From 9b5245c4c6fae340a287cb1aa83fd7a00d7847ab Mon Sep 17 00:00:00 2001
From: Violet Hynes <violet.hynes@hashicorp.com>
Date: Thu, 22 Sep 2022 19:59:53 +0000
Subject: [PATCH] backport of commit 6c399c1c3b1c24ee830ef62d7966687a01dc5833

---
 changelog/17281.txt    |  3 +++
 vault/quotas/quotas.go | 27 +++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 changelog/17281.txt

diff --git a/changelog/17281.txt b/changelog/17281.txt
new file mode 100644
index 0000000000000..8711283adfcb5
--- /dev/null
+++ b/changelog/17281.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+core/quotas: Fix goroutine leak caused by the seal process not fully cleaning up Rate Limit Quotas.
+```
diff --git a/vault/quotas/quotas.go b/vault/quotas/quotas.go
index 4f1b2b2d28351..9738ad8c5a495 100644
--- a/vault/quotas/quotas.go
+++ b/vault/quotas/quotas.go
@@ -342,6 +342,11 @@ func (m *Manager) QuotaNames(qType Type) ([]string, error) {
 	m.lock.RLock()
 	defer m.lock.RUnlock()
 
+	return m.quotaNamesLocked(qType)
+}
+
+// quotaNamesLocked returns the names of all the quota rules for a given type, and must be called with the lock
+func (m *Manager) quotaNamesLocked(qType Type) ([]string, error) {
 	txn := m.db.Txn(false)
 	iter, err := txn.Get(qType.String(), indexID)
 	if err != nil {
@@ -377,6 +382,11 @@ func (m *Manager) QuotaByName(qType string, name string) (Quota, error) {
 	m.lock.RLock()
 	defer m.lock.RUnlock()
 
+	return m.quotaByNameLocked(qType, name)
+}
+
+// quotaByNameLocked queries for a quota rule in the db for a given quota name, and must be called with the lock
+func (m *Manager) quotaByNameLocked(qType string, name string) (Quota, error) {
 	txn := m.db.Txn(false)
 
 	quotaRaw, err := txn.First(qType, indexName, name)
@@ -686,6 +696,23 @@ func (m *Manager) Reset() error {
 
 // Must be called with the lock held
 func (m *Manager) resetCache() error {
+	names, err := m.quotaNamesLocked(TypeRateLimit)
+	if err != nil {
+		return err
+	}
+	for _, name := range names {
+		quota, err := m.quotaByNameLocked(TypeRateLimit.String(), name)
+		if err != nil {
+			return err
+		}
+		if quota != nil {
+			rlq := quota.(*RateLimitQuota)
+			err = rlq.store.Close(context.Background())
+			if err != nil {
+				return err
+			}
+		}
+	}
 	db, err := memdb.NewMemDB(dbSchema())
 	if err != nil {
 		return err