From 934989809ba8f82c67b2956745bc62cc65844f52 Mon Sep 17 00:00:00 2001
From: Hridoy Roy <roy@hashicorp.com>
Date: Wed, 8 Jun 2022 13:58:22 -0700
Subject: [PATCH] Limit SSCT WAL Check on Perf Standbys to Raft Backends Only
 (#15879)

* ensure that ssct wal check only occurs for non-raft storage on perf standbys

* changelog
---
 changelog/15879.txt       | 3 +++
 vault/request_handling.go | 6 ++++++
 2 files changed, 9 insertions(+)
 create mode 100644 changelog/15879.txt

diff --git a/changelog/15879.txt b/changelog/15879.txt
new file mode 100644
index 000000000..0d435b025
--- /dev/null
+++ b/changelog/15879.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: Limit SSCT WAL checks on perf standbys to raft backends only
+```
diff --git a/vault/request_handling.go b/vault/request_handling.go
index 7494403ed..dbbe5b21c 100644
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@@ -1945,6 +1945,12 @@ func (c *Core) checkSSCTokenInternal(ctx context.Context, token string, isPerfSt
 	if err != nil {
 		return "", err
 	}
+
+	// Disregard SSCT on perf-standbys for non-raft storage
+	if c.perfStandby && c.getRaftBackend() == nil {
+		return plainToken.Random, nil
+	}
+
 	ep := int(plainToken.IndexEpoch)
 	if ep < c.tokenStore.GetSSCTokensGenerationCounter() {
 		return plainToken.Random, nil