Remove context from a few extraneous places

command/server.go

@@ -922,19 +922,19 @@ func (c *ServerCommand) enableDev(core *vault.Core, coreConfig *vault.CoreConfig
 		SecretThreshold: 1,
 	}
 
-	ctx := context.Background()
+	if core.SealAccess().RecoveryKeySupported() {
-
-	if core.SealAccess().RecoveryKeySupported(ctx) {
 		recoveryConfig = &vault.SealConfig{
 			SecretShares:    1,
 			SecretThreshold: 1,
 		}
 	}
 
-	if core.SealAccess().StoredKeysSupported(ctx) {
+	if core.SealAccess().StoredKeysSupported() {
 		barrierConfig.StoredShares = 1
 	}
 
+	ctx := context.Background()
+
 	// Initialize it with a basic single key
 	init, err := core.Initialize(ctx, &vault.InitParams{
 		BarrierConfig:  barrierConfig,
@@ -945,7 +945,7 @@ func (c *ServerCommand) enableDev(core *vault.Core, coreConfig *vault.CoreConfig
 	}
 
 	// Handle unseal with stored keys
-	if core.SealAccess().StoredKeysSupported(ctx) {
+	if core.SealAccess().StoredKeysSupported() {
 		err := core.UnsealWithStoredKeys(ctx)
 		if err != nil {
 			return nil, err

http/sys_generate_root.go

@@ -42,7 +42,7 @@ func handleSysGenerateRootAttemptGet(core *vault.Core, w http.ResponseWriter, r
 	}
 
 	sealConfig := barrierConfig
-	if core.SealAccess().RecoveryKeySupported(ctx) {
+	if core.SealAccess().RecoveryKeySupported() {
 		sealConfig, err = core.SealAccess().RecoveryConfig(ctx)
 		if err != nil {
 			respondError(w, http.StatusInternalServerError, err)

http/sys_init.go

@@ -68,7 +68,7 @@ func handleSysInitPut(core *vault.Core, w http.ResponseWriter, r *http.Request)
 	// which means both that the shares will be different *AND* there would
 	// need to be a way to actually allow fetching of the generated keys by
 	// operators.
-	if core.SealAccess().StoredKeysSupported(ctx) {
+	if core.SealAccess().StoredKeysSupported() {
 		if barrierConfig.SecretShares != 1 {
 			respondError(w, http.StatusBadRequest, fmt.Errorf("secret shares must be 1"))
 			return
@@ -97,7 +97,7 @@ func handleSysInitPut(core *vault.Core, w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	if core.SealAccess().RecoveryKeySupported(ctx) {
+	if core.SealAccess().RecoveryKeySupported() {
 		if len(recoveryConfig.PGPKeys) > 0 && len(recoveryConfig.PGPKeys) != recoveryConfig.SecretShares-recoveryConfig.StoredShares {
 			respondError(w, http.StatusBadRequest, fmt.Errorf("incorrect number of PGP keys for recovery"))
 			return

http/sys_rekey.go

@@ -32,7 +32,7 @@ func handleSysRekeyInit(core *vault.Core, recovery bool) http.Handler {
 		defer cancel()
 
 		switch {
-		case recovery && !core.SealAccess().RecoveryKeySupported(ctx):
+		case recovery && !core.SealAccess().RecoveryKeySupported():
 			respondError(w, http.StatusBadRequest, fmt.Errorf("recovery rekeying not supported"))
 		case r.Method == "GET":
 			handleSysRekeyInitGet(ctx, core, recovery, w, r)
@@ -119,7 +119,7 @@ func handleSysRekeyInitPut(ctx context.Context, core *vault.Core, recovery bool,
 
 	// If the seal supports recovery keys and stored keys, then we allow rekeying the barrier key
 	// iff the secret shares, secret threshold, and stored shares are set to 1.
-	if !recovery && core.SealAccess().RecoveryKeySupported(ctx) && core.SealAccess().StoredKeysSupported(ctx) {
+	if !recovery && core.SealAccess().RecoveryKeySupported() && core.SealAccess().StoredKeysSupported() {
 		if req.SecretShares != 1 || req.SecretThreshold != 1 || req.StoredShares != 1 {
 			respondError(w, http.StatusBadRequest, fmt.Errorf("secret shares, secret threshold, and stored shares must be set to 1"))
 			return
@@ -132,7 +132,7 @@ func handleSysRekeyInitPut(ctx context.Context, core *vault.Core, recovery bool,
 	}
 
