Skip to content

Commit

Permalink
Try to narrow down trust bundle cache flake (#46377)
Browse files Browse the repository at this point in the history
  • Loading branch information
@strideynet
strideynet committed Sep 10, 2024
1 parent da781bf commit feec425
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 2 deletions.
20 changes: 18 additions & 2 deletions lib/tbot/spiffe/trust_bundle_cache.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -473,6 +473,11 @@ func (m *TrustBundleCache) processEvent(ctx context.Context, event types.Event)
)
return
}
log.DebugContext(
ctx,
"Processing update for local trust bundle",
"trusted_tls_key_pairs", len(ca.GetTrustedTLSKeyPairs()),
)

bundle, err := convertSPIFFECAToBundle(ca)
if err != nil {
Expand All @@ -494,7 +499,11 @@ func (m *TrustBundleCache) processEvent(ctx context.Context, event types.Event)
)
return
}
log.InfoContext(ctx, "Processed update for local trust bundle")
log.InfoContext(
ctx,
"Processed update for local trust bundle",
"x509_authorities", len(bundle.X509Authorities()),
)
bundleSet.Local = bundle
m.setAndBroadcastBundleSet(bundleSet)
case types.KindSPIFFEFederation:
Expand All @@ -516,6 +525,11 @@ func (m *TrustBundleCache) processEvent(ctx context.Context, event types.Event)
)
return
}
log.DebugContext(
ctx,
"Processing update for federated trust bundle",
)

bundle, err := convertSPIFFEFederationToBundle(federation)
if err != nil {
// TODO: Should we match the behavior for the local trust
Expand All @@ -538,7 +552,9 @@ func (m *TrustBundleCache) processEvent(ctx context.Context, event types.Event)
return
}
log.InfoContext(
ctx, "Processed update for federated trust bundle",
ctx,
"Processed update for federated trust bundle",
"x509_authorities", len(bundle.X509Authorities()),
)
bundleSet.Federated[federation.Metadata.Name] = bundle
m.setAndBroadcastBundleSet(bundleSet)
Expand Down
1 change: 1 addition & 0 deletions lib/tbot/spiffe/trust_bundle_cache_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,7 @@ func TestTrustBundleCache_Run(t *testing.T) {
require.True(t, gotFederatedBundle.Equal(preInitFed))

// Update the local bundle with a new additional cert
ca = ca.Clone()
additionalCAKey, additionalCACertPEM, err := tlsca.GenerateSelfSignedCA(pkix.Name{}, []string{}, time.Hour)
require.NoError(t, err)
additionalCACert, err := tlsca.ParseCertificatePEM(additionalCACertPEM)
Expand Down

0 comments on commit feec425

Please sign in to comment.