diff --git a/agent/connect/ca/provider_consul.go b/agent/connect/ca/provider_consul.go index bac728cb8..dea91e5d7 100644 --- a/agent/connect/ca/provider_consul.go +++ b/agent/connect/ca/provider_consul.go @@ -17,7 +17,6 @@ import ( "github.com/hashicorp/go-hclog" "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" ) @@ -56,7 +55,7 @@ func NewConsulProvider(delegate ConsulProviderStateDelegate, logger hclog.Logger } type ConsulProviderStateDelegate interface { - State() *state.Store + ProviderState(id string) (*structs.CAConsulProviderState, error) ApplyCARequest(*structs.CARequest) (interface{}, error) } @@ -82,7 +81,7 @@ func (c *ConsulProvider) Configure(cfg ProviderConfig) error { c.parseTestState(cfg.RawConfig, cfg.State) // Exit early if the state store has an entry for this provider's config. - _, providerState, err := c.Delegate.State().CAProviderState(c.id) + providerState, err := c.Delegate.ProviderState(c.id) if err != nil { return err } @@ -98,7 +97,7 @@ func (c *ConsulProvider) Configure(cfg ProviderConfig) error { // Check if there are any entries with old ID schemes. for _, oldID := range oldIDs { - _, providerState, err = c.Delegate.State().CAProviderState(oldID) + providerState, err = c.Delegate.ProviderState(oldID) if err != nil { return err } @@ -589,8 +588,7 @@ func (c *ConsulProvider) SupportsCrossSigning() (bool, error) { // getState returns the current provider state from the state delegate, and returns // ErrNotInitialized if no entry is found. func (c *ConsulProvider) getState() (*structs.CAConsulProviderState, error) { - stateStore := c.Delegate.State() - _, providerState, err := stateStore.CAProviderState(c.id) + providerState, err := c.Delegate.ProviderState(c.id) if err != nil { return nil, err } diff --git a/agent/connect/ca/provider_consul_test.go b/agent/connect/ca/provider_consul_test.go index f4e7c7923..6b4f31837 100644 --- a/agent/connect/ca/provider_consul_test.go +++ b/agent/connect/ca/provider_consul_test.go @@ -17,8 +17,9 @@ type consulCAMockDelegate struct { state *state.Store } -func (c *consulCAMockDelegate) State() *state.Store { - return c.state +func (c *consulCAMockDelegate) ProviderState(id string) (*structs.CAConsulProviderState, error) { + _, s, err := c.state.CAProviderState(id) + return s, err } func (c *consulCAMockDelegate) ApplyCARequest(req *structs.CARequest) (interface{}, error) { diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index adc9851d0..ef1920d7a 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -246,7 +246,6 @@ func (v *VaultProvider) GenerateRoot() error { DefaultLeaseTTL: v.config.RootCertTTL.String(), }, }) - if err != nil { return err } diff --git a/agent/connect/ca/testing.go b/agent/connect/ca/testing.go index 00f49c579..3b470063f 100644 --- a/agent/connect/ca/testing.go +++ b/agent/connect/ca/testing.go @@ -168,8 +168,11 @@ func runTestVault(t testing.T) (*TestVaultServer, error) { returnPortsFn: returnPortsFn, } t.Cleanup(func() { - testVault.Stop() + if err := testVault.Stop(); err != nil { + t.Log("failed to stop vault server: %w", err) + } }) + return testVault, nil } diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go index 22a4ec766..e03b1ed18 100644 --- a/agent/consul/leader_connect_ca.go +++ b/agent/consul/leader_connect_ca.go @@ -38,6 +38,8 @@ const ( // easier testing. type caServerDelegate interface { ca.ConsulProviderStateDelegate + + State() *state.Store IsLeader() bool ApplyCALeafRequest() (uint64, error) @@ -138,6 +140,11 @@ func (c *caDelegateWithState) ServersSupportMultiDCConnectCA() error { return nil } +func (c *caDelegateWithState) ProviderState(id string) (*structs.CAConsulProviderState, error) { + _, s, err := c.fsm.State().CAProviderState(id) + return s, err +} + func NewCAManager(delegate caServerDelegate, leaderRoutineManager *routine.Manager, logger hclog.Logger, config *Config) *CAManager { return &CAManager{ delegate: delegate, diff --git a/agent/consul/leader_connect_ca_test.go b/agent/consul/leader_connect_ca_test.go index 9ea55fd2d..a1ca8c12d 100644 --- a/agent/consul/leader_connect_ca_test.go +++ b/agent/consul/leader_connect_ca_test.go @@ -53,6 +53,11 @@ func (m *mockCAServerDelegate) State() *state.Store { return m.store } +func (m *mockCAServerDelegate) ProviderState(id string) (*structs.CAConsulProviderState, error) { + _, s, err := m.store.CAProviderState(id) + return s, err +} + func (m *mockCAServerDelegate) IsLeader() bool { return true } diff --git a/agent/consul/server.go b/agent/consul/server.go index 1d4bedb6b..dee51b15b 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -472,7 +472,7 @@ func NewServer(config *Config, flat Deps) (*Server, error) { return nil, fmt.Errorf("Failed to start Raft: %v", err) } - s.caManager = NewCAManager(&caDelegateWithState{s}, s.leaderRoutineManager, s.logger.ResetNamed("connect.ca"), s.config) + s.caManager = NewCAManager(&caDelegateWithState{Server: s}, s.leaderRoutineManager, s.logger.ResetNamed("connect.ca"), s.config) if s.config.ConnectEnabled && (s.config.AutoEncryptAllowTLS || s.config.AutoConfigAuthzEnabled) { go s.connectCARootsMonitor(&lib.StopChannelContext{StopCh: s.shutdownCh}) }