vault: split environment login/creationvault/v0.2.3

1 files changed, 33 insertions, 24 deletions

diff --git a/vault/client.go b/vault/client.go
index 2f645d4..d1a6d14 100644
--- a/vault/client.go
+++ b/vault/client.go
@@ -14,6 +14,7 @@ import (
 )
 
 type VaultClient interface {
+        LoginApproleEnv(c context.Context) error
         LoginApprole(c context.Context, roleId string, secretId string) error
 
         DbStaticCredential(c context.Context, suffix string) (*VaultUsernamePassword, error)
@@ -79,41 +80,22 @@ type vaultClient struct {
         renewInfo   chan *Renewal
 }
 
-// NewApproleClientEnv is a convenience function to create a new
-// VaultClient based on the environment, start it, and login using
-// Approle authentication.
+// NewClientEnv is a convenience function to create a new VaultClient
+// based on the environment.
 //
 // The following environment variables are used and must be present:
 //
 //   VAULT_ADDR - URL to Vault server (of form https://host:port/)
-//   VAULT_ROLE_ID - Role ID used for Approle authentication
-//   VAULT_SECRET_ID - Secret ID used for Approle authentication
 //
-func NewApproleClientEnv(ctx context.Context, wg *sync.WaitGroup, renewInfo chan *Renewal) (VaultClient, error) {
+func NewClientEnv(renewInfo chan *Renewal) (VaultClient, error) {
         vaultHost := os.Getenv("VAULT_ADDR")
         if vaultHost == "" {
-                return nil, fmt.Errorf("NewApproleClientEnv: VAULT_ADDR is not set in environment")
-        }
-
-        roleId := os.Getenv("VAULT_ROLE_ID")
-        if roleId == "" {
-                return nil, fmt.Errorf("NewApproleClientEnv: VAULT_ROLE_ID is not set in environment")
-        }
-
-        secretId := os.Getenv("VAULT_SECRET_ID")
-        if secretId == "" {
-                return nil, fmt.Errorf("NewApproleClientEnv: VAULT_SECRET_ID is not set in environment")
+                return nil, fmt.Errorf("NewClientEnv: VAULT_ADDR is not set in environment")
         }
 
         vc, err := NewVaultClient(vaultHost, renewInfo)
         if err != nil {
-                return nil, fmt.Errorf("NewApproleClientEnv: error creating client %w", err)
-        }
-
-        go vc.Run(ctx, wg)
-
-        if err = vc.LoginApprole(ctx, roleId, secretId); err != nil {
-                return nil, fmt.Errorf("NewApproleClientEnv: error logging in to vault %w", err)
+                return nil, fmt.Errorf("NewClientEnv: error creating client %w", err)
         }
 
         return vc, nil
@@ -328,3 +310,30 @@ func (c *vaultClient) KVCredential(ctx context.Context, suffix string) (*VaultUs
 
         return &ak, nil
 }
+
+// LoginApproleEnv is a convenience function to login using AppRole
+// authentication and fetching the role id and secret id from the
+// environment.
+//
+// The following environment variables are used and must be present:
+//
+//   VAULT_ROLE_ID - Role ID used for Approle authentication
+//   VAULT_SECRET_ID - Secret ID used for Approle authentication
+//
+func (c *vaultClient) LoginApproleEnv(ctx context.Context) error {
+        roleId := os.Getenv("VAULT_ROLE_ID")
+        if roleId == "" {
+                return fmt.Errorf("NewApproleClientEnv: VAULT_ROLE_ID is not set in environment")
+        }
+
+        secretId := os.Getenv("VAULT_SECRET_ID")
+        if secretId == "" {
+                return fmt.Errorf("NewApproleClientEnv: VAULT_SECRET_ID is not set in environment")
+        }
+
+        if err := c.LoginApprole(ctx, roleId, secretId); err != nil {
+                return fmt.Errorf("NewApproleClientEnv: error logging in to vault %w", err)
+        }
+
+        return nil
+}