From a0e1b90b8129b77930c2f9c7e7fd57035f7ec638 Mon Sep 17 00:00:00 2001
From: Armon Dadgar <armon.dadgar@gmail.com>
Date: Tue, 14 Apr 2015 14:09:11 -0700
Subject: [PATCH] vault: reject operation if standby

---
 vault/core.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/vault/core.go b/vault/core.go
index 0a478bdf7..5f0eb1026 100644
--- a/vault/core.go
+++ b/vault/core.go
@@ -39,6 +39,10 @@ var (
 	// a sealed barrier. No operation is expected to succeed before unsealing
 	ErrSealed = errors.New("Vault is sealed")
 
+	// ErrStandby is returned if an operation is performed on
+	// a standby Vault. No operation is expected to succeed until active.
+	ErrStandby = errors.New("Vault is in standby mode")
+
 	// ErrAlreadyInit is returned if the core is already
 	// initialized. This prevents a re-initialization.
 	ErrAlreadyInit = errors.New("Vault is already initialized")
@@ -261,6 +265,9 @@ func (c *Core) HandleRequest(req *logical.Request) (*logical.Response, error) {
 	if c.sealed {
 		return nil, ErrSealed
 	}
+	if !c.active {
+		return nil, ErrStandby
+	}
 
 	if c.router.LoginPath(req.Path) {
 		return c.handleLoginRequest(req)
@@ -605,6 +612,13 @@ func (c *Core) Sealed() (bool, error) {
 	return c.sealed, nil
 }
 
+// Standby checks if the Vault is in standby mode
+func (c *Core) Standby() (bool, error) {
+	c.stateLock.RLock()
+	defer c.stateLock.RUnlock()
+	return !c.active, nil
+}
+
 // SealConfiguration is used to return information
 // about the configuration of the Vault and it's current
 // status.