mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-08 22:06:27 +02:00
Code Issues Projects Releases Wiki Activity

SECVULN-41101 fix missing return after respondError in sys_raft (#14198) (#14200)

Browse Source 
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
This commit is contained in:
Vault Automation 2026-04-22 17:20:07 -04:00 committed by GitHub
parent 57d27929a1
commit 512398206d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
http/sys_raft.go
View File

@ -23,6 +23,7 @@ func handleSysRaftBootstrap(core *vault.Core) http.Handler {
case "POST", "PUT":
if core.Sealed() {
respondError(w, http.StatusBadRequest, errors.New("node must be unsealed to bootstrap"))
return
}
if err := core.RaftBootstrap(context.Background(), false); err != nil {

12
vault/external_tests/raft/raft_test.go
View File

@ -27,6 +27,7 @@ import (
"github.com/hashicorp/vault/helper/namespace"
"github.com/hashicorp/vault/helper/testhelpers"
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
"github.com/hashicorp/vault/helper/testhelpers/minimal"
"github.com/hashicorp/vault/helper/testhelpers/teststorage"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/internalshared/configutil"
@ -1626,3 +1627,14 @@ func TestRaft_SnapshotLargerMaxRequestSize(t *testing.T) {
require.NoError(t, err)
testhelpers.WaitForActiveNode(t, cluster)
}
// TestRaft_BootstrapWhenSealed ensures raft does not attempt to bootstrap when sealed.
func TestRaft_BootstrapWhenSealed(t *testing.T) {
t.Parallel()
cluster := minimal.NewTestSoloCluster(t, nil)
client := cluster.Cores[0].Client
cluster.EnsureCoresSealed(t)
_, err := client.Logical().Write("sys/storage/raft/bootstrap", nil)
require.ErrorContains(t, err, "node must be unsealed to bootstrap")
}