Fix JSON serialization of SealGenerationInfo. (#22611)

command/server.go

@@ -2733,7 +2733,7 @@ func (c *ServerCommand) computeSealGenerationInfo(existingSealGenInfo *vaultseal
 		}
 		generation = existingSealGenInfo.Generation + 1
 	}
-	c.logger.Info("incrementing seal config gen, new generation: ", "generation", generation)
+	c.logger.Info("incrementing seal geneneration", "generation", generation)
 
 	// If the stored copy doesn't match the current configuration, we introduce a new generation
 	// which keeps track if a rewrap of all CSPs and seal wrapped values has completed (initially false).

vault/core.go

@@ -2399,6 +2399,7 @@ func (s standardUnsealStrategy) unseal(ctx context.Context, logger log.Logger, c
 
 		if !sealGenerationInfo.IsRewrapped() {
 			// Flag migration performed for seal-rewrap later
+			c.logger.Trace("seal generation information indicates that a seal-rewrap is needed", "generation", sealGenerationInfo.Generation, "rewrapped", sealGenerationInfo.IsRewrapped())
 			atomic.StoreUint32(c.sealMigrationDone, 1)
 		}
 

vault/seal/seal.go

@@ -5,6 +5,7 @@ package seal
 
 import (
 	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"reflect"
@@ -130,6 +131,33 @@ func (sgi *SealGenerationInfo) IsRewrapped() bool {
 	return sgi.rewrapped.Load()
 }
 
+type sealGenerationInfoJson struct {
+	Generation uint64
+	Seals      []*configutil.KMS
+	Rewrapped  bool
+}
+
+func (sgi *SealGenerationInfo) MarshalJSON() ([]byte, error) {
+	return json.Marshal(sealGenerationInfoJson{
+		Generation: sgi.Generation,
+		Seals:      sgi.Seals,
+		Rewrapped:  sgi.IsRewrapped(),
+	})
+}
+
+func (sgi *SealGenerationInfo) UnmarshalJSON(b []byte) error {
+	var value sealGenerationInfoJson
+	if err := json.Unmarshal(b, &value); err != nil {
+		return err
+	}
+
+	sgi.Generation = value.Generation
+	sgi.Seals = value.Seals
+	sgi.SetRewrapped(value.Rewrapped)
+
+	return nil
+}
+
 type SealInfo struct {
 	wrapping.Wrapper
 	Priority int