diff options
| author |   Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-02-26 16:16:41 -0800 |
|---|---|---|
| committer | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-02-26 16:19:32 -0800 |
| commit | cc2e23964a4609a9c405deb30c51864ff5e17254 (patch) | |
| tree | b5cee651a9736aa039391c0f13fc71aadec44a13 | |
| parent | e07366cf140811172dbefcda9450e5c7da14f7c9 (diff) | |
Improved error handling during startup
Server startup is silent when there are errors
Making server startup more informative in cases
where errors are encountered.
Issue-ID: AAF-146
Change-Id: Iec9a44d0d10813cf77aef69dbfd5fd50eea10dbc
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
| -rw-r--r-- | sms-service/src/sms/backend/vault.go | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/sms-service/src/sms/backend/vault.go b/sms-service/src/sms/backend/vault.go index 6b9ad94..289fa3a 100644 --- a/sms-service/src/sms/backend/vault.go +++ b/sms-service/src/sms/backend/vault.go @@ -70,7 +70,11 @@ func (v *Vault) Init() error { return fmt.Errorf("Vault is still sealed. Unseal before use") } - v.initRole() + err = v.initRole() + if err != nil { + log.Fatalln("Unable to initRole in Vault. Exiting...") + } + v.checkToken() return nil } @@ -228,7 +232,10 @@ func (v *Vault) initRole() error { rules := `path "sms/*" { capabilities = ["create", "read", "update", "delete", "list"] } path "sys/mounts/sms*" { capabilities = ["update","delete","create"] }` - v.vaultClient.Sys().PutPolicy(v.policyName, rules) + err := v.vaultClient.Sys().PutPolicy(v.policyName, rules) + if err != nil { + return errors.New("Unable to create policy for approle creation") + } rName := v.vaultMount + "-role" data := map[string]interface{}{ @@ -237,12 +244,15 @@ func (v *Vault) initRole() error { } // Delete role if it already exists - v.vaultClient.Logical().Delete("auth/approle/role/" + rName) + _, err = v.vaultClient.Logical().Delete("auth/approle/role/" + rName) + if err != nil { + return errors.New("Unable to delete existing role") + } //Check if approle is mounted authMounts, err := v.vaultClient.Sys().ListAuth() if err != nil { - return err + return errors.New("Unable to get mounted auth backends") } approleMounted := false @@ -262,13 +272,17 @@ func (v *Vault) initRole() error { v.vaultClient.Logical().Write("auth/approle/role/"+rName, data) sec, err := v.vaultClient.Logical().Read("auth/approle/role/" + rName + "/role-id") if err != nil { - log.Fatal(err) + return errors.New("Unable to create role ID for approle") } v.roleID = sec.Data["role_id"].(string) // Create a secret-id to go with it - sec, _ = v.vaultClient.Logical().Write("auth/approle/role/"+rName+"/secret-id", + sec, err = v.vaultClient.Logical().Write("auth/approle/role/"+rName+"/secret-id", map[string]interface{}{}) + if err != nil { + return errors.New("Unable to create secret ID for role") + } + v.secretID = sec.Data["secret_id"].(string) return nil |