default port is 8200, not 8000

vaultpass/__init__.py

@@ -1,12 +1,12 @@
 import logging
+import os
 ##
+from . import logger
+_logger = logging.getLogger('VaultPass')
 from . import auth
 from . import clipboard
 from . import config
-from . import logger
-
-
-_logger = logging.getLogger('VaultPass')
+from . import mounts
 
 
 class PassMan(object):
@@ -18,19 +18,50 @@ class PassMan(object):
         self.cfg = config.getConfig(cfg)
         self._getURI()
         self.getClient()
+        self._checkSeal()
+
+    def _checkSeal(self):
+        _logger.debug('Checking and attempting unseal if necessary and possible.')
+        if not self.client.sys.is_sealed():
+            _logger.debug('Unsealing unnecessary; Vault is already unsealed.')
+            return(None)
+        shard = self.cfg.xml.find('unseal')
+        if shard is None:
+            _logger.debug('Vault is sealed but no key shard was provided.')
+            _logger.error('Vault is sealed')
+            raise RuntimeError('Vault is sealed')
+        self.client.sys.submit_unseal_key(shard.text)
+        if self.client.sys.is_sealed:
+            _logger.debug(('Vault is sealed and either our unseal shard is incorrect or it is not enough to meet the '
+                           'unseal shard threshold.'))
+            _logger.error('Unable to unseal')
+            raise RuntimeError('Unable to unseal')
+        return(None)
 
     def _getURI(self):
-        uri = self.cfg.xml.find('uri')
+        uri = self.cfg.xml.find('.//uri')
         if uri is None:
-            uri = 'http://localhost:8000/'
-        pass
+            _logger.debug('No server URI specified; checking ${VAULT_ADDR}')
+            _uri = os.environ.get('VAULT_ADDR')
+            if not _uri:
+                _logger.debug('No ${VAULT_ADDR}; using default of http://localhost:8200/')
+                uri = 'http://localhost:8200/'
+            else:
+                uri = _uri
+        else:
+            uri = uri.text
+        self.uri = uri
+        _logger.debug('Set URI to {0}'.format(self.uri))
+        return(None)
 
     def getClient(self):
-        # This may need to be re-tooled in the future.
-        auth_xml = self.cfg.xml.find('auth')
+        auth_xml = self.cfg.xml.find('.//auth')
         if auth_xml is None:
+            _logger.debug('No auth section was found in the configuration file.')
+            _logger.error('Could not find authentication')
             raise RuntimeError('Could not find authentication')
         authmethod_xml = auth_xml.getchildren()[0]
+        _logger.debug('Attempting to auto-detect the authentication method...')
         for a in dir(auth):
             if a.startswith('_'):
                 continue
@@ -42,10 +73,15 @@ class PassMan(object):
                 continue
             self.auth = c(self.uri,
                           authmethod_xml)
+            _logger.debug('Found auth method: {0}'.format(self.auth.name))
             break
         if not self.auth:
-            _logger.error('Invalid auth configuration')
             _logger.debug('Auth specified ({0}) was not found or is not supported'.format(authmethod_xml.tag))
+            _logger.error('Invalid auth configuration')
             raise RuntimeError('Invalid auth configuration')
         self.client = self.auth.client
+        if not self.client.sys.is_initialized():
+            _logger.debug('Vault instance is not initialized. Please initialize (and configure, if necessary) first.')
+            _logger.error('Not initialized')
+            raise RuntimeError('Not initialized')
         return(None)

vaultpass/mounts.py

@@ -0,0 +1,13 @@
+class MountHandler(object):
+    def __init__(self, client, mounts_xml = None):
+        self.client = client
+        self.mounts = {}
+
+    def getSysMounts(self):
+        pass
+
+    def print(self):
+        pass
+
+    def search(self):
+        pass