mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-11-28 22:21:30 +01:00
Code Issues Projects Releases Wiki Activity

Fix bug when writing auto tidy config field tidy_cmpv2_nonce_store (#29852)

Browse Source 
* Fix bug when writing auto tidy config field tidy_cmpv2_nonce_store.
This commit is contained in:
Victor Rodriguez 2025-03-06 16:14:23 -05:00 committed by GitHub
parent a213c045e1
commit 735016d653
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
builtin/logical/pki/path_tidy.go
View File

@ -116,7 +116,7 @@ func (tc *tidyConfig) IsAnyTidyEnabled() bool {
}
func (tc *tidyConfig) AnyTidyConfig() string {
return "tidy_cert_store / tidy_revoked_certs / tidy_revoked_cert_issuer_associations / tidy_expired_issuers / tidy_move_legacy_ca_bundle / tidy_revocation_queue / tidy_cross_cluster_revoked_certs / tidy_acme"
return "tidy_cert_store / tidy_revoked_certs / tidy_revoked_cert_issuer_associations / tidy_expired_issuers / tidy_move_legacy_ca_bundle / tidy_acme / tidy_cross_cluster_revoked_certs / tidy_revocation_queue / tidy_cert_metadata / tidy_cmpv2_nonce_store"
}
func (tc *tidyConfig) CalculateStartupBackoff(mountStartup time.Time) time.Time {
@ -1779,6 +1779,13 @@ func (b *backend) pathConfigAutoTidyWrite(ctx context.Context, req *logical.Requ
}
}
if tidyCmpv2NonceStoreRaw, ok := d.GetOk("tidy_cmpv2_nonce_store"); ok {
config.CMPV2NonceStore = tidyCmpv2NonceStoreRaw.(bool)
if config.CMPV2NonceStore && !constants.IsEnterprise {
return logical.ErrorResponse("CMPv2 is only supported on Vault Enterprise"), nil
}
}
if config.Enabled && !config.IsAnyTidyEnabled() {
return logical.ErrorResponse("Auto-tidy enabled but no tidy operations were requested. Enable at least one tidy operation to be run (" + config.AnyTidyConfig() + ")."), nil
}
@ -1829,6 +1836,7 @@ func (b *backend) tidyStatusStart(config *tidyConfig) {
tidyCrossRevokedCerts: config.CrossRevokedCerts,
tidyAcme: config.TidyAcme,
tidyCertMetadata: config.CertMetadata,
tidyCMPV2NonceStore: config.CMPV2NonceStore,
pauseDuration: config.PauseDuration.String(),
state: tidyStatusStarted,

6
builtin/logical/pki/path_tidy_test.go
View File

@ -39,9 +39,13 @@ func TestTidyConfigs(t *testing.T) {
require.Greater(t, len(operations), 1, "expected more than one operation")
t.Logf("Got tidy operations: %v", operations)
lastOp := operations[len(operations)-1]
lastOp := "tidy_acme"
for _, operation := range operations {
if operation == "tidy_cmpv2_nonce_store" || operation == "tidy_cert_metadata" {
// Skip, since these require ENT
continue
}
b, s := CreateBackendWithStorage(t)
resp, err := CBWrite(b, s, "config/auto-tidy", map[string]interface{}{

3
changelog/29852.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
secrets/pki: Fix a bug that prevents enabling automatic tidying of the CMPv2 nonce store.
```