(OSS Port) Restrict Quota Deletion to Primary Cluster [vault-2399] (#12339)
* oss part of vault 2399 * Update vault/quotas/quotas.go Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com> * use OSS PR number as changelog entry as indicated by the changelog guide Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
This commit is contained in:
parent
40fd60342a
commit
2554563268
|
@ -0,0 +1,3 @@
|
|||
```release-note:bug
|
||||
core (enterprise): Only delete quotas on primary cluster.
|
||||
```
|
|
@ -339,12 +339,14 @@ func (c *Core) disableCredentialInternal(ctx context.Context, path string, updat
|
|||
|
||||
removePathCheckers(c, entry, viewPath)
|
||||
|
||||
if !c.IsPerfSecondary() {
|
||||
if c.quotaManager != nil {
|
||||
if err := c.quotaManager.HandleBackendDisabling(ctx, ns.Path, path); err != nil {
|
||||
c.logger.Error("failed to update quotas after disabling auth", "path", path, "error", err)
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if c.logger.IsInfo() {
|
||||
c.logger.Info("disabled credential backend", "path", path)
|
||||
|
|
|
@ -765,7 +765,7 @@ func (m *Manager) Invalidate(key string) {
|
|||
default:
|
||||
splitKeys := strings.Split(key, "/")
|
||||
if len(splitKeys) != 2 {
|
||||
m.logger.Error("incorrect key while invalidating quota rule")
|
||||
m.logger.Error("incorrect key while invalidating quota rule", "key", key)
|
||||
return
|
||||
}
|
||||
qType := splitKeys[0]
|
||||
|
@ -987,7 +987,8 @@ func (m *Manager) HandleRemount(ctx context.Context, nsPath, fromPath, toPath st
|
|||
}
|
||||
|
||||
// HandleBackendDisabling updates the quota subsystem with the disabling of auth
|
||||
// or secret engine disabling.
|
||||
// or secret engine disabling. This should only be called on the primary cluster
|
||||
// node.
|
||||
func (m *Manager) HandleBackendDisabling(ctx context.Context, nsPath, mountPath string) error {
|
||||
m.lock.Lock()
|
||||
defer m.lock.Unlock()
|
||||
|
|
Loading…
Reference in New Issue