From 59abbb5e5415e341db15724a83f50164e1b0aabd Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Fri, 17 Jan 2020 12:43:28 -0800 Subject: [PATCH] Make test fail --- command/seal_migration_test.go | 8 +++++++- vault/core.go | 22 +++++++++++----------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/command/seal_migration_test.go b/command/seal_migration_test.go index def7ac71d146..744dc76fe36d 100644 --- a/command/seal_migration_test.go +++ b/command/seal_migration_test.go @@ -5,10 +5,11 @@ package command import ( "context" "encoding/base64" + "testing" + "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/testhelpers" "github.com/hashicorp/vault/shamir" - "testing" "github.com/hashicorp/go-hclog" wrapping "github.com/hashicorp/go-kms-wrapping" @@ -62,6 +63,11 @@ func TestSealMigrationAutoToShamir(t *testing.T) { client.SetToken(rootToken) core := cluster.Cores[0].Core + client.SetToken(rootToken) + if err := client.Sys().Seal(); err != nil { + t.Fatal(err) + } + shamirSeal := vault.NewDefaultSeal(&seal.Access{ Wrapper: aeadwrapper.NewWrapper(&wrapping.WrapperOptions{ Logger: logger.Named("shamir"), diff --git a/vault/core.go b/vault/core.go index e2879d93ba13..f92c226b4ecc 100644 --- a/vault/core.go +++ b/vault/core.go @@ -495,7 +495,7 @@ type Core struct { recoveryMode bool clusterNetworkLayer cluster.NetworkLayer - + // PR1103disabled is used to test upgrade workflows: when set to true, // the correct behaviour for namespaced cubbyholes is disabled, so we // can test an upgrade to a version that includes the fixes from @@ -1284,16 +1284,16 @@ func (c *Core) unsealPart(ctx context.Context, seal Seal, key []byte, useRecover if recoveryKey == nil { return nil, errors.New("did not get expected recovery information to set new seal during migration") } - - if err := c.seal.SetBarrierConfig(ctx, &SealConfig{ - Type: wrapping.Shamir, - SecretShares: config.SecretShares, - SecretThreshold: config.SecretThreshold, - StoredShares: 1, - }); err != nil { - return nil, errwrap.Wrapf("failed to store barrier config during migration: {{err}}", err) - } - + /* + if err := c.seal.SetBarrierConfig(ctx, &SealConfig{ + Type: wrapping.Shamir, + SecretShares: config.SecretShares, + SecretThreshold: config.SecretThreshold, + StoredShares: 1, + }); err != nil { + return nil, errwrap.Wrapf("failed to store barrier config during migration: {{err}}", err) + } + */ // We have recovery keys; we're going to use them as the new // shamir KeK. err = c.seal.GetAccess().Wrapper.(*aeadwrapper.Wrapper).SetAESGCMKeyBytes(recoveryKey)