 	// Initialize the rekey
-	err := core.RekeyInit(ctx, &vault.SealConfig{
+	err := core.RekeyInit(&vault.SealConfig{
 		SecretShares:    req.SecretShares,
 		SecretThreshold: req.SecretThreshold,
 		StoredShares:    req.StoredShares,

http/sys_seal.go

@@ -124,7 +124,7 @@ func handleSysUnseal(core *vault.Core) http.Handler {
 
 			// Attempt the unseal
 			ctx := context.Background()
-			if core.SealAccess().RecoveryKeySupported(ctx) {
+			if core.SealAccess().RecoveryKeySupported() {
 				_, err = core.UnsealWithRecoveryKeys(ctx, key)
 			} else {
 				_, err = core.Unseal(key)
@@ -171,7 +171,7 @@ func handleSysSealStatusRaw(core *vault.Core, w http.ResponseWriter, r *http.Req
 	}
 
 	var sealConfig *vault.SealConfig
-	if core.SealAccess().RecoveryKeySupported(ctx) {
+	if core.SealAccess().RecoveryKeySupported() {
 		sealConfig, err = core.SealAccess().RecoveryConfig(ctx)
 	} else {
 		sealConfig, err = core.SealAccess().BarrierConfig(ctx)

vault/core.go

@@ -1071,7 +1071,7 @@ func (c *Core) UnsealWithRecoveryKeys(ctx context.Context, key []byte) (bool, er
 
 	var config *SealConfig
 	// If recovery keys are supported then use recovery seal config to unseal
-	if c.seal.RecoveryKeySupported(ctx) {
+	if c.seal.RecoveryKeySupported() {
 		config, err = c.seal.RecoveryConfig(ctx)
 		if err != nil {
 			return false, err
@@ -1148,7 +1148,7 @@ func (c *Core) unsealPart(ctx context.Context, config *SealConfig, key []byte, u
 		}
 	}
 
-	if c.seal.RecoveryKeySupported(ctx) && useRecoveryKeys {
+	if c.seal.RecoveryKeySupported() && useRecoveryKeys {
 		// Verify recovery key
 		if err := c.seal.VerifyRecoveryKey(ctx, recoveredKey); err != nil {
 			return nil, err
@@ -1160,7 +1160,7 @@ func (c *Core) unsealPart(ctx context.Context, config *SealConfig, key []byte, u
 		// If insuffiencient shares are provided, shamir.Combine will error, and if
 		// no stored keys are found it will return masterKey as nil.
 		var masterKey []byte
-		if c.seal.StoredKeysSupported(ctx) {
+		if c.seal.StoredKeysSupported() {
 			masterKeyShares, err := c.seal.GetStoredKeys(ctx)
 			if err != nil {
 				return nil, fmt.Errorf("unable to retrieve stored keys: %v", err)
@@ -1227,7 +1227,7 @@ func (c *Core) unsealInternal(ctx context.Context, masterKey []byte) (bool, erro
 	c.sealed = false
 
 	// Force a cache bust here, which will also run migration code
-	if c.seal.RecoveryKeySupported(ctx) {
+	if c.seal.RecoveryKeySupported() {
 		c.seal.SetRecoveryConfig(ctx, nil)
 	}
 
@@ -1573,7 +1573,7 @@ func (c *Core) postUnseal() (retErr error) {
 
 	// Purge these for safety in case of a rekey
 	c.seal.SetBarrierConfig(c.activeContext, nil)
-	if c.seal.RecoveryKeySupported(c.activeContext) {
+	if c.seal.RecoveryKeySupported() {
 		c.seal.SetRecoveryConfig(c.activeContext, nil)
 	}
 
@@ -1768,7 +1768,7 @@ func (c *Core) runStandby(doneCh, stopCh, manualStepDownCh chan struct{}) {
 		// seal, as there's little we can do.
 		{
 			c.seal.SetBarrierConfig(ctx, nil)
-			if c.seal.RecoveryKeySupported(ctx) {
+			if c.seal.RecoveryKeySupported() {
 				c.seal.SetRecoveryConfig(ctx, nil)
 			}
 

vault/generate_root.go

@@ -190,7 +190,7 @@ func (c *Core) GenerateRootUpdate(ctx context.Context, key []byte, nonce string,
 	// Get the seal configuration
 	var config *SealConfig
 	var err error
-	if c.seal.RecoveryKeySupported(ctx) {
+	if c.seal.RecoveryKeySupported() {
 		config, err = c.seal.RecoveryConfig(ctx)
 		if err != nil {
 			return nil, err
@@ -270,7 +270,7 @@ func (c *Core) GenerateRootUpdate(ctx context.Context, key []byte, nonce string,
 	}
 
 	// Verify the master key
-	if c.seal.RecoveryKeySupported(ctx) {
+	if c.seal.RecoveryKeySupported() {
 		if err := c.seal.VerifyRecoveryKey(ctx, masterKey); err != nil {
 			c.logger.Error("core: root generation aborted, recovery key verification failed", "error", err)
 			return nil, err

vault/init.go

@@ -93,7 +93,7 @@ func (c *Core) Initialize(ctx context.Context, initParams *InitParams) (*InitRes
 	barrierConfig := initParams.BarrierConfig
 	recoveryConfig := initParams.RecoveryConfig
 
-	if c.seal.RecoveryKeySupported(ctx) {
+	if c.seal.RecoveryKeySupported() {
 		if recoveryConfig == nil {
 			return nil, fmt.Errorf("recovery configuration must be supplied")
 		}
@@ -202,7 +202,7 @@ func (c *Core) Initialize(ctx context.Context, initParams *InitParams) (*InitRes
 	// Save the configuration regardless, but only generate a key if it's not
 	// disabled. When using recovery keys they are stored in the barrier, so
 	// this must happen post-unseal.
-	if c.seal.RecoveryKeySupported(ctx) {
+	if c.seal.RecoveryKeySupported() {
 		err = c.seal.SetRecoveryConfig(ctx, recoveryConfig)
 		if err != nil {
 			c.logger.Error("core: failed to save recovery configuration", "error", err)
@@ -254,7 +254,7 @@ func (c *Core) Initialize(ctx context.Context, initParams *InitParams) (*InitRes
 
 // UnsealWithStoredKeys performs auto-unseal using stored keys.
 func (c *Core) UnsealWithStoredKeys(ctx context.Context) error {
-	if !c.seal.StoredKeysSupported(ctx) {
+	if !c.seal.StoredKeysSupported() {
 		return nil
 	}
 

vault/rekey.go

@@ -65,7 +65,7 @@ func (c *Core) RekeyThreshold(ctx context.Context, recovery bool) (int, error) {
 	// If we are rekeying the recovery key, or if the seal supports
 	// recovery keys and we are rekeying the barrier key, we use the
 	// recovery config as the threshold instead.
-	if recovery || c.seal.RecoveryKeySupported(ctx) {
+	if recovery || c.seal.RecoveryKeySupported() {
 		config, err = c.seal.RecoveryConfig(ctx)
 	} else {
 		config, err = c.seal.BarrierConfig(ctx)
@@ -128,17 +128,17 @@ func (c *Core) RekeyConfig(recovery bool) (*SealConfig, error) {
 
 // RekeyInit will either initialize the rekey of barrier or recovery key.
 // recovery determines whether this is a rekey on the barrier or recovery key.
-func (c *Core) RekeyInit(ctx context.Context, config *SealConfig, recovery bool) error {
+func (c *Core) RekeyInit(config *SealConfig, recovery bool) error {
 	if recovery {
-		return c.RecoveryRekeyInit(ctx, config)
+		return c.RecoveryRekeyInit(config)
 	}
-	return c.BarrierRekeyInit(ctx, config)
+	return c.BarrierRekeyInit(config)
 }
 
 // BarrierRekeyInit is used to initialize the rekey settings for the barrier key
-func (c *Core) BarrierRekeyInit(ctx context.Context, config *SealConfig) error {
+func (c *Core) BarrierRekeyInit(config *SealConfig) error {
 	if config.StoredShares > 0 {
-		if !c.seal.StoredKeysSupported(ctx) {
+		if !c.seal.StoredKeysSupported() {
 			return fmt.Errorf("storing keys not supported by barrier seal")
 		}
 		if len(config.PGPKeys) > 0 {
@@ -149,7 +149,7 @@ func (c *Core) BarrierRekeyInit(ctx context.Context, config *SealConfig) error {
 		}
 	}
 
-	if c.seal.RecoveryKeySupported(ctx) && c.seal.RecoveryType() == config.Type {
+	if c.seal.RecoveryKeySupported() && c.seal.RecoveryType() == config.Type {
 		c.logger.Debug("core: using recovery seal configuration to rekey barrier key")
 	}
 
