Active {
|
if newRoot.Active && newActiveRoot != nil {
|
||||||
newRoot.Active = false
|
newRoot.Active = false
|
||||||
newRoot.RotatedOutAt = time.Now()
|
newRoot.RotatedOutAt = time.Now()
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user