diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go index f8a56f177fd4..4ac4519c1ac9 100644 --- a/agent/agent_endpoint.go +++ b/agent/agent_endpoint.go @@ -1335,6 +1335,7 @@ func (s *HTTPServer) AgentConnectCALeafCert(resp http.ResponseWriter, req *http. return nil, nil } args.MinQueryIndex = qOpts.MinQueryIndex + args.MaxQueryTime = qOpts.MaxQueryTime // Verify the proxy token. This will check both the local proxy token // as well as the ACL if the token isn't local. The checks done in diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index e2ecc5ed33e6..846b9fd5ba91 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -4715,6 +4715,25 @@ func TestAgentConnectCALeafCert_goodNotLocal(t *testing.T) { require.Equal("HIT", resp.Header().Get("X-Cache")) } + // Test Blocking - see https://github.com/hashicorp/consul/issues/4462 + { + // Fetch it again + resp := httptest.NewRecorder() + blockingReq, _ := http.NewRequest("GET", fmt.Sprintf("/v1/agent/connect/ca/leaf/test?wait=125ms&index=%d", issued.ModifyIndex), nil) + doneCh := make(chan struct{}) + go func() { + a.srv.AgentConnectCALeafCert(resp, blockingReq) + close(doneCh) + }() + + select { + case <-time.After(500 * time.Millisecond): + require.FailNow("Shouldn't block for this long - not respecting wait parameter in the query") + + case <-doneCh: + } + } + // Test that caching is updated in the background { // Set a new CA diff --git a/agent/cache-types/connect_ca_leaf.go b/agent/cache-types/connect_ca_leaf.go index b85beb4c2632..eb64b0576aeb 100644 --- a/agent/cache-types/connect_ca_leaf.go +++ b/agent/cache-types/connect_ca_leaf.go @@ -263,6 +263,7 @@ type ConnectCALeafRequest struct { Datacenter string Service string // Service name, not ID MinQueryIndex uint64 + MaxQueryTime time.Duration } func (r *ConnectCALeafRequest) CacheInfo() cache.RequestInfo { @@ -271,5 +272,6 @@ func (r *ConnectCALeafRequest) CacheInfo() cache.RequestInfo { Key: r.Service, Datacenter: r.Datacenter, MinIndex: r.MinQueryIndex, + Timeout: r.MaxQueryTime, } }