cleaned up the code
This commit is contained in:
parent
9895ca5bd8
commit
d369e50d34
4 changed files with 196 additions and 26 deletions
121
Cargo.lock
generated
121
Cargo.lock
generated
|
@ -91,6 +91,12 @@ dependencies = [
|
||||||
"wasm-bindgen",
|
"wasm-bindgen",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "lazy_static"
|
||||||
|
version = "1.4.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "libc"
|
name = "libc"
|
||||||
version = "0.2.142"
|
version = "0.2.142"
|
||||||
|
@ -115,18 +121,40 @@ dependencies = [
|
||||||
"adler",
|
"adler",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "nu-ansi-term"
|
||||||
|
version = "0.46.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "77a8165726e8236064dbb45459242600304b42a5ea24ee2948e18e023bf7ba84"
|
||||||
|
dependencies = [
|
||||||
|
"overload",
|
||||||
|
"winapi",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "once_cell"
|
name = "once_cell"
|
||||||
version = "1.17.1"
|
version = "1.17.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
|
checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "overload"
|
||||||
|
version = "0.1.1"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "percent-encoding"
|
name = "percent-encoding"
|
||||||
version = "2.2.0"
|
version = "2.2.0"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e"
|
checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "pin-project-lite"
|
||||||
|
version = "0.2.9"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "proc-macro2"
|
name = "proc-macro2"
|
||||||
version = "1.0.56"
|
version = "1.0.56"
|
||||||
|
@ -219,6 +247,21 @@ dependencies = [
|
||||||
"serde",
|
"serde",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "sharded-slab"
|
||||||
|
version = "0.1.4"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31"
|
||||||
|
dependencies = [
|
||||||
|
"lazy_static",
|
||||||
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "smallvec"
|
||||||
|
version = "1.10.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "spin"
|
name = "spin"
|
||||||
version = "0.5.2"
|
version = "0.5.2"
|
||||||
|
@ -247,6 +290,16 @@ dependencies = [
|
||||||
"unicode-ident",
|
"unicode-ident",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "thread_local"
|
||||||
|
version = "1.1.7"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "3fdd6f064ccff2d6567adcb3873ca630700f00b5ad3f060c25b5dcfd9a4ce152"
|
||||||
|
dependencies = [
|
||||||
|
"cfg-if",
|
||||||
|
"once_cell",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "tinyvec"
|
name = "tinyvec"
|
||||||
version = "1.6.0"
|
version = "1.6.0"
|
||||||
|
@ -262,6 +315,64 @@ version = "0.1.1"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
|
checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "tracing"
|
||||||
|
version = "0.1.37"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
|
||||||
|
dependencies = [
|
||||||
|
"cfg-if",
|
||||||
|
"pin-project-lite",
|
||||||
|
"tracing-attributes",
|
||||||
|
"tracing-core",
|
||||||
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "tracing-attributes"
|
||||||
|
version = "0.1.24"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "0f57e3ca2a01450b1a921183a9c9cbfda207fd822cef4ccb00a65402cbba7a74"
|
||||||
|
dependencies = [
|
||||||
|
"proc-macro2",
|
||||||
|
"quote",
|
||||||
|
"syn 2.0.15",
|
||||||
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "tracing-core"
|
||||||
|
version = "0.1.30"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a"
|
||||||
|
dependencies = [
|
||||||
|
