Send initialized information via sys/seal-status (#5424)

2025-10-30 18:17:55 +00:00 · 2018-09-27 16:03:37 -05:00
parent e559a1f20a
commit 382f28ee24
4 changed files with 14 additions and 1 deletions
--- a/api/sys_seal.go
+++ b/api/sys_seal.go
@@ -57,6 +57,7 @@ func sealStatusRequest(c *Sys, r *Request) (*SealStatusResponse, error) {

 type SealStatusResponse struct {
 	Type         string `json:"type"`
+	Initialized  bool   `json:"initialized"`
 	Sealed       bool   `json:"sealed"`
 	T            int    `json:"t"`
 	N            int    `json:"n"`
--- a/command/format.go
+++ b/command/format.go
@@ -320,6 +320,7 @@ func OutputSealStatus(ui cli.Ui, client *api.Client, status *api.SealStatusRespo
 	out := []string{}
 	out = append(out, "Key | Value")
 	out = append(out, fmt.Sprintf("%sSeal Type | %s", sealPrefix, status.Type))
+	out = append(out, fmt.Sprintf("Initialized | %t", status.Initialized))
 	out = append(out, fmt.Sprintf("Sealed | %t", status.Sealed))
 	out = append(out, fmt.Sprintf("Total %sShares | %d", sealPrefix, status.N))
 	out = append(out, fmt.Sprintf("Threshold | %d", status.T))
--- a/http/sys_seal.go
+++ b/http/sys_seal.go
@@ -177,7 +177,12 @@ func handleSysSealStatusRaw(core *vault.Core, w http.ResponseWriter, r *http.Req
 	}

 	if sealConfig == nil {
-		respondError(w, http.StatusBadRequest, fmt.Errorf("server is not yet initialized"))
+		respondOk(w, &SealStatusResponse{
+			Type:         core.SealAccess().BarrierType(),
+			Initialized:  false,
+			Sealed:       true,
+			RecoverySeal: core.SealAccess().RecoveryKeySupported(),
+		})
 		return
 	}

@@ -201,6 +206,7 @@ func handleSysSealStatusRaw(core *vault.Core, w http.ResponseWriter, r *http.Req

 	respondOk(w, &SealStatusResponse{
 		Type:         sealConfig.Type,
+		Initialized:  true,
 		Sealed:       sealed,
 		T:            sealConfig.SecretThreshold,
 		N:            sealConfig.SecretShares,
@@ -215,6 +221,7 @@ func handleSysSealStatusRaw(core *vault.Core, w http.ResponseWriter, r *http.Req

 type SealStatusResponse struct {
 	Type         string `json:"type"`
+	Initialized  bool   `json:"initialized"`
 	Sealed       bool   `json:"sealed"`
 	T            int    `json:"t"`
 	N            int    `json:"n"`
--- a/vault/seal_access.go
+++ b/vault/seal_access.go
@@ -20,6 +20,10 @@ func (s *SealAccess) StoredKeysSupported() bool {
 	return s.seal.StoredKeysSupported()
 }

+func (s *SealAccess) BarrierType() string {
+	return s.seal.BarrierType()
+}
+
 func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error) {
 	return s.seal.BarrierConfig(ctx)
 }