From ac9b330f6b5c8409a87d402b369b5cbbcbcd4711 Mon Sep 17 00:00:00 2001 From: sasha Date: Wed, 15 Apr 2020 18:11:11 +0300 Subject: [PATCH] add DNSSAN and IPSAN to cache key (#7597) --- agent/cache-types/connect_ca_leaf.go | 2 ++ agent/cache-types/connect_ca_leaf_test.go | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/agent/cache-types/connect_ca_leaf.go b/agent/cache-types/connect_ca_leaf.go index e14d36a327..fd09919dfb 100644 --- a/agent/cache-types/connect_ca_leaf.go +++ b/agent/cache-types/connect_ca_leaf.go @@ -660,6 +660,8 @@ func (r *ConnectCALeafRequest) Key() string { v, err := hashstructure.Hash([]interface{}{ r.Service, r.EnterpriseMeta, + r.DNSSAN, + r.IPSAN, }, nil) if err == nil { return fmt.Sprintf("service:%d", v) diff --git a/agent/cache-types/connect_ca_leaf_test.go b/agent/cache-types/connect_ca_leaf_test.go index e3669e27ad..ec2dd6e905 100644 --- a/agent/cache-types/connect_ca_leaf_test.go +++ b/agent/cache-types/connect_ca_leaf_test.go @@ -2,6 +2,7 @@ package cachetype import ( "fmt" + "net" "strings" "sync/atomic" "testing" @@ -1022,12 +1023,26 @@ func TestConnectCALeaf_Key(t *testing.T) { r1 := ConnectCALeafRequest{Service: "web"} r2 := ConnectCALeafRequest{Service: "api"} + r3 := ConnectCALeafRequest{DNSSAN: []string{"a.com"}} + r4 := ConnectCALeafRequest{DNSSAN: []string{"b.com"}} + + r5 := ConnectCALeafRequest{IPSAN: []net.IP{net.ParseIP("192.168.4.139")}} + r6 := ConnectCALeafRequest{IPSAN: []net.IP{net.ParseIP("192.168.4.140")}} // hashstructure will hash the service name + ent meta to produce this key r1Key := r1.Key() r2Key := r2.Key() + + r3Key := r3.Key() + r4Key := r4.Key() + + r5Key := r5.Key() + r6Key := r6.Key() + require.True(t, strings.HasPrefix(r1Key, "service:"), "Key %s does not start with service:", r1Key) require.True(t, strings.HasPrefix(r2Key, "service:"), "Key %s does not start with service:", r2Key) require.NotEqual(t, r1Key, r2Key, "Cache keys for different services are not equal") + require.NotEqual(t, r3Key, r4Key, "Cache keys for different DNSSAN are not equal") + require.NotEqual(t, r5Key, r6Key, "Cache keys for different IPSAN are not equal") r := ConnectCALeafRequest{Agent: "abc"} require.Equal(t, "agent:abc", r.Key()) }