upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-02-03 20:40:45 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Use stored seal generation info for response to sys/seal-backend-status (#28631)

Browse source 
Use stored seal generation info for response to sys/seal-backend-status.
This commit is contained in:
Victor Rodriguez 2024-10-09 10:04:50 -04:00 committed by GitHub
parent 25ce991234
commit 770d902f60
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changelog/28631.txt Normal file
View file

@ -0,0 +1,3 @@
```release-note:bug
core/seal: Fix an issue that could cause reading from sys/seal-backend-status to return stale information.
```

11
vault/logical_system.go
View file

@ -5642,7 +5642,16 @@ func (c *Core) GetSealBackendStatus(ctx context.Context) (*SealBackendStatusResp
if err != nil {
return nil, fmt.Errorf("could not list partially seal wrapped values: %w", err)
}
genInfo := c.seal.GetAccess().GetSealGenerationInfo()
// When multi-seal is enabled, use the stored seal generation information. Note that the in-memory
// value may not be up-to-date on non-active nodes.
genInfo, err := PhysicalSealGenInfo(ctx, c.physical)
if err != nil {
return nil, fmt.Errorf("could not read seal generation information: %w", err)
}
if genInfo == nil {
// Multi-seal is not enabled, use the in-memory value.
genInfo = c.seal.GetAccess().GetSealGenerationInfo()
}
r.FullyWrapped = genInfo.IsRewrapped() && len(pps) == 0
return &r, nil
}