Skip to content
This repository was archived by the owner on Jan 26, 2023. It is now read-only.

Commit 2e1ec40

Browse files
ShimmerGlassShimmerGlass
authored
BUG: recreate backends when certificates change (haproxytech#58)
When certificates changed servers where only updated, which didn't change the certificates. This fixes it by recreating the backend on certificate update.
1 parent 198161d commit 2e1ec40

File tree

2 files changed

+67
-2
lines changed

2 files changed

+67
-2
lines changed

haproxy/state/apply.go

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -170,9 +170,22 @@ func applyBackends(ha HAProxy, old, new []Backend) error {
170170
}
171171

172172
func shouldRecreateBackend(old, new Backend) bool {
173-
return !reflect.DeepEqual(old.Backend, new.Backend) ||
173+
if !reflect.DeepEqual(old.Backend, new.Backend) ||
174174
!reflect.DeepEqual(old.LogTarget, new.LogTarget) ||
175-
len(old.Servers) != len(new.Servers)
175+
len(old.Servers) != len(new.Servers) {
176+
return true
177+
}
178+
179+
for i := range old.Servers {
180+
if old.Servers[i].SslCafile != new.Servers[i].SslCafile {
181+
return true
182+
}
183+
if old.Servers[i].SslCertificate != new.Servers[i].SslCertificate {
184+
return true
185+
}
186+
}
187+
188+
return false
176189
}
177190

178191
func shouldUpdateServer(old, new models.Server) bool {

haproxy/state/apply_backend_test.go

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -276,6 +276,58 @@ func TestRemoveServerSameSize(t *testing.T) {
276276
)
277277
}
278278

279+
func TestDifferentCerts(t *testing.T) {
280+
old := State{
281+
Backends: []Backend{
282+
Backend{
283+
Backend: models.Backend{
284+
Name: "back",
285+
},
286+
Servers: []models.Server{
287+
models.Server{
288+
Name: "srv_0",
289+
Address: "1.2.3.4",
290+
Port: int64p(8080),
291+
Maintenance: models.ServerMaintenanceDisabled,
292+
SslCafile: "test",
293+
SslCertificate: "test1",
294+
},
295+
},
296+
},
297+
},
298+
}
299+
new := State{
300+
Backends: []Backend{
301+
Backend{
302+
Backend: models.Backend{
303+
Name: "back",
304+
},
305+
Servers: []models.Server{
306+
models.Server{
307+
Name: "srv_0",
308+
Address: "1.2.3.4",
309+
Port: int64p(8080),
310+
Maintenance: models.ServerMaintenanceDisabled,
311+
SslCafile: "test",
312+
SslCertificate: "test2",
313+
},
314+
},
315+
},
316+
},
317+
}
318+
319+
ha := &fakeHA{}
320+
321+
err := Apply(ha, old, new)
322+
require.Nil(t, err)
323+
324+
ha.RequireOps(t,
325+
RequireOp(haOpDeleteBackend, "back"),
326+
RequireOp(haOpCreateBackend, "back"),
327+
RequireOp(haOpCreateServer, "srv_0"),
328+
)
329+
}
330+
279331
func TestBackendChange(t *testing.T) {
280332
old := State{
281333
Backends: []Backend{

0 commit comments

Comments
 (0)