Only watch leaf for our service

Thibault Gilles · Thibault Gilles · commit deb75318d33e · 2019-08-19T11:42:39.000+02:00
diff --git a/consul/watcher.go b/consul/watcher.go
@@ -55,7 +55,7 @@ type Watcher struct {
 	downstream downstream
 	certCAs    [][]byte
 	certCAPool *x509.CertPool
-	leafs      map[string]*certLeaf
+	leaf       *certLeaf
 
 	update chan struct{}
 }
@@ -68,7 +68,6 @@ func New(service string, consul *api.Client) *Watcher {
 		C:         make(chan Config),
 		upstreams: make(map[string]*upstream),
 		update:    make(chan struct{}, 1),
-		leafs:     make(map[string]*certLeaf),
 	}
 }
 
@@ -129,7 +128,6 @@ func (w *Watcher) handleProxyChange(first bool, srv *api.AgentService) {
 			w.lock.Unlock()
 			if !ok {
 				w.startUpstream(up)
-				w.watchLeaf(up.DestinationName)
 			}
 		}
 	}
@@ -228,11 +226,11 @@ func (w *Watcher) watchLeaf(service string) {
 		if changed {
 			log.Debugf("consul: leaf cert for service %s changed", service)
 			w.lock.Lock()
-			if _, ok := w.leafs[service]; !ok {
-				w.leafs[service] = &certLeaf{}
+			if w.leaf == nil {
+				w.leaf = &certLeaf{}
 			}
-			w.leafs[service].Cert = []byte(cert.CertPEM)
-			w.leafs[service].Key = []byte(cert.PrivateKeyPEM)
+			w.leaf.Cert = []byte(cert.CertPEM)
+			w.leaf.Key = []byte(cert.PrivateKeyPEM)
 			w.lock.Unlock()
 			w.notifyChanged()
 		}
@@ -335,8 +333,8 @@ func (w *Watcher) genCfg() Config {
 
 			TLS: TLS{
 				CAs:  w.certCAs,
-				Cert: w.leafs[w.serviceName].Cert,
-				Key:  w.leafs[w.serviceName].Key,
+				Cert: w.leaf.Cert,
+				Key:  w.leaf.Key,
 			},
 		},
 	}
@@ -349,8 +347,8 @@ func (w *Watcher) genCfg() Config {
 
 			TLS: TLS{
 				CAs:  w.certCAs,
-				Cert: w.leafs[w.serviceName].Cert,
-				Key:  w.leafs[w.serviceName].Key,
+				Cert: w.leaf.Cert,
+				Key:  w.leaf.Key,
 			},
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ type Watcher struct {`
`55`	`55`	`downstream downstream`
`56`	`56`	`certCAs [][]byte`
`57`	`57`	`certCAPool *x509.CertPool`
`58`		`- leafs map[string]*certLeaf`
	`58`	`+ leaf *certLeaf`
`59`	`59`
`60`	`60`	`update chan struct{}`
`61`	`61`	`}`
`@@ -68,7 +68,6 @@ func New(service string, consul api.Client) Watcher {`
`68`	`68`	`C: make(chan Config),`
`69`	`69`	`upstreams: make(map[string]*upstream),`
`70`	`70`	`update: make(chan struct{}, 1),`
`71`		`- leafs: make(map[string]*certLeaf),`
`72`	`71`	`}`
`73`	`72`	`}`
`74`	`73`
`@@ -129,7 +128,6 @@ func (w Watcher) handleProxyChange(first bool, srv api.AgentService) {`
`129`	`128`	`w.lock.Unlock()`
`130`	`129`	`if !ok {`
`131`	`130`	`w.startUpstream(up)`
`132`		`- w.watchLeaf(up.DestinationName)`
`133`	`131`	`}`
`134`	`132`	`}`
`135`	`133`	`}`
`@@ -228,11 +226,11 @@ func (w *Watcher) watchLeaf(service string) {`
`228`	`226`	`if changed {`
`229`	`227`	`log.Debugf("consul: leaf cert for service %s changed", service)`
`230`	`228`	`w.lock.Lock()`
`231`		`- if _, ok := w.leafs[service]; !ok {`
`232`		`- w.leafs[service] = &certLeaf{}`
	`229`	`+ if w.leaf == nil {`
	`230`	`+ w.leaf = &certLeaf{}`
`233`	`231`	`}`
`234`		`- w.leafs[service].Cert = []byte(cert.CertPEM)`
`235`		`- w.leafs[service].Key = []byte(cert.PrivateKeyPEM)`
	`232`	`+ w.leaf.Cert = []byte(cert.CertPEM)`
	`233`	`+ w.leaf.Key = []byte(cert.PrivateKeyPEM)`
`236`	`234`	`w.lock.Unlock()`
`237`	`235`	`w.notifyChanged()`
`238`	`236`	`}`
`@@ -335,8 +333,8 @@ func (w *Watcher) genCfg() Config {`
`335`	`333`
`336`	`334`	`TLS: TLS{`
`337`	`335`	`CAs: w.certCAs,`
`338`		`- Cert: w.leafs[w.serviceName].Cert,`
`339`		`- Key: w.leafs[w.serviceName].Key,`
	`336`	`+ Cert: w.leaf.Cert,`
	`337`	`+ Key: w.leaf.Key,`
`340`	`338`	`},`
`341`	`339`	`},`
`342`	`340`	`}`
`@@ -349,8 +347,8 @@ func (w *Watcher) genCfg() Config {`
`349`	`347`
`350`	`348`	`TLS: TLS{`
`351`	`349`	`CAs: w.certCAs,`
`352`		`- Cert: w.leafs[w.serviceName].Cert,`
`353`		`- Key: w.leafs[w.serviceName].Key,`
	`350`	`+ Cert: w.leaf.Cert,`
	`351`	`+ Key: w.leaf.Key,`
`354`	`352`	`},`
`355`	`353`	`}`
`356`	`354`