From 91a369f61857748f96f28a712ac8563a8282ce38 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Mon, 2 Aug 2021 12:13:39 -0700
Subject: [PATCH] Automatically enable admin properly on linked cas.

---
 authority/authority.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/authority/authority.go b/authority/authority.go
index ae41f129..28af693c 100644
--- a/authority/authority.go
+++ b/authority/authority.go
@@ -207,6 +207,11 @@ func (a *Authority) init() error {
 
 	var err error
 
+	// Automatically enable admin for all linked cas.
+	if a.linkedCAToken != "" {
+		a.config.AuthorityConfig.EnableAdmin = true
+	}
+
 	// Initialize step-ca Database if it's not already initialized with WithDB.
 	// If a.config.DB is nil then a simple, barebones in memory DB will be used.
 	if a.db == nil {
@@ -440,7 +445,7 @@ func (a *Authority) init() error {
 		// TODO: mimick the x509CAService GetCertificateAuthority here too?
 	}
 
-	if a.config.AuthorityConfig.EnableAdmin || a.linkedCAToken != "" {
+	if a.config.AuthorityConfig.EnableAdmin {
 		// Initialize step-ca Admin Database if it's not already initialized using
 		// WithAdminDB.
 		if a.adminDB == nil {