Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VAULT-21435 Use seal wrappers rather than config to determine autoSeal barrier type. #24165

Merged
merged 3 commits into from
Nov 16, 2023

Conversation

victorr
Copy link
Contributor

@victorr victorr commented Nov 16, 2023

A seal's Access object contains all seal configuration, which in the case of seal migration includes the "unwrap seal" as well as the barrier seal. Thus, to determine whether an autoSeal is of a specific type such as 'Transit' or whether it is a 'Multiseal', use the wrappers of the seal's Access.

In addition: Fix an error that resulted in the wrong seal type being reported while Vault is in seal migration mode.

A seal's Access object contains all seal configuration, which in the case of
seal migration includes the "unwrap seal" as well as the barrier seal. Thus, to
determine whether an autoSeal is of a specific type such as 'Transit' or whether
it is a 'Multiseal', use the wrappers of the seal's Access.
Fix an error that resulted in the wrong seal type being reported while Vault is
in seal migration mode.
@victorr victorr self-assigned this Nov 16, 2023
@victorr victorr requested a review from a team as a code owner November 16, 2023 18:57
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Nov 16, 2023
Copy link
Collaborator

@sgmiller sgmiller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@victorr victorr added this to the 1.15.3 milestone Nov 16, 2023
@victorr victorr enabled auto-merge (squash) November 16, 2023 19:02
Copy link

Build Results:
All builds succeeded! ✅

@victorr victorr merged commit 2f01a05 into main Nov 16, 2023
104 of 107 checks passed
@victorr victorr deleted the victorr/vault-22031-fix-autoseal-barrier-type branch November 16, 2023 19:17
Copy link

CI Results:
Failures:

Test Type Package Test Logs
vault TestExpiration_Renew_FinalSecond view test results

victorr added a commit that referenced this pull request Nov 16, 2023
…pe. (#24165)

* Use seal wrappers rather than config to determine autoSeal barrier type.

A seal's Access object contains all seal configuration, which in the case of
seal migration includes the "unwrap seal" as well as the barrier seal. Thus, to
determine whether an autoSeal is of a specific type such as 'Transit' or whether
it is a 'Multiseal', use the wrappers of the seal's Access.

* Fix seal type reported by /sys/seal-status.

Fix an error that resulted in the wrong seal type being reported while Vault is
in seal migration mode.
victorr added a commit that referenced this pull request Nov 16, 2023
…pe. (#24165) (#24166)

* Use seal wrappers rather than config to determine autoSeal barrier type.

A seal's Access object contains all seal configuration, which in the case of
seal migration includes the "unwrap seal" as well as the barrier seal. Thus, to
determine whether an autoSeal is of a specific type such as 'Transit' or whether
it is a 'Multiseal', use the wrappers of the seal's Access.

* Fix seal type reported by /sys/seal-status.

Fix an error that resulted in the wrong seal type being reported while Vault is
in seal migration mode.

Co-authored-by: Victor Rodriguez <vrizo@hashicorp.com>
@victorr victorr changed the title Use seal wrappers rather than config to determine autoSeal barrier type. VAULT-21435 Use seal wrappers rather than config to determine autoSeal barrier type. Nov 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants