Add missing read unlock calls in transit backend code (#12652) (#12662)

* Add missing read unlock calls in transit backend code

* Correct formatting in changelog entry

builtin/logical/transit/backend.go

@@ -122,11 +122,13 @@ func (b *backend) GetPolicy(ctx context.Context, polReq keysutil.PolicyRequest,
 		currentCacheSize := b.lm.GetCacheSize()
 		storedCacheSize, err := GetCacheSizeFromStorage(ctx, polReq.Storage)
 		if err != nil {
+			b.configMutex.RUnlock()
 			return nil, false, err
 		}
 		if currentCacheSize != storedCacheSize {
 			err = b.lm.InitCache(storedCacheSize)
 			if err != nil {
+				b.configMutex.RUnlock()
 				return nil, false, err
 			}
 		}
@@ -135,6 +137,8 @@ func (b *backend) GetPolicy(ctx context.Context, polReq keysutil.PolicyRequest,
 		b.configMutex.Lock()
 		defer b.configMutex.Unlock()
 		b.cacheSizeChanged = false
+	} else {
+		b.configMutex.RUnlock()
 	}
 	p, _, err := b.lm.GetPolicy(ctx, polReq, rand)
 	if err != nil {

builtin/logical/transit/path_cache_config.go

@@ -86,16 +86,19 @@ func (b *backend) pathCacheConfigRead(ctx context.Context, req *logical.Request,
 		return nil, err
 	}
 
+	if currentCacheSize != storedCacheSize {
+		err = b.lm.InitCache(storedCacheSize)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	resp := &logical.Response{
 		Data: map[string]interface{}{
 			"size": storedCacheSize,
 		},
 	}
 
-	if currentCacheSize != storedCacheSize {
-		resp.Warnings = []string{"This cache size will not be applied until the transit mount is reloaded"}
-	}
-
 	return resp, nil
 }
 

changelog/12418.txt

@@ -1,4 +1,3 @@
 ```release-note:bug
-Enforce minimum cache size for transit backend.
-Init cache size on transit backend without restart.
-```
+secrets/transit: Enforce minimum cache size for transit backend and init cache size on transit backend without restart.
+```