Support go-sockaddr templates in top-level cluster_addr config (#13678)…

… (#13706) In doing some testing I found that the listener clusteraddr isn't really used, or at least isn't as important as the top-level clusteraddr setting. As such, go-sockaddr templating needs to be implemented for the top-level `cluster_addr` setting or it's unusable for HA. Also fix a nil pointer panic I discovered at the same time.
hashicorp · Jan 20, 2022 · 4e1213e · 4e1213e
1 parent 9f2f924
commit 4e1213e
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/changelog/13678.txt b/changelog/13678.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core: add support for go-sockaddr templates in the top-level cluster_addr field
+```
diff --git a/command/server.go b/command/server.go
@@ -724,7 +724,6 @@ func (c *ServerCommand) runRecoveryMode() int {
 			c.logger.Info("goroutine trace", "stack", string(buf[:n]))
 		}
 	}
-
 }
 
 func logProxyEnvironmentVariables(logger hclog.Logger) {
@@ -2407,6 +2406,11 @@ CLUSTER_SYNTHESIS_COMPLETE:
 	}
 
 	if coreConfig.ClusterAddr != "" {
+		rendered, err := configutil.ParseSingleIPTemplate(coreConfig.ClusterAddr)
+		if err != nil {
+			return fmt.Errorf("Error parsing cluster address %s: %v", coreConfig.ClusterAddr, err)
+		}
+		coreConfig.ClusterAddr = rendered
 		// Force https as we'll always be TLS-secured
 		u, err := url.ParseRequestURI(coreConfig.ClusterAddr)
 		if err != nil {

diff --git a/vault/core.go b/vault/core.go
@@ -1368,6 +1368,9 @@ func (c *Core) getUnsealKey(ctx context.Context, seal Seal) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+	if config == nil {
+		return nil, fmt.Errorf("failed to obtain seal/recovery configuration")
+	}
 
 	// Check if we don't have enough keys to unlock, proceed through the rest of
 	// the call only if we have met the threshold