Don't try to revoke certs from PKI on perf standby (#7173)
It needs to do a write for the CRL and to move to the revoked prefix
This commit is contained in:
parent
2c65f5d313
commit
3c03f8d7e0
|
@ -7,6 +7,7 @@ import (
|
||||||
|
|
||||||
"github.com/hashicorp/errwrap"
|
"github.com/hashicorp/errwrap"
|
||||||
"github.com/hashicorp/vault/sdk/framework"
|
"github.com/hashicorp/vault/sdk/framework"
|
||||||
|
"github.com/hashicorp/vault/sdk/helper/consts"
|
||||||
"github.com/hashicorp/vault/sdk/helper/errutil"
|
"github.com/hashicorp/vault/sdk/helper/errutil"
|
||||||
"github.com/hashicorp/vault/sdk/logical"
|
"github.com/hashicorp/vault/sdk/logical"
|
||||||
)
|
)
|
||||||
|
@ -50,6 +51,10 @@ func (b *backend) pathRevokeWrite(ctx context.Context, req *logical.Request, dat
|
||||||
return logical.ErrorResponse("The serial number must be provided"), nil
|
return logical.ErrorResponse("The serial number must be provided"), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby) {
|
||||||
|
return nil, logical.ErrReadOnly
|
||||||
|
}
|
||||||
|
|
||||||
// We store and identify by lowercase colon-separated hex, but other
|
// We store and identify by lowercase colon-separated hex, but other
|
||||||
// utilities use dashes and/or uppercase, so normalize
|
// utilities use dashes and/or uppercase, so normalize
|
||||||
serial = strings.Replace(strings.ToLower(serial), "-", ":", -1)
|
serial = strings.Replace(strings.ToLower(serial), "-", ":", -1)
|
||||||
|
|
Loading…
Reference in a new issue