From 1ae049d04d885b2a33389d58f590a639645470c8 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Mon, 1 May 2023 14:56:24 +0200
Subject: [PATCH] better integration by looking at docs

---
 src/main.rs | 52 ++++++++++++++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index b9e0e51..361a41c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -17,28 +17,30 @@ struct KeyFile {
 }
 
 #[derive(Debug, Deserialize)]
-struct HealthCheck {
+struct UnsealResponse {
     sealed: bool,
+    t: u8,
+    n: u8,
+    progress: u8,
 }
 
+/// returns true if the vault is sealed
+///
+/// see: https://developer.hashicorp.com/vault/api-docs/system/health
 fn is_sealed(health_url: &str) -> bool {
-    fn parse_hc(x: Response) -> bool {
-        match x.into_json() {
-            Ok(HealthCheck { sealed }) => sealed,
-            Err(_) => false,
-        }
-    }
-
     let resp = ureq::get(health_url).call();
     match resp {
-        Ok(x) => parse_hc(x),
-        Err(Status(503, resp)) => parse_hc(resp),
-        Err(Status(429, _)) => {
-            info!("got code 429: too many requests, waiting");
-            // too many requests
-            thread::sleep(Duration::from_secs(15));
+        Ok(r) if r.status() == 200 => false,
+        Ok(r) => {
+            warn!(
+                "unexpected status code: '{}': {}",
+                r.status(),
+                r.status_text()
+            );
             false
         }
+        Err(Status(429, _)) => false, // Unsealed and standby
+        Err(Status(503, _)) => true,  // Sealed
         Err(Status(code, resp)) => {
             info!(
                 "error checking health, got code: '{code}', with message: {}",
@@ -47,22 +49,28 @@ fn is_sealed(health_url: &str) -> bool {
             false
         }
         Err(e) => {
-            warn!("Got error: {e}");
+            warn!("error checking health: {e}");
             false
         }
     }
 }
 
 fn unseal(keyfile: &KeyFile, unseal_url: &str) {
-    let len = keyfile.keys.len();
-    for (i, key) in keyfile.keys.iter().enumerate() {
-        let i = i + 1;
+    for key in keyfile.keys.iter().enumerate() {
         match ureq::post(unseal_url).send_json(json!({ "key": key })) {
             Ok(resp) if resp.status() == 200 => {
-                if i < len {
-                    info!("unsealed vault partially {i}/{len}");
-                } else {
-                    info!("fully unsealed vault {i}/{len}");
+                if let Ok(UnsealResponse {
+                    sealed,
+                    t,
+                    progress,
+                    ..
+                }) = resp.into_json()
+                {
+                    if !sealed {
+                        info!("vault unsealed");
+                        return;
+                    }
+                    info!("unsealed vault partially {progress}/{t}");
                 }
             }
             Ok(resp) => warn!(