PKI - Allow performance secondaries to generate and store certificate…

…s locally to them (hashicorp#13759) * PKI - Allow performance secondaries to generate and store certificates locally to them * changelog Co-authored-by: divyapola5 <divya@hashicorp.com>
qk4l · Feb 4, 2022 · 75a5253 · 75a5253
1 parent 10a2be4
commit 75a5253
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/builtin/logical/pki/path_issue_sign.go b/builtin/logical/pki/path_issue_sign.go
@@ -189,7 +189,8 @@ func (b *backend) pathSignVerbatim(ctx context.Context, req *logical.Request, da
 
 func (b *backend) pathIssueSignCert(ctx context.Context, req *logical.Request, data *framework.FieldData, role *roleEntry, useCSR, useCSRValues bool) (*logical.Response, error) {
 	// If storing the certificate and on a performance standby, forward this request on to the primary
-	if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby|consts.ReplicationPerformanceSecondary) {
+	// Allow performance secondaries to generate and store certificates locally to them.
+	if !role.NoStore && b.System().ReplicationState().HasState(consts.ReplicationPerformanceStandby) {
 		return nil, logical.ErrReadOnly
 	}
 

diff --git a/changelog/13759.txt b/changelog/13759.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+secrets/pki: Fix regression causing performance secondaries to forward certificate generation to the primary.
+```