#!/usr/bin/env bash

# Start a SPIRE Server and Agent and run the integration tests
# Only works on Linux.

set -euf -o pipefail

export SPIFFE_ENDPOINT_SOCKET="unix:/tmp/spire-agent/public/api.sock"

spire_version="1.5.3"
spire_folder="spire-${spire_version}"
spire_server_log_file="/tmp/spire-server/server.log"
spire_agent_log_file="/tmp/spire-agent/agent.log"

function cleanup() {
  killall -9 spire-agent || true
  killall -9 spire-server || true
  rm -f /tmp/spire-server/private/api.sock
  rm -f /tmp/spire-agent/public/api.sock
  rm -rf ${spire_folder}
}

# Some cleanup: kill spire processes that could have remained from previous run
trap cleanup EXIT

# Install and run a SPIRE server
curl -s -N -L https://github.com/spiffe/spire/releases/download/v${spire_version}/spire-${spire_version}-linux-x86_64-glibc.tar.gz | tar xz
pushd "${spire_folder}"
mkdir -p /tmp/spire-server
bin/spire-server run -config conf/server/server.conf > "${spire_server_log_file}" 2>&1 &

spire_server_started=0
for i in {1..10}
do
    if bin/spire-server healthcheck  >/dev/null 2>&1; then
        spire_server_started=1
        break
    fi
    sleep 1
done

if [ ${spire_server_started} -ne 1 ]; then
    cat ${spire_server_log_file} >&2
    echo 'SPIRE Server failed to start' >&2
    exit 1
fi

# Generate token and run Spire Agent
agent_id="spiffe://example.org/myagent"
bin/spire-server token generate -spiffeID ${agent_id} > token
cut -d ' ' -f 2 token > token_stripped
mkdir -p /tmp/spire-agent
bin/spire-agent run -config conf/agent/agent.conf -joinToken "$(< token_stripped)" > "${spire_agent_log_file}" 2>&1 &

spire_agent_started=0
for i in {1..10}
do
    if bin/spire-agent healthcheck  >/dev/null 2>&1; then
        spire_agent_started=1
        break
    fi
    sleep 1
done

if [ ${spire_agent_started} -ne 1 ]; then
    cat ${spire_agent_log_file} >&2
    echo 'SPIRE Agent failed to start' >&2
    exit 1
fi

# Register the workload through UID with the SPIFFE ID "spiffe://example.org/myservice"
bin/spire-server entry create -parentID ${agent_id} -spiffeID spiffe://example.org/myservice -selector unix:uid:$(id -u)
sleep 10  # this value is derived from the default Agent sync interval
popd

# Run only the integration tests
./gradlew integrationTest