Skip to content

[v17] MWI: Fall back to registering without an existing auth client#57062

Merged
timothyb89 merged 7 commits intobranch/v17from
bot/backport-56927-branch/v17
Jul 28, 2025
Merged

[v17] MWI: Fall back to registering without an existing auth client#57062
timothyb89 merged 7 commits intobranch/v17from
bot/backport-56927-branch/v17

Conversation

@timothyb89
Copy link
Copy Markdown
Contributor

@timothyb89 timothyb89 commented Jul 23, 2025

Backport #56927 to branch/v17

changelog: Machine and Workload ID: The tbot client will now discard expired identities if needed during renewal to allow automatic recovery without restarting the process

@timothyb89
MWI: Fall back to registering without an existing auth client
d251cb2 
This tweaks joining logic to allow clients that provided an existing
auth client (i.e. bots, used to verify bot instance IDs between cert
refreshes) to fall back to not using that auth client if said client
appears to be broken.

It attempts to perform a ping, and if the ping fails, proceeds as if
no existing client was provided.
@timothyb89
Explicitly check for an expired identity during renewal
4513112 
This adds an explicit check for an expired identity during renewal.
If expired, the existing auth client will not be used.
@timothyb89
Revert changes to the join client
9c7124d
@timothyb89
Linter appeasement
f476468
@timothyb89
Tweak warning message on expired identity renewal
c52bae6
@timothyb89
Add note about future improvements and tweak logged warning
68e2a07
@timothyb89 timothyb89 mentioned this pull request Jul 23, 2025
Merged
@timothyb89
Copy link
Copy Markdown
Contributor Author

timothyb89 commented Jul 23, 2025

Note: I'll be appending #57063 to this PR once its merged.

@timothyb89
MWI: Fix identity facade's Expiry() certificate parsing (#57063)
71db003 
The `Expiry()` function was trying to parse DER-encoded data in the
`tls.Certificate` as PEM, causing a silent failure. This method was
not used until #56927 but failed every time as it was trying to parse
certificates using the wrong encoding type.
@timothyb89
Copy link
Copy Markdown
Contributor Author

timothyb89 commented Jul 23, 2025

I've cherry-picked 03b5b4d into this branch.

@timothyb89 timothyb89 added this pull request to the merge queue Jul 28, 2025
Merged via the queue into branch/v17 with commit 92c4343 Jul 28, 2025
38 checks passed
@timothyb89 timothyb89 deleted the bot/backport-56927-branch/v17 branch July 28, 2025 06:09
@doggydogworld doggydogworld mentioned this pull request Jul 28, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@boxofrad boxofrad boxofrad approved these changes

@strideynet strideynet strideynet approved these changes

Assignees

No one assigned

Labels

backport machine-id size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@timothyb89 @boxofrad @strideynet