Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Forward PKI revocation requests received by standby nodes to active node #19624

Merged
merged 4 commits into from
Mar 20, 2023

Conversation

stevendpclark
Copy link
Contributor

  • A refactoring that occurred in 1.13 timeframe removed what was considered a specific check for standby nodes that wasn't required as a writes should be returning ErrReadOnly.
  • That sadly exposed a long standing bug where the errors from the storage layer were not being properly wrapped, hiding the ErrReadOnly coming from a write and failing the request which causes a failure to forward revocation requests from standby nodes.

 - A refactoring that occurred in 1.13 timeframe removed what was
   considered a specific check for standby nodes that wasn't required
   as a writes should be returning ErrReadOnly.
 - That sadly exposed a long standing bug where the errors from the
   storage layer were not being properly wrapped, hiding the ErrReadOnly
   coming from a write and failing the request.
@stevendpclark stevendpclark added bug Used to indicate a potential bug secret/pki labels Mar 20, 2023
@stevendpclark stevendpclark added this to the 1.13.1 milestone Mar 20, 2023
@stevendpclark stevendpclark requested review from kitography, cipherboy and a team March 20, 2023 13:25
Copy link
Contributor

@cipherboy cipherboy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this addressed the other ones I saw, thank you!

@stevendpclark stevendpclark enabled auto-merge (squash) March 20, 2023 14:56
@stevendpclark stevendpclark merged commit 69e2387 into main Mar 20, 2023
@jasonodonnell jasonodonnell deleted the stevendpclark/vault-14665-pki-revocation-standby branch March 20, 2023 15:02
stevendpclark added a commit that referenced this pull request Mar 20, 2023
…ode (#19624)

* Forward PKI revocation requests received by standby nodes to active node

 - A refactoring that occurred in 1.13 timeframe removed what was
   considered a specific check for standby nodes that wasn't required
   as a writes should be returning ErrReadOnly.
 - That sadly exposed a long standing bug where the errors from the
   storage layer were not being properly wrapped, hiding the ErrReadOnly
   coming from a write and failing the request.

* Add cl

* Add test for basic PKI operations against standby nodes
stevendpclark added a commit that referenced this pull request Mar 20, 2023
…ode (#19624) (#19630)

* Forward PKI revocation requests received by standby nodes to active node

 - A refactoring that occurred in 1.13 timeframe removed what was
   considered a specific check for standby nodes that wasn't required
   as a writes should be returning ErrReadOnly.
 - That sadly exposed a long standing bug where the errors from the
   storage layer were not being properly wrapped, hiding the ErrReadOnly
   coming from a write and failing the request.

* Add cl

* Add test for basic PKI operations against standby nodes

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Used to indicate a potential bug secret/pki
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants