Add test to federation tutorial (#80)
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
This commit is contained in:
Marcos Yacob
GitHub
parent
4b750f2da9
commit
392e6211ca
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
|
@ -6,18 +5,23 @@ set -e
|
|||
bb=$(tput bold)
|
||||
nn=$(tput sgr0)
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show
|
||||
|
||||
# Bootstrap trust to the SPIRE server for each agent by copying over the
|
||||
# trust bundle into each agent container.
|
||||
echo "${bb}Bootstrapping trust between SPIRE agents and SPIRE servers...${nn}"
|
||||
docker-compose exec -T spire-server-broker bin/spire-server bundle show |
|
||||
docker-compose exec -T broker-webapp tee conf/agent/bootstrap.crt > /dev/null
|
||||
docker-compose exec -T spire-server-stock bin/spire-server bundle show |
|
||||
docker-compose exec -T stock-quotes-service tee conf/agent/bootstrap.crt > /dev/null
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server bundle show |
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp tee conf/agent/bootstrap.crt
|
||||
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server bundle show |
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T stock-quotes-service tee conf/agent/bootstrap.crt
|
||||
|
||||
# Start up the broker-webapp SPIRE agent.
|
||||
echo "${bb}Starting broker-webapp SPIRE agent...${nn}"
|
||||
docker-compose exec -d broker-webapp bin/spire-agent run
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -d broker-webapp bin/spire-agent run
|
||||
|
||||
# Start up the stock-quotes-service SPIRE agent.
|
||||
echo "${bb}Starting stock-quotes-service SPIRE agent...${nn}"
|
||||
docker-compose exec -d stock-quotes-service bin/spire-agent run
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -d stock-quotes-service bin/spire-agent run
|
||||
|
|
|
|||
|
|
@ -5,14 +5,16 @@ set -e
|
|||
bb=$(tput bold)
|
||||
nn=$(tput sgr0)
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
echo "${bb}bootstrapping bundle from broker to quotes-service server...${nn}"
|
||||
docker-compose exec -T spire-server-broker \
|
||||
/opt/spire/bin/spire-server bundle show -format spiffe > docker/spire-server-stockmarket.example/conf/broker.example.bundle
|
||||
docker-compose exec -T spire-server-stock \
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
|
||||
/opt/spire/bin/spire-server bundle show -format spiffe > "${DIR}"/docker/spire-server-stockmarket.example/conf/broker.example.bundle
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
|
||||
/opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://broker.example -path /opt/spire/conf/server/broker.example.bundle
|
||||
|
||||
echo "${bb}bootstrapping bundle from quotes-service to broker server...${nn}"
|
||||
docker-compose exec -T spire-server-stock \
|
||||
/opt/spire/bin/spire-server bundle show -format spiffe > docker/spire-server-broker.example/conf/stockmarket.example.bundle
|
||||
docker-compose exec -T spire-server-broker \
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock \
|
||||
/opt/spire/bin/spire-server bundle show -format spiffe > "${DIR}"/docker/spire-server-broker.example/conf/stockmarket.example.bundle
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker \
|
||||
/opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://stockmarket.example -path /opt/spire/conf/server/stockmarket.example.bundle
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ set -e
|
|||
bb=$(tput bold)
|
||||
nn=$(tput sgr0)
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
fingerprint() {
|
||||
# calculate the SHA1 digest of the DER bytes of the certificate using the
|
||||
# "coreutils" output format (`-r`) to provide uniform output from
|
||||
|
|
@ -12,18 +14,18 @@ fingerprint() {
|
|||
cat $1 | openssl x509 -outform DER | openssl sha1 -r | awk '{print $1}'
|
||||
}
|
||||
|
||||
BROKER_WEBAPP_AGENT_FINGERPRINT=$(fingerprint docker/broker-webapp/conf/agent.crt.pem)
|
||||
QUOTES_SERVICE_AGENT_FINGERPRINT=$(fingerprint docker/stock-quotes-service/conf/agent.crt.pem)
|
||||
BROKER_WEBAPP_AGENT_FINGERPRINT=$(fingerprint ${DIR}/docker/broker-webapp/conf/agent.crt.pem)
|
||||
QUOTES_SERVICE_AGENT_FINGERPRINT=$(fingerprint ${DIR}/docker/stock-quotes-service/conf/agent.crt.pem)
|
||||
|
||||
echo "${bb}Creating registration entry for the broker-webapp...${nn}"
|
||||
docker-compose exec spire-server-broker bin/spire-server entry create \
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-broker bin/spire-server entry create \
|
||||
-parentID spiffe://broker.example/spire/agent/x509pop/${BROKER_WEBAPP_AGENT_FINGERPRINT} \
|
||||
-spiffeID spiffe://broker.example/webapp \
|
