self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 01:34:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix v9 trusted cluster DB CA sync (#13871)

Browse source
This commit is contained in:
Jakub Nyckowski 2022-06-30 03:01:09 -04:00 committed by GitHub
parent a3bc24e28b
commit f41d24630e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
lib/cache/collections.go vendored
View file

@ -805,8 +805,15 @@ func (c *certAuthority) fetch(ctx context.Context) (apply func(ctx context.Conte
return nil, trace.Wrap(err) return nil, trace.Wrap(err)
} }
// DELETE IN 11.0.
// missingDatabaseCA is needed only when leaf cluster v9 is connected
// to root cluster v10. Database CA has been added in v10, so older
// clusters don't have it and fetchCertAuthorities() returns an error.
missingDatabaseCA := false
applyDatabaseCAs, err := c.fetchCertAuthorities(ctx, types.DatabaseCA) applyDatabaseCAs, err := c.fetchCertAuthorities(ctx, types.DatabaseCA)
if err != nil { if trace.IsBadParameter(err) {
missingDatabaseCA = true
} else if err != nil {
return nil, trace.Wrap(err) return nil, trace.Wrap(err)
} }
@ -822,8 +829,16 @@ func (c *certAuthority) fetch(ctx context.Context) (apply func(ctx context.Conte
if err := applyUserCAs(ctx); err != nil { if err := applyUserCAs(ctx); err != nil {
return trace.Wrap(err) return trace.Wrap(err)
} }
if err := applyDatabaseCAs(ctx); err != nil { if !missingDatabaseCA {
return trace.Wrap(err) if err := applyDatabaseCAs(ctx); err != nil {
return trace.Wrap(err)
}
} else {
if err := c.trustCache.DeleteAllCertAuthorities(types.DatabaseCA); err != nil {
if !trace.IsNotFound(err) {
return trace.Wrap(err)
}
}
} }
return trace.Wrap(applyJWTSigners(ctx)) return trace.Wrap(applyJWTSigners(ctx))
}, nil }, nil