Skip to content

Commit

Permalink
Modified vault unseal
Browse files Browse the repository at this point in the history
  • Loading branch information
Shifna12Zarnaz committed Sep 19, 2023
1 parent c2a872a commit 719f8b5
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 47 deletions.
9 changes: 3 additions & 6 deletions internal/client/vault_seal.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ func (vc *VaultClient) IsVaultSealed() (bool, error) {

func (vc *VaultClient) Unseal() error {

vc.log.Info("Unsealing for first instance inside unseal func")
status, err := vc.c.Sys().SealStatus()
if err != nil {
return err
Expand All @@ -30,14 +29,13 @@ func (vc *VaultClient) Unseal() error {
if !status.Sealed {
return nil
}
vc.log.Info("Status",status)


rootToken, unsealKeys, err := vc.getVaultSecretValues()
if err != nil {
return err
}
vc.log.Info("Root Token",rootToken)
vc.log.Info("Unseal Keys",unsealKeys)

if !status.Initialized && len(rootToken) == 0 && len(unsealKeys) == 0 {
vc.log.Debug("intializing vault secret")
err = vc.initializeVaultSecret()
Expand All @@ -59,8 +57,7 @@ func (vc *VaultClient) Unseal() error {
func (vc *VaultClient) initializeVaultSecret() error {

unsealKeys, rootToken, err := vc.generateUnsealKeys()
vc.log.Info("Unseal Keys",unsealKeys)
vc.log.Info("Root token",rootToken)

if err != nil {
return errors.WithMessage(err, "error while generating unseal keys")
}
Expand Down
48 changes: 7 additions & 41 deletions internal/job/vault_seal_watcher.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ func (v *VaultSealWatcher) CronSpec() string {

func (v *VaultSealWatcher) Run() {
v.log.Debug("started vault seal watcher job")

var leaderpodip string
addresses := []string{
v.conf.Address,
v.conf.Address2,
Expand All @@ -48,16 +48,13 @@ func (v *VaultSealWatcher) Run() {
v.log.Errorf("Error while retrieving vault instances %s", err)
return
}

var vc *client.VaultClient

var vaultClients []*client.VaultClient
for _, address := range addresses {
conf := v.conf
conf := v.conf
conf.Address = address

v.log.Debug("Address Configuration", conf)

vc, err := client.NewVaultClient(v.log, conf)

if err != nil {
Expand All @@ -67,14 +64,13 @@ func (v *VaultSealWatcher) Run() {

vaultClients = append(vaultClients, vc)
}
v.log.Debug("Vault Clients", vaultClients)

if v.conf.HAEnabled {

v.log.Infof("HA ENABLED", v.conf.HAEnabled)

for _, svc := range podname {
var leaderpodip string

switch svc {
case "vault-hash-0":
vc = vaultClients[0]
Expand All @@ -87,7 +83,7 @@ func (v *VaultSealWatcher) Run() {
vc = vaultClients[2]
v.log.Debug("Vault Client", vc)
default:
// Handle the case where the service name doesn't match any of the instances

}

podip, err := vc.GetPodIP(svc, v.conf.VaultSecretNameSpace)
Expand All @@ -107,20 +103,13 @@ func (v *VaultSealWatcher) Run() {
if svc == "vault-hash-0" {

v.log.Info("Unsealing for first instance")
podip, err := vc.GetPodIP(svc, "default")
podip, err := vc.GetPodIP(svc, v.conf.VaultSecretNameSpace)
leaderpodip = podip
v.log.Info("Leader Ip", leaderpodip)
if err != nil {
v.log.Errorf("failed to retrieve pod ip, %s", err)
return
}

// _, unsealKeys, err := vc.GetVaultSecretValuesforMultiInstance()
// if err != nil {
// v.log.Errorf("Failed to fetch the credential: %v\n", err)
// return
// }
//err = vc.UnsealVaultInstance(podip,unsealKeys)
err = vc.Unseal()
if err != nil {
v.log.Errorf("failed to unseal vault, %s", err)
Expand All @@ -136,7 +125,7 @@ func (v *VaultSealWatcher) Run() {
}
v.log.Info("Leader Address", leaderaddr)
podip, err := vc.GetPodIP(svc, v.conf.VaultSecretNameSpace)
v.log.Info("Unsealing for second % vinstance", podip)
v.log.Infof("Unsealing for second %v instance", podip)
if err != nil {
v.log.Errorf("failed to retrieve pod ip, %s", err)
return
Expand All @@ -153,35 +142,12 @@ func (v *VaultSealWatcher) Run() {
v.log.Errorf("failed to unseal vault, %s", err)
return
}
// _, unsealKeys, err := vc.GetVaultSecretValuesforMultiInstance()
// v.log.Debug("Unseal Keys", unsealKeys)
// if err != nil {
// v.log.Errorf("Failed to fetch the credential: %v\n", err)
// return
// }

// err = vc.UnsealVaultInstance(podip, unsealKeys)

// if err != nil {
// v.log.Errorf("failed to unseal vault, %s", err)
// return
// }

}

}

}
for _, svc := range podname {
podip, _ := vc.GetPodIP(svc, "default")
res, err := vc.IsVaultSealedForAllInstances(podip)

v.log.Debug("Seal Status of %v :%v", svc, res)
if err != nil {
v.log.Errorf("failed to get vault seal status, %s", err)
return
}
v.log.Infof("vault sealed status: %v", res)
}
}
}

0 comments on commit 719f8b5

Please sign in to comment.