So I believe what you're describing is expected behavior (except I don't think all your previous certs were actually deleted). Whenever certs are added to a DS, they get stored in riak under two different keys: `ssl/<xml_id>-<version>` where `<version>` is an int and matches the version inside the record `ssl/<xml_id>-latest` So the first certs added to a DS get stored in Riak under these keys: `ssl/myds-1` `ssl/myds-latest` The Riak keys are different, but the underlying records are the same. When another set of certs is added to the DS via Traffic Portal, Traffic Portal increments the version from the existing record and passes the incremented version in the request. The new certs then get added to Riak under: `ssl/myds-2` `ssl/myds-latest` <- this _overwrites_ the existing "latest" record. By default, when you don't specify a version for GET/DELETE, it will choose the `ssl/myds-latest` record.
So when you deleted version 6, you really deleted `ssl/myds-6`, which leaves `ssl/myds-latest` in Riak still. When you then deleted version "latest", you deleted `ssl/myds-latest`. I believe if you do a GET with `?version=5` it should return `ssl/myds-5` which should still exist as long as it was created. [ Full content available at: https://github.com/apache/trafficcontrol/pull/2853 ] This message was relayed via gitbox.apache.org for [email protected]
