| 1930 | } |
| 1931 | |
| 1932 | func (c *ServerCommand) configureSeals(ctx context.Context, config *server.Config, backend physical.Backend, infoKeys []string, info map[string]string) (*SetSealResponse, io.Reader, error) { |
| 1933 | existingSealGenerationInfo, err := vault.PhysicalSealGenInfo(ctx, backend) |
| 1934 | if err != nil { |
| 1935 | return nil, nil, fmt.Errorf("Error getting seal generation info: %v", err) |
| 1936 | } |
| 1937 | |
| 1938 | hasPartialPaths, err := vault.HasPartiallyWrappedPaths(ctx, backend) |
| 1939 | if err != nil { |
| 1940 | return nil, nil, fmt.Errorf("Cannot determine if there are partially seal wrapped entries in storage: %v", err) |
| 1941 | } |
| 1942 | setSealResponse, err := setSeal(c, config, infoKeys, info, existingSealGenerationInfo, hasPartialPaths) |
| 1943 | if err != nil { |
| 1944 | return nil, nil, err |
| 1945 | } |
| 1946 | if setSealResponse.sealConfigWarning != nil { |
| 1947 | c.UI.Warn(fmt.Sprintf("Warnings during seal configuration: %v", setSealResponse.sealConfigWarning)) |
| 1948 | } |
| 1949 | |
| 1950 | if setSealResponse.barrierSeal == nil { |
| 1951 | return nil, nil, errors.New("Could not create barrier seal! Most likely proper Seal configuration information was not set, but no error was generated.") |
| 1952 | } |
| 1953 | |
| 1954 | // prepare a secure random reader for core |
| 1955 | entropyAugLogger := c.logger.Named("entropy-augmentation") |
| 1956 | var entropySources []*configutil.EntropySourcerInfo |
| 1957 | for _, sealWrapper := range setSealResponse.barrierSeal.GetAccess().GetEnabledSealWrappersByPriority() { |
| 1958 | if s, ok := sealWrapper.Wrapper.(entropy.Sourcer); ok { |
| 1959 | entropySources = append(entropySources, &configutil.EntropySourcerInfo{ |
| 1960 | Sourcer: s, |
| 1961 | Name: sealWrapper.Name, |
| 1962 | }) |
| 1963 | } |
| 1964 | } |
| 1965 | secureRandomReader, err := configutil.CreateSecureRandomReaderFunc(config.SharedConfig, entropySources, entropyAugLogger) |
| 1966 | if err != nil { |
| 1967 | return nil, nil, err |
| 1968 | } |
| 1969 | |
| 1970 | return setSealResponse, secureRandomReader, nil |
| 1971 | } |
| 1972 | |
| 1973 | func (c *ServerCommand) setSealsToFinalize(seals []*vault.Seal) { |
| 1974 | prev := c.sealsToFinalize |