From 382f28ee24070fa6bcaf50ec6e596d9982ee40a2 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Thu, 27 Sep 2018 16:03:37 -0500
Subject: [PATCH] Send initialized information via sys/seal-status (#5424)

---
 api/sys_seal.go      | 1 +
 command/format.go    | 1 +
 http/sys_seal.go     | 9 ++++++++-
 vault/seal_access.go | 4 ++++
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/api/sys_seal.go b/api/sys_seal.go
index 7cc32ac33c..d882a8e997 100644
--- a/api/sys_seal.go
+++ b/api/sys_seal.go
@@ -57,6 +57,7 @@ func sealStatusRequest(c *Sys, r *Request) (*SealStatusResponse, error) {
 
 type SealStatusResponse struct {
 	Type         string `json:"type"`
+	Initialized  bool   `json:"initialized"`
 	Sealed       bool   `json:"sealed"`
 	T            int    `json:"t"`
 	N            int    `json:"n"`
diff --git a/command/format.go b/command/format.go
index 6a1afbc764..10244a8aa2 100644
--- a/command/format.go
+++ b/command/format.go
@@ -320,6 +320,7 @@ func OutputSealStatus(ui cli.Ui, client *api.Client, status *api.SealStatusRespo
 	out := []string{}
 	out = append(out, "Key | Value")
 	out = append(out, fmt.Sprintf("%sSeal Type | %s", sealPrefix, status.Type))
+	out = append(out, fmt.Sprintf("Initialized | %t", status.Initialized))
 	out = append(out, fmt.Sprintf("Sealed | %t", status.Sealed))
 	out = append(out, fmt.Sprintf("Total %sShares | %d", sealPrefix, status.N))
 	out = append(out, fmt.Sprintf("Threshold | %d", status.T))
diff --git a/http/sys_seal.go b/http/sys_seal.go
index 2c8f0f6341..451c1775ab 100644
--- a/http/sys_seal.go
+++ b/http/sys_seal.go
@@ -177,7 +177,12 @@ func handleSysSealStatusRaw(core *vault.Core, w http.ResponseWriter, r *http.Req
 	}
 
 	if sealConfig == nil {
-		respondError(w, http.StatusBadRequest, fmt.Errorf("server is not yet initialized"))
+		respondOk(w, &SealStatusResponse{
+			Type:         core.SealAccess().BarrierType(),
+			Initialized:  false,
+			Sealed:       true,
+			RecoverySeal: core.SealAccess().RecoveryKeySupported(),
+		})
 		return
 	}
 
@@ -201,6 +206,7 @@ func handleSysSealStatusRaw(core *vault.Core, w http.ResponseWriter, r *http.Req
 
 	respondOk(w, &SealStatusResponse{
 		Type:         sealConfig.Type,
+		Initialized:  true,
 		Sealed:       sealed,
 		T:            sealConfig.SecretThreshold,
 		N:            sealConfig.SecretShares,
@@ -215,6 +221,7 @@ func handleSysSealStatusRaw(core *vault.Core, w http.ResponseWriter, r *http.Req
 
 type SealStatusResponse struct {
 	Type         string `json:"type"`
+	Initialized  bool   `json:"initialized"`
 	Sealed       bool   `json:"sealed"`
 	T            int    `json:"t"`
 	N            int    `json:"n"`
diff --git a/vault/seal_access.go b/vault/seal_access.go
index 5c44bd184f..f4a31dc908 100644
--- a/vault/seal_access.go
+++ b/vault/seal_access.go
@@ -20,6 +20,10 @@ func (s *SealAccess) StoredKeysSupported() bool {
 	return s.seal.StoredKeysSupported()
 }
 
+func (s *SealAccess) BarrierType() string {
+	return s.seal.BarrierType()
+}
+
 func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error) {
 	return s.seal.BarrierConfig(ctx)
 }