From 5a36b35ad12bdf1e8d6db6759acfb35d965ab3ec Mon Sep 17 00:00:00 2001 From: Sasha Klizhentas Date: Fri, 25 Jan 2019 18:34:21 -0800 Subject: [PATCH] Fetch certificate authorities during every login. This commit fixes the problem when login is initiated during another command, for example 'tsh ls' and misses code path that updated cert authorities in the main module. By moving code in the Login the change makes sure that additional cert authorities are always fetched. --- lib/client/api.go | 6 ++++++ tool/tsh/tsh.go | 6 ------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/client/api.go b/lib/client/api.go index 2b052adad14..98c53288a80 100644 --- a/lib/client/api.go +++ b/lib/client/api.go @@ -1603,6 +1603,12 @@ func (tc *TeleportClient) Login(ctx context.Context, activateKey bool) (*Key, er if err != nil { return nil, trace.Wrap(err) } + + // Connect to the Auth Server of the main cluster + // and fetch the known hosts for this cluster. + if err := tc.UpdateTrustedCA(ctx, key.ClusterName); err != nil { + return nil, trace.Wrap(err) + } } return key, nil } diff --git a/tool/tsh/tsh.go b/tool/tsh/tsh.go index 09247696140..ad14d9c9f4e 100644 --- a/tool/tsh/tsh.go +++ b/tool/tsh/tsh.go @@ -438,12 +438,6 @@ func onLogin(cf *CLIConf) { // Regular login without -i flag. tc.SaveProfile("") - // Connect to the Auth Server and fetch the known hosts for this cluster. - err = tc.UpdateTrustedCA(cf.Context, key.ClusterName) - if err != nil { - utils.FatalError(err) - } - // Print status to show information of the logged in user. Update the // command line flag (used to print status) for the proxy to make sure any // advertised settings are picked up.