Skip to content

Commit

Permalink
Modified vault unseal
Browse files Browse the repository at this point in the history
  • Loading branch information
Shifna12Zarnaz committed Sep 18, 2023
1 parent 5f9044e commit 64df23c
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 17 deletions.
2 changes: 1 addition & 1 deletion config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ type VaultEnv struct {
MaxRetries int `envconfig:"VAULT_MAX_RETRIES" default:"5"`
VaultTokenForRequests bool `envconfig:"VAULT_TOKEN_FOR_REQUESTS" default:"false"`
VaultSecretName string `envconfig:"VAULT_SECRET_NAME" default:"vault-server"`
VaultSecretNameSpace string `envconfig:"POD_NAMESPACE" required:"true"`
VaultSecretNameSpace string `envconfig:"POD_NAMESPACE" default:"default" required:"true"`
VaultSecretTokenKeyName string `envconfig:"VAULT_SECRET_TOKEN_KEY_NAME" default:"root-token"`
VaultSecretUnSealKeyPrefix string `envconfig:"VAULT_SECRET_UNSEAL_KEY_PREFIX" default:"unsealkey"`
VaultToken string `envconfig:"VAULT_TOKEN"`
Expand Down
28 changes: 12 additions & 16 deletions internal/job/vault_seal_watcher.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ func (v *VaultSealWatcher) CronSpec() string {

func (v *VaultSealWatcher) Run() {
v.log.Debug("started vault seal watcher job")
// vc, err := client.NewVaultClient(v.log, v.conf)
// vc, err := client.NewVaultClient(v.log, v.conf)
// if err != nil {
// v.log.Errorf("%s", err)
// return
Expand All @@ -49,8 +49,6 @@ func (v *VaultSealWatcher) Run() {
Address: address,
ReadTimeout: 30,
MaxRetries: 3,


}
v.log.Debug("Address Configuration", conf)

Expand All @@ -73,14 +71,14 @@ func (v *VaultSealWatcher) Run() {
switch svc {
case "vault-hash-0":
vc = vaultClients[0]
v.log.Debug("Vault Client",vc)
v.log.Debug("Vault Client", vc)

case "vault-hash-1":
vc = vaultClients[1]
v.log.Debug("Vault Client",vc)
v.log.Debug("Vault Client", vc)
case "vault-hash-2":
vc = vaultClients[2]
v.log.Debug("Vault Client",vc)
v.log.Debug("Vault Client", vc)
default:
// Handle the case where the service name doesn't match any of the instances
}
Expand All @@ -99,15 +97,15 @@ func (v *VaultSealWatcher) Run() {
if res {
v.log.Info("vault is sealed, trying to unseal")
if svc == "vault-hash-0" {

v.log.Info("Unsealing for first instance")
_, unsealKeys, err := vc.GetVaultSecretValuesforMultiInstance()
if err != nil {
v.log.Errorf("Failed to fetch the credential: %v\n", err)
return
}
err = vc.UnsealVaultInstance(podip,unsealKeys)

// _, unsealKeys, err := vc.GetVaultSecretValuesforMultiInstance()
// if err != nil {
// v.log.Errorf("Failed to fetch the credential: %v\n", err)
// return
// }
//err = vc.UnsealVaultInstance(podip,unsealKeys)
err := vc.Unseal()
if err != nil {
v.log.Errorf("failed to unseal vault, %s", err)
return
Expand Down Expand Up @@ -141,11 +139,9 @@ func (v *VaultSealWatcher) Run() {
return

}


}


}

}
Expand Down

0 comments on commit 64df23c

Please sign in to comment.