From daecc0776d67cd2c14c04f62f60603373b7512e3 Mon Sep 17 00:00:00 2001
From: Mike Crute <mike@crute.us>
Date: Sat, 21 May 2022 19:05:29 -0700
Subject: vault: split environment login/creation

---
 vault/client.go | 57 +++++++++++++++++++++++++++++++++------------------------
 1 file changed, 33 insertions(+), 24 deletions(-)

diff --git a/vault/client.go b/vault/client.go
index 2f645d4..d1a6d14 100644
--- a/vault/client.go
+++ b/vault/client.go
@@ -14,6 +14,7 @@ import (
 )
 
 type VaultClient interface {
+	LoginApproleEnv(c context.Context) error
 	LoginApprole(c context.Context, roleId string, secretId string) error
 
 	DbStaticCredential(c context.Context, suffix string) (*VaultUsernamePassword, error)
@@ -79,41 +80,22 @@ type vaultClient struct {
 	renewInfo   chan *Renewal
 }
 
-// NewApproleClientEnv is a convenience function to create a new
-// VaultClient based on the environment, start it, and login using
-// Approle authentication.
+// NewClientEnv is a convenience function to create a new VaultClient
+// based on the environment.
 //
 // The following environment variables are used and must be present:
 //
 //   VAULT_ADDR - URL to Vault server (of form https://host:port/)
-//   VAULT_ROLE_ID - Role ID used for Approle authentication
-//   VAULT_SECRET_ID - Secret ID used for Approle authentication
 //
-func NewApproleClientEnv(ctx context.Context, wg *sync.WaitGroup, renewInfo chan *Renewal) (VaultClient, error) {
+func NewClientEnv(renewInfo chan *Renewal) (VaultClient, error) {
 	vaultHost := os.Getenv("VAULT_ADDR")
 	if vaultHost == "" {
-		return nil, fmt.Errorf("NewApproleClientEnv: VAULT_ADDR is not set in environment")
-	}
-
-	roleId := os.Getenv("VAULT_ROLE_ID")
-	if roleId == "" {
-		return nil, fmt.Errorf("NewApproleClientEnv: VAULT_ROLE_ID is not set in environment")
-	}
-
-	secretId := os.Getenv("VAULT_SECRET_ID")
-	if secretId == "" {
-		return nil, fmt.Errorf("NewApproleClientEnv: VAULT_SECRET_ID is not set in environment")
+		return nil, fmt.Errorf("NewClientEnv: VAULT_ADDR is not set in environment")
 	}
 
 	vc, err := NewVaultClient(vaultHost, renewInfo)
 	if err != nil {
-		return nil, fmt.Errorf("NewApproleClientEnv: error creating client %w", err)
-	}
-
-	go vc.Run(ctx, wg)
-
-	if err = vc.LoginApprole(ctx, roleId, secretId); err != nil {
-		return nil, fmt.Errorf("NewApproleClientEnv: error logging in to vault %w", err)
+		return nil, fmt.Errorf("NewClientEnv: error creating client %w", err)
 	}
 
 	return vc, nil
@@ -328,3 +310,30 @@ func (c *vaultClient) KVCredential(ctx context.Context, suffix string) (*VaultUs
 
 	return &ak, nil
 }
+
+// LoginApproleEnv is a convenience function to login using AppRole
+// authentication and fetching the role id and secret id from the
+// environment.
+//
+// The following environment variables are used and must be present:
+//
+//   VAULT_ROLE_ID - Role ID used for Approle authentication
+//   VAULT_SECRET_ID - Secret ID used for Approle authentication
+//
+func (c *vaultClient) LoginApproleEnv(ctx context.Context) error {
+	roleId := os.Getenv("VAULT_ROLE_ID")
+	if roleId == "" {
+		return fmt.Errorf("NewApproleClientEnv: VAULT_ROLE_ID is not set in environment")
+	}
+
+	secretId := os.Getenv("VAULT_SECRET_ID")
+	if secretId == "" {
+		return fmt.Errorf("NewApproleClientEnv: VAULT_SECRET_ID is not set in environment")
+	}
+
+	if err := c.LoginApprole(ctx, roleId, secretId); err != nil {
+		return fmt.Errorf("NewApproleClientEnv: error logging in to vault %w", err)
+	}
+
+	return nil
+}
-- 
cgit v1.2.3