From a4f95e97e040d8ffe4fb68f379da8965db20df27 Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Tue, 17 Jan 2023 12:58:14 +0100 Subject: [PATCH] do not rotate secrets for standby clusters (#2175) --- pkg/cluster/sync.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cluster/sync.go b/pkg/cluster/sync.go index af85eb076..75d4e8a65 100644 --- a/pkg/cluster/sync.go +++ b/pkg/cluster/sync.go @@ -759,7 +759,7 @@ func (c *Cluster) updateSecret( // globally enabled rotation is only allowed for manifest and bootstrapped roles allowedRoleTypes := []spec.RoleOrigin{spec.RoleOriginManifest, spec.RoleOriginBootstrap} - rotationAllowed := !pwdUser.IsDbOwner && util.SliceContains(allowedRoleTypes, pwdUser.Origin) + rotationAllowed := !pwdUser.IsDbOwner && util.SliceContains(allowedRoleTypes, pwdUser.Origin) && c.Spec.StandbyCluster == nil if (c.OpConfig.EnablePasswordRotation && rotationAllowed) || rotationEnabledInManifest { updateSecretMsg, err = c.rotatePasswordInSecret(secret, secretUsername, pwdUser.Origin, currentTime, retentionUsers)