scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 02:57:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Only reload seal config when enable_multiseal is set, or is being disabled (#26166)

Browse Source 
Fix reloading of seal configuration when a node gains leadership.

Verify that the in-memory seal generation information is stale and only reload
seal configuration when that is the case.

When reloading seal configuration, only do it when enable_multiseal is currently
set to true, or the new configuration is attempting to set it to true.
This commit is contained in:
Victor Rodriguez
2024-03-27 13:57:46 -04:00
committed by GitHub
parent 483e3e482c
commit ae31138aea
3 changed files with 73 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
command/server_test.go
View File

@@ -414,12 +414,12 @@ func TestReloadSeals(t *testing.T) {
testCommand.logger = corehelpers.NewTestLogger(t)
ctx := context.Background()
reloaded, err := testCommand.reloadSealsLocking(ctx, testCore, &testConfig)
reloaded, err := testCommand.reloadSealsOnSigHup(ctx, testCore, &testConfig)
require.NoError(t, err)
require.False(t, reloaded, "reloadSeals does not support Shamir seals")
testConfig = server.Config{SharedConfig: &configutil.SharedConfig{Seals: []*configutil.KMS{{Disabled: true}}}}
reloaded, err = testCommand.reloadSealsLocking(ctx, testCore, &testConfig)
reloaded, err = testCommand.reloadSealsOnSigHup(ctx, testCore, &testConfig)
require.NoError(t, err)
require.False(t, reloaded, "reloadSeals does not support Shamir seals")
}