ACL changes should not blow away cert config

When editing an access list, all affected sites get their config updated without certificates, functionally breaking https on those sites until they get a manual config change that rewrites the config properly. Properly fetch the certificate from the DB before `bulkGenerateConfigs` so it gets updated right.

I am not certain whether there are similar bugs in other places that use `bulkGenerateConfigs`.

Should fix #2254
This commit is contained in:
Jake Merdich 2023-01-10 01:59:04 -05:00 committed by GitHub
parent fd30cfe98b
commit c80d099193
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -218,7 +218,7 @@ const internalAccessList = {
// re-fetch with expansions // re-fetch with expansions
return internalAccessList.get(access, { return internalAccessList.get(access, {
id: data.id, id: data.id,
expand: ['owner', 'items', 'clients', 'proxy_hosts.access_list.[clients,items]'] expand: ['owner', 'items', 'clients', 'proxy_hosts.[certificate,access_list.[clients,items]]']
}, true /* <- skip masking */); }, true /* <- skip masking */);
}) })
.then((row) => { .then((row) => {
@ -256,7 +256,7 @@ const internalAccessList = {
.joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0') .joinRaw('LEFT JOIN `proxy_host` ON `proxy_host`.`access_list_id` = `access_list`.`id` AND `proxy_host`.`is_deleted` = 0')
.where('access_list.is_deleted', 0) .where('access_list.is_deleted', 0)
.andWhere('access_list.id', data.id) .andWhere('access_list.id', data.id)
.allowEager('[owner,items,clients,proxy_hosts.[*, access_list.[clients,items]]]') .allowEager('[owner,items,clients,proxy_hosts.[certificate,access_list.[clients,items]]]')
.omit(['access_list.is_deleted']) .omit(['access_list.is_deleted'])
.first(); .first();