scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Background thread to update locked user entries runs on DR secondaries (#22355)

Browse Source 
* fix background thread

* add changelog

* updating updateLockedUserEntries
This commit is contained in:
akshya96
2023-08-17 14:02:07 -07:00
committed by GitHub
parent c498bebe6f
commit c2ba113def
2 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/22355.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
core: Fix bug where background thread to update locked user entries runs on DR secondaries.
```

30
vault/core.go
View File

@@ -647,6 +647,8 @@ type Core struct {
autoRotateCancel context.CancelFunc autoRotateCancel context.CancelFunc
updateLockedUserEntriesCancel context.CancelFunc
// number of workers to use for lease revocation in the expiration manager // number of workers to use for lease revocation in the expiration manager
numExpirationWorkers int numExpirationWorkers int
@@ -2320,12 +2322,9 @@ func (s standardUnsealStrategy) unseal(ctx context.Context, logger log.Logger, c
if err := c.setupHeaderHMACKey(ctx, false); err != nil { if err := c.setupHeaderHMACKey(ctx, false); err != nil {
return err return err
} }
if err := c.runLockedUserEntryUpdates(ctx); err != nil {
return err
}
c.updateLockedUserEntries()
if !c.IsDRSecondary() { if !c.IsDRSecondary() {
c.updateLockedUserEntries()
if err := c.startRollback(); err != nil { if err := c.startRollback(); err != nil {
return err return err
} }
@@ -2592,6 +2591,11 @@ func (c *Core) preSeal() error {
c.autoRotateCancel = nil c.autoRotateCancel = nil
} }
if c.updateLockedUserEntriesCancel != nil {
c.updateLockedUserEntriesCancel()
c.updateLockedUserEntriesCancel = nil
}
if seal, ok := c.seal.(*autoSeal); ok { if seal, ok := c.seal.(*autoSeal); ok {
seal.StopHealthCheck() seal.StopHealthCheck()
} }
@@ -3448,16 +3452,26 @@ func (c *Core) setupCachedMFAResponseAuth() {
// updateLockedUserEntries runs every 15 mins to remove stale user entries from storage // updateLockedUserEntries runs every 15 mins to remove stale user entries from storage
// it also updates the userFailedLoginInfo map with correct information for locked users if incorrect // it also updates the userFailedLoginInfo map with correct information for locked users if incorrect
func (c *Core) updateLockedUserEntries() { func (c *Core) updateLockedUserEntries() {
ctx := c.activeContext if c.updateLockedUserEntriesCancel != nil {
return
}
var updateLockedUserEntriesCtx context.Context
updateLockedUserEntriesCtx, c.updateLockedUserEntriesCancel = context.WithCancel(c.activeContext)
if err := c.runLockedUserEntryUpdates(updateLockedUserEntriesCtx); err != nil {
c.Logger().Error("failed to run locked user entry updates", "error", err)
}
go func() { go func() {
ticker := time.NewTicker(15 * time.Minute) ticker := time.NewTicker(15 * time.Minute)
for { for {
select { select {
case <-ctx.Done(): case <-updateLockedUserEntriesCtx.Done():
ticker.Stop() ticker.Stop()
return return
case <-ticker.C: case <-ticker.C:
if err := c.runLockedUserEntryUpdates(ctx); err != nil { if err := c.runLockedUserEntryUpdates(updateLockedUserEntriesCtx); err != nil {
c.Logger().Error("failed to run locked user entry updates", "error", err) c.Logger().Error("failed to run locked user entry updates", "error", err)
} }
} }