From d48e739b1d87056a0f649746666fe3eec9d65447 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 12 Oct 2022 09:15:06 -0400 Subject: [PATCH] Fix tidy-status, tidy-cancel on PR Secondaries (#17497) * Fix tidy-status, tidy-cancel on PR Secondaries PKI's tidy-status included a bug that prevented PR secondary nodes from responding with the status of the running tidy operation: while the operation constructor correctly forwarded the node on PR standby instances, the handler itself forwarded also on PR secondary nodes. This is incorrect as the PR secondary nodes are the active node in the local PR cluster, and run tidy operations otherwise. This meant that while auto-tidy and tidy operations would run, there was no insight into the process. When implementing tidy-cancel, tidy-status's handler logic was reused, duplicating the bug there as well. Signed-off-by: Alexander Scheel * Add changelog entry Signed-off-by: Alexander Scheel Signed-off-by: Alexander Scheel --- builtin/logical/pki/path_tidy.go | 11 ----------- changelog/17497.txt | 3 +++ 2 files changed, 3 insertions(+), 11 deletions(-) create mode 100644 changelog/17497.txt diff --git a/builtin/logical/pki/path_tidy.go b/builtin/logical/pki/path_tidy.go index 198a2f811..519880b8e 100644 --- a/builtin/logical/pki/path_tidy.go +++ b/builtin/logical/pki/path_tidy.go @@ -13,7 +13,6 @@ import ( "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/logical" ) @@ -442,10 +441,6 @@ func (b *backend) doTidyRevocationStore(ctx context.Context, req *logical.Reques } func (b *backend) pathTidyCancelWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { - if b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary) && !b.System().LocalMount() { - return nil, logical.ErrReadOnly - } - if atomic.LoadUint32(b.tidyCASGuard) == 0 { resp := &logical.Response{} resp.AddWarning("Tidy operation cannot be cancelled as none is currently running.") @@ -469,12 +464,6 @@ func (b *backend) pathTidyCancelWrite(ctx context.Context, req *logical.Request, } func (b *backend) pathTidyStatusRead(_ context.Context, _ *logical.Request, _ *framework.FieldData) (*logical.Response, error) { - // If this node is a performance secondary return an ErrReadOnly so that the request gets forwarded, - // but only if the PKI backend is not a local mount. - if b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary) && !b.System().LocalMount() { - return nil, logical.ErrReadOnly - } - b.tidyStatusLock.RLock() defer b.tidyStatusLock.RUnlock() diff --git a/changelog/17497.txt b/changelog/17497.txt new file mode 100644 index 000000000..98e613650 --- /dev/null +++ b/changelog/17497.txt @@ -0,0 +1,3 @@ +```release-note:bug +secrets/pki: Respond to tidy-status, tidy-cancel on PR Secondary clusters. +```