From 5a60c98a464af99c44a1eb62655ede2af3c85ff5 Mon Sep 17 00:00:00 2001
From: Nick Cabatoff <ncabatoff@hashicorp.com>
Date: Wed, 16 Aug 2023 09:59:21 -0400
Subject: [PATCH] Don't rely on post-unseal funcs being run in any particular
 order. (#22362)

---
 changelog/{24170.txt => 21470.txt} | 0
 changelog/22362.txt                | 3 +++
 vault/auth.go                      | 7 +++----
 vault/mount.go                     | 7 +++----
 4 files changed, 9 insertions(+), 8 deletions(-)
 rename changelog/{24170.txt => 21470.txt} (100%)
 create mode 100644 changelog/22362.txt

diff --git a/changelog/24170.txt b/changelog/21470.txt
similarity index 100%
rename from changelog/24170.txt
rename to changelog/21470.txt
diff --git a/changelog/22362.txt b/changelog/22362.txt
new file mode 100644
index 0000000000..0de5440efe
--- /dev/null
+++ b/changelog/22362.txt
@@ -0,0 +1,3 @@
+```release-note:bug 
+core: Fix readonly errors that could occur while loading mounts/auths during unseal
+```
diff --git a/vault/auth.go b/vault/auth.go
index 2caf4a666d..c4d8fd86b7 100644
--- a/vault/auth.go
+++ b/vault/auth.go
@@ -798,10 +798,6 @@ func (c *Core) setupCredentials(ctx context.Context) error {
 		view.setReadOnlyErr(logical.ErrSetupReadOnly)
 		if strutil.StrListContains(singletonMounts, entry.Type) {
 			defer view.setReadOnlyErr(origViewReadOnlyErr)
-		} else {
-			c.postUnsealFuncs = append(c.postUnsealFuncs, func() {
-				view.setReadOnlyErr(origViewReadOnlyErr)
-			})
 		}
 
 		// Initialize the backend
@@ -914,6 +910,9 @@ func (c *Core) setupCredentials(ctx context.Context) error {
 					postUnsealLogger.Error("skipping initialization for nil auth backend")
 					return
 				}
+				if !strutil.StrListContains(singletonMounts, localEntry.Type) {
+					view.setReadOnlyErr(origViewReadOnlyErr)
+				}
 
 				err := backend.Initialize(ctx, &logical.InitializationRequest{Storage: view})
 				if err != nil {
diff --git a/vault/mount.go b/vault/mount.go
index 3f07ee6aa1..0bb31e90e3 100644
--- a/vault/mount.go
+++ b/vault/mount.go
@@ -1514,10 +1514,6 @@ func (c *Core) setupMounts(ctx context.Context) error {
 		view.setReadOnlyErr(logical.ErrSetupReadOnly)
 		if strutil.StrListContains(singletonMounts, entry.Type) {
 			defer view.setReadOnlyErr(origReadOnlyErr)
-		} else {
-			c.postUnsealFuncs = append(c.postUnsealFuncs, func() {
-				view.setReadOnlyErr(origReadOnlyErr)
-			})
 		}
 
 		var backend logical.Backend
@@ -1603,6 +1599,9 @@ func (c *Core) setupMounts(ctx context.Context) error {
 					postUnsealLogger.Error("skipping initialization for nil backend", "path", localEntry.Path)
 					return
 				}
+				if !strutil.StrListContains(singletonMounts, localEntry.Type) {
+					view.setReadOnlyErr(origReadOnlyErr)
+				}
 
 				err := backend.Initialize(ctx, &logical.InitializationRequest{Storage: view})
 				if err != nil {