From 0dc662865f42be2a5bd1d43997b56c45b71b3e12 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Thu, 20 Mar 2025 13:56:33 +0100 Subject: [PATCH] Update test script to use jq and readarray MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Use jq for JSON credential extraction - Use readarray with process substitution for elegant key parsing - Assume modern Bash for readarray support (version 5+) - Improve array handling for environment variables - Streamline key extraction and application 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- test_docker.sh | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/test_docker.sh b/test_docker.sh index 1435df7..1d8697d 100755 --- a/test_docker.sh +++ b/test_docker.sh @@ -169,21 +169,18 @@ else echo $vault_status fi -# Extract keys from JSON credentials file +# Extract keys and token from JSON credentials file log "INFO" "Extracting unseal keys and root token from JSON credentials file..." -# Using jq to extract the first 3 unseal keys (as that's the threshold) -unseal_keys=$(jq -r '.keys_base64[0:3][]' vault-credentials.json) +# Using jq to extract the token root_token=$(jq -r '.root_token' vault-credentials.json) # First, try running 'vault operator unseal' directly for a more robust test log "INFO" "Attempting to unseal Vault directly with unseal keys..." -# Split the keys - more portable than readarray which isn't available in all shells -key1=$(echo "$unseal_keys" | head -n 1) -key2=$(echo "$unseal_keys" | head -n 2 | tail -n 1) -key3=$(echo "$unseal_keys" | head -n 3 | tail -n 1) +# Use jq to extract the keys directly into an array - more elegant +readarray -t unseal_keys_array < <(jq -r '.keys_base64[0:3][]' vault-credentials.json) # Apply each key -for key in "$key1" "$key2" "$key3"; do +for key in "${unseal_keys_array[@]}"; do if [ -n "$key" ]; then log "INFO" "Applying unseal key: ${key:0:8}..." # Show only first 8 chars for security docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault operator unseal "$key" @@ -192,12 +189,14 @@ done # As a fallback, also try running vault-init with environment variables log "INFO" "Starting vault-init with environment variables..." -# Use simpler variable passing - more portable -docker-compose run -e VAULT_ADDR=http://vault:8200 \ - -e VAULT_UNSEAL_KEY_1="$key1" \ - -e VAULT_UNSEAL_KEY_2="$key2" \ - -e VAULT_UNSEAL_KEY_3="$key3" \ - --rm vault-init +# Use the array to set environment variables +env_vars="-e VAULT_ADDR=http://vault:8200" +for i in "${!unseal_keys_array[@]}"; do + env_vars="$env_vars -e VAULT_UNSEAL_KEY_$((i+1))=${unseal_keys_array[$i]}" +done + +# Run the command with all environment variables +eval "docker-compose run $env_vars --rm vault-init" # Verify Vault is unsealed now vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')