mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
Fix v9 trusted cluster DB CA sync (#13871)
This commit is contained in:
parent
a3bc24e28b
commit
f41d24630e
21
lib/cache/collections.go
vendored
21
lib/cache/collections.go
vendored
|
@ -805,8 +805,15 @@ func (c *certAuthority) fetch(ctx context.Context) (apply func(ctx context.Conte
|
||||||
return nil, trace.Wrap(err)
|
return nil, trace.Wrap(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DELETE IN 11.0.
|
||||||
|
// missingDatabaseCA is needed only when leaf cluster v9 is connected
|
||||||
|
// to root cluster v10. Database CA has been added in v10, so older
|
||||||
|
// clusters don't have it and fetchCertAuthorities() returns an error.
|
||||||
|
missingDatabaseCA := false
|
||||||
applyDatabaseCAs, err := c.fetchCertAuthorities(ctx, types.DatabaseCA)
|
applyDatabaseCAs, err := c.fetchCertAuthorities(ctx, types.DatabaseCA)
|
||||||
if err != nil {
|
if trace.IsBadParameter(err) {
|
||||||
|
missingDatabaseCA = true
|
||||||
|
} else if err != nil {
|
||||||
return nil, trace.Wrap(err)
|
return nil, trace.Wrap(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -822,8 +829,16 @@ func (c *certAuthority) fetch(ctx context.Context) (apply func(ctx context.Conte
|
||||||
if err := applyUserCAs(ctx); err != nil {
|
if err := applyUserCAs(ctx); err != nil {
|
||||||
return trace.Wrap(err)
|
return trace.Wrap(err)
|
||||||
}
|
}
|
||||||
if err := applyDatabaseCAs(ctx); err != nil {
|
if !missingDatabaseCA {
|
||||||
return trace.Wrap(err)
|
if err := applyDatabaseCAs(ctx); err != nil {
|
||||||
|
return trace.Wrap(err)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if err := c.trustCache.DeleteAllCertAuthorities(types.DatabaseCA); err != nil {
|
||||||
|
if !trace.IsNotFound(err) {
|
||||||
|
return trace.Wrap(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return trace.Wrap(applyJWTSigners(ctx))
|
return trace.Wrap(applyJWTSigners(ctx))
|
||||||
}, nil
|
}, nil
|
||||||
|
|
Loading…
Reference in a new issue