From db584696fd80bc61e31c7f214e91e12fad340cba Mon Sep 17 00:00:00 2001 From: hc-github-team-consul-core Date: Mon, 5 Jun 2023 13:32:17 -0400 Subject: [PATCH] Backport of Fix up case where subscription is terminated due to ACLs changing or a snapshot restore occurring into release/1.15.x (#17567) * backport of commit 82e7d4fe18d450b2d43d476b704dc3ef1d155184 * backport of commit 45008e27c356321d7c94b23b165cce1b04a5dfb3 * backport of commit bdee9e3b9858ca9b654de853bcb4c77d8f14843e --------- Co-authored-by: Andrew Stucki --- .changelog/17566.txt | 3 +++ agent/proxycfg-glue/glue.go | 7 +++++++ 2 files changed, 10 insertions(+) create mode 100644 .changelog/17566.txt diff --git a/.changelog/17566.txt b/.changelog/17566.txt new file mode 100644 index 0000000000..f15718bd76 --- /dev/null +++ b/.changelog/17566.txt @@ -0,0 +1,3 @@ +```release-note:bug +xds: Fixed a bug where modifying ACLs on a token being actively used for an xDS connection caused all xDS updates to fail. +``` diff --git a/agent/proxycfg-glue/glue.go b/agent/proxycfg-glue/glue.go index a188a0a852..9730a417f8 100644 --- a/agent/proxycfg-glue/glue.go +++ b/agent/proxycfg-glue/glue.go @@ -2,6 +2,7 @@ package proxycfgglue import ( "context" + "errors" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" @@ -137,6 +138,12 @@ func newUpdateEvent(correlationID string, result any, err error) proxycfg.Update if acl.IsErrNotFound(err) { err = proxycfg.TerminalError(err) } + // these are also errors where we should mark them + // as terminal for the sake of proxycfg, since they require + // a resubscribe. + if errors.Is(err, stream.ErrSubForceClosed) || errors.Is(err, stream.ErrShuttingDown) { + err = proxycfg.TerminalError(err) + } return proxycfg.UpdateEvent{ CorrelationID: correlationID, Result: result,