forked from spiffe/spire-tutorials
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtest.sh
executable file
·53 lines (39 loc) · 1.36 KB
/
test.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/bash
norm=$(tput sgr0) || true
green=$(tput setaf 2) || true
red=$(tput setaf 1) || true
bold=$(tput bold) || true
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
timestamp() {
date -u "+[%Y-%m-%dT%H:%M:%SZ]"
}
log() {
echo "${bold}$(timestamp) $*${norm}"
}
fail() {
echo "${red}$(timestamp) $*${norm}"
exit 1
}
clean-env() {
log "Cleaning up..."
bash "${DIR}"/scripts/clean-env.sh
}
trap clean-env EXIT
log "Preparing Nested SPIRE environment..."
clean-env
bash "${DIR}"/scripts/set-env.sh
log "Creating workload registration entries..."
bash "${DIR}"/scripts/create-workload-registration-entries.sh
log "checking nested JWT-SVID..."
# Fetch JWT-SVID and extract token
token=$(docker-compose -f "${DIR}"/docker-compose.yaml exec -u 1001 -T nestedA-agent \
/opt/spire/bin/spire-agent api fetch jwt -audience testIt -socketPath /opt/spire/sockets/workload_api.sock | sed -n '2p') || fail "JWT-SVID check failed"
# Validate token
validation_result=$(docker-compose -f "${DIR}"/docker-compose.yaml exec -u 1001 -T nestedB-agent \
/opt/spire/bin/spire-agent api validate jwt -audience testIt -svid "${token}" -socketPath /opt/spire/sockets/workload_api.sock)
if echo $validation_result | grep -qe "SVID is valid."; then
echo "${green}Success${norm}"
exit 0
fi
echo "${red}Failed! JTW-SVID cannot be validated.${norm}".
exit 1