Skip to content

Commit

Permalink
Merge pull request #10612 from bigmikes/acl-replication-fix
Browse files Browse the repository at this point in the history
acl: acl replication routine to report the last error message
  • Loading branch information
dnephin authored Aug 6, 2021
2 parents cbab337 + d4a3fe3 commit d3325b0
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 3 deletions.
3 changes: 3 additions & 0 deletions .changelog/10612.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
acl: replication routine to report the last error message.
```
3 changes: 2 additions & 1 deletion agent/consul/acl_replication.go
Original file line number Diff line number Diff line change
Expand Up @@ -484,11 +484,12 @@ func (s *Server) IsACLReplicationEnabled() bool {
s.config.ACLTokenReplication
}

func (s *Server) updateACLReplicationStatusError() {
func (s *Server) updateACLReplicationStatusError(errorMsg string) {
s.aclReplicationStatusLock.Lock()
defer s.aclReplicationStatusLock.Unlock()

s.aclReplicationStatus.LastError = time.Now().Round(time.Second).UTC()
s.aclReplicationStatus.LastErrorMessage = errorMsg
}

func (s *Server) updateACLReplicationStatusIndex(replicationType structs.ACLReplicationType, index uint64) {
Expand Down
1 change: 1 addition & 0 deletions agent/consul/acl_replication_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -780,6 +780,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) {
require.True(r, status.ReplicatedTokenIndex < token2.CreateIndex, "ReplicatedTokenIndex is not less than the token2s create index")
// ensures that token replication is erroring
require.True(r, status.LastError.After(minErrorTime), "Replication LastError not after the minErrorTime")
require.Equal(r, status.LastErrorMessage, "failed to retrieve unredacted tokens - replication token in use does not grant acl:write")
})
}

Expand Down
4 changes: 2 additions & 2 deletions agent/consul/leader.go
Original file line number Diff line number Diff line change
Expand Up @@ -807,7 +807,7 @@ func (s *Server) runLegacyACLReplication(ctx context.Context) error {
0,
)
lastRemoteIndex = 0
s.updateACLReplicationStatusError()
s.updateACLReplicationStatusError(err.Error())
legacyACLLogger.Warn("Legacy ACL replication error (will retry if still leader)", "error", err)
} else {
metrics.SetGauge([]string{"leader", "replication", "acl-legacy", "status"},
Expand Down Expand Up @@ -924,7 +924,7 @@ func (s *Server) runACLReplicator(
0,
)
lastRemoteIndex = 0
s.updateACLReplicationStatusError()
s.updateACLReplicationStatusError(err.Error())
logger.Warn("ACL replication error (will retry if still leader)",
"error", err,
)
Expand Down
1 change: 1 addition & 0 deletions agent/structs/acl.go
Original file line number Diff line number Diff line change
Expand Up @@ -1273,6 +1273,7 @@ type ACLReplicationStatus struct {
ReplicatedTokenIndex uint64
LastSuccess time.Time
LastError time.Time
LastErrorMessage string
}

// ACLTokenSetRequest is used for token creation and update operations
Expand Down
1 change: 1 addition & 0 deletions api/acl.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,7 @@ type ACLReplicationStatus struct {
ReplicatedTokenIndex uint64
LastSuccess time.Time
LastError time.Time
LastErrorMessage string
}

// ACLServiceIdentity represents a high-level grant of all necessary privileges
Expand Down

0 comments on commit d3325b0

Please sign in to comment.