Compare commits
3 commits
a3dca9e818
...
cafb08b4cd
| Author | SHA1 | Date | |
|---|---|---|---|
| cafb08b4cd | |||
| 9f30a8243a | |||
| 1ae049d04d |
4 changed files with 34 additions and 28 deletions
2
Cargo.lock
generated
2
Cargo.lock
generated
|
|
@ -437,7 +437,7 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
|
|||
|
||||
[[package]]
|
||||
name = "vault-unseal"
|
||||
version = "0.2.0"
|
||||
version = "0.3.0"
|
||||
dependencies = [
|
||||
"dotenv",
|
||||
"serde",
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "vault-unseal"
|
||||
version = "0.2.0"
|
||||
version = "0.3.0"
|
||||
edition = "2021"
|
||||
|
||||
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
|
||||
|
|
|
|||
|
|
@ -16,8 +16,7 @@
|
|||
pname = toml.package.name;
|
||||
version = toml.package.version;
|
||||
src = self;
|
||||
cargoSha256 =
|
||||
"sha256-eOvTR7TpFpi83J3G8HPXgOBryTzkq4XWp6CER6UDCbo=";
|
||||
cargoLock.lockFile = ./Cargo.lock;
|
||||
};
|
||||
};
|
||||
});
|
||||
|
|
|
|||
55
src/main.rs
55
src/main.rs
|
|
@ -9,7 +9,6 @@ use std::{env, fs::File};
|
|||
use tracing::{info, subscriber, warn};
|
||||
use tracing_subscriber::FmtSubscriber;
|
||||
use ureq::Error::Status;
|
||||
use ureq::Response;
|
||||
|
||||
#[derive(Debug, Deserialize)]
|
||||
struct KeyFile {
|
||||
|
|
@ -17,28 +16,30 @@ struct KeyFile {
|
|||
}
|
||||
|
||||
#[derive(Debug, Deserialize)]
|
||||
struct HealthCheck {
|
||||
struct UnsealResponse {
|
||||
sealed: bool,
|
||||
t: u8,
|
||||
n: u8,
|
||||
progress: u8,
|
||||
}
|
||||
|
||||
/// returns true if the vault is sealed
|
||||
///
|
||||
/// see: https://developer.hashicorp.com/vault/api-docs/system/health
|
||||
fn is_sealed(health_url: &str) -> bool {
|
||||
fn parse_hc(x: Response) -> bool {
|
||||
match x.into_json() {
|
||||
Ok(HealthCheck { sealed }) => sealed,
|
||||
Err(_) => false,
|
||||
}
|
||||
}
|
||||
|
||||
let resp = ureq::get(health_url).call();
|
||||
match resp {
|
||||
Ok(x) => parse_hc(x),
|
||||
Err(Status(503, resp)) => parse_hc(resp),
|
||||
Err(Status(429, _)) => {
|
||||
info!("got code 429: too many requests, waiting");
|
||||
// too many requests
|
||||
thread::sleep(Duration::from_secs(15));
|
||||
Ok(r) if r.status() == 200 => false,
|
||||
Ok(r) => {
|
||||
warn!(
|
||||
"unexpected status code: '{}': {}",
|
||||
r.status(),
|
||||
r.status_text()
|
||||
);
|
||||
false
|
||||
}
|
||||
Err(Status(429, _)) => false, // Unsealed and standby
|
||||
Err(Status(503, _)) => true, // Sealed
|
||||
Err(Status(code, resp)) => {
|
||||
info!(
|
||||
"error checking health, got code: '{code}', with message: {}",
|
||||
|
|
@ -47,25 +48,31 @@ fn is_sealed(health_url: &str) -> bool {
|
|||
false
|
||||
}
|
||||
Err(e) => {
|
||||
warn!("Got error: {e}");
|
||||
warn!("error checking health: {e}");
|
||||
false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fn unseal(keyfile: &KeyFile, unseal_url: &str) {
|
||||
let len = keyfile.keys.len();
|
||||
for (i, key) in keyfile.keys.iter().enumerate() {
|
||||
let i = i + 1;
|
||||
for key in keyfile.keys.iter() {
|
||||
match ureq::post(unseal_url).send_json(json!({ "key": key })) {
|
||||
Ok(resp) if resp.status() == 200 => {
|
||||
if i < len {
|
||||
info!("unsealed vault partially {i}/{len}");
|
||||
} else {
|
||||
info!("fully unsealed vault {i}/{len}");
|
||||
if let Ok(UnsealResponse {
|
||||
sealed,
|
||||
t,
|
||||
progress,
|
||||
..
|
||||
}) = resp.into_json()
|
||||
{
|
||||
if !sealed {
|
||||
info!("vault unsealed");
|
||||
return;
|
||||
}
|
||||
info!("unsealed vault partially {progress}/{t}");
|
||||
}
|
||||
}
|
||||
Ok(resp) => warn!(
|
||||
Ok(resp) | Err(Status(_, resp)) => warn!(
|
||||
"error unsealing vault, got code '{}', with message: {}",
|
||||
resp.status(),
|
||||
resp.status_text()
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue