luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

PKI - Allow performance secondaries to generate and store certificates locally to them (#13759) 

* PKI - Allow performance secondaries to generate and store certificates locally to them

* changelog

Co-authored-by: divyapola5 <divya@hashicorp.com>
This commit is contained in:
Scott Miller 2022-01-24 10:03:04 -06:00 committed by GitHub
parent 96dfbfbd02
commit 4ee5a8b1cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
builtin/logical/pki/path_issue_sign.go
View File

@ -189,7 +189,8 @@ func (b *backend) pathSignVerbatim(ctx context.Context, req *logical.Request, da
func (b *backend) pathIssueSignCert(ctx context.Context, req *logical.Request, data *framework.FieldData, role *roleEntry, useCSR, useCSRValues bool) (*logical.Response, error) {
// If storing the certificate and on a performance standby, forward this request on to the primary
if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby|consts.ReplicationPerformanceSecondary) {
// Allow performance secondaries to generate and store certificates locally to them.
if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby) {
return nil, logical.ErrReadOnly
}

3
changelog/13759.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
secrets/pki: Fix regression causing performance secondaries to forward certificate generation to the primary.
```