Initialize the agent leaf cert cache result with a state to prevent unnecessary second certificate signing
This commit is contained in:
parent
fa42d9b34f
commit
e9e88e4527
|
@ -877,7 +877,17 @@ func (a *Agent) setupClientAutoEncryptCache(reply *structs.SignedResponse) (*str
|
|||
}
|
||||
|
||||
// prepolutate leaf cache
|
||||
certRes := cache.FetchResult{Value: &reply.IssuedCert, Index: reply.ConnectCARoots.QueryMeta.Index}
|
||||
certRes := cache.FetchResult{
|
||||
Value: &reply.IssuedCert,
|
||||
Index: reply.ConnectCARoots.QueryMeta.Index,
|
||||
}
|
||||
|
||||
for _, ca := range reply.ConnectCARoots.Roots {
|
||||
if ca.ID == reply.ConnectCARoots.ActiveRootID {
|
||||
certRes.State = cachetype.ConnectCALeafSuccess(ca.SigningKeyID)
|
||||
break
|
||||
}
|
||||
}
|
||||
if err := a.cache.Prepopulate(cachetype.ConnectCALeafName, certRes, a.config.Datacenter, a.tokens.AgentToken(), leafReq.Key()); err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
|
|
|
@ -121,6 +121,15 @@ type fetchState struct {
|
|||
consecutiveRateLimitErrs int
|
||||
}
|
||||
|
||||
func ConnectCALeafSuccess(authorityKeyID string) interface{} {
|
||||
return fetchState{
|
||||
authorityKeyID: authorityKeyID,
|
||||
forceExpireAfter: time.Time{},
|
||||
consecutiveRateLimitErrs: 0,
|
||||
activeRootRotationStart: time.Time{},
|
||||
}
|
||||
}
|
||||
|
||||
// fetchStart is called on each fetch that is about to block and wait for
|
||||
// changes to the leaf. It subscribes a chan to receive updates from the shared
|
||||
// root watcher and triggers root watcher if it's not already running.
|
||||
|
|
Loading…
Reference in New Issue