spiffe
/
java-spiffe
mirror of https://github.com/spiffe/java-spiffe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
java-spiffe/.github/workflows/scripts/integration-tests.sh

78 lines
2.2 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
# Start a SPIRE Server and Agent and run the integration tests
# Only works on Linux.
set -euf -o pipefail
export SPIFFE_ENDPOINT_SOCKET="unix:/tmp/spire-agent/public/api.sock"
spire_version="1.11.0"
spire_folder="spire-${spire_version}"
spire_server_log_file="/tmp/spire-server/server.log"
spire_agent_log_file="/tmp/spire-agent/agent.log"
function cleanup() {
killall -9 spire-agent || true
killall -9 spire-server || true
rm -f /tmp/spire-server/private/api.sock
rm -f /tmp/spire-agent/public/api.sock
rm -rf ${spire_folder}
}
# Some cleanup: kill spire processes that could have remained from previous run
trap cleanup EXIT
# Install and run a SPIRE server
curl -s -N -L https://github.com/spiffe/spire/releases/download/v${spire_version}/spire-${spire_version}-linux-amd64-musl.tar.gz | tar xz
pushd "${spire_folder}"
mkdir -p /tmp/spire-server
bin/spire-server run -config conf/server/server.conf > "${spire_server_log_file}" 2>&1 &
spire_server_started=0
for i in {1..10}
do
if bin/spire-server healthcheck >/dev/null 2>&1; then
spire_server_started=1
break
fi
sleep 1
done
if [ ${spire_server_started} -ne 1 ]; then
cat ${spire_server_log_file} >&2
echo 'SPIRE Server failed to start' >&2
exit 1
fi
# Generate token and run Spire Agent
agent_id="spiffe://example.org/myagent"
bin/spire-server token generate -spiffeID ${agent_id} > token
cut -d ' ' -f 2 token > token_stripped
mkdir -p /tmp/spire-agent
bin/spire-agent run -config conf/agent/agent.conf -joinToken "$(< token_stripped)" > "${spire_agent_log_file}" 2>&1 &
spire_agent_started=0
for i in {1..10}
do
if bin/spire-agent healthcheck >/dev/null 2>&1; then
spire_agent_started=1
break
fi
sleep 1
done
if [ ${spire_agent_started} -ne 1 ]; then
cat ${spire_agent_log_file} >&2
echo 'SPIRE Agent failed to start' >&2
exit 1
fi
# Register the workload through UID with the SPIFFE ID "spiffe://example.org/myservice"
bin/spire-server entry create -parentID ${agent_id} -spiffeID spiffe://example.org/myservice -selector unix:uid:$(id -u)
sleep 10 # this value is derived from the default Agent sync interval
popd
# Run only the integration tests
./gradlew integrationTest
Reference in New Issue View Git Blame Copy Permalink