nomad: fixing issue with keyring upgrade
This commit is contained in:
Armon Dadgar
parent
c3b902674d
commit
7ecd8f05d1
|
|
@ -362,7 +362,6 @@ func (b *AESGCMBarrier) Unseal(key []byte) error {
|
||||||
if err := json.Unmarshal(plain, &init); err != nil {
|
if err := json.Unmarshal(plain, &init); err != nil {
|
||||||
return fmt.Errorf("failed to unmarshal barrier init file")
|
return fmt.Errorf("failed to unmarshal barrier init file")
|
||||||
}
|
}
|
||||||
defer memzero(init.Key)
|
|
||||||
|
|
||||||
// Setup a new keyring, this is for backwards compatability
|
// Setup a new keyring, this is for backwards compatability
|
||||||
keyring := NewKeyring()
|
keyring := NewKeyring()
|
||||||
|
|
|
||||||
|
|
@ -105,6 +105,14 @@ func TestAESGCMBarrier_BackwardsCompatible(t *testing.T) {
|
||||||
}
|
}
|
||||||
inm.Put(pe)
|
inm.Put(pe)
|
||||||
|
|
||||||
|
// Create a fake key
|
||||||
|
gcm, _ = b.aeadFromKey(encrypt)
|
||||||
|
pe = &physical.Entry{
|
||||||
|
Key: "test/foo",
|
||||||
|
Value: b.encrypt(initialKeyTerm, gcm, []byte("test")),
|
||||||
|
}
|
||||||
|
inm.Put(pe)
|
||||||
|
|
||||||
// Should still be initialized
|
// Should still be initialized
|
||||||
isInit, err := b.Initialized()
|
isInit, err := b.Initialized()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -137,6 +145,15 @@ func TestAESGCMBarrier_BackwardsCompatible(t *testing.T) {
|
||||||
if out == nil {
|
if out == nil {
|
||||||
t.Fatalf("should have keyring file")
|
t.Fatalf("should have keyring file")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Attempt to read encrypted key
|
||||||
|
entry, err := b.Get("test/foo")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("err: %v", err)
|
||||||
|
}
|
||||||
|
if string(entry.Value) != "test" {
|
||||||
|
t.Fatalf("bad: %#v", entry)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Verify data sent through is encrypted
|
// Verify data sent through is encrypted
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue