fix: cpu lock due to default notify-queue-delay value

- closes #17

Signed-off-by: Liam Stanley <[email protected]>

Dockerfile

@@ -3,7 +3,7 @@ FROM golang:alpine as build
 WORKDIR /build
 RUN apk add --no-cache make
 COPY go.sum go.mod Makefile /build/
-RUN make fetch
+RUN make go-fetch
 COPY . /build/
 RUN make
 
@@ -19,4 +19,4 @@ COPY --from=build /build/vault-unseal /usr/local/bin/vault-unseal
 WORKDIR /
 ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 ENV LOG_JSON=true
-CMD ["vault-unseal"]
+CMD ["vault-unseal"]

Makefile

@@ -5,7 +5,7 @@ export PROJECT := "vault-unseal"
 license:
 	curl -sL https://liam.sh/-/gh/g/license-header.sh | bash -s
 
-fetch:
+go-fetch:
 	go mod download
 	go mod tidy
 
@@ -20,13 +20,20 @@ upgrade-deps-patch:
 clean:
 	/bin/rm -rfv "dist/" "${PROJECT}"
 
-debug: clean
-	go run *.go
+go-dlv: go-prepare
+	dlv debug \
+		--headless --listen=:2345 \
+		--api-version=2 --log \
+		--allow-non-terminal-interactive \
+		${PACKAGE} -- --debug
 
-prepare: fetch clean
+go-debug: clean
+	go run *.go --debug
+
+go-prepare: go-fetch clean
 	go generate -x ./...
 
-build: prepare fetch
+build: go-prepare go-fetch
 	CGO_ENABLED=0 \
 	go build \
 		-ldflags '-d -s -w -extldflags=-static' \

daemon.go

@@ -5,6 +5,7 @@
 package main
 
 import (
+	"context"
 	"fmt"
 	"net"
 	"sync"
@@ -13,7 +14,7 @@ import (
 	"github.com/apex/log"
 )
 
-func worker(done <-chan struct{}, wg *sync.WaitGroup, addr string) {
+func worker(ctx context.Context, wg *sync.WaitGroup, addr string) {
 	defer wg.Done()
 
 	client := newVault(addr)
@@ -35,7 +36,7 @@ func worker(done <-chan struct{}, wg *sync.WaitGroup, addr string) {
 		}
 
 		select {
-		case <-done:
+		case <-ctx.Done():
 			logger.WithField("addr", addr).Info("closing worker")
 			return
 		case <-time.After(conf.CheckInterval + errDelay):

devenv/docker-compose.yaml

@@ -0,0 +1,11 @@
+version: "3.8"
+
+services:
+  vault-server:
+    image: vault:latest
+    ports: ["8200:8200"]
+    environment:
+      VAULT_ADDR: "http://0.0.0.0:8200"
+      VAULT_DEV_ROOT_TOKEN_ID: "change-me"
+    cap_add:
+      - IPC_LOCK

devenv/vault-unseal.yaml

@@ -0,0 +1,8 @@
+email:
+  enabled: false
+tls_skip_verify: true
+unseal_tokens:
+  - YOUR_TOKEN_HERE
+vault_nodes:
+  - http://localhost:8200
+allow_single_node: true

main.go

@@ -5,6 +5,7 @@
 package main
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -160,15 +161,15 @@ func main() {
 	}
 
 	var wg sync.WaitGroup
-	done := make(chan struct{})
+	ctx, cancel := context.WithCancel(context.Background())
 
 	for _, addr := range conf.Nodes {
 		logger.WithField("addr", addr).Info("invoking worker")
 		wg.Add(1)
-		go worker(done, &wg, addr)
+		go worker(ctx, &wg, addr)
 	}
 
-	go notifier(done, &wg)
+	go notifier(ctx, &wg)
 
 	if conf.ConfigPath != "" {
 		go func() {
@@ -184,7 +185,7 @@ func main() {
 
 	go func() {
 		catch()
-		close(done)
+		cancel()
 	}()
 
 	wg.Wait()
@@ -252,6 +253,13 @@ func readConfig(path string) error {
 		}
 	}
 
+	if conf.NotifyQueueDelay < 10*time.Second {
+		conf.NotifyQueueDelay = 10 * time.Second
+	}
+	if conf.NotifyQueueDelay > 10*time.Minute {
+		conf.NotifyQueueDelay = 10 * time.Minute
+	}
+
 	if path != "" {
 		logger.WithField("path", path).Info("updated config")
 		conf.lastModifiedCheck = fi.ModTime()

notifier.go

@@ -5,6 +5,7 @@
 package main
 
 import (
+	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
@@ -38,7 +39,7 @@ func notify(err error) {
 	notifyCh <- err
 }
 
-func notifier(done chan struct{}, wg *sync.WaitGroup) {
+func notifier(ctx context.Context, wg *sync.WaitGroup) {
 	defer wg.Done()
 
 	logger.Info("starting notifier")
@@ -53,7 +54,7 @@ func notifier(done chan struct{}, wg *sync.WaitGroup) {
 	// be called, and events will continue to build up forever.
 	for {
 		select {
-		case <-done:
+		case <-ctx.Done():
 			sendQueue()
 			return
 		case err := <-notifyCh: