From 4a7bee5a02db880d543692386ccd597f33e29624 Mon Sep 17 00:00:00 2001 From: Mike Palmiotto Date: Fri, 1 Dec 2023 09:47:32 -0500 Subject: [PATCH] Always forward entity merge requests from perfStandby (#24325) Update requests to /sys/identity/entity/merge perform merges on perfStandby nodes in memory and skip the persist call. This commit changes the behavior for the merge endpoint, forcing it to be forwarded from the standby to the active node. This change is specifically scoped to manual merges, as automatic merges are not isolated to a specific endpoint and require careful consideration for all callers. --- changelog/24325.txt | 4 ++++ vault/identity_store_entities.go | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 changelog/24325.txt diff --git a/changelog/24325.txt b/changelog/24325.txt new file mode 100644 index 0000000000..ab5ce613c4 --- /dev/null +++ b/changelog/24325.txt @@ -0,0 +1,4 @@ +```release-note:change +identity (enterprise): POST requests to the `/identity/entity/merge` endpoint +are now always forwarded from standbys to the active node. +``` \ No newline at end of file diff --git a/vault/identity_store_entities.go b/vault/identity_store_entities.go index 05c83c7bd2..6094339c4e 100644 --- a/vault/identity_store_entities.go +++ b/vault/identity_store_entities.go @@ -231,7 +231,8 @@ func entityPaths(i *IdentityStore) []*framework.Path { }, Operations: map[logical.Operation]framework.OperationHandler{ logical.UpdateOperation: &framework.PathOperation{ - Callback: i.pathEntityMergeID(), + Callback: i.pathEntityMergeID(), + ForwardPerformanceStandby: true, }, },