Admin::SessionsController#create: cannot execute UPDATE in a read-only transaction
Summary
It happens right after entering an invalid 2FA code to enable Admin mode on a Geo secondary node. It seems a regression from #211456 (closed).
ActiveRecord::StatementInvalid - PG::ReadOnlySqlTransaction: ERROR: cannot execute INSERT in a read-only transaction:
ee/app/services/ee/audit_event_service.rb:149:in `unauth_security_event'
ee/app/controllers/concerns/ee/authenticates_with_two_factor.rb:13:in `log_failed_two_factor'
app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb:101:in `admin_handle_two_factor_failure'
app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb:55:in `admin_mode_authenticate_with_two_factor_via_otp'
app/controllers/concerns/authenticates_with_two_factor_for_admin_mode.rb:31:in `admin_mode_authenticate_with_two_factor'
app/controllers/admin/sessions_controller.rb:23:in `create'
Steps to reproduce
- Enable Admin Mode
- Enable Two-Factor Authentication for your admin account
- Enter Admin Mode on a Geo secondary node
- Enter the correct admin account password
- Enter an invalid 2FA code
Affected versions
Cross-posting !65504 (comment 620747584):
The audit event for failed 2FA login attempt was introduced in %13.5 see !41641 (merged), but admin mode was only released on %13.10 see https://about.gitlab.com/releases/2021/03/22/gitlab-13-10-released. I'll add the proper labels if we have patch releases for %13.11, %13.12, and %14.0.
Edited by Michael Kozono