http: /sys/seal requires a token

http/sys_seal.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 
 	"github.com/hashicorp/errwrap"
+	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/vault"
 )
 
@@ -17,7 +18,11 @@ func handleSysSeal(core *vault.Core) http.Handler {
 			return
 		}
 
-		if err := core.Seal(); err != nil {
+		// Get the auth for the request so we can access the token directly
+		req := requestAuth(r, &logical.Request{})
+
+		// Seal with the token above
+		if err := core.Seal(req.ClientToken); err != nil {
 			respondError(w, http.StatusInternalServerError, err)
 			return
 		}

http/sys_seal_test.go

@@ -65,14 +65,10 @@ func TestSysSeal(t *testing.T) {
 }
 
 func TestSysSeal_unsealed(t *testing.T) {
-	core := vault.TestCore(t)
+	core, _, token := vault.TestCoreUnsealed(t)
 	ln, addr := TestServer(t, core)
 	defer ln.Close()
-
+	TestServerAuth(t, addr, token)
-	key, _ := vault.TestCoreInit(t, core)
-	if _, err := core.Unseal(key); err != nil {
-		t.Fatalf("err: %s", err)
-	}
 
 	resp := testHttpPut(t, addr+"/v1/sys/seal", nil)
 	testResponseStatus(t, resp, 204)