Fix identity case sensitivity loading in secondary cluster

vault/identity_store.go

@@ -23,6 +23,7 @@ const (
 )
 
 var (
+	caseSensitivityKey           = "casesensitivity"
 	sendGroupUpgrade             = func(*IdentityStore, *identity.Group) (bool, error) { return false, nil }
 	parseExtraEntityFromBucket   = func(context.Context, *IdentityStore, *identity.Entity) (bool, error) { return false, nil }
 	addExtraEntityDataToResponse = func(*identity.Entity, map[string]interface{}) {}
@@ -72,9 +73,10 @@ func NewIdentityStore(ctx context.Context, core *Core, config *logical.BackendCo
 	}
 
 	iStore.Backend = &framework.Backend{
-		BackendType: logical.TypeLogical,
-		Paths:       iStore.paths(),
-		Invalidate:  iStore.Invalidate,
+		BackendType:    logical.TypeLogical,
+		Paths:          iStore.paths(),
+		Invalidate:     iStore.Invalidate,
+		InitializeFunc: iStore.initialize,
 		PathsSpecial: &logical.Paths{
 			Unauthenticated: []string{
 				"oidc/.well-known/*",
@@ -109,6 +111,17 @@ func (i *IdentityStore) paths() []*framework.Path {
 	)
 }
 
+func (i *IdentityStore) initialize(ctx context.Context, req *logical.InitializationRequest) error {
+	entry, err := logical.StorageEntryJSON(caseSensitivityKey, &casesensitivity{
+		DisableLowerCasedNames: i.disableLowerCasedNames,
+	})
+	if err != nil {
+		return err
+	}
+
+	return i.view.Put(ctx, entry)
+}
+
 // Invalidate is a callback wherein the backend is informed that the value at
 // the given key is updated. In identity store's case, it would be the entity
 // storage entries that get updated. The value needs to be read and MemDB needs
@@ -120,6 +133,41 @@ func (i *IdentityStore) Invalidate(ctx context.Context, key string) {
 	defer i.lock.Unlock()
 
 	switch {
+	case key == caseSensitivityKey:
+		entry, err := i.view.Get(ctx, caseSensitivityKey)
+		if err != nil {
+			i.logger.Error("failed to read case sensitivity setting during invalidation", "error", err)
+			return
+		}
+		if entry == nil {
+			return
+		}
+
+		var setting casesensitivity
+		if err := entry.DecodeJSON(&setting); err != nil {
+			i.logger.Error("failed to decode case sensitivity setting during invalidation", "error", err)
+			return
+		}
+
+		// Fast return if the setting is the same
+		if i.disableLowerCasedNames == setting.DisableLowerCasedNames {
+			return
+		}
+
+		// If the setting is different, reset memdb and reload all the artifacts
+		i.disableLowerCasedNames = setting.DisableLowerCasedNames
+		if err := i.resetDB(ctx); err != nil {
+			i.logger.Error("failed to reset memdb during invalidation", "error", err)
+			return
+		}
+		if err := i.loadEntities(ctx); err != nil {
+			i.logger.Error("failed to load entities during invalidation", "error", err)
+			return
+		}
+		if err := i.loadGroups(ctx); err != nil {
+			i.logger.Error("failed to load groups during invalidation", "error", err)
+			return
+		}
 	// Check if the key is a storage entry key for an entity bucket
 	case strings.HasPrefix(key, storagepacker.StoragePackerBucketsPrefix):
 		// Create a MemDB transaction

vault/identity_store_structs.go

@@ -87,3 +87,7 @@ type groupDiff struct {
 	Deleted    []*identity.Group
 	Unmodified []*identity.Group
 }
+
+type casesensitivity struct {
+	DisableLowerCasedNames bool `json:"disable_lower_cased_names"`
+}