core: add hook for initializing seals for migration

Needed in enterprise version.
hashicorp · Oct 15, 2019 · 5d73b9a · 5d73b9a
1 parent e6e844d
commit 5d73b9a
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 0 deletions.
diff --git a/command/server_util.go b/command/server_util.go
@@ -48,6 +48,7 @@ func adjustCoreForSealMigration(logger log.Logger, core *vault.Core, barrierSeal
 	var existSeal vault.Seal
 	var newSeal vault.Seal
 
+	// TODO(mjg): this prevents migration from/to the same seal type
 	if existBarrierSealConfig.Type == barrierSeal.BarrierType() {
 		// In this case our migration seal is set so we are using it
 		// (potentially) for unwrapping. Set it on core for that purpose then

diff --git a/vault/core.go b/vault/core.go
@@ -1963,6 +1963,7 @@ func (c *Core) SetSealsForMigration(migrationSeal, newSeal, unwrapSeal Seal) {
 		c.seal = newSeal
 		c.seal.SetCore(c)
 		c.logger.Warn("entering seal migration mode; Vault will not automatically unseal even if using an autoseal", "from_barrier_type", c.migrationSeal.BarrierType(), "to_barrier_type", c.seal.BarrierType())
+		c.initSealsForMigration()
 	}
 }
 

diff --git a/vault/core_util.go b/vault/core_util.go
@@ -122,3 +122,5 @@ func (c *Core) removeAllPerfStandbySecondaries() {}
 func (c *Core) perfStandbyClusterHandler() (*replication.Cluster, *cache.Cache, chan struct{}, error) {
 	return nil, cache.New(2*cluster.HeartbeatInterval, 1*time.Second), make(chan struct{}), nil
 }
+
+func (c *Core) initSealsForMigration() {}