"once_cell",
|
||||||
|
"valuable",
|
||||||
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "tracing-log"
|
||||||
|
version = "0.1.3"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922"
|
||||||
|
dependencies = [
|
||||||
|
"lazy_static",
|
||||||
|
"log",
|
||||||
|
"tracing-core",
|
||||||
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "tracing-subscriber"
|
||||||
|
version = "0.3.17"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "30a651bc37f915e81f087d86e62a18eec5f79550c7faff886f7090b4ea757c77"
|
||||||
|
dependencies = [
|
||||||
|
"nu-ansi-term",
|
||||||
|
"sharded-slab",
|
||||||
|
"smallvec",
|
||||||
|
"thread_local",
|
||||||
|
"tracing-core",
|
||||||
|
"tracing-log",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "unicode-bidi"
|
name = "unicode-bidi"
|
||||||
version = "0.3.13"
|
version = "0.3.13"
|
||||||
|
@ -319,12 +430,20 @@ dependencies = [
|
||||||
]
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "vault-unseal"
|
name = "valuable"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "vault-unseal"
|
||||||
|
version = "0.2.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"dotenv",
|
"dotenv",
|
||||||
"serde",
|
"serde",
|
||||||
"serde_json",
|
"serde_json",
|
||||||
|
"tracing",
|
||||||
|
"tracing-subscriber",
|
||||||
"ureq",
|
"ureq",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "vault-unseal"
|
name = "vault-unseal"
|
||||||
version = "0.1.0"
|
version = "0.2.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
|
|
||||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||||
|
@ -10,3 +10,5 @@ ureq = { version = "*", features = ["json"] }
|
||||||
serde_json = "*"
|
serde_json = "*"
|
||||||
dotenv = "*"
|
dotenv = "*"
|
||||||
serde = { version = "*", features = ["derive"] }
|
serde = { version = "*", features = ["derive"] }
|
||||||
|
tracing = "0.1"
|
||||||
|
tracing-subscriber = "0.3"
|
||||||
|
|
11
flake.nix
11
flake.nix
|
@ -10,11 +10,14 @@
|
||||||
let pkgs = nixpkgs.legacyPackages.${system};
|
let pkgs = nixpkgs.legacyPackages.${system};
|
||||||
in {
|
in {
|
||||||
packages = {
|
packages = {
|
||||||
default = pkgs.rustPlatform.buildRustPackage {
|
default =
|
||||||
pname = "vault-unseal";
|
let toml = (builtins.fromTOML (builtins.readFile ./Cargo.toml));
|
||||||
version = "0.1.0";
|
in pkgs.rustPlatform.buildRustPackage {
|
||||||
|
pname = toml.package.name;
|
||||||
|
version = toml.package.version;
|
||||||
src = self;
|
src = self;
|
||||||
cargoSha256 = "sha256-nCOHQU62fzJ9uwUK8n5JsVkKmqQwhG/5GI6rvtejZjY=";
|
cargoSha256 =
|
||||||
|
"sha256-eOvTR7TpFpi83J3G8HPXgOBryTzkq4XWp6CER6UDCbo=";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
82
src/main.rs
82
src/main.rs
|
@ -6,6 +6,10 @@ use std::io::Read;
|
||||||
use std::thread;
|
use std::thread;
|
||||||
use std::time::Duration;
|
use std::time::Duration;
|
||||||
use std::{env, fs::File};
|
use std::{env, fs::File};
|
||||||
|
use tracing::{info, subscriber, warn};
|
||||||
|
use tracing_subscriber::FmtSubscriber;
|
||||||
|
use ureq::Error::Status;
|
||||||
|
use ureq::Response;
|
||||||
|
|
||||||
#[derive(Debug, Deserialize)]
|
#[derive(Debug, Deserialize)]
|
||||||
struct KeyFile {
|
struct KeyFile {
|
||||||
|
@ -17,8 +21,65 @@ struct HealthCheck {
|
||||||
sealed: bool,
|
sealed: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn is_sealed(health_url: &str) -> bool {
|
||||||
|
fn parse_hc(x: Response) -> bool {
|
||||||
|
match x.into_json() {
|
||||||
|
Ok(HealthCheck { sealed }) => sealed,
|
||||||
|
