scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 02:02:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert #18683 (#18942)

Browse Source 
* Revert "Don't execute the seal recovery tests on ENT. (#18841)"

This reverts commit 990d3bacc2.

* Revert "Add the ability to unseal using recovery keys via an explicit seal option. (#18683)"

This reverts commit 2ffe49aab0.
This commit is contained in:
Scott Miller
2023-02-01 13:34:53 -06:00
committed by GitHub
parent e22e5ae9ed
commit bf58843b0a
14 changed files with 92 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
command/server.go
View File

@@ -2378,7 +2378,7 @@ func setSeal(c *ServerCommand, config *server.Config, infoKeys []string, info ma
config.Seals = append(config.Seals, &configutil.KMS{Type: wrapping.WrapperTypeShamir.String()})
}
}
createdSeals := make([]vault.Seal, len(config.Seals))
var createdSeals []vault.Seal = make([]vault.Seal, len(config.Seals))
for _, configSeal := range config.Seals {
sealType := wrapping.WrapperTypeShamir.String()
if !configSeal.Disabled && os.Getenv("VAULT_SEAL_TYPE") != "" {
@@ -2403,11 +2403,7 @@ func setSeal(c *ServerCommand, config *server.Config, infoKeys []string, info ma
"Error parsing Seal configuration: %s", sealConfigError)
}
}
if configSeal.Recover {
seal = vault.NewRecoverySeal(&vaultseal.Access{
Wrapper: aeadwrapper.NewShamirWrapper(),
})
} else if wrapper == nil {
if wrapper == nil {
seal = defaultSeal
} else {
var err error
@@ -2432,7 +2428,6 @@ func setSeal(c *ServerCommand, config *server.Config, infoKeys []string, info ma
}
createdSeals = append(createdSeals, seal)
}
return barrierSeal, barrierWrapper, unwrapSeal, createdSeals, sealConfigError, nil
}
@@ -2622,7 +2617,9 @@ func runUnseal(c *ServerCommand, core *vault.Core, ctx context.Context) {
}
}
func createCoreConfig(c *ServerCommand, config *server.Config, backend physical.Backend, configSR sr.ServiceRegistration, barrierSeal, unwrapSeal vault.Seal, metricsHelper *metricsutil.MetricsHelper, metricSink *metricsutil.ClusterMetricSink, secureRandomReader io.Reader) vault.CoreConfig {
func createCoreConfig(c *ServerCommand, config *server.Config, backend physical.Backend, configSR sr.ServiceRegistration, barrierSeal, unwrapSeal vault.Seal,
metricsHelper *metricsutil.MetricsHelper, metricSink *metricsutil.ClusterMetricSink, secureRandomReader io.Reader,
) vault.CoreConfig {
coreConfig := &vault.CoreConfig{
RawConfig: config,
Physical: backend,