Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ensure ca caches include correct revision #48481

Merged
merged 1 commit into from
Nov 5, 2024
Merged

ensure ca caches include correct revision #48481

merged 1 commit into from
Nov 5, 2024

Conversation

fspmarshall
Copy link
Contributor

@fspmarshall fspmarshall commented Nov 5, 2024
edited
Loading

The UpsertCertAuthority method was skipping writes if the substantive content of a CA resource was unchanged. This worked fine before the introduction of revisions and atomic writes, but it is now common for items to have their revision change without their spec changing, and common for conditional operations to rely on the revisions present in the cache.

This problem was brought to light because the recent changes to UpsertTrustedCluster (#48009) made this issue much more likely to be hit, though we have a number of places where revisions/atomics were already used with CAs so its likely that this has been a problem for a while.

Fixes #48330

changelog: fixed an issue where modifying trusted clusters and/or cert authorities could result in a spurious "concurrent update" error.

@fspmarshall fspmarshall added no-changelog Indicates that a PR does not require a changelog entry backport/branch/v15 backport/branch/v16 backport/branch/v17 labels Nov 5, 2024
@github-actions github-actions bot requested review from camscale and zmb3 November 5, 2024 21:51
@fspmarshall fspmarshall added this pull request to the merge queue Nov 5, 2024
Merged via the queue into master with commit e6fc6a5 Nov 5, 2024
42 of 43 checks passed
@fspmarshall fspmarshall deleted the fspmarshall/ca-caching-fix branch November 5, 2024 22:26
@public-teleport-github-review-bot
Copy link

@fspmarshall See the table below for backport results.

Branch Result
branch/v15 Create PR
branch/v16 Create PR
branch/v17 Create PR

This was referenced Nov 5, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rosstimothy rosstimothy rosstimothy approved these changes

@bernardjkim bernardjkim bernardjkim approved these changes

Assignees
No one assigned
Labels
backport/branch/v15 backport/branch/v16 backport/branch/v17 no-changelog Indicates that a PR does not require a changelog entry size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Modify Trusted Cluster role_map
3 participants
@fspmarshall @bernardjkim @rosstimothy