mirror of https://github.com/hashicorp/consul
Merge pull request #10612 from bigmikes/acl-replication-fix
acl: acl replication routine to report the last error messagepull/10812/head^2
commit
d3325b0253
|
@ -0,0 +1,3 @@
|
|||
```release-note:improvement
|
||||
acl: replication routine to report the last error message.
|
||||
```
|
|
@ -484,11 +484,12 @@ func (s *Server) IsACLReplicationEnabled() bool {
|
|||
s.config.ACLTokenReplication
|
||||
}
|
||||
|
||||
func (s *Server) updateACLReplicationStatusError() {
|
||||
func (s *Server) updateACLReplicationStatusError(errorMsg string) {
|
||||
s.aclReplicationStatusLock.Lock()
|
||||
defer s.aclReplicationStatusLock.Unlock()
|
||||
|
||||
s.aclReplicationStatus.LastError = time.Now().Round(time.Second).UTC()
|
||||
s.aclReplicationStatus.LastErrorMessage = errorMsg
|
||||
}
|
||||
|
||||
func (s *Server) updateACLReplicationStatusIndex(replicationType structs.ACLReplicationType, index uint64) {
|
||||
|
|
|
@ -780,6 +780,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) {
|
|||
require.True(r, status.ReplicatedTokenIndex < token2.CreateIndex, "ReplicatedTokenIndex is not less than the token2s create index")
|
||||
// ensures that token replication is erroring
|
||||
require.True(r, status.LastError.After(minErrorTime), "Replication LastError not after the minErrorTime")
|
||||
require.Equal(r, status.LastErrorMessage, "failed to retrieve unredacted tokens - replication token in use does not grant acl:write")
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -807,7 +807,7 @@ func (s *Server) runLegacyACLReplication(ctx context.Context) error {
|
|||
0,
|
||||
)
|
||||
lastRemoteIndex = 0
|
||||
s.updateACLReplicationStatusError()
|
||||
s.updateACLReplicationStatusError(err.Error())
|
||||
legacyACLLogger.Warn("Legacy ACL replication error (will retry if still leader)", "error", err)
|
||||
} else {
|
||||
metrics.SetGauge([]string{"leader", "replication", "acl-legacy", "status"},
|
||||
|
@ -924,7 +924,7 @@ func (s *Server) runACLReplicator(
|
|||
0,
|
||||
)
|
||||
lastRemoteIndex = 0
|
||||
s.updateACLReplicationStatusError()
|
||||
s.updateACLReplicationStatusError(err.Error())
|
||||
logger.Warn("ACL replication error (will retry if still leader)",
|
||||
"error", err,
|
||||
)
|
||||
|
|
|
@ -1273,6 +1273,7 @@ type ACLReplicationStatus struct {
|
|||
ReplicatedTokenIndex uint64
|
||||
LastSuccess time.Time
|
||||
LastError time.Time
|
||||
LastErrorMessage string
|
||||
}
|
||||
|
||||
// ACLTokenSetRequest is used for token creation and update operations
|
||||
|
|
|
@ -106,6 +106,7 @@ type ACLReplicationStatus struct {
|
|||
ReplicatedTokenIndex uint64
|
||||
LastSuccess time.Time
|
||||
LastError time.Time
|
||||
LastErrorMessage string
|
||||
}
|
||||
|
||||
// ACLServiceIdentity represents a high-level grant of all necessary privileges
|
||||
|
|
Loading…
Reference in New Issue