MCPcopy
hub / github.com/hashicorp/vault / configureSeals

Method configureSeals

command/server.go:1932–1971  ·  view source on GitHub ↗
(ctx context.Context, config *server.Config, backend physical.Backend, infoKeys []string, info map[string]string)

Source from the content-addressed store, hash-verified

1930}
1931
1932func (c *ServerCommand) configureSeals(ctx context.Context, config *server.Config, backend physical.Backend, infoKeys []string, info map[string]string) (*SetSealResponse, io.Reader, error) {
1933 existingSealGenerationInfo, err := vault.PhysicalSealGenInfo(ctx, backend)
1934 if err != nil {
1935 return nil, nil, fmt.Errorf("Error getting seal generation info: %v", err)
1936 }
1937
1938 hasPartialPaths, err := vault.HasPartiallyWrappedPaths(ctx, backend)
1939 if err != nil {
1940 return nil, nil, fmt.Errorf("Cannot determine if there are partially seal wrapped entries in storage: %v", err)
1941 }
1942 setSealResponse, err := setSeal(c, config, infoKeys, info, existingSealGenerationInfo, hasPartialPaths)
1943 if err != nil {
1944 return nil, nil, err
1945 }
1946 if setSealResponse.sealConfigWarning != nil {
1947 c.UI.Warn(fmt.Sprintf("Warnings during seal configuration: %v", setSealResponse.sealConfigWarning))
1948 }
1949
1950 if setSealResponse.barrierSeal == nil {
1951 return nil, nil, errors.New("Could not create barrier seal! Most likely proper Seal configuration information was not set, but no error was generated.")
1952 }
1953
1954 // prepare a secure random reader for core
1955 entropyAugLogger := c.logger.Named("entropy-augmentation")
1956 var entropySources []*configutil.EntropySourcerInfo
1957 for _, sealWrapper := range setSealResponse.barrierSeal.GetAccess().GetEnabledSealWrappersByPriority() {
1958 if s, ok := sealWrapper.Wrapper.(entropy.Sourcer); ok {
1959 entropySources = append(entropySources, &configutil.EntropySourcerInfo{
1960 Sourcer: s,
1961 Name: sealWrapper.Name,
1962 })
1963 }
1964 }
1965 secureRandomReader, err := configutil.CreateSecureRandomReaderFunc(config.SharedConfig, entropySources, entropyAugLogger)
1966 if err != nil {
1967 return nil, nil, err
1968 }
1969
1970 return setSealResponse, secureRandomReader, nil
1971}
1972
1973func (c *ServerCommand) setSealsToFinalize(seals []*vault.Seal) {
1974 prev := c.sealsToFinalize

Callers 3

RunMethod · 0.95
reloadSealsMethod · 0.95
TestConfigureSealsFunction · 0.80

Calls 6

PhysicalSealGenInfoFunction · 0.92
HasPartiallyWrappedPathsFunction · 0.92
setSealFunction · 0.85
WarnMethod · 0.65
GetAccessMethod · 0.65

Tested by 1

TestConfigureSealsFunction · 0.64