ca: remove state check in secondarySetPrimaryRoots

This function is only ever called from operations that have already acquired the state lock, so checking
the value of state can never fail.

This change is being made in preparation for splitting out a separate type for the secondary logic. The
state can't easily be shared, so really only the expored top-level functions should acquire the 'state lock'.
This commit is contained in:
Daniel Nephin 2021-10-10 21:15:13 -04:00 committed by Daniel Nephin
parent 877094e2fa
commit 8240286956
1 changed files with 7 additions and 14 deletions

View File

@ -183,19 +183,15 @@ func (e *caStateError) Error() string {
} }
// secondarySetPrimaryRoots updates the most recently seen roots from the primary. // secondarySetPrimaryRoots updates the most recently seen roots from the primary.
func (c *CAManager) secondarySetPrimaryRoots(newRoots structs.IndexedCARoots) error { func (c *CAManager) secondarySetPrimaryRoots(newRoots structs.IndexedCARoots) {
// TODO: this could be a different lock, as long as its the same lock in secondaryGetPrimaryRoots
c.stateLock.Lock() c.stateLock.Lock()
defer c.stateLock.Unlock() defer c.stateLock.Unlock()
c.primaryRoots = newRoots
if c.state == caStateInitializing || c.state == caStateReconfig {
c.primaryRoots = newRoots
} else {
return fmt.Errorf("Cannot update primary roots in state %q", c.state)
}
return nil
} }
func (c *CAManager) secondaryGetPrimaryRoots() structs.IndexedCARoots { func (c *CAManager) secondaryGetPrimaryRoots() structs.IndexedCARoots {
// TODO: this could be a different lock, as long as its the same lock in secondarySetPrimaryRoots
c.stateLock.Lock() c.stateLock.Lock()
defer c.stateLock.Unlock() defer c.stateLock.Unlock()
return c.primaryRoots return c.primaryRoots
@ -430,9 +426,7 @@ func (c *CAManager) secondaryInitialize(provider ca.Provider, conf *structs.CACo
if err := c.delegate.forwardDC("ConnectCA.Roots", c.serverConf.PrimaryDatacenter, &args, &roots); err != nil { if err := c.delegate.forwardDC("ConnectCA.Roots", c.serverConf.PrimaryDatacenter, &args, &roots); err != nil {
return err return err
} }
if err := c.secondarySetPrimaryRoots(roots); err != nil { c.secondarySetPrimaryRoots(roots)
return err
}
// Configure the CA provider and initialize the intermediate certificate if necessary. // Configure the CA provider and initialize the intermediate certificate if necessary.
if err := c.secondaryInitializeProvider(provider, roots); err != nil { if err := c.secondaryInitializeProvider(provider, roots); err != nil {
@ -1254,9 +1248,7 @@ func (c *CAManager) secondaryUpdateRoots(roots structs.IndexedCARoots) error {
defer c.setState(caStateInitialized, false) defer c.setState(caStateInitialized, false)
// Update the cached primary roots now that the lock is held. // Update the cached primary roots now that the lock is held.
if err := c.secondarySetPrimaryRoots(roots); err != nil { c.secondarySetPrimaryRoots(roots)
return err
}
provider, _ := c.getCAProvider() provider, _ := c.getCAProvider()
if provider == nil { if provider == nil {
@ -1317,6 +1309,7 @@ func (c *CAManager) secondaryInitializeProvider(provider ca.Provider, roots stru
// method is used to detect when the secondary has received the roots from the // method is used to detect when the secondary has received the roots from the
// primary DC. // primary DC.
func (c *CAManager) secondaryHasProviderRoots() bool { func (c *CAManager) secondaryHasProviderRoots() bool {
// TODO: this could potentially also use primaryRoots instead of providerRoot
c.providerLock.Lock() c.providerLock.Lock()
defer c.providerLock.Unlock() defer c.providerLock.Unlock()
return c.providerRoot != nil return c.providerRoot != nil