Add empty expiry crlConfig upgrade test (#17701)

* Add regression test for default CRL expiry Also fixes a bug w.r.t. upgrading older entries and missing the Delta Rebuild Interval field, setting it to the default. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog for earlier PR Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2025-10-31 02:28:09 +00:00 · 2022-10-27 11:20:12 -04:00
parent 184a4e4ff1
commit c3d0f9f2bd
3 changed files with 32 additions and 0 deletions
--- a/builtin/logical/pki/backend_test.go
+++ b/builtin/logical/pki/backend_test.go
@@ -5861,6 +5861,29 @@ EBuOIhCv6WiwVyGeTVynuHYkHyw3rIL/zU7N8+zIFV2G2M1UAv5D/eyh/74cr9Of
 	requireSuccessNonNilResponse(t, resp, err, "failed to issue PSS leaf")
 }
 func TestPKI_EmptyCRLConfigUpgraded(t *testing.T) {
 	t.Parallel()
 	b, s := createBackendWithStorage(t)
 	// Write an empty CRLConfig into storage.
 	crlConfigEntry, err := logical.StorageEntryJSON("config/crl", &crlConfig{})
 	require.NoError(t, err)
 	err = s.Put(ctx, crlConfigEntry)
 	require.NoError(t, err)
 	resp, err := CBRead(b, s, "config/crl")
 	require.NoError(t, err)
 	require.NotNil(t, resp)
 	require.NotNil(t, resp.Data)
 	require.Equal(t, resp.Data["expiry"], defaultCrlConfig.Expiry)
 	require.Equal(t, resp.Data["disable"], defaultCrlConfig.Disable)
 	require.Equal(t, resp.Data["ocsp_disable"], defaultCrlConfig.OcspDisable)
 	require.Equal(t, resp.Data["auto_rebuild"], defaultCrlConfig.AutoRebuild)
 	require.Equal(t, resp.Data["auto_rebuild_grace_period"], defaultCrlConfig.AutoRebuildGracePeriod)
 	require.Equal(t, resp.Data["enable_delta"], defaultCrlConfig.EnableDelta)
 	require.Equal(t, resp.Data["delta_rebuild_interval"], defaultCrlConfig.DeltaRebuildInterval)
 }
 var (
 	initTest  sync.Once
 	rsaCAKey  string
--- a/builtin/logical/pki/storage.go
+++ b/builtin/logical/pki/storage.go
@@ -1173,6 +1173,12 @@ func (sc *storageContext) getRevocationConfig() (*crlConfig, error) {
 		result.AutoRebuildGracePeriod = defaultCrlConfig.AutoRebuildGracePeriod
 		result.Version = 1
 	}
 	if result.Version == 1 {
 		if result.DeltaRebuildInterval == "" {
 			result.DeltaRebuildInterval = defaultCrlConfig.DeltaRebuildInterval
 		}
 		result.Version = 2
 	}
 	// Depending on client version, it's possible that the expiry is unset.
 	// This sets the default value to prevent issues in downstream code.
--- a/changelog/17693.txt
+++ b/changelog/17693.txt
@@ -0,0 +1,3 @@
 ```release-note:bug
 secrets/pki: Fix upgrade of missing expiry, delta_rebuild_interval by setting them to the default.
 ```