Fix keyring file missing after Vault restart (#15946)

This commit is contained in:
shujun10086 2022-06-16 01:22:42 +08:00 committed by GitHub
parent 7d0a252d55
commit 9f0a72ef2a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 3 deletions

3
changelog/15946.txt Normal file
View file

@ -0,0 +1,3 @@
```release-note:bug
core/seal: Fix possible keyring truncation when using the file backend.
```

View file

@ -242,8 +242,9 @@ func (b *FileBackend) PutInternal(ctx context.Context, entry *physical.Entry) er
// JSON encode the entry and write it // JSON encode the entry and write it
fullPath := filepath.Join(path, key) fullPath := filepath.Join(path, key)
tempPath := fullPath + ".temp"
f, err := os.OpenFile( f, err := os.OpenFile(
fullPath, tempPath,
os.O_CREATE|os.O_TRUNC|os.O_WRONLY, os.O_CREATE|os.O_TRUNC|os.O_WRONLY,
0o600) 0o600)
if err != nil { if err != nil {
@ -262,6 +263,10 @@ func (b *FileBackend) PutInternal(ctx context.Context, entry *physical.Entry) er
}) })
f.Close() f.Close()
if encErr == nil { if encErr == nil {
err = os.Rename(tempPath, fullPath)
if err != nil {
return err
}
return nil return nil
} }
@ -270,7 +275,7 @@ func (b *FileBackend) PutInternal(ctx context.Context, entry *physical.Entry) er
// See if we ended up with a zero-byte file and if so delete it, might be a // See if we ended up with a zero-byte file and if so delete it, might be a
// case of disk being full but the file info is in metadata that is // case of disk being full but the file info is in metadata that is
// reserved. // reserved.
fi, err := os.Stat(fullPath) fi, err := os.Stat(tempPath)
if err != nil { if err != nil {
return encErr return encErr
} }
@ -278,7 +283,7 @@ func (b *FileBackend) PutInternal(ctx context.Context, entry *physical.Entry) er
return encErr return encErr
} }
if fi.Size() == 0 { if fi.Size() == 0 {
os.Remove(fullPath) os.Remove(tempPath)
} }
return encErr return encErr
} }