|
26 | 26 | set -o nounset |
27 | 27 | set -o errexit |
28 | 28 | set -o pipefail |
29 | | -set -o xtrace |
30 | 29 |
|
31 | 30 | script_dir=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) |
32 | 31 | root_dir=$(cd "${script_dir}/../.." && pwd) |
@@ -195,7 +194,40 @@ kubectl -n team-1 wait certificate app-0 --for=condition=Ready |
195 | 194 | # Parse logs as JSON using jq to ensure logs are all JSON formatted. |
196 | 195 | # Disable pipefail to prevent SIGPIPE (141) errors from tee |
197 | 196 | # See https://unix.stackexchange.com/questions/274120/pipe-fail-141-when-piping-output-into-tee-why |
| 197 | +set +o pipefail |
198 | 198 | kubectl logs deployments/venafi-kubernetes-agent \ |
199 | 199 | --follow \ |
200 | 200 | --namespace venafi \ |
201 | 201 | | timeout 60 jq 'if .msg | test("Data sent successfully") then . | halt_error(0) end' |
| 202 | +set -o pipefail |
| 203 | + |
| 204 | +# Create a unique TLS Secret and wait for it to appear in the Venafi certificate |
| 205 | +# inventory API. The case conversion is due to macOS' version of uuidgen which |
| 206 | +# prints UUIDs in upper case, but DNS labels need lower case characters. |
| 207 | +commonname="venafi-kubernetes-agent-e2e.$(uuidgen | tr '[:upper:]' '[:lower:]').example.com" |
| 208 | +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /tmp/tls.key -out /tmp/tls.crt -subj "/CN=$commonname" 2>/dev/null |
| 209 | +kubectl create secret tls "$commonname" --cert=/tmp/tls.crt --key=/tmp/tls.key -o yaml --dry-run=client | kubectl apply -f - |
| 210 | + |
| 211 | +getCertificate() { |
| 212 | + jq -n '{ |
| 213 | + "expression": { |
| 214 | + "field": "subjectCN", |
| 215 | + "operator": "MATCH", |
| 216 | + "value": $commonname |
| 217 | + }, |
| 218 | + "ordering": { |
| 219 | + "orders": [ |
| 220 | + { "direction": "DESC", "field": "certificatInstanceModificationDate" } |
| 221 | + ] |
| 222 | + }, |
| 223 | + "paging": { "pageNumber": 0, "pageSize": 10 } |
| 224 | + }' --arg commonname "${commonname}" \ |
| 225 | + | curl "https://${VEN_API_HOST}/outagedetection/v1/certificatesearch?excludeSupersededInstances=true&ownershipTree=true" \ |
| 226 | + -fsSL \ |
| 227 | + -H "tppl-api-key: $VEN_API_KEY" \ |
| 228 | + --json @- \ |
| 229 | + | jq 'if .count == 0 then . | halt_error(1) end' |
| 230 | +} |
| 231 | + |
| 232 | +# Wait 5 minutes for the certificate to appear. |
| 233 | +for ((i=0;;i++)); do if getCertificate; then exit 0; fi; sleep 30; done | timeout -v -- 5m cat |
0 commit comments