luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Load SSCT Generation Counter Upon DR Promotion [OSS] (#16956) 

* port ssct bugfix to load epoch from storage

* changelog

* update changelog to be user-facing

* change 2 to two
This commit is contained in:
Hridoy Roy 2022-08-31 11:05:21 -07:00 committed by GitHub
parent 9b6dfa4194
commit 8e7fec59ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/16956.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
core: Prevent two or more DR failovers from invalidating SSCT tokens generated on the previous primaries.
```

3
vault/token_store_util_common.go
View File

@ -38,6 +38,9 @@ func (ts *TokenStore) loadSSCTokensGenerationCounter(ctx context.Context) error
} }
func (ts *TokenStore) UpdateSSCTokensGenerationCounter(ctx context.Context) error { func (ts *TokenStore) UpdateSSCTokensGenerationCounter(ctx context.Context) error {
if err := ts.loadSSCTokensGenerationCounter(ctx); err != nil {
return err
}
ts.sscTokensGenerationCounter.Counter += 1 ts.sscTokensGenerationCounter.Counter += 1
if ts.sscTokensGenerationCounter.Counter <= 0 { if ts.sscTokensGenerationCounter.Counter <= 0 {
// Don't store the 0 value // Don't store the 0 value