Skip to content

Commit

Permalink
Backport of Add empty expiry crlConfig upgrade test into release/1.12…
Browse files Browse the repository at this point in the history 
….x (#17705)

* backport of commit c3d0f9f

* Default crl expiry (#17693)

Ref: #17642

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: James Protzman <JNProtzman@gmail.com>
  • Loading branch information
@hc-github-team-secure-vault-core @cipherboy @JNProtzman
3 people committed Oct 31, 2022
1 parent f353170 commit 7c18e36
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 0 deletions.
23 changes: 23 additions & 0 deletions builtin/logical/pki/backend_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5837,6 +5837,29 @@ EBuOIhCv6WiwVyGeTVynuHYkHyw3rIL/zU7N8+zIFV2G2M1UAv5D/eyh/74cr9Of
requireSuccessNonNilResponse(t, resp, err, "failed to issue PSS leaf")
}

func TestPKI_EmptyCRLConfigUpgraded(t *testing.T) {
t.Parallel()
b, s := createBackendWithStorage(t)

// Write an empty CRLConfig into storage.
crlConfigEntry, err := logical.StorageEntryJSON("config/crl", &crlConfig{})
require.NoError(t, err)
err = s.Put(ctx, crlConfigEntry)
require.NoError(t, err)

resp, err := CBRead(b, s, "config/crl")
require.NoError(t, err)
require.NotNil(t, resp)
require.NotNil(t, resp.Data)
require.Equal(t, resp.Data["expiry"], defaultCrlConfig.Expiry)
require.Equal(t, resp.Data["disable"], defaultCrlConfig.Disable)
require.Equal(t, resp.Data["ocsp_disable"], defaultCrlConfig.OcspDisable)
require.Equal(t, resp.Data["auto_rebuild"], defaultCrlConfig.AutoRebuild)
require.Equal(t, resp.Data["auto_rebuild_grace_period"], defaultCrlConfig.AutoRebuildGracePeriod)
require.Equal(t, resp.Data["enable_delta"], defaultCrlConfig.EnableDelta)
require.Equal(t, resp.Data["delta_rebuild_interval"], defaultCrlConfig.DeltaRebuildInterval)
}

var (
initTest sync.Once
rsaCAKey string
Expand Down
12 changes: 12 additions & 0 deletions builtin/logical/pki/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1173,6 +1173,18 @@ func (sc *storageContext) getRevocationConfig() (*crlConfig, error) {
result.AutoRebuildGracePeriod = defaultCrlConfig.AutoRebuildGracePeriod
result.Version = 1
}
if result.Version == 1 {
if result.DeltaRebuildInterval == "" {
result.DeltaRebuildInterval = defaultCrlConfig.DeltaRebuildInterval
}
result.Version = 2
}

// Depending on client version, it's possible that the expiry is unset.
// This sets the default value to prevent issues in downstream code.
if result.Expiry == "" {
result.Expiry = defaultCrlConfig.Expiry
}

return &result, nil
}
Expand Down
3 changes: 3 additions & 0 deletions changelog/17693.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
secrets/pki: Fix upgrade of missing expiry, delta_rebuild_interval by setting them to the default.
```

0 comments on commit 7c18e36

Please sign in to comment.