harald/vault-hier
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Improve Vault status detection in test script

Browse source 
- Use better pattern matching to extract sealed status
- Add more verbose logging of seal status
- Make status checks more resilient to formatting differences
- Ensure test correctly interprets Vault status output

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Harald Hoyer 2025-03-20 12:58:09 +01:00
parent d27bd8c57a
commit 98384791c3
1 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
test_docker.sh
View file

@ -119,7 +119,10 @@ fi
vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}') vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
# Check if Vault is unsealed by looking for "sealed":false # Check if Vault is unsealed by looking for "sealed":false
if echo "$vault_status" | grep -q '"sealed":false'; then sealed=$(echo "$vault_status" | grep -o '"sealed":[^,]*' || echo '"sealed":true')
log "INFO" "Seal status: $sealed"
if [[ "$sealed" == *"false"* ]]; then
log "INFO" "Vault is properly unsealed after initial setup" log "INFO" "Vault is properly unsealed after initial setup"
else else
log "ERROR" "Vault is still sealed after initial setup" log "ERROR" "Vault is still sealed after initial setup"
@ -144,7 +147,10 @@ sleep 5
# Verify Vault is sealed after restart (it should be) # Verify Vault is sealed after restart (it should be)
vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}') vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
if echo "$vault_status" | grep -q '"sealed":true'; then sealed=$(echo "$vault_status" | grep -o '"sealed":[^,]*' || echo '"sealed":false')
log "INFO" "Seal status after restart: $sealed"
if [[ "$sealed" == *"true"* ]]; then
log "INFO" "Vault is correctly sealed after restart" log "INFO" "Vault is correctly sealed after restart"
else else
log "WARN" "Vault is not sealed after restart - this is unexpected" log "WARN" "Vault is not sealed after restart - this is unexpected"
@ -177,7 +183,10 @@ docker-compose run -e VAULT_ADDR=http://vault:8200 \
# Verify Vault is unsealed now # Verify Vault is unsealed now
vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}') vault_status=$(docker-compose exec -T vault env VAULT_ADDR=http://127.0.0.1:8200 vault status -format=json 2>/dev/null || echo '{"sealed": true}')
if echo "$vault_status" | grep -q '"sealed":false'; then sealed=$(echo "$vault_status" | grep -o '"sealed":[^,]*' || echo '"sealed":true')
log "INFO" "Seal status after unseal attempts: $sealed"
if [[ "$sealed" == *"false"* ]]; then
log "INFO" "Vault was successfully unsealed after restart" log "INFO" "Vault was successfully unsealed after restart"
else else
log "ERROR" "Vault is still sealed after restart" log "ERROR" "Vault is still sealed after restart"