||||
-selector unix:user:root \
|
||||
-federatesWith "spiffe://stockmarket.example"
|
||||
|
||||
echo "${bb}Creating registration entry for the stock-quotes-service...${nn}"
|
||||
docker-compose exec spire-server-stock bin/spire-server entry create \
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml exec -T spire-server-stock bin/spire-server entry create \
|
||||
-parentID spiffe://stockmarket.example/spire/agent/x509pop/${QUOTES_SERVICE_AGENT_FINGERPRINT} \
|
||||
-spiffeID spiffe://stockmarket.example/quotes-service \
|
||||
-selector unix:user:root \
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ set -e
|
|||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
(cd src/broker-webapp && CGO_ENABLED=0 GOOS=linux go build -v -o $DIR/docker/broker-webapp/broker-webapp)
|
||||
(cd src/stock-quotes-service && CGO_ENABLED=0 GOOS=linux go build -v -o $DIR/docker/stock-quotes-service/stock-quotes-service)
|
||||
(cd "${DIR}"/src/broker-webapp && CGO_ENABLED=0 GOOS=linux go build -v -o "${DIR}"/docker/broker-webapp/broker-webapp)
|
||||
(cd "${DIR}"/src/stock-quotes-service && CGO_ENABLED=0 GOOS=linux go build -v -o "${DIR}"/docker/stock-quotes-service/stock-quotes-service)
|
||||
|
||||
docker-compose -f docker-compose.yml build
|
||||
docker-compose -f "${DIR}"/docker-compose.yaml build
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
#/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
PARENT_DIR="$(dirname "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )")"
|
||||
|
||||
norm=$(tput sgr0) || true
|
||||
green=$(tput setaf 2) || true
|
||||
|
||||
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml down
|
||||
|
||||
echo "${green}Cleaning completed.${norm}"
|
||||
|
|
@ -0,0 +1,52 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
PARENT_DIR="$(dirname "$DIR")"
|
||||
|
||||
norm=$(tput sgr0) || true
|
||||
green=$(tput setaf 2) || true
|
||||
red=$(tput setaf 1) || true
|
||||
bold=$(tput bold) || true
|
||||
|
||||
|
||||
timestamp() {
|
||||
date -u "+[%Y-%m-%dT%H:%M:%SZ]"
|
||||
}
|
||||
|
||||
log() {
|
||||
echo "${bold}$(timestamp) $*${norm}"
|
||||
}
|
||||
|
||||
check-entry-is-propagated() {
|
||||
# Check at most 30 times that the agent has successfully synced down the workload entry.
|
||||
# Wait one second between checks.
|
||||
log "Checking registration entry is propagated..."
|
||||
for ((i=1;i<=30;i++)); do
|
||||
if docker-compose -f "${PARENT_DIR}"/docker-compose.yaml exec -T $1 cat /opt/spire/agent.log 2>&1 | grep -qe "$2"; then
|
||||
log "${green}Entry is propagated.${nn}"
|
||||
return 0
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
|
||||
log "${red}timed out waiting for the entry to be progagated to the agent${norm}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
|
||||
log "Building"
|
||||
bash "${PARENT_DIR}"/build.sh
|
||||
|
||||
log "Starting container"
|
||||
docker-compose -f "${PARENT_DIR}"/docker-compose.yaml up -d
|
||||
|
||||
bash "${PARENT_DIR}"/1-start-spire-agents.sh
|
||||
|
||||
bash "${PARENT_DIR}"/2-bootstrap-federation.sh
|
||||
|
||||
bash "${PARENT_DIR}"/3-create-registration-entries.sh
|
||||
|
||||
check-entry-is-propagated stock-quotes-service spiffe://stockmarket.example/quotes-service
|
||||
check-entry-is-propagated broker-webapp spiffe://broker.example/webapp
|
||||
|
|
@ -0,0 +1,52 @@
|
|||
#!/bin/bash
|
||||
|
||||
norm=$(tput sgr0) || true
|
||||
green=$(tput setaf 2) || true
|
||||
red=$(tput setaf 1) || true
|
||||
bold=$(tput bold) || true
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
timestamp() {
|
||||
date -u "+[%Y-%m-%dT%H:%M:%SZ]"
|
||||
}
|
||||
|
||||
log() {
|
||||
echo "${bold}$(timestamp) $*${norm}"
|
||||
}
|
||||
|
||||
fail() {
|
||||
echo "${red}$(timestamp) $*${norm}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
clean-env() {
|
||||
log "Cleaning up..."
|
||||
bash "${DIR}"/scripts/clean-env.sh
|
||||
}
|
||||
|
||||
trap clean-env EXIT
|
||||
|
||||
|
||||
log "Preparing Nested SPIRE environment..."
|
||||
clean-env
|
||||
|
||||
bash "${DIR}"/scripts/set-env.sh
|
||||
|
||||
for ((i=0;i<60;i++)); do
|
||||
if docker-compose -f "${DIR}"/docker-compose.yaml exec -T broker-webapp wget localhost:8080/quotes -O - 2>&1 | grep -qe "Quotes service unavailable"; then
|
||||
log "Service not found, retrying..."
|
||||
sleep 1
|
||||
continue
|
||||
fi
|
||||
CONNECTION_OK=1
|
||||
break
|
||||
done
|
||||
|
||||
if [ "${CONNECTION_OK}" ]; then
|
||||
echo "${green}Success${norm}"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
fail "Failed!. Timed out waiting quote service communicate with webapp from SPIRE."
|
||||
exit 1
|
||||
Loading…
Reference in New Issue