-
Notifications
You must be signed in to change notification settings - Fork 4.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Co-authored-by: Paul Banks <pbanks@hashicorp.com>
- Loading branch information
1 parent
15ac3f3
commit a610bec
Showing
5 changed files
with
39 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
```release-note:bug | ||
replication (enterprise): Fix regression causing token creation against a role | ||
with a new entity alias to be incorrectly forwarded from perf standbys. | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
19 changes: 19 additions & 0 deletions
19
website/content/partials/perf-standby-token-create-forwarding-failure.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
### Token creation with a new entity alias could silently fail | ||
|
||
A regression caused token creation requests under specific circumstances to be | ||
forwarded from perf standbys (Enterprise only) to the active node incorrectly. | ||
They would appear to succeed, however no lease was created. The token would then | ||
be revoked on first use causing a 403 error. | ||
|
||
This only happened when all of the following conditions were met: | ||
- the token is being created against a role | ||
- the request specifies an entity alias which has never been used before with | ||
the same role (for example for a brand new role or a unique alias) | ||
- the request happens to be made to a perf standby rather than the active node | ||
|
||
Retrying token creation after the affected token is rejected would work since | ||
the entity alias has already been created. | ||
|
||
#### Affected Versions | ||
|
||
Affects Vault 1.13.0 to 1.13.3. Fixed in 1.13.4. |