ca: remove state check in secondarySetPrimaryRoots
This function is only ever called from operations that have already acquired the state lock, so checking the value of state can never fail. This change is being made in preparation for splitting out a separate type for the secondary logic. The state can't easily be shared, so really only the expored top-level functions should acquire the 'state lock'.
This commit is contained in:
parent
877094e2fa
commit
8240286956
|
@ -183,19 +183,15 @@ func (e *caStateError) Error() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
// secondarySetPrimaryRoots updates the most recently seen roots from the primary.
|
// secondarySetPrimaryRoots updates the most recently seen roots from the primary.
|
||||||
func (c *CAManager) secondarySetPrimaryRoots(newRoots structs.IndexedCARoots) error {
|
func (c *CAManager) secondarySetPrimaryRoots(newRoots structs.IndexedCARoots) {
|
||||||
|
// TODO: this could be a different lock, as long as its the same lock in secondaryGetPrimaryRoots
|
||||||
c.stateLock.Lock()
|
c.stateLock.Lock()
|
||||||
defer c.stateLock.Unlock()
|
defer c.stateLock.Unlock()
|
||||||
|
c.primaryRoots = newRoots
|
||||||
if c.state == caStateInitializing || c.state == caStateReconfig {
|
|
||||||
c.primaryRoots = newRoots
|
|
||||||
} else {
|
|
||||||
return fmt.Errorf("Cannot update primary roots in state %q", c.state)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *CAManager) secondaryGetPrimaryRoots() structs.IndexedCARoots {
|
func (c *CAManager) secondaryGetPrimaryRoots() structs.IndexedCARoots {
|
||||||
|
// TODO: this could be a different lock, as long as its the same lock in secondarySetPrimaryRoots
|
||||||
c.stateLock.Lock()
|
c.stateLock.Lock()
|
||||||
defer c.stateLock.Unlock()
|
defer c.stateLock.Unlock()
|
||||||
return c.primaryRoots
|
return c.primaryRoots
|
||||||
|
@ -430,9 +426,7 @@ func (c *CAManager) secondaryInitialize(provider ca.Provider, conf *structs.CACo
|
||||||
if err := c.delegate.forwardDC("ConnectCA.Roots", c.serverConf.PrimaryDatacenter, &args, &roots); err != nil {
|
if err := c.delegate.forwardDC("ConnectCA.Roots", c.serverConf.PrimaryDatacenter, &args, &roots); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := c.secondarySetPrimaryRoots(roots); err != nil {
|
c.secondarySetPrimaryRoots(roots)
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Configure the CA provider and initialize the intermediate certificate if necessary.
|
// Configure the CA provider and initialize the intermediate certificate if necessary.
|
||||||
if err := c.secondaryInitializeProvider(provider, roots); err != nil {
|
if err := c.secondaryInitializeProvider(provider, roots); err != nil {
|
||||||
|
@ -1254,9 +1248,7 @@ func (c *CAManager) secondaryUpdateRoots(roots structs.IndexedCARoots) error {
|
||||||
defer c.setState(caStateInitialized, false)
|
defer c.setState(caStateInitialized, false)
|
||||||
|
|
||||||
// Update the cached primary roots now that the lock is held.
|
// Update the cached primary roots now that the lock is held.
|
||||||
if err := c.secondarySetPrimaryRoots(roots); err != nil {
|
c.secondarySetPrimaryRoots(roots)
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
provider, _ := c.getCAProvider()
|
provider, _ := c.getCAProvider()
|
||||||
if provider == nil {
|
if provider == nil {
|
||||||
|
@ -1317,6 +1309,7 @@ func (c *CAManager) secondaryInitializeProvider(provider ca.Provider, roots stru
|
||||||
// method is used to detect when the secondary has received the roots from the
|
// method is used to detect when the secondary has received the roots from the
|
||||||
// primary DC.
|
// primary DC.
|
||||||
func (c *CAManager) secondaryHasProviderRoots() bool {
|
func (c *CAManager) secondaryHasProviderRoots() bool {
|
||||||
|
// TODO: this could potentially also use primaryRoots instead of providerRoot
|
||||||
c.providerLock.Lock()
|
c.providerLock.Lock()
|
||||||
defer c.providerLock.Unlock()
|
defer c.providerLock.Unlock()
|
||||||
return c.providerRoot != nil
|
return c.providerRoot != nil
|
||||||
|
|
Loading…
Reference in New Issue