From 1ae049d04d885b2a33389d58f590a639645470c8 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Mon, 1 May 2023 14:56:24 +0200
Subject: [PATCH 1/3] better integration by looking at docs

---
 src/main.rs | 52 ++++++++++++++++++++++++++++++----------------------
 1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index b9e0e51..361a41c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -17,28 +17,30 @@ struct KeyFile {
 }
 
 #[derive(Debug, Deserialize)]
-struct HealthCheck {
+struct UnsealResponse {
     sealed: bool,
+    t: u8,
+    n: u8,
+    progress: u8,
 }
 
+/// returns true if the vault is sealed
+///
+/// see: https://developer.hashicorp.com/vault/api-docs/system/health
 fn is_sealed(health_url: &str) -> bool {
-    fn parse_hc(x: Response) -> bool {
-        match x.into_json() {
-            Ok(HealthCheck { sealed }) => sealed,
-            Err(_) => false,
-        }
-    }
-
     let resp = ureq::get(health_url).call();
     match resp {
-        Ok(x) => parse_hc(x),
-        Err(Status(503, resp)) => parse_hc(resp),
-        Err(Status(429, _)) => {
-            info!("got code 429: too many requests, waiting");
-            // too many requests
-            thread::sleep(Duration::from_secs(15));
+        Ok(r) if r.status() == 200 => false,
+        Ok(r) => {
+            warn!(
+                "unexpected status code: '{}': {}",
+                r.status(),
+                r.status_text()
+            );
             false
         }
+        Err(Status(429, _)) => false, // Unsealed and standby
+        Err(Status(503, _)) => true,  // Sealed
         Err(Status(code, resp)) => {
             info!(
                 "error checking health, got code: '{code}', with message: {}",
@@ -47,22 +49,28 @@ fn is_sealed(health_url: &str) -> bool {
             false
         }
         Err(e) => {
-            warn!("Got error: {e}");
+            warn!("error checking health: {e}");
             false
         }
     }
 }
 
 fn unseal(keyfile: &KeyFile, unseal_url: &str) {
-    let len = keyfile.keys.len();
-    for (i, key) in keyfile.keys.iter().enumerate() {
-        let i = i + 1;
+    for key in keyfile.keys.iter().enumerate() {
         match ureq::post(unseal_url).send_json(json!({ "key": key })) {
             Ok(resp) if resp.status() == 200 => {
-                if i < len {
-                    info!("unsealed vault partially {i}/{len}");
-                } else {
-                    info!("fully unsealed vault {i}/{len}");
+                if let Ok(UnsealResponse {
+                    sealed,
+                    t,
+                    progress,
+                    ..
+                }) = resp.into_json()
+                {
+                    if !sealed {
+                        info!("vault unsealed");
+                        return;
+                    }
+                    info!("unsealed vault partially {progress}/{t}");
                 }
             }
             Ok(resp) => warn!(

From 9f30a8243adc66f3b4a77ec1d6895f37b602fd80 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Tue, 2 May 2023 09:04:52 +0200
Subject: [PATCH 2/3] fix bug

---
 src/main.rs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 361a41c..9a0b185 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -9,7 +9,6 @@ use std::{env, fs::File};
 use tracing::{info, subscriber, warn};
 use tracing_subscriber::FmtSubscriber;
 use ureq::Error::Status;
-use ureq::Response;
 
 #[derive(Debug, Deserialize)]
 struct KeyFile {
@@ -56,7 +55,7 @@ fn is_sealed(health_url: &str) -> bool {
 }
 
 fn unseal(keyfile: &KeyFile, unseal_url: &str) {
-    for key in keyfile.keys.iter().enumerate() {
+    for key in keyfile.keys.iter() {
         match ureq::post(unseal_url).send_json(json!({ "key": key })) {
             Ok(resp) if resp.status() == 200 => {
                 if let Ok(UnsealResponse {
@@ -73,7 +72,7 @@ fn unseal(keyfile: &KeyFile, unseal_url: &str) {
                     info!("unsealed vault partially {progress}/{t}");
                 }
             }
-            Ok(resp) => warn!(
+            Ok(resp) | Err(Status(_, resp)) => warn!(
                 "error unsealing vault, got code '{}', with message: {}",
                 resp.status(),
                 resp.status_text()

From cafb08b4cd6c1f2a3ddf4acfeccf63dac7a12e4f Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Tue, 2 May 2023 09:05:27 +0200
Subject: [PATCH 3/3] bump version

---
 Cargo.lock | 2 +-
 Cargo.toml | 2 +-
 flake.nix  | 3 +--
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index d62f8a1..ee22a5a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -437,7 +437,7 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
 
 [[package]]
 name = "vault-unseal"
-version = "0.2.0"
+version = "0.3.0"
 dependencies = [
  "dotenv",
  "serde",
diff --git a/Cargo.toml b/Cargo.toml
index 96bbe99..a67543d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "vault-unseal"
-version = "0.2.0"
+version = "0.3.0"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
diff --git a/flake.nix b/flake.nix
index 956bc89..ce3034b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,8 +16,7 @@
               pname = toml.package.name;
               version = toml.package.version;
               src = self;
-              cargoSha256 =
-                "sha256-eOvTR7TpFpi83J3G8HPXgOBryTzkq4XWp6CER6UDCbo=";
+              cargoLock.lockFile = ./Cargo.lock;
             };
         };
       });