Backport of NET-9178-Consul-api-gateway-not-starting-after-restart in…

…to release/1.3.x (#3986) * backport of commit a0ca997 * backport of commit 582fddc * backport of commit 3c1cab1 * update changelog --------- Co-authored-by: Sarah Alsmiller <[email protected]> Co-authored-by: sarahalsmiller <[email protected]>
hashicorp · May 22, 2024 · 7bd8e2f · 7bd8e2f
1 parent e7459be
commit 7bd8e2f
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/.changelog/3978.txt b/.changelog/3978.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+connect-inject: Fixed issue where on restart, if a managed-gateway-acl-role already existed the container would error
+```
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -34,6 +34,7 @@ BUG FIXES:
 * api-gateway: Fix order of initialization for creating ACL role/policy to avoid error logs in consul when upgrading between versions. [[GH-3918](https://github.com/hashicorp/consul-k8s/issues/3918)]
 * api-gateway: fix bug where multiple logical APIGateways would share the same ACL policy. [[GH-4001](https://github.com/hashicorp/consul-k8s/issues/4001)]
 * control-plane: fix a panic when an upstream annotation is malformed. [[GH-3956](https://github.com/hashicorp/consul-k8s/issues/3956)]
+* connect-inject: Fixed issue where on restart, if a managed-gateway-acl-role already existed the container would error [[GH-3978](https://github.com/hashicorp/consul-k8s/issues/3978)]
 
 ## 1.3.4 (March 28, 2024)
 

diff --git a/control-plane/api-gateway/cache/consul.go b/control-plane/api-gateway/cache/consul.go
@@ -397,6 +397,10 @@ func (c *Cache) ensurePolicy(client *api.Client, gatewayName string) (string, er
 	return existing.ID, nil
 }
 
+func getACLRoleName(gatewayName string) string {
+	return fmt.Sprint("managed-gateway-acl-role-", gatewayName)
+}
+
 func (c *Cache) ensureRole(client *api.Client, gatewayName string) (string, error) {
 	policyID, err := c.ensurePolicy(client, gatewayName)
 	if err != nil {
@@ -407,7 +411,7 @@ func (c *Cache) ensureRole(client *api.Client, gatewayName string) (string, erro
 	defer c.aclRoleMutex.Unlock()
 
 	createRole := func() (string, error) {
-		aclRoleName := fmt.Sprint("managed-gateway-acl-role-", gatewayName)
+		aclRoleName := getACLRoleName(gatewayName)
 		role := &api.ACLRole{
 			Name:        aclRoleName,
 			Description: "ACL Role for Managed API Gateways",
@@ -437,7 +441,7 @@ func (c *Cache) ensureRole(client *api.Client, gatewayName string) (string, erro
 		}
 
 		c.gatewayNameToRole[gatewayName] = role
-		return aclRoleName, err
+		return aclRoleName, nil
 	}
 
 	cachedRole, found := c.gatewayNameToRole[gatewayName]