scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

PKI - Allow performance secondaries to generate and store certificates locally to them (#13759)

Browse Source 
* PKI - Allow performance secondaries to generate and store certificates locally to them

* changelog

Co-authored-by: divyapola5 <divya@hashicorp.com>
This commit is contained in:
Scott Miller
2022-01-24 10:03:04 -06:00
committed by GitHub
parent 07eacd3649
commit f7a25fcf4c
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
builtin/logical/pki/path_issue_sign.go
View File

@@ -189,7 +189,8 @@ func (b *backend) pathSignVerbatim(ctx context.Context, req *logical.Request, da
func (b *backend) pathIssueSignCert(ctx context.Context, req *logical.Request, data *framework.FieldData, role *roleEntry, useCSR, useCSRValues bool) (*logical.Response, error) {
// If storing the certificate and on a performance standby, forward this request on to the primary
if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby|consts.ReplicationPerformanceSecondary) {
// Allow performance secondaries to generate and store certificates locally to them.
if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby) {
return nil, logical.ErrReadOnly
}

3
changelog/13759.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
secrets/pki: Fix regression causing performance secondaries to forward certificate generation to the primary.
```