open-consul/agent/local
Matt Keeler 31d9d2e557
Store primaries root in secondary after intermediate signature (#6333)
* Store primaries root in secondary after intermediate signature

This ensures that the intermediate exists within the CA root stored in raft and not just in the CA provider state. This has the very nice benefit of actually outputting the intermediate cert within the ca roots HTTP/RPC endpoints.

This change means that if signing the intermediate fails it will not set the root within raft. So far I have not come up with a reason why that is bad. The secondary CA roots watch will pull the root again and go through all the motions. So as soon as getting an intermediate CA works the root will get set.

* Make TestAgentAntiEntropy_Check_DeferSync less flaky

I am not sure this is the full fix but it seems to help for me.
2019-08-30 11:38:46 -04:00
..
state.go connect: remove managed proxies (#6220) 2019-08-09 15:19:30 -04:00
state_test.go Store primaries root in secondary after intermediate signature (#6333) 2019-08-30 11:38:46 -04:00
testing.go connect: remove managed proxies (#6220) 2019-08-09 15:19:30 -04:00