vaultClient returns a new Vault client, configured with the given address and token.
(address, token string, hc *http.Client)
| 395 | // vaultClient returns a new Vault client, configured with the given address |
| 396 | // and token. |
| 397 | func vaultClient(address, token string, hc *http.Client) (*api.Client, error) { |
| 398 | cfg := api.DefaultConfig() |
| 399 | cfg.Address = address |
| 400 | |
| 401 | allowlist, err := getAllowlist() |
| 402 | if err != nil { |
| 403 | return nil, err |
| 404 | } |
| 405 | if !allowlist.Allows(address) { |
| 406 | return nil, fmt.Errorf("Allowlist does not allow %s", address) |
| 407 | } |
| 408 | |
| 409 | if hc != nil { |
| 410 | cfg.HttpClient = hc |
| 411 | } |
| 412 | |
| 413 | client, err := api.NewClient(cfg) |
| 414 | if err != nil { |
| 415 | return nil, fmt.Errorf("cannot create Vault client: %w", err) |
| 416 | } |
| 417 | |
| 418 | if token != "" { |
| 419 | client.SetToken(token) |
| 420 | } |
| 421 | // Provided token takes precedence over the user's token. |
| 422 | if client.Token() == "" { |
| 423 | if token, err = userVaultToken(); err != nil { |
| 424 | return nil, fmt.Errorf("cannot get Vault token: %w", err) |
| 425 | } |
| 426 | if token != "" { |
| 427 | client.SetToken(token) |
| 428 | } |
| 429 | } |
| 430 | |
| 431 | return client, nil |
| 432 | } |
| 433 | |
| 434 | // userVaultToken returns the token from `$HOME/.vault-token` if the file |
| 435 | // exists. It returns an error if the file exists but cannot be read from. |