Err(_) => false,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let resp = ureq::get(health_url).call();
|
||||||
|
match resp {
|
||||||
|
Ok(x) => parse_hc(x),
|
||||||
|
Err(Status(503, resp)) => parse_hc(resp),
|
||||||
|
Err(Status(429, _)) => {
|
||||||
|
info!("got code 429: too many requests, waiting");
|
||||||
|
// too many requests
|
||||||
|
thread::sleep(Duration::from_secs(15));
|
||||||
|
false
|
||||||
|
}
|
||||||
|
Err(Status(code, resp)) => {
|
||||||
|
info!(
|
||||||
|
"error checking health, got code: '{code}', with message: {}",
|
||||||
|
resp.status_text()
|
||||||
|
);
|
||||||
|
false
|
||||||
|
}
|
||||||
|
Err(e) => {
|
||||||
|
warn!("Got error: {e}");
|
||||||
|
false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
fn unseal(keyfile: &KeyFile, unseal_url: &str) {
|
||||||
|
let len = keyfile.keys.len();
|
||||||
|
for (i, key) in keyfile.keys.iter().enumerate() {
|
||||||
|
let i = i + 1;
|
||||||
|
match ureq::post(unseal_url).send_json(json!({ "key": key })) {
|
||||||
|
Ok(resp) if resp.status() == 200 => {
|
||||||
|
if i < len {
|
||||||
|
info!("unsealed vault partially {i}/{len}");
|
||||||
|
} else {
|
||||||
|
info!("fully unsealed vault {i}/{len}");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Ok(resp) => warn!(
|
||||||
|
"error unsealing vault, got code '{}', with message: {}",
|
||||||
|
resp.status(),
|
||||||
|
resp.status_text()
|
||||||
|
),
|
||||||
|
Err(err) => warn!("error unsealing vault: {err}"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
fn main() -> Result<(), Box<dyn Error>> {
|
fn main() -> Result<(), Box<dyn Error>> {
|
||||||
dotenv().ok();
|
dotenv().ok();
|
||||||
|
let subscriber = FmtSubscriber::new();
|
||||||
|
subscriber::set_global_default(subscriber)?;
|
||||||
|
|
||||||
let vault_addr = env::var("VAULT_ADDR")?;
|
let vault_addr = env::var("VAULT_ADDR")?;
|
||||||
let file = env::var("VAULT_KEY_FILE")?;
|
let file = env::var("VAULT_KEY_FILE")?;
|
||||||
let interval = env::var("UNSEAL_INTERVAL").unwrap_or(String::from("15"));
|
let interval = env::var("UNSEAL_INTERVAL").unwrap_or(String::from("15"));
|
||||||
|
@ -33,25 +94,10 @@ fn main() -> Result<(), Box<dyn Error>> {
|
||||||
let unseal_url = format!("{vault_addr}/v1/sys/unseal");
|
let unseal_url = format!("{vault_addr}/v1/sys/unseal");
|
||||||
let health_url = format!("{vault_addr}/v1/sys/health");
|
let health_url = format!("{vault_addr}/v1/sys/health");
|
||||||
|
|
||||||
println!("Starting vault unsealer ...");
|
info!("Starting vault unsealer at {vault_addr}");
|
||||||
loop {
|
loop {
|
||||||
match ureq::get(&health_url).call() {
|
if is_sealed(&health_url) {
|
||||||
Err(ureq::Error::Status(code, resp)) if code == 503 => {
|
unseal(&keyfile, &unseal_url);
|
||||||
if let Ok(HealthCheck { sealed: true }) = resp.into_json() {
|
|
||||||
for key in &keyfile.keys {
|
|
||||||
match ureq::post(&unseal_url).send_json(json!({ "key": key })) {
|
|
||||||
Ok(resp) if resp.status() != 200 => eprintln!("error unsealing vault"),
|
|
||||||
Ok(_) => println!("unsealed vault partially"),
|
|
||||||
Err(err) => eprintln!("error unsealing vault: {err}"),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
eprintln!("Can't unseal");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Err(ureq::Error::Status(_, _)) => (),
|
|
||||||
Err(e) => eprintln!("{e}"),
|
|
||||||
_ => (),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
thread::sleep(interval);
|
thread::sleep(interval);
|
||||||
|
|
Loading…
Reference in a new issue