Add empty expiry crlConfig upgrade test (#17701)

* Add regression test for default CRL expiry Also fixes a bug w.r.t. upgrading older entries and missing the Delta Rebuild Interval field, setting it to the default. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog for earlier PR Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2025-10-30 18:17:55 +00:00 · 2022-10-27 11:20:12 -04:00
parent 184a4e4ff1
commit c3d0f9f2bd
3 changed files with 32 additions and 0 deletions
--- a/builtin/logical/pki/backend_test.go
+++ b/builtin/logical/pki/backend_test.go
@@ -5861,6 +5861,29 @@ EBuOIhCv6WiwVyGeTVynuHYkHyw3rIL/zU7N8+zIFV2G2M1UAv5D/eyh/74cr9Of
 	requireSuccessNonNilResponse(t, resp, err, "failed to issue PSS leaf")
 }

+func TestPKI_EmptyCRLConfigUpgraded(t *testing.T) {
+	t.Parallel()
+	b, s := createBackendWithStorage(t)
+
+	// Write an empty CRLConfig into storage.
+	crlConfigEntry, err := logical.StorageEntryJSON("config/crl", &crlConfig{})
+	require.NoError(t, err)
+	err = s.Put(ctx, crlConfigEntry)
+	require.NoError(t, err)
+
+	resp, err := CBRead(b, s, "config/crl")
+	require.NoError(t, err)
+	require.NotNil(t, resp)
+	require.NotNil(t, resp.Data)
+	require.Equal(t, resp.Data["expiry"], defaultCrlConfig.Expiry)
+	require.Equal(t, resp.Data["disable"], defaultCrlConfig.Disable)
+	require.Equal(t, resp.Data["ocsp_disable"], defaultCrlConfig.OcspDisable)
+	require.Equal(t, resp.Data["auto_rebuild"], defaultCrlConfig.AutoRebuild)
+	require.Equal(t, resp.Data["auto_rebuild_grace_period"], defaultCrlConfig.AutoRebuildGracePeriod)
+	require.Equal(t, resp.Data["enable_delta"], defaultCrlConfig.EnableDelta)
+	require.Equal(t, resp.Data["delta_rebuild_interval"], defaultCrlConfig.DeltaRebuildInterval)
+}
+
 var (
 	initTest  sync.Once
 	rsaCAKey  string
--- a/builtin/logical/pki/storage.go
+++ b/builtin/logical/pki/storage.go
@@ -1173,6 +1173,12 @@ func (sc *storageContext) getRevocationConfig() (*crlConfig, error) {
 		result.AutoRebuildGracePeriod = defaultCrlConfig.AutoRebuildGracePeriod
 		result.Version = 1
 	}
+	if result.Version == 1 {
+		if result.DeltaRebuildInterval == "" {
+			result.DeltaRebuildInterval = defaultCrlConfig.DeltaRebuildInterval
+		}
+		result.Version = 2
+	}

 	// Depending on client version, it's possible that the expiry is unset.
 	// This sets the default value to prevent issues in downstream code.
--- a/changelog/17693.txt
+++ b/changelog/17693.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/pki: Fix upgrade of missing expiry, delta_rebuild_interval by setting them to the default.
+```