harald/vault-hier
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Update test script to use jq and readarray

Browse source 
- Use jq for JSON credential extraction
- Use readarray with process substitution for elegant key parsing
- Assume modern Bash for readarray support (version 5+)
- Improve array handling for environment variables
- Streamline key extraction and application

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Harald Hoyer 2025-03-20 13:56:33 +01:00
parent a3fa6c2e8d
commit 0dc662865f
1 changed files with 13 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
test_docker.sh
View file

@ -169,21 +169,18 @@ else
echo $vault_status echo $vault_status
fi fi
# Extract keys from JSON credentials file # Extract keys and token from JSON credentials file
log "INFO" "Extracting unseal keys and root token from JSON credentials file..." log "INFO" "Extracting unseal keys and root token from JSON credentials file..."
# Using jq to extract the first 3 unseal keys (as that's the threshold) # Using jq to extract the token
unseal_keys=$(jq -r '.keys_base64[0:3][]' vault-credentials.json)
root_token=$(jq -r '.root_token' vault-credentials.json) root_token=$(jq -r '.root_token' vault-credentials.json)
# First, try running 'vault operator unseal' directly for a more robust test # First, try running 'vault operator unseal' directly for a more robust test
log "INFO" "Attempting to unseal Vault directly with unseal keys..." log "INFO" "Attempting to unseal Vault directly with unseal keys..."
# Split the keys - more portable than readarray which isn't available in all shells # Use jq to extract the keys directly into an array - more elegant
key1=$(echo "$unseal_keys" | head -n 1) readarray -t unseal_keys_array < <(jq -r '.keys_base64[0:3][]' vault-credentials.json)
key2=$(echo "$unseal_keys" | head -n 2 | tail -n 1)
key3=$(echo "$unseal_keys" | head -n 3 | tail -n 1)
# Apply each key # Apply each key
for key in "$key1" "$key2" "$key3"; do for key in "${unseal_keys_array[@]}"; do
if [ -n "$key" ]; then if [ -n "$key" ]; then
log "INFO" "Applying unseal key: ${key:0:8}..." # Show only first 8 chars for security log "INFO" "Applying unseal key: ${key:0:8}..." # Show only first 8 chars for security
docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault operator unseal "$key" docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault operator unseal "$key"
@ -192,12 +189,14 @@ done
# As a fallback, also try running vault-init with environment variables # As a fallback, also try running vault-init with environment variables
log "INFO" "Starting vault-init with environment variables..." log "INFO" "Starting vault-init with environment variables..."
# Use simpler variable passing - more portable # Use the array to set environment variables
docker-compose run -e VAULT_ADDR=http://vault:8200 \ env_vars="-e VAULT_ADDR=http://vault:8200"
-e VAULT_UNSEAL_KEY_1="$key1" \ for i in "${!unseal_keys_array[@]}"; do
-e VAULT_UNSEAL_KEY_2="$key2" \ env_vars="$env_vars -e VAULT_UNSEAL_KEY_$((i+1))=${unseal_keys_array[$i]}"
-e VAULT_UNSEAL_KEY_3="$key3" \ done
--rm vault-init
# Run the command with all environment variables
eval "docker-compose run $env_vars --rm vault-init"
# Verify Vault is unsealed now # Verify Vault is unsealed now
vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}') vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')