From de0dba7ac998e3a69066f750ce2a7011b60bea3c Mon Sep 17 00:00:00 2001
From: Niklas Simons <niklas.simons@est.tech>
Date: Thu, 5 Jan 2023 15:12:44 +0200
Subject: [PATCH] Attempt to retry PKI migration if it fails

---
 builtin/logical/pki/backend.go   | 9 +++++++++
 builtin/logical/pki/path_root.go | 7 ++++++-
 builtin/plugin/backend.go        | 6 +++++-
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/builtin/logical/pki/backend.go b/builtin/logical/pki/backend.go
index 615380a826fa..e58e19679de8 100644
--- a/builtin/logical/pki/backend.go
+++ b/builtin/logical/pki/backend.go
@@ -674,6 +674,15 @@ func (b *backend) invalidate(ctx context.Context, key string) {
 }
 
 func (b *backend) periodicFunc(ctx context.Context, request *logical.Request) error {
+	if b.UseLegacyBundleCaStorage() {
+		b.Logger().Info("periodicFunc: Performing extra PKI backend migration")
+		if err := b.initialize(ctx, &logical.InitializationRequest{}); err != nil {
+			b.Logger().Error("periodicFunc: extra PKI backend migration failed")
+			return err
+		}
+		b.Logger().Info("periodicFunc: extra PKI backend migration succeeded")
+	}
+
 	sc := b.makeStorageContext(ctx, request.Storage)
 
 	doCRL := func() error {
diff --git a/builtin/logical/pki/path_root.go b/builtin/logical/pki/path_root.go
index a4ce2d25108b..0bc026423b7e 100644
--- a/builtin/logical/pki/path_root.go
+++ b/builtin/logical/pki/path_root.go
@@ -135,7 +135,12 @@ func (b *backend) pathCAGenerateRoot(ctx context.Context, req *logical.Request,
 	var err error
 
 	if b.UseLegacyBundleCaStorage() {
-		return logical.ErrorResponse("Can not create root CA until migration has completed"), nil
+		// Try to do migration
+		b.Logger().Info("pathCAGenerateRoot: Performing extra PKI backend migration")
+		if err = b.initialize(ctx, &logical.InitializationRequest{}); err != nil {
+			return logical.ErrorResponse("Could not migrate, can not create root CA until migration has completed"), nil
+		}
+		b.Logger().Info("pathCAGenerateRoot: extra PKI backend migration succeeded")
 	}
 
 	sc := b.makeStorageContext(ctx, req.Storage)
diff --git a/builtin/plugin/backend.go b/builtin/plugin/backend.go
index 4ab5c593df68..06629bd779d7 100644
--- a/builtin/plugin/backend.go
+++ b/builtin/plugin/backend.go
@@ -156,9 +156,13 @@ func (b *PluginBackend) startBackend(ctx context.Context, storage logical.Storag
 	b.loaded = true
 
 	// call Initialize() explicitly here.
-	return b.Backend.Initialize(ctx, &logical.InitializationRequest{
+	err = b.Backend.Initialize(ctx, &logical.InitializationRequest{
 		Storage: storage,
 	})
+	if err != nil {
+		b.Logger().Error("startBackend: backend initialize() failed, will be retried")
+	}
+	return err
 }
 
 // lazyLoad lazy-loads the backend before running a method