scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 19:17:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Provide a more reasonable error message for disabled Shamir seals (#24275)

Browse Source
This commit is contained in:
Scott Miller
2023-11-28 12:03:24 -06:00
committed by GitHub
parent e9f7c5bcef
commit 78d756acdb
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
command/server.go
View File

@@ -2572,6 +2572,8 @@ func setSeal(c *ServerCommand, config *server.Config, infoKeys []string, info ma
for _, c := range config.Seals {
if !c.Disabled {
allSealsDisabled = false
} else if c.Type == vault.SealConfigTypeShamir.String() {
return nil, errors.New("shamir seals cannot be set disabled (they should simply not be set)")
}
}
// If all seals are disabled assume they want to
@@ -2722,9 +2724,6 @@ func setSeal(c *ServerCommand, config *server.Config, infoKeys []string, info ma
return nil, errors.Join(sealConfigWarning, errors.New("no enabled Seals in configuration"))
case configuredSeals == 0:
return nil, errors.Join(sealConfigWarning, errors.New("no seals were successfully initialized"))
case containsShamir(enabledSealWrappers) && containsShamir(disabledSealWrappers):
return nil, errors.Join(sealConfigWarning, errors.New("shamir seals cannot be set disabled (they should simply not be set)"))
case len(enabledSealWrappers) == 1 && containsShamir(enabledSealWrappers):
// The barrier seal is Shamir. If there are any disabled seals, then we put them all in the same
// autoSeal.