@@ -194,7 +194,7 @@ func (c *Core) BarrierRekeyInit(ctx context.Context, config *SealConfig) error {
 }
 
 // RecoveryRekeyInit is used to initialize the rekey settings for the recovery key
-func (c *Core) RecoveryRekeyInit(ctx context.Context, config *SealConfig) error {
+func (c *Core) RecoveryRekeyInit(config *SealConfig) error {
 	if config.StoredShares > 0 {
 		return fmt.Errorf("stored shares not supported by recovery key")
 	}
@@ -205,7 +205,7 @@ func (c *Core) RecoveryRekeyInit(ctx context.Context, config *SealConfig) error
 		return fmt.Errorf("invalid recovery configuration: %v", err)
 	}
 
-	if !c.seal.RecoveryKeySupported(ctx) {
+	if !c.seal.RecoveryKeySupported() {
 		return fmt.Errorf("recovery keys not supported")
 	}
 
@@ -284,7 +284,7 @@ func (c *Core) BarrierRekeyUpdate(ctx context.Context, key []byte, nonce string)
 	var existingConfig *SealConfig
 	var err error
 	var useRecovery bool // Determines whether recovery key is being used to rekey the master key
-	if c.seal.StoredKeysSupported(ctx) && c.seal.RecoveryKeySupported(ctx) {
+	if c.seal.StoredKeysSupported() && c.seal.RecoveryKeySupported() {
 		existingConfig, err = c.seal.RecoveryConfig(ctx)
 		useRecovery = true
 	} else {
@@ -378,7 +378,7 @@ func (c *Core) BarrierRekeyUpdate(ctx context.Context, key []byte, nonce string)
 	// If we are storing any shares, add them to the shares to store and remove
 	// from the returned keys
 	var keysToStore [][]byte
-	if c.seal.StoredKeysSupported(ctx) && c.barrierRekeyConfig.StoredShares > 0 {
+	if c.seal.StoredKeysSupported() && c.barrierRekeyConfig.StoredShares > 0 {
 		for i := 0; i < c.barrierRekeyConfig.StoredShares; i++ {
 			keysToStore = append(keysToStore, results.SecretShares[0])
 			results.SecretShares = results.SecretShares[1:]

vault/rekey_test.go

@@ -69,7 +69,7 @@ func testCore_Rekey_Lifecycle_Common(t *testing.T, c *Core, masterKeys [][]byte,
 		SecretThreshold: 3,
 		SecretShares:    5,
 	}
-	err = c.RekeyInit(context.Background(), newConf, recovery)
+	err = c.RekeyInit(newConf, recovery)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -111,7 +111,7 @@ func testCore_Rekey_Init_Common(t *testing.T, c *Core, recovery bool) {
 		SecretThreshold: 5,
 		SecretShares:    1,
 	}
-	err := c.RekeyInit(context.Background(), badConf, recovery)
+	err := c.RekeyInit(badConf, recovery)
 	if err == nil {
 		t.Fatalf("should fail")
 	}
@@ -121,13 +121,13 @@ func testCore_Rekey_Init_Common(t *testing.T, c *Core, recovery bool) {
 		SecretThreshold: 3,
 		SecretShares:    5,
 	}
-	err = c.RekeyInit(context.Background(), newConf, recovery)
+	err = c.RekeyInit(newConf, recovery)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
 
 	// Second should fail
-	err = c.RekeyInit(context.Background(), newConf, recovery)
+	err = c.RekeyInit(newConf, recovery)
 	if err == nil {
 		t.Fatalf("should fail")
 	}
@@ -155,7 +155,7 @@ func testCore_Rekey_Update_Common(t *testing.T, c *Core, keys [][]byte, root str
 		SecretThreshold: 3,
 		SecretShares:    5,
 	}
-	err := c.RekeyInit(context.Background(), newConf, recovery)
+	err := c.RekeyInit(newConf, recovery)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -242,7 +242,7 @@ func testCore_Rekey_Update_Common(t *testing.T, c *Core, keys [][]byte, root str
 	// Skip this step if we are rekeying the barrier key with
 	// recovery keys, since a new rekey should still be using
 	// the same set of recovery keys.
-	if !recovery && c.seal.RecoveryKeySupported(context.Background()) {
+	if !recovery && c.seal.RecoveryKeySupported() {
 		return
 	}
 
