From 7ed7bddde39cab3ce37a36daea7ea53451ef27a9 Mon Sep 17 00:00:00 2001 From: Victor Rodriguez Date: Tue, 29 Aug 2023 13:56:19 -0400 Subject: [PATCH] Fix JSON serialization of SealGenerationInfo. (#22611) --- command/server.go | 2 +- vault/core.go | 1 + vault/seal/seal.go | 28 ++++++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/command/server.go b/command/server.go index e86f377c9b..4c2714af33 100644 --- a/command/server.go +++ b/command/server.go @@ -2733,7 +2733,7 @@ func (c *ServerCommand) computeSealGenerationInfo(existingSealGenInfo *vaultseal } generation = existingSealGenInfo.Generation + 1 } - c.logger.Info("incrementing seal config gen, new generation: ", "generation", generation) + c.logger.Info("incrementing seal geneneration", "generation", generation) // If the stored copy doesn't match the current configuration, we introduce a new generation // which keeps track if a rewrap of all CSPs and seal wrapped values has completed (initially false). diff --git a/vault/core.go b/vault/core.go index cfaa15c339..862296a61c 100644 --- a/vault/core.go +++ b/vault/core.go @@ -2399,6 +2399,7 @@ func (s standardUnsealStrategy) unseal(ctx context.Context, logger log.Logger, c if !sealGenerationInfo.IsRewrapped() { // Flag migration performed for seal-rewrap later + c.logger.Trace("seal generation information indicates that a seal-rewrap is needed", "generation", sealGenerationInfo.Generation, "rewrapped", sealGenerationInfo.IsRewrapped()) atomic.StoreUint32(c.sealMigrationDone, 1) } diff --git a/vault/seal/seal.go b/vault/seal/seal.go index 2b9773577d..0ad9ad5b7d 100644 --- a/vault/seal/seal.go +++ b/vault/seal/seal.go @@ -5,6 +5,7 @@ package seal import ( "context" + "encoding/json" "errors" "fmt" "reflect" @@ -130,6 +131,33 @@ func (sgi *SealGenerationInfo) IsRewrapped() bool { return sgi.rewrapped.Load() } +type sealGenerationInfoJson struct { + Generation uint64 + Seals []*configutil.KMS + Rewrapped bool +} + +func (sgi *SealGenerationInfo) MarshalJSON() ([]byte, error) { + return json.Marshal(sealGenerationInfoJson{ + Generation: sgi.Generation, + Seals: sgi.Seals, + Rewrapped: sgi.IsRewrapped(), + }) +} + +func (sgi *SealGenerationInfo) UnmarshalJSON(b []byte) error { + var value sealGenerationInfoJson + if err := json.Unmarshal(b, &value); err != nil { + return err + } + + sgi.Generation = value.Generation + sgi.Seals = value.Seals + sgi.SetRewrapped(value.Rewrapped) + + return nil +} + type SealInfo struct { wrapping.Wrapper Priority int