various fixes

.gitignore

@@ -72,3 +72,4 @@ flycheck_*.el
 # Go workspace file
 go.work
 
+mini-vault/mini-vault

common.go

@@ -9,10 +9,11 @@ package libvault
 import (
 	"bytes"
 	"encoding/json"
+	"errors"
 	log "github.com/sirupsen/logrus"
 	"io"
 	"net/http"
-	"os"
+	//	"os"
 	"time"
 )
 
@@ -84,9 +85,9 @@ func (v *Vault) POST(t *Token, api string, request interface{},
 		return err
 	}
 
-	var indent bytes.Buffer
-	json.Indent(&indent, rbody, "", "    ")
-	indent.WriteTo(os.Stdout)
+	//	var indent bytes.Buffer
+	//	json.Indent(&indent, rbody, "", "    ")
+	//	indent.WriteTo(os.Stdout)
 
 	// check status code
 	if hresp.StatusCode != 200 {
@@ -96,7 +97,7 @@ func (v *Vault) POST(t *Token, api string, request interface{},
 			"code":   hresp.StatusCode,
 			"body":   string(rbody),
 		}).Error("libvault: invalid status code on vault post request")
-		return err
+		return errors.New("libvault: invalid status code")
 	}
 
 	if response != nil {
@@ -121,5 +122,74 @@ func (v *Vault) POST(t *Token, api string, request interface{},
 	return nil
 }
 
+//////////////////////////////////////////////////////////////////////////
+// make a vault GET call
+
+func (v *Vault) GET(t *Token, api string,
+	response interface{}) error {
+
+	// create GET request
+	url := v.url(api)
+	hreq, err := http.NewRequest("GET", url, nil)
+	hreq.Header.Set("X-Vault-Token", t.Token)
+
+	// and do it
+	hclient := &http.Client{}
+	hresp, err := hclient.Do(hreq)
+	if err != nil {
+		log.WithFields(log.Fields{
+			"url":   url,
+			"error": err,
+		}).Error("libvault: failed to make vault POST call")
+		return err
+	}
+	defer hresp.Body.Close()
+
+	// read the response body
+	rbody, err := io.ReadAll(hresp.Body)
+	if err != nil {
+		log.WithFields(log.Fields{
+			"url":   url,
+			"error": err,
+		}).Error("libvault: failed to read response body")
+		return err
+	}
+
+	//	var indent bytes.Buffer
+	//	json.Indent(&indent, rbody, "", "    ")
+	//	indent.WriteTo(os.Stdout)
+
+	// check status code
+	if hresp.StatusCode != 200 {
+		log.WithFields(log.Fields{
+			"url":    url,
+			"status": hresp.Status,
+			"code":   hresp.StatusCode,
+			"body":   string(rbody),
+		}).Error("libvault: invalid status code on vault post request")
+		return errors.New("libvault: invalid status code")
+	}
+
+	if response != nil {
+		if err := json.Unmarshal(rbody, response); err != nil {
+			log.WithFields(log.Fields{
+				"url":      url,
+				"body":     string(rbody),
+				"response": response,
+				"error":    err,
+			}).Error("libvault: failed to unmarshal response body")
+			return err
+		}
+	}
+
+	log.WithFields(log.Fields{
+		"api":      api,
+		"url":      url,
+		"response": string(rbody),
+	}).Debug("libvault: successful vault call")
+
+	return nil
+}
+
 //////////////////////////////////////////////////////////////////////////
 // end of file

mini-vault/tls.go

@@ -126,7 +126,7 @@ func CmdTLSRenew(cmd *cobra.Command, args []string) {
 	fmt.Printf(" - Certificate: %s\n", TLSCertPEM)
 	if err := os.WriteFile(
 		TLSCertPEM,
-		[]byte(kc.Certificate+"\n"+kc.IssuingCA),
+		[]byte(kc.Certificate+"\n"+kc.IssuingCA+"\n"),
 		0600,
 	); err != nil {
 		fmt.Printf("ERROR: failed to write certificate: %s\n", err)

token.go

@@ -89,18 +89,13 @@ func (t *Token) Expires() (time.Time, error) {
 
 	if t.expires.IsZero() {
 
-		// request and response json structures
-		req := &struct {
-			Token string `json:"token"`
-		}{Token: t.Token}
-
 		resp := &struct {
 			Data *struct {
 				ExpireTime time.Time `json:"expire_time"`
 			} `json:"data"`
 		}{}
 
-		if err := vault.POST(t, "/auth/token/lookup", req, resp); err != nil {
+		if err := vault.GET(t, "/auth/token/lookup-self", resp); err != nil {
 			log.WithFields(log.Fields{
 				"token": t.Token,
 			}).Error("libvault: failed to determine token expiry date")