From 4ee5a8b1cd19c573e86a7c95e005cf38c21e427e Mon Sep 17 00:00:00 2001 From: Scott Miller Date: Mon, 24 Jan 2022 10:03:04 -0600 Subject: [PATCH] PKI - Allow performance secondaries to generate and store certificates locally to them (#13759) * PKI - Allow performance secondaries to generate and store certificates locally to them * changelog Co-authored-by: divyapola5 --- builtin/logical/pki/path_issue_sign.go | 3 ++- changelog/13759.txt | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 changelog/13759.txt diff --git a/builtin/logical/pki/path_issue_sign.go b/builtin/logical/pki/path_issue_sign.go index 575e6ea10..ce3bcd2cd 100644 --- a/builtin/logical/pki/path_issue_sign.go +++ b/builtin/logical/pki/path_issue_sign.go @@ -189,7 +189,8 @@ func (b *backend) pathSignVerbatim(ctx context.Context, req *logical.Request, da func (b *backend) pathIssueSignCert(ctx context.Context, req *logical.Request, data *framework.FieldData, role *roleEntry, useCSR, useCSRValues bool) (*logical.Response, error) { // If storing the certificate and on a performance standby, forward this request on to the primary - if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby|consts.ReplicationPerformanceSecondary) { + // Allow performance secondaries to generate and store certificates locally to them. + if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby) { return nil, logical.ErrReadOnly } diff --git a/changelog/13759.txt b/changelog/13759.txt new file mode 100644 index 000000000..8c66ff5fc --- /dev/null +++ b/changelog/13759.txt @@ -0,0 +1,3 @@ +```release-note:bug +secrets/pki: Fix regression causing performance secondaries to forward certificate generation to the primary. +``` \ No newline at end of file