From 120f165cdf92c739c95d2eb9d6fcc8eba5667e17 Mon Sep 17 00:00:00 2001 From: Noah Stride Date: Mon, 9 Sep 2024 14:02:36 +0100 Subject: [PATCH] Try to narrow down trust bundle cache flake --- lib/tbot/spiffe/trust_bundle_cache.go | 20 ++++++++++++++++++-- lib/tbot/spiffe/trust_bundle_cache_test.go | 1 + 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/lib/tbot/spiffe/trust_bundle_cache.go b/lib/tbot/spiffe/trust_bundle_cache.go index 6040e9c997b4..6102d3536b88 100644 --- a/lib/tbot/spiffe/trust_bundle_cache.go +++ b/lib/tbot/spiffe/trust_bundle_cache.go @@ -473,6 +473,11 @@ func (m *TrustBundleCache) processEvent(ctx context.Context, event types.Event) ) return } + log.DebugContext( + ctx, + "Processing update for local trust bundle", + "trusted_tls_key_pairs", len(ca.GetTrustedTLSKeyPairs()), + ) bundle, err := convertSPIFFECAToBundle(ca) if err != nil { @@ -494,7 +499,11 @@ func (m *TrustBundleCache) processEvent(ctx context.Context, event types.Event) ) return } - log.InfoContext(ctx, "Processed update for local trust bundle") + log.InfoContext( + ctx, + "Processed update for local trust bundle", + "x509_authorities", len(bundle.X509Authorities()), + ) bundleSet.Local = bundle m.setAndBroadcastBundleSet(bundleSet) case types.KindSPIFFEFederation: @@ -516,6 +525,11 @@ func (m *TrustBundleCache) processEvent(ctx context.Context, event types.Event) ) return } + log.DebugContext( + ctx, + "Processing update for federated trust bundle", + ) + bundle, err := convertSPIFFEFederationToBundle(federation) if err != nil { // TODO: Should we match the behavior for the local trust @@ -538,7 +552,9 @@ func (m *TrustBundleCache) processEvent(ctx context.Context, event types.Event) return } log.InfoContext( - ctx, "Processed update for federated trust bundle", + ctx, + "Processed update for federated trust bundle", + "x509_authorities", len(bundle.X509Authorities()), ) bundleSet.Federated[federation.Metadata.Name] = bundle m.setAndBroadcastBundleSet(bundleSet) diff --git a/lib/tbot/spiffe/trust_bundle_cache_test.go b/lib/tbot/spiffe/trust_bundle_cache_test.go index 2550d8776bc9..117ca2bfcdbe 100644 --- a/lib/tbot/spiffe/trust_bundle_cache_test.go +++ b/lib/tbot/spiffe/trust_bundle_cache_test.go @@ -250,6 +250,7 @@ func TestTrustBundleCache_Run(t *testing.T) { require.True(t, gotFederatedBundle.Equal(preInitFed)) // Update the local bundle with a new additional cert + ca = ca.Clone() additionalCAKey, additionalCACertPEM, err := tlsca.GenerateSelfSignedCA(pkix.Name{}, []string{}, time.Hour) require.NoError(t, err) additionalCACert, err := tlsca.ParseCertificatePEM(additionalCACertPEM)