final fixes for hcl2 config enablement

CHANGELOG.md

@@ -1,5 +1,6 @@
 ### 1.1.0 (Next)
 - Convert local snapshot cleanup from forced to optional.
+- Enable configuration via HCL file.
 
 ### 1.0.1
 - Improve AWS S3 config handling.

main.go

@@ -2,8 +2,6 @@ package main
 
 import (
 	"log"
-	"os"
-	"strconv"
 
 	"github.com/mschuchard/vault-raft-backup/aws"
 	"github.com/mschuchard/vault-raft-backup/util"

vault/client.go

@@ -54,14 +54,10 @@ func NewVaultConfig(backupVaultConfig *util.VaultConfig) (*vaultConfig, error) {
 
 	// validate insecure
 	insecure := backupVaultConfig.Insecure
-	// no value specified so assign based on address
-	if len(os.Getenv("VAULT_SKIP_VERIFY")) == 0 {
-		// https --> false
-		if address[0:5] == "https" {
-			insecure = false
-		} else { // http --> true
-			insecure = true
-		}
+	if !insecure && address[0:5] == "http:" {
+		log.Print("insecure input parameter was omitted or specified as false, and address protocol is http")
+		log.Print("insecure will be reset to value of true")
+		insecure = true
 	}
 
 	// initialize locals
@@ -70,12 +66,6 @@ func NewVaultConfig(backupVaultConfig *util.VaultConfig) (*vaultConfig, error) {
 	awsMountPath := backupVaultConfig.AWSMountPath
 	awsRole := backupVaultConfig.AWSRole
 
-	// validate vault token
-	if engine == vaultToken && len(token) != 28 {
-		log.Print("the specified Vault Token is invalid")
-		return nil, errors.New("invalid vault token")
-	}
-
 	// determine vault auth engine if unspecified
 	if len(engine) == 0 {
 		log.Print("authentication engine for Vault not specified; using logic from other parameters to assist with determination")
@@ -100,6 +90,12 @@ func NewVaultConfig(backupVaultConfig *util.VaultConfig) (*vaultConfig, error) {
 		}
 	}
 
+	// validate vault token
+	if engine == vaultToken && len(token) != 28 {
+		log.Print("the specified Vault Token is invalid")
+		return nil, errors.New("invalid vault token")
+	}
+
 	// default aws mount path and role
 	if engine == awsIam {
 		if len(awsMountPath) == 0 {