Merge pull request #10612 from bigmikes/acl-replication-fix

acl: acl replication routine to report the last error message
This commit is contained in:
Daniel Nephin 2021-08-06 18:29:51 -04:00 committed by GitHub
commit 87fb26fd65
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 10 additions and 3 deletions

3
.changelog/10612.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
acl: replication routine to report the last error message.
```

View File

@ -484,11 +484,12 @@ func (s *Server) IsACLReplicationEnabled() bool {
s.config.ACLTokenReplication
}
func (s *Server) updateACLReplicationStatusError() {
func (s *Server) updateACLReplicationStatusError(errorMsg string) {
s.aclReplicationStatusLock.Lock()
defer s.aclReplicationStatusLock.Unlock()
s.aclReplicationStatus.LastError = time.Now().Round(time.Second).UTC()
s.aclReplicationStatus.LastErrorMessage = errorMsg
}
func (s *Server) updateACLReplicationStatusIndex(replicationType structs.ACLReplicationType, index uint64) {

View File

@ -780,6 +780,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) {
require.True(r, status.ReplicatedTokenIndex < token2.CreateIndex, "ReplicatedTokenIndex is not less than the token2s create index")
// ensures that token replication is erroring
require.True(r, status.LastError.After(minErrorTime), "Replication LastError not after the minErrorTime")
require.Equal(r, status.LastErrorMessage, "failed to retrieve unredacted tokens - replication token in use does not grant acl:write")
})
}

View File

@ -807,7 +807,7 @@ func (s *Server) runLegacyACLReplication(ctx context.Context) error {
0,
)
lastRemoteIndex = 0
s.updateACLReplicationStatusError()
s.updateACLReplicationStatusError(err.Error())
legacyACLLogger.Warn("Legacy ACL replication error (will retry if still leader)", "error", err)
} else {
metrics.SetGauge([]string{"leader", "replication", "acl-legacy", "status"},
@ -924,7 +924,7 @@ func (s *Server) runACLReplicator(
0,
)
lastRemoteIndex = 0
s.updateACLReplicationStatusError()
s.updateACLReplicationStatusError(err.Error())
logger.Warn("ACL replication error (will retry if still leader)",
"error", err,
)

View File

@ -1273,6 +1273,7 @@ type ACLReplicationStatus struct {
ReplicatedTokenIndex uint64
LastSuccess time.Time
LastError time.Time
LastErrorMessage string
}
// ACLTokenSetRequest is used for token creation and update operations

View File

@ -106,6 +106,7 @@ type ACLReplicationStatus struct {
ReplicatedTokenIndex uint64
LastSuccess time.Time
LastError time.Time
LastErrorMessage string
}
// ACLServiceIdentity represents a high-level grant of all necessary privileges