better integration by looking at docs
This commit is contained in:
parent
d369e50d34
commit
a2830d8a58
1 changed files with 30 additions and 22 deletions
52
src/main.rs
52
src/main.rs
|
|
@ -17,28 +17,30 @@ struct KeyFile {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
struct HealthCheck {
|
struct UnsealResponse {
|
||||||
sealed: bool,
|
sealed: bool,
|
||||||
|
t: u8,
|
||||||
|
n: u8,
|
||||||
|
progress: u8,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// returns true if the vault is sealed
|
||||||
|
///
|
||||||
|
/// see: https://developer.hashicorp.com/vault/api-docs/system/health
|
||||||
fn is_sealed(health_url: &str) -> bool {
|
fn is_sealed(health_url: &str) -> bool {
|
||||||
fn parse_hc(x: Response) -> bool {
|
|
||||||
match x.into_json() {
|
|
||||||
Ok(HealthCheck { sealed }) => sealed,
|
|
||||||
Err(_) => false,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
let resp = ureq::get(health_url).call();
|
let resp = ureq::get(health_url).call();
|
||||||
match resp {
|
match resp {
|
||||||
Ok(x) => parse_hc(x),
|
Ok(r) if r.status() == 200 => false,
|
||||||
Err(Status(503, resp)) => parse_hc(resp),
|
Ok(r) => {
|
||||||
Err(Status(429, _)) => {
|
warn!(
|
||||||
info!("got code 429: too many requests, waiting");
|
"unexpected status code: '{}': {}",
|
||||||
// too many requests
|
r.status(),
|
||||||
thread::sleep(Duration::from_secs(15));
|
r.status_text()
|
||||||
|
);
|
||||||
false
|
false
|
||||||
}
|
}
|
||||||
|
Err(Status(429, _)) => false, // Unsealed and standby
|
||||||
|
Err(Status(503, _)) => true, // Sealed
|
||||||
Err(Status(code, resp)) => {
|
Err(Status(code, resp)) => {
|
||||||
info!(
|
info!(
|
||||||
"error checking health, got code: '{code}', with message: {}",
|
"error checking health, got code: '{code}', with message: {}",
|
||||||
|
|
@ -47,22 +49,28 @@ fn is_sealed(health_url: &str) -> bool {
|
||||||
false
|
false
|
||||||
}
|
}
|
||||||
Err(e) => {
|
Err(e) => {
|
||||||
warn!("Got error: {e}");
|
warn!("error checking health: {e}");
|
||||||
false
|
false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn unseal(keyfile: &KeyFile, unseal_url: &str) {
|
fn unseal(keyfile: &KeyFile, unseal_url: &str) {
|
||||||
let len = keyfile.keys.len();
|
for key in keyfile.keys.iter().enumerate() {
|
||||||
for (i, key) in keyfile.keys.iter().enumerate() {
|
|
||||||
let i = i + 1;
|
|
||||||
match ureq::post(unseal_url).send_json(json!({ "key": key })) {
|
match ureq::post(unseal_url).send_json(json!({ "key": key })) {
|
||||||
Ok(resp) if resp.status() == 200 => {
|
Ok(resp) if resp.status() == 200 => {
|
||||||
if i < len {
|
if let Ok(UnsealResponse {
|
||||||
info!("unsealed vault partially {i}/{len}");
|
sealed,
|
||||||
} else {
|
t,
|
||||||
info!("fully unsealed vault {i}/{len}");
|
progress,
|
||||||
|
..
|
||||||
|
}) = resp.into_json()
|
||||||
|
{
|
||||||
|
if !sealed {
|
||||||
|
info!("vault unsealed");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
info!("unsealed vault partially {progress}/{t}");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Ok(resp) => warn!(
|
Ok(resp) => warn!(
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue