Reload seals if necessary when a node gains leadership. (#26098)

As part of the process of becoming a leader node, check to see if the seal configuration needs to be reloaded. Reloading may be necessary if the seal generation information computed during start up is outdated. For example, a new node that has just joined the cluster will have incorrect seal generation information in memory, even if it has the correct seal configuration, since it did not have access to the stored seal generation information.
2025-10-30 18:17:55 +00:00 · 2024-03-22 11:51:42 -04:00
parent c6da02962d
commit b112eb9877
5 changed files with 181 additions and 55 deletions
--- a/command/server_test.go
+++ b/command/server_test.go
@@ -412,14 +412,14 @@ func TestReloadSeals(t *testing.T) {
 	_, testCommand := testServerCommand(t)
 	testConfig := server.Config{SharedConfig: &configutil.SharedConfig{}}

-	_, err := testCommand.reloadSeals(context.Background(), testCore, &testConfig)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
+	testCommand.logger = corehelpers.NewTestLogger(t)
+	ctx := context.Background()
+	reloaded, err := testCommand.reloadSealsLocking(ctx, testCore, &testConfig)
+	require.NoError(t, err)
+	require.False(t, reloaded, "reloadSeals does not support Shamir seals")

 	testConfig = server.Config{SharedConfig: &configutil.SharedConfig{Seals: []*configutil.KMS{{Disabled: true}}}}
-	_, err = testCommand.reloadSeals(context.Background(), testCore, &testConfig)
-	if err == nil {
-		t.Fatal("expected error, got nil")
-	}
+	reloaded, err = testCommand.reloadSealsLocking(ctx, testCore, &testConfig)
+	require.NoError(t, err)
+	require.False(t, reloaded, "reloadSeals does not support Shamir seals")
 }