ca: isolate more of the CA logic in CAManager #10445
Conversation
dnephin
added
theme/internal-cleanup
github-actions
bot
added
theme/connect
|
Looks like there is a lint error and a couple test failures to fix. |
dnephin
force-pushed
the
dnephin/ca-provider-explore
branch
from
1d6d6a9 to
1d69937
Compare
| caStateUninitialized caState = "UNINITIALIZED" | ||
| caStateInitializing = "INITIALIZING" | ||
| caStateInitialized = "INITIALIZED" | ||
| caStateRenewIntermediate = "RENEWING" | ||
| caStateReconfig = "RECONFIGURING" | ||
| caStateInitializing caState = "INITIALIZING" | ||
| caStateInitialized caState = "INITIALIZED" | ||
| caStateRenewIntermediate caState = "RENEWING" | ||
| caStateReconfig caState = "RECONFIGURING" |
There was a problem hiding this comment.
Implicit using the type in a const block only works with iota. In blocks like this without iota the type has to be explicit. This was changed so that tests can use require.Equal , instead of require.EqualValue
| c.primaryRoots = structs.IndexedCARoots{} | ||
| c.actingSecondaryCA = false |
There was a problem hiding this comment.
TODO: check to see if this should be done in Stop, should primaryRoots and actingSecondarCA be called to zero things out on leader loss.
There was a problem hiding this comment.
I checked and I'm pretty sure it's needed to clean up the struc and the state. I added them as part of the stop
There was a problem hiding this comment.
How was reset() being used originally? I can't find where it was being called from
There was a problem hiding this comment.
It wasn't, which is why 7dae65c was able to remove the method without any other changes. While reviewing this I thought it might be worth checking to see if the Stop method was missing any of this logic, and I guess it was.
I believe an earlier change must have removed the call to reset, but I haven't looked into it.
There was a problem hiding this comment.
Got it. I just saw that when reset was added it wasn't being called then either, looks like a stray change.
The important parts of reset were to set the state to uninitialized and set the provider to nil, and those were being handled directly in revokeLeadership.
It's definitely clearer to move those down into caManager.Stop() rather than spread around.
Reducing the coupling between Server and CAManager
This further decouples the CAManager from Server. It reduces the interface between them and removes the need for the SetLogger method on providers.
This method on Server was only used by the caDelegateWithState, so move it there until we can move it entirely into CAManager.
After moving ca.ConsulProviderStateDelegate into the interface we now have the ApplyCARequest method which does the same thing. Use this more specific method instead of raftApply.
and small refactor to getCAProvider so that GoLand is less confused about what it is doing. Previously it was reporting that the for condition was always true, which was not the case.
raftApply was removed so ApplyCARequest needs to handle all the possible operations Also set the providerShim to use the mock provider. other changes are small test improvements that were necessary to debug the failures.
dhiaayachi
force-pushed
the
dnephin/ca-provider-explore
branch
from
1d69937 to
0475378
Compare
| @@ -473,7 +473,7 @@ func NewServer(config *Config, flat Deps) (*Server, error) { | |||
| return nil, fmt.Errorf("Failed to start Raft: %v", err) | |||
| } | |||
|
|
|||
| s.caManager = NewCAManager(&caDelegateWithState{s}, s.leaderRoutineManager, s.loggers.Named(logging.Connect), s.config) | |||
| s.caManager = NewCAManager(&caDelegateWithState{s}, s.leaderRoutineManager, s.logger.ResetNamed("connect.ca"), s.config) | |||
There was a problem hiding this comment.
There's a logging.CA constant, "ca", that could be used here. I'm not sure how much value is added by the "connect." prefix.
There was a problem hiding this comment.
This was to keep it consistent with the previous logger name.
IMO, the logging constants are not really valuable. I think we should aim to only create a logger with a given name in one place, which makes the name constants in some far away package more of a nuisance than something helpful. If we want a constant it could be un-exported in the local package.
| c.primaryRoots = structs.IndexedCARoots{} | ||
| c.actingSecondaryCA = false |
There was a problem hiding this comment.
How was reset() being used originally? I can't find where it was being called from
Adds a contructor for the one provider that did not have one.
|
Pushed another commit which makes the provider constructors more consistent. |
|
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/407297. |
Best viewed by individual commit.
This is in preparation for documenting the CA provider flows, and fixing some bugs related to CA provider in secondary DCs.