From 46d588bd5302cc2a1f661810686960645ebf070c Mon Sep 17 00:00:00 2001 From: HridoyRoy Date: Tue, 17 Aug 2021 09:30:08 -0700 Subject: [PATCH 1/3] oss part of vault 2399 --- changelog/_2051.txt | 3 +++ vault/auth.go | 10 ++++++---- vault/quotas/quotas.go | 5 +++-- 3 files changed, 12 insertions(+), 6 deletions(-) create mode 100644 changelog/_2051.txt diff --git a/changelog/_2051.txt b/changelog/_2051.txt new file mode 100644 index 0000000000000..b82044e124973 --- /dev/null +++ b/changelog/_2051.txt @@ -0,0 +1,3 @@ +```release-note:bug +core (enterprise): Only delete quotas on primary cluster. +``` diff --git a/vault/auth.go b/vault/auth.go index fc92f1300aef5..bb1d950a24f25 100644 --- a/vault/auth.go +++ b/vault/auth.go @@ -339,10 +339,12 @@ func (c *Core) disableCredentialInternal(ctx context.Context, path string, updat removePathCheckers(c, entry, viewPath) - if c.quotaManager != nil { - if err := c.quotaManager.HandleBackendDisabling(ctx, ns.Path, path); err != nil { - c.logger.Error("failed to update quotas after disabling auth", "path", path, "error", err) - return err + if !c.IsPerfSecondary() { + if c.quotaManager != nil { + if err := c.quotaManager.HandleBackendDisabling(ctx, ns.Path, path); err != nil { + c.logger.Error("failed to update quotas after disabling auth", "path", path, "error", err) + return err + } } } diff --git a/vault/quotas/quotas.go b/vault/quotas/quotas.go index 68cc72f9f4297..a459113296c8a 100644 --- a/vault/quotas/quotas.go +++ b/vault/quotas/quotas.go @@ -765,7 +765,7 @@ func (m *Manager) Invalidate(key string) { default: splitKeys := strings.Split(key, "/") if len(splitKeys) != 2 { - m.logger.Error("incorrect key while invalidating quota rule") + m.logger.Error(fmt.Sprintf("incorrect key while invalidating quota rule. Key is %v", key)) return } qType := splitKeys[0] @@ -987,7 +987,8 @@ func (m *Manager) HandleRemount(ctx context.Context, nsPath, fromPath, toPath st } // HandleBackendDisabling updates the quota subsystem with the disabling of auth -// or secret engine disabling. +// or secret engine disabling. This should only be called on the primary cluster +// node. func (m *Manager) HandleBackendDisabling(ctx context.Context, nsPath, mountPath string) error { m.lock.Lock() defer m.lock.Unlock() From c927b949141c7406e5e4340282871ba312ee1c20 Mon Sep 17 00:00:00 2001 From: Hridoy Roy Date: Tue, 17 Aug 2021 10:52:05 -0700 Subject: [PATCH 2/3] Update vault/quotas/quotas.go Co-authored-by: Vishal Nayak --- vault/quotas/quotas.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vault/quotas/quotas.go b/vault/quotas/quotas.go index a459113296c8a..99dc80e621d72 100644 --- a/vault/quotas/quotas.go +++ b/vault/quotas/quotas.go @@ -765,7 +765,7 @@ func (m *Manager) Invalidate(key string) { default: splitKeys := strings.Split(key, "/") if len(splitKeys) != 2 { - m.logger.Error(fmt.Sprintf("incorrect key while invalidating quota rule. Key is %v", key)) + m.logger.Error("incorrect key while invalidating quota rule", "key", key) return } qType := splitKeys[0] From f61dc7ea0ffe0cb308fa5165930ef8bd6d982643 Mon Sep 17 00:00:00 2001 From: HridoyRoy Date: Tue, 17 Aug 2021 14:36:11 -0700 Subject: [PATCH 3/3] use OSS PR number as changelog entry as indicated by the changelog guide --- changelog/{_2051.txt => 12339.txt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename changelog/{_2051.txt => 12339.txt} (100%) diff --git a/changelog/_2051.txt b/changelog/12339.txt similarity index 100% rename from changelog/_2051.txt rename to changelog/12339.txt