From 98384791c3d2dc884c49a5ee03c414bcccfbd0cc Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Thu, 20 Mar 2025 12:58:09 +0100
Subject: [PATCH] Improve Vault status detection in test script
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Use better pattern matching to extract sealed status
- Add more verbose logging of seal status
- Make status checks more resilient to formatting differences
- Ensure test correctly interprets Vault status output

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 test_docker.sh | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/test_docker.sh b/test_docker.sh
index 9e6a0e1..12f4b32 100755
--- a/test_docker.sh
+++ b/test_docker.sh
@@ -119,7 +119,10 @@ fi
 vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
 
 # Check if Vault is unsealed by looking for "sealed":false
-if echo "$vault_status" | grep -q '"sealed":false'; then
+sealed=$(echo "$vault_status" | grep -o '"sealed":[^,]*' || echo '"sealed":true')
+log "INFO" "Seal status: $sealed"
+
+if [[ "$sealed" == *"false"* ]]; then
   log "INFO" "Vault is properly unsealed after initial setup"
 else
   log "ERROR" "Vault is still sealed after initial setup"
@@ -144,7 +147,10 @@ sleep 5
 # Verify Vault is sealed after restart (it should be)
 vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
 
-if echo "$vault_status" | grep -q '"sealed":true'; then
+sealed=$(echo "$vault_status" | grep -o '"sealed":[^,]*' || echo '"sealed":false')
+log "INFO" "Seal status after restart: $sealed"
+
+if [[ "$sealed" == *"true"* ]]; then
   log "INFO" "Vault is correctly sealed after restart"
 else
   log "WARN" "Vault is not sealed after restart - this is unexpected"
@@ -177,7 +183,10 @@ docker-compose run -e VAULT_ADDR=http://vault:8200 \
 # Verify Vault is unsealed now
 vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
 
-if echo "$vault_status" | grep -q '"sealed":false'; then
+sealed=$(echo "$vault_status" | grep -o '"sealed":[^,]*' || echo '"sealed":true')
+log "INFO" "Seal status after unseal attempts: $sealed"
+
+if [[ "$sealed" == *"false"* ]]; then
   log "INFO" "Vault was successfully unsealed after restart"
 else
   log "ERROR" "Vault is still sealed after restart"