Update test script to use jq and readarray
- Use jq for JSON credential extraction - Use readarray with process substitution for elegant key parsing - Assume modern Bash for readarray support (version 5+) - Improve array handling for environment variables - Streamline key extraction and application 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
parent
a3fa6c2e8d
commit
0dc662865f
|
|
@ -169,21 +169,18 @@ else
|
|||
echo $vault_status
|
||||
fi
|
||||
|
||||
# Extract keys from JSON credentials file
|
||||
# Extract keys and token from JSON credentials file
|
||||
log "INFO" "Extracting unseal keys and root token from JSON credentials file..."
|
||||
# Using jq to extract the first 3 unseal keys (as that's the threshold)
|
||||
unseal_keys=$(jq -r '.keys_base64[0:3][]' vault-credentials.json)
|
||||
# Using jq to extract the token
|
||||
root_token=$(jq -r '.root_token' vault-credentials.json)
|
||||
|
||||
# First, try running 'vault operator unseal' directly for a more robust test
|
||||
log "INFO" "Attempting to unseal Vault directly with unseal keys..."
|
||||
# Split the keys - more portable than readarray which isn't available in all shells
|
||||
key1=$(echo "$unseal_keys" | head -n 1)
|
||||
key2=$(echo "$unseal_keys" | head -n 2 | tail -n 1)
|
||||
key3=$(echo "$unseal_keys" | head -n 3 | tail -n 1)
|
||||
# Use jq to extract the keys directly into an array - more elegant
|
||||
readarray -t unseal_keys_array < <(jq -r '.keys_base64[0:3][]' vault-credentials.json)
|
||||
|
||||
# Apply each key
|
||||
for key in "$key1" "$key2" "$key3"; do
|
||||
for key in "${unseal_keys_array[@]}"; do
|
||||
if [ -n "$key" ]; then
|
||||
log "INFO" "Applying unseal key: ${key:0:8}..." # Show only first 8 chars for security
|
||||
docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault operator unseal "$key"
|
||||
|
|
@ -192,12 +189,14 @@ done
|
|||
|
||||
# As a fallback, also try running vault-init with environment variables
|
||||
log "INFO" "Starting vault-init with environment variables..."
|
||||
# Use simpler variable passing - more portable
|
||||
docker-compose run -e VAULT_ADDR=http://vault:8200 \
|
||||
-e VAULT_UNSEAL_KEY_1="$key1" \
|
||||
-e VAULT_UNSEAL_KEY_2="$key2" \
|
||||
-e VAULT_UNSEAL_KEY_3="$key3" \
|
||||
--rm vault-init
|
||||
# Use the array to set environment variables
|
||||
env_vars="-e VAULT_ADDR=http://vault:8200"
|
||||
for i in "${!unseal_keys_array[@]}"; do
|
||||
env_vars="$env_vars -e VAULT_UNSEAL_KEY_$((i+1))=${unseal_keys_array[$i]}"
|
||||
done
|
||||
|
||||
# Run the command with all environment variables
|
||||
eval "docker-compose run $env_vars --rm vault-init"
|
||||
|
||||
# Verify Vault is unsealed now
|
||||
vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
|
||||
|
|
|
|||
Loading…
Reference in a new issue