Make test fail

hashicorp · Jan 17, 2020 · 59abbb5 · 59abbb5
1 parent 6561f46
commit 59abbb5
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 12 deletions.
diff --git a/command/seal_migration_test.go b/command/seal_migration_test.go
@@ -5,10 +5,11 @@ package command
 import (
 	"context"
 	"encoding/base64"
+	"testing"
+
 	"github.com/hashicorp/vault/api"
 	"github.com/hashicorp/vault/helper/testhelpers"
 	"github.com/hashicorp/vault/shamir"
-	"testing"
 
 	"github.com/hashicorp/go-hclog"
 	wrapping "github.com/hashicorp/go-kms-wrapping"
@@ -62,6 +63,11 @@ func TestSealMigrationAutoToShamir(t *testing.T) {
 	client.SetToken(rootToken)
 	core := cluster.Cores[0].Core
 
+	client.SetToken(rootToken)
+	if err := client.Sys().Seal(); err != nil {
+		t.Fatal(err)
+	}
+
 	shamirSeal := vault.NewDefaultSeal(&seal.Access{
 		Wrapper: aeadwrapper.NewWrapper(&wrapping.WrapperOptions{
 			Logger: logger.Named("shamir"),

diff --git a/vault/core.go b/vault/core.go
@@ -495,7 +495,7 @@ type Core struct {
 	recoveryMode bool
 
 	clusterNetworkLayer cluster.NetworkLayer
-  
+
 	// PR1103disabled is used to test upgrade workflows: when set to true,
 	// the correct behaviour for namespaced cubbyholes is disabled, so we
 	// can test an upgrade to a version that includes the fixes from
@@ -1284,16 +1284,16 @@ func (c *Core) unsealPart(ctx context.Context, seal Seal, key []byte, useRecover
 			if recoveryKey == nil {
 				return nil, errors.New("did not get expected recovery information to set new seal during migration")
 			}
-
-			if err := c.seal.SetBarrierConfig(ctx, &SealConfig{
-				Type:            wrapping.Shamir,
-				SecretShares:    config.SecretShares,
-				SecretThreshold: config.SecretThreshold,
-				StoredShares:    1,
-			}); err != nil {
-				return nil, errwrap.Wrapf("failed to store barrier config during migration: {{err}}", err)
-			}
-
+			/*
+				if err := c.seal.SetBarrierConfig(ctx, &SealConfig{
+					Type:            wrapping.Shamir,
+					SecretShares:    config.SecretShares,
+					SecretThreshold: config.SecretThreshold,
+					StoredShares:    1,
+				}); err != nil {
+					return nil, errwrap.Wrapf("failed to store barrier config during migration: {{err}}", err)
+				}
+			*/
 			// We have recovery keys; we're going to use them as the new
 			// shamir KeK.
 			err = c.seal.GetAccess().Wrapper.(*aeadwrapper.Wrapper).SetAESGCMKeyBytes(recoveryKey)