From 72fea877c27d538cb011fcaadc3edfdffabfd7bb Mon Sep 17 00:00:00 2001 From: ncabatoff Date: Thu, 4 Jun 2020 13:00:33 -0400 Subject: [PATCH] Fix feature flag persistence: we shouldn't have excluded dr primaries, they too must write feature flags. DR secondaries might not need depend on feature flags being there, but a DR primary could also be (or become) a perf primary. (#9148) --- vault/core.go | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/vault/core.go b/vault/core.go index 4d3ebfc370a9..7e4b575158df 100644 --- a/vault/core.go +++ b/vault/core.go @@ -1827,7 +1827,7 @@ func (s standardUnsealStrategy) unseal(ctx context.Context, logger log.Logger, c if err := enterprisePostUnseal(c); err != nil { return err } - if !c.ReplicationState().HasState(consts.ReplicationPerformanceSecondary | consts.ReplicationDRPrimary | consts.ReplicationDRSecondary) { + if !c.ReplicationState().HasState(consts.ReplicationPerformanceSecondary | consts.ReplicationDRSecondary) { // Only perf primarys should write feature flags, but we do it by // excluding other states so that we don't have to change it when // a non-replicated cluster becomes a primary. @@ -2358,15 +2358,18 @@ type FeatureFlags struct { } func (c *Core) persistFeatureFlags(ctx context.Context) error { - c.logger.Debug("persisting feature flags") - json, err := jsonutil.EncodeJSON(&FeatureFlags{NamespacesCubbyholesLocal: !c.PR1103disabled}) - if err != nil { - return err + if !c.PR1103disabled { + c.logger.Debug("persisting feature flags") + json, err := jsonutil.EncodeJSON(&FeatureFlags{NamespacesCubbyholesLocal: !c.PR1103disabled}) + if err != nil { + return err + } + return c.barrier.Put(ctx, &logical.StorageEntry{ + Key: consts.CoreFeatureFlagPath, + Value: json, + }) } - return c.barrier.Put(ctx, &logical.StorageEntry{ - Key: consts.CoreFeatureFlagPath, - Value: json, - }) + return nil } func (c *Core) readFeatureFlags(ctx context.Context) (*FeatureFlags, error) {