Merge pull request #9318 from hashicorp/ca-update-followup

connect: Fix issue with updating config in secondary
This commit is contained in:
Kyle Havlovitz 2020-12-02 12:17:50 -08:00 committed by hashicorp-ci
parent 31199ca426
commit e51bd34952
2 changed files with 22 additions and 1 deletions

View File

@ -624,6 +624,27 @@ func TestConnectCAConfig_UpdateSecondary(t *testing.T) {
assert.Equal("web", reply.Service) assert.Equal("web", reply.Service)
assert.Equal(spiffeId.URI().String(), reply.ServiceURI) assert.Equal(spiffeId.URI().String(), reply.ServiceURI)
} }
// Update a minor field in the config that doesn't trigger an intermediate refresh.
{
newConfig := &structs.CAConfiguration{
Provider: "consul",
Config: map[string]interface{}{
"PrivateKey": newKey,
"RootCert": "",
"RotationPeriod": 180 * 24 * time.Hour,
},
}
{
args := &structs.CARequest{
Datacenter: "secondary",
Config: newConfig,
}
var reply interface{}
require.NoError(msgpackrpc.CallWithCodec(codec, "ConnectCA.ConfigurationSet", args, &reply))
}
}
} }
// Test CA signing // Test CA signing

View File

@ -579,7 +579,7 @@ func (c *CAManager) persistNewRootAndConfig(provider ca.Provider, newActiveRoot
var newRoots structs.CARoots var newRoots structs.CARoots
for _, r := range oldRoots { for _, r := range oldRoots {
newRoot := *r newRoot := *r
if newRoot.Active { if newRoot.Active && newActiveRoot != nil {
newRoot.Active = false newRoot.Active = false
newRoot.RotatedOutAt = time.Now() newRoot.RotatedOutAt = time.Now()
} }