identity/oidc: prevent key rotation on performance secondary clusters #14426
+16
−3
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR prevents the identity store's periodic func from running on performance secondary clusters. This fixes an issue where the key rotations were attempting to write to readonly storage.
Additionally, this adds some
continue
statements in a few places that I think are appropriate. This prevents some logging that didn't make sense (see delete logs below) and sets thedidUpdate
bool properly.Example logs:
Testing
I manually tested this change using a performance secondary cluster to confirm that the key rotations in the periodic func are skipped on the active instance.