diff --git a/changelog/13678.txt b/changelog/13678.txt new file mode 100644 index 000000000000..f8cbbf306016 --- /dev/null +++ b/changelog/13678.txt @@ -0,0 +1,3 @@ +```release-note:bug +core: add support for go-sockaddr templates in the top-level cluster_addr field +``` \ No newline at end of file diff --git a/command/server.go b/command/server.go index 718009b8cf41..2d9800110368 100644 --- a/command/server.go +++ b/command/server.go @@ -724,7 +724,6 @@ func (c *ServerCommand) runRecoveryMode() int { c.logger.Info("goroutine trace", "stack", string(buf[:n])) } } - } func logProxyEnvironmentVariables(logger hclog.Logger) { @@ -2407,6 +2406,11 @@ CLUSTER_SYNTHESIS_COMPLETE: } if coreConfig.ClusterAddr != "" { + rendered, err := configutil.ParseSingleIPTemplate(coreConfig.ClusterAddr) + if err != nil { + return fmt.Errorf("Error parsing cluster address %s: %v", coreConfig.ClusterAddr, err) + } + coreConfig.ClusterAddr = rendered // Force https as we'll always be TLS-secured u, err := url.ParseRequestURI(coreConfig.ClusterAddr) if err != nil { diff --git a/vault/core.go b/vault/core.go index 459989689484..a614b9a49905 100644 --- a/vault/core.go +++ b/vault/core.go @@ -1368,6 +1368,9 @@ func (c *Core) getUnsealKey(ctx context.Context, seal Seal) ([]byte, error) { if err != nil { return nil, err } + if config == nil { + return nil, fmt.Errorf("failed to obtain seal/recovery configuration") + } // Check if we don't have enough keys to unlock, proceed through the rest of // the call only if we have met the threshold