From 7966eb5807f517264d3fac0287a8a5a8ea3bfb74 Mon Sep 17 00:00:00 2001
From: Lyuben Penkovski <penkovski@gmail.com>
Date: Wed, 15 Jun 2022 09:55:33 +0300
Subject: [PATCH] Add vault client initialization check

Make a request when creating the client to see if the Vault
is unsealed and available for operation.
---
 cmd/signer/main.go               | 2 +-
 internal/clients/vault/client.go | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/cmd/signer/main.go b/cmd/signer/main.go
index a11b6d6..f83b8a0 100644
--- a/cmd/signer/main.go
+++ b/cmd/signer/main.go
@@ -52,7 +52,7 @@ func main() {
 
 	vault, err := vault.New(cfg.Vault.Addr, cfg.Vault.Token, httpClient)
 	if err != nil {
-		logger.Fatal("cannot create vault client", zap.Error(err))
+		logger.Fatal("cannot initialize vault client", zap.Error(err))
 	}
 
 	// create services
diff --git a/internal/clients/vault/client.go b/internal/clients/vault/client.go
index c5d8b46..782fcb9 100644
--- a/internal/clients/vault/client.go
+++ b/internal/clients/vault/client.go
@@ -35,6 +35,10 @@ func New(addr string, token string, httpClient *http.Client) (*Client, error) {
 
 	client.SetToken(token)
 
+	if _, err = client.Sys().Capabilities(token, pathSign); err != nil {
+		return nil, err
+	}
+
 	return &Client{cfg: cfg, client: client}, nil
 }
 
-- 
GitLab