diff --git a/builtin/logical/transit/backend.go b/builtin/logical/transit/backend.go index 0e2f8264153b..d91df7df1863 100644 --- a/builtin/logical/transit/backend.go +++ b/builtin/logical/transit/backend.go @@ -122,11 +122,13 @@ func (b *backend) GetPolicy(ctx context.Context, polReq keysutil.PolicyRequest, currentCacheSize := b.lm.GetCacheSize() storedCacheSize, err := GetCacheSizeFromStorage(ctx, polReq.Storage) if err != nil { + b.configMutex.RUnlock() return nil, false, err } if currentCacheSize != storedCacheSize { err = b.lm.InitCache(storedCacheSize) if err != nil { + b.configMutex.RUnlock() return nil, false, err } } @@ -135,6 +137,8 @@ func (b *backend) GetPolicy(ctx context.Context, polReq keysutil.PolicyRequest, b.configMutex.Lock() defer b.configMutex.Unlock() b.cacheSizeChanged = false + } else { + b.configMutex.RUnlock() } p, _, err := b.lm.GetPolicy(ctx, polReq, rand) if err != nil { diff --git a/builtin/logical/transit/path_cache_config.go b/builtin/logical/transit/path_cache_config.go index 6610548ce135..6a1f791e0c03 100644 --- a/builtin/logical/transit/path_cache_config.go +++ b/builtin/logical/transit/path_cache_config.go @@ -86,16 +86,19 @@ func (b *backend) pathCacheConfigRead(ctx context.Context, req *logical.Request, return nil, err } + if currentCacheSize != storedCacheSize { + err = b.lm.InitCache(storedCacheSize) + if err != nil { + return nil, err + } + } + resp := &logical.Response{ Data: map[string]interface{}{ "size": storedCacheSize, }, } - if currentCacheSize != storedCacheSize { - resp.Warnings = []string{"This cache size will not be applied until the transit mount is reloaded"} - } - return resp, nil } diff --git a/changelog/12418.txt b/changelog/12418.txt index 5ec2f6055393..e6c07e9b9515 100644 --- a/changelog/12418.txt +++ b/changelog/12418.txt @@ -1,4 +1,3 @@ ```release-note:bug -Enforce minimum cache size for transit backend. -Init cache size on transit backend without restart. -``` +secrets/transit: Enforce minimum cache size for transit backend and init cache size on transit backend without restart. +``` \ No newline at end of file