scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Potential fix for incompatible seal types between raft leader and new follower after having downgraded to one seal (#26523)

Browse Source 
* Potential fix for incompatible seal types between raft leader and new follower after having downgraded to one seal

* changelog
This commit is contained in:
Scott Miller
2024-04-19 09:54:29 -05:00
committed by GitHub
parent 9ebcbf6a0c
commit 18286ab0fa
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/26523.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
core (enterprise): fix bug where raft followers disagree with the seal type after returning to one seal from two.
```

4
vault/raft.go
View File

@@ -957,8 +957,8 @@ func (c *Core) getRaftChallenge(leaderInfo *raft.LeaderJoinInfo) (*raftInformati
return nil, err return nil, err
} }
if sealConfig.Type != c.seal.BarrierSealConfigType().String() { if !CompatibleSealTypes(sealConfig.Type, c.seal.BarrierSealConfigType().String()) {
return nil, fmt.Errorf("mismatching seal types between raft leader (%s) and follower (%s)", sealConfig.Type, c.seal.BarrierSealConfigType()) return nil, fmt.Errorf("incompatible seal types between raft leader (%s) and follower (%s)", sealConfig.Type, c.seal.BarrierSealConfigType())
} }
challengeB64, ok := secret.Data["challenge"] challengeB64, ok := secret.Data["challenge"]

6
vault/seal_autoseal.go
View File

@@ -194,7 +194,7 @@ func (d *autoSeal) BarrierConfig(ctx context.Context) (*SealConfig, error) {
barrierTypeUpgradeCheck(d.BarrierSealConfigType(), conf) barrierTypeUpgradeCheck(d.BarrierSealConfigType(), conf)
if conf.Type != d.BarrierSealConfigType().String() && conf.Type != SealConfigTypeMultiseal.String() && d.BarrierSealConfigType() != SealConfigTypeMultiseal { if !CompatibleSealTypes(conf.Type, d.BarrierSealConfigType().String()) {
d.logger.Error("barrier seal type does not match loaded type", "seal_type", conf.Type, "loaded_type", d.BarrierSealConfigType()) d.logger.Error("barrier seal type does not match loaded type", "seal_type", conf.Type, "loaded_type", d.BarrierSealConfigType())
return nil, fmt.Errorf("barrier seal type of %q does not match loaded type of %q", conf.Type, d.BarrierSealConfigType()) return nil, fmt.Errorf("barrier seal type of %q does not match loaded type of %q", conf.Type, d.BarrierSealConfigType())
} }
@@ -203,6 +203,10 @@ func (d *autoSeal) BarrierConfig(ctx context.Context) (*SealConfig, error) {
return conf.Clone(), nil return conf.Clone(), nil
} }
func CompatibleSealTypes(a, b string) bool {
return a == b || a == SealConfigTypeMultiseal.String() || b == SealConfigTypeMultiseal.String()
}
func (d *autoSeal) ClearBarrierConfig(ctx context.Context) error { func (d *autoSeal) ClearBarrierConfig(ctx context.Context) error {
return d.SetBarrierConfig(ctx, nil) return d.SetBarrierConfig(ctx, nil)
} }