Add empty expiry crlConfig upgrade test (#17701)
* Add regression test for default CRL expiry Also fixes a bug w.r.t. upgrading older entries and missing the Delta Rebuild Interval field, setting it to the default. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog for earlier PR Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
This commit is contained in:
Alexander Scheel
GitHub
parent
bf3749ff6d
commit
d67023c3b3
|
|
@ -5861,6 +5861,29 @@ EBuOIhCv6WiwVyGeTVynuHYkHyw3rIL/zU7N8+zIFV2G2M1UAv5D/eyh/74cr9Of
|
||||||
requireSuccessNonNilResponse(t, resp, err, "failed to issue PSS leaf")
|
requireSuccessNonNilResponse(t, resp, err, "failed to issue PSS leaf")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestPKI_EmptyCRLConfigUpgraded(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
b, s := createBackendWithStorage(t)
|
||||||
|
|
||||||
|
// Write an empty CRLConfig into storage.
|
||||||
|
crlConfigEntry, err := logical.StorageEntryJSON("config/crl", &crlConfig{})
|
||||||
|
require.NoError(t, err)
|
||||||
|
err = s.Put(ctx, crlConfigEntry)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
resp, err := CBRead(b, s, "config/crl")
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.NotNil(t, resp)
|
||||||
|
require.NotNil(t, resp.Data)
|
||||||
|
require.Equal(t, resp.Data["expiry"], defaultCrlConfig.Expiry)
|
||||||
|
require.Equal(t, resp.Data["disable"], defaultCrlConfig.Disable)
|
||||||
|
require.Equal(t, resp.Data["ocsp_disable"], defaultCrlConfig.OcspDisable)
|
||||||
|
require.Equal(t, resp.Data["auto_rebuild"], defaultCrlConfig.AutoRebuild)
|
||||||
|
require.Equal(t, resp.Data["auto_rebuild_grace_period"], defaultCrlConfig.AutoRebuildGracePeriod)
|
||||||
|
require.Equal(t, resp.Data["enable_delta"], defaultCrlConfig.EnableDelta)
|
||||||
|
require.Equal(t, resp.Data["delta_rebuild_interval"], defaultCrlConfig.DeltaRebuildInterval)
|
||||||
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
initTest sync.Once
|
initTest sync.Once
|
||||||
rsaCAKey string
|
rsaCAKey string
|
||||||
|
|
|
||||||
|
|
@ -1173,6 +1173,12 @@ func (sc *storageContext) getRevocationConfig() (*crlConfig, error) {
|
||||||
result.AutoRebuildGracePeriod = defaultCrlConfig.AutoRebuildGracePeriod
|
result.AutoRebuildGracePeriod = defaultCrlConfig.AutoRebuildGracePeriod
|
||||||
result.Version = 1
|
result.Version = 1
|
||||||
}
|
}
|
||||||
|
if result.Version == 1 {
|
||||||
|
if result.DeltaRebuildInterval == "" {
|
||||||
|
result.DeltaRebuildInterval = defaultCrlConfig.DeltaRebuildInterval
|
||||||
|
}
|
||||||
|
result.Version = 2
|
||||||
|
}
|
||||||
|
|
||||||
// Depending on client version, it's possible that the expiry is unset.
|
// Depending on client version, it's possible that the expiry is unset.
|
||||||
// This sets the default value to prevent issues in downstream code.
|
// This sets the default value to prevent issues in downstream code.
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:bug
|
||||||
|
secrets/pki: Fix upgrade of missing expiry, delta_rebuild_interval by setting them to the default.
|
||||||
|
```
|
||||||
Loading…
Reference in New Issue