From 720ab09feb705ee111f575443203085c59a19ab1 Mon Sep 17 00:00:00 2001
From: Steven Clark <steven.clark@hashicorp.com>
Date: Thu, 9 Feb 2023 09:12:37 -0500
Subject: [PATCH] Add a comment around why we are grabbing a lock to update an
 atomic boolean (#19087)

---
 builtin/logical/pki/backend.go | 6 ++++++
 changelog/19037.txt            | 3 +++
 2 files changed, 9 insertions(+)
 create mode 100644 changelog/19037.txt

diff --git a/builtin/logical/pki/backend.go b/builtin/logical/pki/backend.go
index b151e5777..e9f509025 100644
--- a/builtin/logical/pki/backend.go
+++ b/builtin/logical/pki/backend.go
@@ -416,6 +416,12 @@ func (b *backend) updatePkiStorageVersion(ctx context.Context, grabIssuersLock b
 		return
 	}
 
+	// If this method is called outside the initialize function, like say an
+	// invalidate func on a performance replica cluster, we should be grabbing
+	// the issuers lock to offer a consistent view of the storage version while
+	// other events are processing things. Its unknown what might happen during
+	// a single event if one part thinks we are in legacy mode, and then later
+	// on we aren't.
 	if grabIssuersLock {
 		b.issuersLock.Lock()
 		defer b.issuersLock.Unlock()
diff --git a/changelog/19037.txt b/changelog/19037.txt
new file mode 100644
index 000000000..2ccd65615
--- /dev/null
+++ b/changelog/19037.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/pki: Revert fix for PR [18938](https://github.com/hashicorp/vault/pull/18938)
+```