luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Don't try to revoke certs from PKI on perf standby (#7173) 

It needs to do a write for the CRL and to move to the revoked prefix
This commit is contained in:
Jeff Mitchell 2019-07-23 08:40:08 -04:00 committed by GitHub
parent 2c65f5d313
commit 3c03f8d7e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
builtin/logical/pki/path_revoke.go
View File

@ -7,6 +7,7 @@ import (
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/errutil"
"github.com/hashicorp/vault/sdk/logical"
)
@ -50,6 +51,10 @@ func (b *backend) pathRevokeWrite(ctx context.Context, req *logical.Request, dat
return logical.ErrorResponse("The serial number must be provided"), nil
}
if b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby) {
return nil, logical.ErrReadOnly
}
// We store and identify by lowercase colon-separated hex, but other
// utilities use dashes and/or uppercase, so normalize
serial = strings.Replace(strings.ToLower(serial), "-", ":", -1)