@@ -251,7 +251,7 @@ func testCore_Rekey_Update_Common(t *testing.T, c *Core, keys [][]byte, root str
 		SecretThreshold: 1,
 		SecretShares:    1,
 	}
-	err = c.RekeyInit(context.Background(), newConf, recovery)
+	err = c.RekeyInit(newConf, recovery)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -332,7 +332,7 @@ func testCore_Rekey_Invalid_Common(t *testing.T, c *Core, keys [][]byte, recover
 		SecretThreshold: 3,
 		SecretShares:    5,
 	}
-	err := c.RekeyInit(context.Background(), newConf, recovery)
+	err := c.RekeyInit(newConf, recovery)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -420,7 +420,7 @@ func TestCore_Standby_Rekey(t *testing.T) {
 		SecretShares:    1,
 		SecretThreshold: 1,
 	}
-	err = core.RekeyInit(context.Background(), newConf, false)
+	err = core.RekeyInit(newConf, false)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}
@@ -453,7 +453,7 @@ func TestCore_Standby_Rekey(t *testing.T) {
 	TestWaitActive(t, core2)
 
 	// Rekey the master key again
-	err = core2.RekeyInit(context.Background(), newConf, false)
+	err = core2.RekeyInit(newConf, false)
 	if err != nil {
 		t.Fatalf("err: %v", err)
 	}

vault/seal.go

@@ -68,7 +68,7 @@ type Seal interface {
 	Init(context.Context) error
 	Finalize(context.Context) error
 
-	StoredKeysSupported(context.Context) bool
+	StoredKeysSupported() bool
 	SetStoredKeys(context.Context, [][]byte) error
 	GetStoredKeys(context.Context) ([][]byte, error)
 
@@ -76,7 +76,7 @@ type Seal interface {
 	BarrierConfig(context.Context) (*SealConfig, error)
 	SetBarrierConfig(context.Context, *SealConfig) error
 
-	RecoveryKeySupported(context.Context) bool
+	RecoveryKeySupported() bool
 	RecoveryType() string
 	RecoveryConfig(context.Context) (*SealConfig, error)
 	SetRecoveryConfig(context.Context, *SealConfig) error
@@ -112,11 +112,11 @@ func (d *DefaultSeal) BarrierType() string {
 	return SealTypeShamir
 }
 
-func (d *DefaultSeal) StoredKeysSupported(ctx context.Context) bool {
+func (d *DefaultSeal) StoredKeysSupported() bool {
 	return false
 }
 
-func (d *DefaultSeal) RecoveryKeySupported(ctx context.Context) bool {
+func (d *DefaultSeal) RecoveryKeySupported() bool {
 	return false
 }
 

vault/seal_access.go

@@ -13,16 +13,16 @@ func NewSealAccess(seal Seal) *SealAccess {
 	return &SealAccess{seal: seal}
 }
 
-func (s *SealAccess) StoredKeysSupported(ctx context.Context) bool {
+func (s *SealAccess) StoredKeysSupported() bool {
-	return s.seal.StoredKeysSupported(ctx)
+	return s.seal.StoredKeysSupported()
 }
 
 func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error) {
 	return s.seal.BarrierConfig(ctx)
 }
 
-func (s *SealAccess) RecoveryKeySupported(ctx context.Context) bool {
+func (s *SealAccess) RecoveryKeySupported() bool {
-	return s.seal.RecoveryKeySupported(ctx)
+	return s.seal.RecoveryKeySupported()
 }
 
 func (s *SealAccess) RecoveryConfig(ctx context.Context) (*SealConfig, error) {
@@ -35,7 +35,7 @@ func (s *SealAccess) VerifyRecoveryKey(ctx context.Context, key []byte) error {
 
 func (s *SealAccess) ClearCaches(ctx context.Context) {
 	s.seal.SetBarrierConfig(ctx, nil)
-	if s.RecoveryKeySupported(ctx) {
+	if s.RecoveryKeySupported() {
 		s.seal.SetRecoveryConfig(ctx, nil)
 	}
 }

vault/testing.go

@@ -209,7 +209,7 @@ func TestCoreInitClusterWrapperSetup(t testing.T, core *Core, clusterAddrs []*ne
 	}
 
 	// If we support storing barrier keys, then set that to equal the min threshold to unseal
-	if core.seal.StoredKeysSupported(context.Background()) {
+	if core.seal.StoredKeysSupported() {
 		barrierConfig.StoredShares = barrierConfig.SecretThreshold
 	}