mirror of https://github.com/status-im/consul.git
Avoid returning empty roots with uninitialized CA
Currently getCARoots could return an empty object with an empty trust domain before the CA is initialized. This commit returns an error while there is no CA config or no trust domain. There could be a CA config and no trust domain because the CA config can be created in InitializeCA before initialization succeeds.
This commit is contained in:
parent
d9110136f2
commit
cc5a7ed36c
|
@ -16,10 +16,12 @@ func (s *Server) getCARoots(ws memdb.WatchSet, state *state.Store) (*structs.Ind
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if config == nil {
|
||||
return nil, fmt.Errorf("CA has not finished initializing")
|
||||
}
|
||||
|
||||
indexedRoots := &structs.IndexedCARoots{}
|
||||
|
||||
if config != nil {
|
||||
// Build TrustDomain based on the ClusterID stored.
|
||||
signingID := connect.SpiffeIDSigningForCluster(config)
|
||||
if signingID == nil {
|
||||
|
@ -29,6 +31,8 @@ func (s *Server) getCARoots(ws memdb.WatchSet, state *state.Store) (*structs.Ind
|
|||
}
|
||||
|
||||
indexedRoots.TrustDomain = signingID.Host()
|
||||
if indexedRoots.TrustDomain == "" {
|
||||
return nil, fmt.Errorf("CA has not finished initializing")
|
||||
}
|
||||
|
||||
indexedRoots.Index, indexedRoots.Roots = index, roots
|
||||
|
|
Loading…
Reference in New Issue