From 7e40b0f96f67111333cfc919ae5d2ac3b6d47884 Mon Sep 17 00:00:00 2001
From: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
Date: Fri, 22 Oct 2021 14:20:29 +0200
Subject: [PATCH] fix(kuma-cp) ensure all backends that are added one by one
 (#2991)

Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
---
 pkg/plugins/ca/builtin/manager.go      |  4 +++
 pkg/plugins/ca/builtin/manager_test.go | 34 ++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)

diff --git a/pkg/plugins/ca/builtin/manager.go b/pkg/plugins/ca/builtin/manager.go
index 94fd33512b6c..079cb8802265 100644
--- a/pkg/plugins/ca/builtin/manager.go
+++ b/pkg/plugins/ca/builtin/manager.go
@@ -35,6 +35,10 @@ var _ core_ca.Manager = &builtinCaManager{}
 func (b *builtinCaManager) EnsureBackends(ctx context.Context, mesh string, backends []*mesh_proto.CertificateAuthorityBackend) error {
 	for _, backend := range backends {
 		_, err := b.getCa(ctx, mesh, backend.Name)
+		if err == nil { // CA is there, nothing to ensure
+			continue
+		}
+
 		if !core_store.IsResourceNotFound(err) {
 			return err
 		}
diff --git a/pkg/plugins/ca/builtin/manager_test.go b/pkg/plugins/ca/builtin/manager_test.go
index 5f2f057d04f3..7bfbbfe0998a 100644
--- a/pkg/plugins/ca/builtin/manager_test.go
+++ b/pkg/plugins/ca/builtin/manager_test.go
@@ -111,6 +111,40 @@ var _ = Describe("Builtin CA Manager", func() {
 			Expect(err).ToNot(HaveOccurred())
 			Expect(cert.NotAfter).To(Equal(core.Now().UTC().Add(time.Minute).Truncate(time.Second)))
 		})
+
+		It("should ensure first backend and then second", func() {
+			// given
+			mesh := "default"
+			backends := []*mesh_proto.CertificateAuthorityBackend{{
+				Name: "builtin-1",
+				Type: "builtin",
+			}}
+
+			// when
+			err := caManager.EnsureBackends(context.Background(), mesh, backends)
+
+			// then
+			Expect(err).ToNot(HaveOccurred())
+
+			// when second one is added AFTER the CA for the first one was created
+			backends = append(backends, &mesh_proto.CertificateAuthorityBackend{
+				Name: "builtin-2",
+				Type: "builtin",
+			})
+			err = caManager.EnsureBackends(context.Background(), mesh, backends)
+
+			// then
+			Expect(err).ToNot(HaveOccurred())
+
+			// and both CAs have their keys
+			secretRes := system.NewSecretResource()
+			err = secretManager.Get(context.Background(), secretRes, core_store.GetByKey("default.ca-builtin-cert-builtin-1", "default"))
+			Expect(err).ToNot(HaveOccurred())
+
+			secretRes = system.NewSecretResource()
+			err = secretManager.Get(context.Background(), secretRes, core_store.GetByKey("default.ca-builtin-cert-builtin-2", "default"))
+			Expect(err).ToNot(HaveOccurred())
+		})
 	})
 
 	Context("GetRootCert", func() {