From 7c3f4528ba4e006f88a7c30eb2bc80d312cd8363 Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Thu, 29 Jun 2023 09:53:15 -0500 Subject: [PATCH] Backport of Fixes Secondary ConnectCA update into release/1.15.x (#17953) * backport of commit afa1f42cc719b13074f2f286202d8f21b8000753 * backport of commit e0970025d4c2e2702af30e642b37dd5e32561756 * backport of commit 2f2aad545b1ebcae22bb481b57115a679eb539e5 * backport of commit 4a5c9c181f50343911cd30fbb0f0475e473a2c7b --------- Co-authored-by: Ranjandas Co-authored-by: Chris S. Kim --- .changelog/17846.txt | 3 +++ agent/consul/leader_connect_ca.go | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 .changelog/17846.txt diff --git a/.changelog/17846.txt b/.changelog/17846.txt new file mode 100644 index 0000000000..bd5a052f85 --- /dev/null +++ b/.changelog/17846.txt @@ -0,0 +1,3 @@ +```release-note:bug +connect/ca: Fixes a bug preventing CA configuration updates in secondary datacenters +``` diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go index abb92f54b6..39defb752b 100644 --- a/agent/consul/leader_connect_ca.go +++ b/agent/consul/leader_connect_ca.go @@ -754,7 +754,9 @@ func shouldPersistNewRootAndConfig(newActiveRoot *structs.CARoot, oldConfig, new if newConfig == nil { return false } - return newConfig.Provider == oldConfig.Provider && reflect.DeepEqual(newConfig.Config, oldConfig.Config) + + // Do not persist if the new provider and config are the same as the old + return !(newConfig.Provider == oldConfig.Provider && reflect.DeepEqual(newConfig.Config, oldConfig.Config)) } func (c *CAManager) UpdateConfiguration(args *structs.CARequest) (reterr error) {