From c0739a0f2367d5fdd20cef502b628e01bdb90470 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Fri, 1 Feb 2019 16:56:57 -0500 Subject: [PATCH] Add more perf standby guards (#6149) --- builtin/credential/approle/backend.go | 2 +- builtin/credential/approle/path_role.go | 2 +- builtin/credential/aws/backend.go | 2 +- builtin/credential/aws/path_role.go | 2 +- builtin/credential/ldap/path_config.go | 2 +- builtin/logical/aws/path_roles.go | 2 +- builtin/logical/aws/rollback.go | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/builtin/credential/approle/backend.go b/builtin/credential/approle/backend.go index 3705dbb1eb..514ea4c635 100644 --- a/builtin/credential/approle/backend.go +++ b/builtin/credential/approle/backend.go @@ -159,7 +159,7 @@ func (b *backend) invalidate(_ context.Context, key string) { // to delay the removal of SecretIDs by a minute. func (b *backend) periodicFunc(ctx context.Context, req *logical.Request) error { // Initiate clean-up of expired SecretID entries - if b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary) { + if b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary|consts.ReplicationPerformanceStandby) { b.tidySecretID(ctx, req) } return nil diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go index 058e41e2d9..2dc31d4eff 100644 --- a/builtin/credential/approle/path_role.go +++ b/builtin/credential/approle/path_role.go @@ -847,7 +847,7 @@ func (b *backend) roleEntry(ctx context.Context, s logical.Storage, roleName str needsUpgrade = true } - if needsUpgrade && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary)) { + if needsUpgrade && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary|consts.ReplicationPerformanceStandby)) { entry, err := logical.StorageEntryJSON("role/"+strings.ToLower(roleName), &role) if err != nil { return nil, err diff --git a/builtin/credential/aws/backend.go b/builtin/credential/aws/backend.go index d54fe9df96..f813aa9fd3 100644 --- a/builtin/credential/aws/backend.go +++ b/builtin/credential/aws/backend.go @@ -148,7 +148,7 @@ func (b *backend) periodicFunc(ctx context.Context, req *logical.Request) error // Run the tidy operations for the first time. Then run it when current // time matches the nextTidyTime. if b.nextTidyTime.IsZero() || !time.Now().Before(b.nextTidyTime) { - if b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary) { + if b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary|consts.ReplicationPerformanceStandby) { // safety_buffer defaults to 180 days for roletag blacklist safety_buffer := 15552000 tidyBlacklistConfigEntry, err := b.lockedConfigTidyRoleTags(ctx, req.Storage) diff --git a/builtin/credential/aws/path_role.go b/builtin/credential/aws/path_role.go index d8330a9653..25cc296fa7 100644 --- a/builtin/credential/aws/path_role.go +++ b/builtin/credential/aws/path_role.go @@ -247,7 +247,7 @@ func (b *backend) lockedAWSRole(ctx context.Context, s logical.Storage, roleName if err != nil { return nil, errwrap.Wrapf("error upgrading roleEntry: {{err}}", err) } - if needUpgrade && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary)) { + if needUpgrade && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary|consts.ReplicationPerformanceStandby)) { b.roleMutex.Lock() defer b.roleMutex.Unlock() // Now that we have a R/W lock, we need to re-read the role entry in case it was diff --git a/builtin/credential/ldap/path_config.go b/builtin/credential/ldap/path_config.go index 81237930b6..f2776b1a03 100644 --- a/builtin/credential/ldap/path_config.go +++ b/builtin/credential/ldap/path_config.go @@ -67,7 +67,7 @@ func (b *backend) Config(ctx context.Context, req *logical.Request) (*ldaputil.C persistNeeded = true } - if persistNeeded && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary)) { + if persistNeeded && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary|consts.ReplicationPerformanceStandby)) { entry, err := logical.StorageEntryJSON("config", result) if err != nil { return nil, err diff --git a/builtin/logical/aws/path_roles.go b/builtin/logical/aws/path_roles.go index c02c752af3..8e40e36dbc 100644 --- a/builtin/logical/aws/path_roles.go +++ b/builtin/logical/aws/path_roles.go @@ -324,7 +324,7 @@ func (b *backend) roleRead(ctx context.Context, s logical.Storage, roleName stri } newRoleEntry := upgradeLegacyPolicyEntry(string(legacyEntry.Value)) - if b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary) { + if b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary|consts.ReplicationPerformanceStandby) { err = setAwsRole(ctx, s, roleName, newRoleEntry) if err != nil { return nil, err diff --git a/builtin/logical/aws/rollback.go b/builtin/logical/aws/rollback.go index 570244c363..705a255ead 100644 --- a/builtin/logical/aws/rollback.go +++ b/builtin/logical/aws/rollback.go @@ -14,7 +14,7 @@ func (b *backend) walRollback(ctx context.Context, req *logical.Request, kind st "user": b.pathUserRollback, } - if !b.System().LocalMount() && b.System().ReplicationState().HasState(consts.ReplicationPerformancePrimary) { + if !b.System().LocalMount() && b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary|consts.ReplicationPerformanceStandby) { return nil }