diff options
author | Andreas Eriksen <andreer@verizonmedia.com> | 2021-02-15 10:20:43 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-15 10:20:43 +0100 |
commit | 9c519b1d3f14fb40f3d66487d6c1dcd6e63e1128 (patch) | |
tree | e23751362090a79ce70d077c8f3339b4489e56a2 /controller-server | |
parent | 5e6d0030e9bc9d4b61327ee62ae441a7322fc811 (diff) |
do not replace original request_id (#16509)
* do not replace original request_id
* token attempt to clarify intent in test
Diffstat (limited to 'controller-server')
2 files changed, 5 insertions, 2 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java index 86ba25b7ad7..f071fe86002 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManager.java @@ -89,7 +89,9 @@ public class EndpointCertificateManager { // Re-provision certificate if it is missing SANs for the zone we are deploying to var requiredSansForZone = dnsNamesOf(instance.id(), zone); if (!currentCertificateMetadata.get().requestedDnsSans().containsAll(requiredSansForZone)) { - var reprovisionedCertificateMetadata = provisionEndpointCertificate(instance, currentCertificateMetadata, zone, instanceSpec); + var reprovisionedCertificateMetadata = + provisionEndpointCertificate(instance, currentCertificateMetadata, zone, instanceSpec) + .withRequestId(currentCertificateMetadata.get().request_id()); // We're required to keep the original request_id curator.writeEndpointCertificateMetadata(instance.id(), reprovisionedCertificateMetadata); // Verification is unlikely to succeed in this case, as certificate must be available first - controller will retry endpointCertificateValidator.validate(reprovisionedCertificateMetadata, instance.id().serializedForm(), zone, requiredSansForZone); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManagerTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManagerTest.java index be77f355e35..fa0af070e1e 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManagerTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificateManagerTest.java @@ -161,7 +161,7 @@ public class EndpointCertificateManagerTest { public void reprovisions_certificate_with_added_sans_when_deploying_to_new_zone() { ZoneId testZone = zoneRegistryMock.zones().directlyRouted().in(Environment.prod).zones().stream().skip(1).findFirst().orElseThrow().getId(); - mockCuratorDb.writeEndpointCertificateMetadata(testInstance.id(), new EndpointCertificateMetadata(testKeyName, testCertName, -1, 0, "uuid", expectedSans, "mockCa", Optional.empty(), Optional.empty())); + mockCuratorDb.writeEndpointCertificateMetadata(testInstance.id(), new EndpointCertificateMetadata(testKeyName, testCertName, -1, 0, "original-request-uuid", expectedSans, "mockCa", Optional.empty(), Optional.empty())); secretStore.setSecret("vespa.tls.default.default.default-key", KeyUtils.toPem(testKeyPair.getPrivate()), -1); secretStore.setSecret("vespa.tls.default.default.default-cert", X509CertificateUtils.toPem(testCertificate) + X509CertificateUtils.toPem(testCertificate), -1); @@ -172,6 +172,7 @@ public class EndpointCertificateManagerTest { assertTrue(endpointCertificateMetadata.isPresent()); assertEquals(0, endpointCertificateMetadata.get().version()); assertEquals(endpointCertificateMetadata, mockCuratorDb.readEndpointCertificateMetadata(testInstance.id())); + assertEquals("original-request-uuid", endpointCertificateMetadata.get().request_id()); assertEquals(Set.copyOf(expectedCombinedSans), Set.copyOf(endpointCertificateMetadata.get().requestedDnsSans())); } |