From 334fc50ac71ea5cdc8e2c939520393cdbc124cd8 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Thu, 20 Mar 2025 12:55:09 +0100
Subject: [PATCH] Fix vault status checks in Docker test script
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Update JSON parsing to handle Vault status response correctly
- Remove redundant status extraction with grep
- Use safer string matching approach with Bash pattern matching

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 test_docker.sh | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/test_docker.sh b/test_docker.sh
index 9f48968..c6fa281 100755
--- a/test_docker.sh
+++ b/test_docker.sh
@@ -117,9 +117,8 @@ fi
 
 # Verify Vault is unsealed
 vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
-sealed=$(echo $vault_status | grep -o '"sealed":false' || echo "sealed")
 
-if [ "$sealed" = '"sealed":false' ]; then
+if [[ "$vault_status" == *'"sealed":false'* ]]; then
   log "INFO" "Vault is properly unsealed"
 else
   log "ERROR" "Vault is still sealed"
@@ -143,9 +142,8 @@ sleep 5
 
 # Verify Vault is sealed after restart (it should be)
 vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
-sealed=$(echo $vault_status | grep -o '"sealed":true' || echo "unsealed")
 
-if [ "$sealed" = '"sealed":true' ]; then
+if [[ "$vault_status" == *'"sealed":true'* ]]; then
   log "INFO" "Vault is correctly sealed after restart"
 else
   log "WARN" "Vault is not sealed after restart - this is unexpected"
@@ -167,9 +165,8 @@ docker-compose run -e VAULT_ADDR=http://vault:8200 \
 
 # Verify Vault is unsealed now
 vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
-sealed=$(echo $vault_status | grep -o '"sealed":false' || echo "sealed")
 
-if [ "$sealed" = '"sealed":false' ]; then
+if [[ "$vault_status" == *'"sealed":false'* ]]; then
   log "INFO" "Vault was successfully unsealed after restart"
 else
   log "ERROR" "Vault is still sealed after restart"