events cache: don't drop entries that were not fetched

If we encounter issues fetching any of the entries we need to fetch we should retry later. Signed-off-by: Sorin Dumitru <[email protected]>
spiffe · Feb 4, 2025 · 05a4781 · 05a4781
1 parent e7ab76b
commit 05a4781
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 11 deletions.
diff --git a/pkg/server/endpoints/authorized_entryfetcher_attested_nodes.go b/pkg/server/endpoints/authorized_entryfetcher_attested_nodes.go
@@ -41,9 +41,6 @@ type attestedNodes struct {
 }
 
 func (a *attestedNodes) captureChangedNodes(ctx context.Context) error {
-	// first, reset what we might fetch
-	a.fetchNodes = make(map[string]struct{})
-
 	if err := a.searchBeforeFirstEvent(ctx); err != nil {
 		return err
 	}
@@ -218,7 +215,7 @@ func (a *attestedNodes) updateCachedNodes(ctx context.Context) error {
 	for spiffeId := range a.fetchNodes {
 		node, err := a.ds.FetchAttestedNode(ctx, spiffeId)
 		if err != nil {
-			return err
+			continue
 		}
 
 		// Node was deleted
@@ -230,7 +227,7 @@ func (a *attestedNodes) updateCachedNodes(ctx context.Context) error {
 
 		selectors, err := a.ds.GetNodeSelectors(ctx, spiffeId, datastore.RequireCurrent)
 		if err != nil {
-			return err
+			continue
 		}
 		node.Selectors = selectors
 

diff --git a/pkg/server/endpoints/authorized_entryfetcher_registration_entries.go b/pkg/server/endpoints/authorized_entryfetcher_registration_entries.go
@@ -40,9 +40,6 @@ type registrationEntries struct {
 }
 
 func (a *registrationEntries) captureChangedEntries(ctx context.Context) error {
-	// first, reset the entries we might fetch.
-	a.fetchEntries = make(map[string]struct{})
-
 	if err := a.searchBeforeFirstEvent(ctx); err != nil {
 		return err
 	}
@@ -230,7 +227,7 @@ func (a *registrationEntries) updateCachedEntries(ctx context.Context) error {
 	for entryId := range a.fetchEntries {
 		commonEntry, err := a.ds.FetchRegistrationEntry(ctx, entryId)
 		if err != nil {
-			return err
+			continue
 		}
 
 		if commonEntry == nil {

diff --git a/pkg/server/endpoints/authorized_entryfetcher_test.go b/pkg/server/endpoints/authorized_entryfetcher_test.go
@@ -649,16 +649,19 @@ func TestUpdateAttestedNodesCacheSkippedStartupEvents(t *testing.T) {
 	require.NoError(t, err)
 
 	// Delete the event for creating the node or now and then add it back later to simulate out of order events
-	err = ds.DeleteAttestedNodeEventForTesting(ctx, 1)
-	require.NoError(t, err)
 	_, err = ds.DeleteAttestedNode(ctx, agent1.String())
 	require.NoError(t, err)
+	err = ds.DeleteAttestedNodeEventForTesting(ctx, 1)
+	require.NoError(t, err)
 
 	// Create entry fetcher
 	ef, err := NewAuthorizedEntryFetcherWithEventsBasedCache(ctx, log, metrics, clk, ds, defaultCacheReloadInterval, defaultPruneEventsOlderThan, defaultSQLTransactionTimeout)
 	require.NoError(t, err)
 	require.NotNil(t, ef)
 
+	err = ef.updateCache(ctx)
+	require.NoError(t, err)
+
 	// Ensure there are no entries to start
 	entries, err := ef.FetchAuthorizedEntries(ctx, agent1)
 	require.NoError(t, err)