spire-tutorials/k8s/quickstart/test.sh

#!/bin/bash

set -e

bold=$(tput bold)
norm=$(tput sgr0)
red=$(tput setaf 1)
green=$(tput setaf 2)
yellow=$(tput setaf 3)

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

MINIKUBEPROFILE="SPIRE-SYSTEMS-TEST"
MINIKUBECMD="minikube -p ${MINIKUBEPROFILE}"
CHECKINTERVAL=1
if [ -n "${TRAVIS}" ]; then
	# Use the default profile inside of Travis
	MINIKUBECMD="/usr/local/bin/minikube"
	# Travis is slow. Give our containers more time.
	CHECKINTERVAL=5
fi
TMPDIR=$(mktemp -d)
SERVERLOGS=${TMPDIR}/spire-server-logs.log

start_minikube() {
	# Travis will start up minikube (via .travis.yml)
	if [ -z "${TRAVIS}" ]; then
		echo "${bold}Starting minikube... ${norm}"
		${MINIKUBECMD} start
		eval $(${MINIKUBECMD} docker-env)
	fi
}

tear_down_config() {
	kubectl delete namespace spire > /dev/null || true
}

stop_minikube() {
	# Don't stop the minikube inside of travis
	if [ -z "${TRAVIS}" ]; then
		${MINIKUBECMD} stop > /dev/null || true
	fi
}

cleanup() {
	echo -n "${bold}Cleaning up... ${norm}"
	if [ ! -z "${SUCCESS}" ]; then
		# success. remove the tmp dir.
		rm -rf ${TMPDIR}
	fi
	tear_down_config
	stop_minikube
	echo "${green}ok${norm}."
}

# apply the k8s configuration
apply_server_config() {
	echo -n "${bold}Applying SPIRE server k8s configuration... ${norm}"
	kubectl apply -f ${DIR}/spire-namespace.yaml > /dev/null
	kubectl apply -f ${DIR}/server-account.yaml > /dev/null
	kubectl apply -f ${DIR}/server-cluster-role.yaml > /dev/null
	kubectl apply -f ${DIR}/server-configmap.yaml > /dev/null
	kubectl apply -f ${DIR}/spire-bundle-configmap.yaml > /dev/null
	kubectl apply -f ${DIR}/server-statefulset.yaml > /dev/null
	kubectl apply -f ${DIR}/server-service.yaml > /dev/null
	echo "${green}ok.${norm}"
}

apply_agent_config() {
	echo -n "${bold}Applying SPIRE agent k8s configuration... ${norm}"
	kubectl apply -f ${DIR}/agent-account.yaml > /dev/null
	kubectl apply -f ${DIR}/agent-cluster-role.yaml > /dev/null
	kubectl apply -f ${DIR}/agent-configmap.yaml > /dev/null
	kubectl apply -f ${DIR}/agent-daemonset.yaml > /dev/null
	echo "${green}ok.${norm}"
}

wait_for_pod() {
	local prefix=$1
	local outvar=$2
	for i in $(seq 60); do
		echo -n "${bold}Checking ${prefix} pod status... ${norm}"
		local getpods=$(kubectl -n spire get pods 2>/dev/null | grep ${prefix} || true)
		if [ -z "${getpods}" ]; then
			echo "${yellow}NotFound${norm}."
			sleep ${CHECKINTERVAL}
			continue
		fi
		local podname=$(echo ${getpods} | awk '{print $1}')
		local podstatus=$(echo ${getpods} | awk '{print $3}')
		if [ "${podstatus}" != "Running" ]; then
			echo "${yellow}${podstatus}${norm}."
			sleep ${CHECKINTERVAL}
			continue
		fi
		echo "${green}Running (${podname})${norm}."
		# I'd rather use name binding, but macOS ships with Bash 3. Silly macOS.
		eval $outvar=\${podname}
		return
	done

	echo "${red}failed${norm}."
	echo "${red}FAILED: ${prefix} pod not running in time${norm}"
	exit -1
}

wait_for_server() {
	wait_for_pod spire-server SPIRE_SERVER_POD_NAME
}

wait_for_agent() {
	wait_for_pod spire-agent SPIRE_AGENT_POD_NAME
}

check_for_node_attestation() {
	# spin for 60 seconds, checking to see if the agent attests
	for i in $(seq 60); do
		sleep ${CHECKINTERVAL}
		echo -n "${bold}Checking for node attestation... ${norm}"
		kubectl -n spire logs ${SPIRE_SERVER_POD_NAME} > ${SERVERLOGS} || true
		if  grep -sxq -e ".*Agent attestation request completed.*k8s_sat.*" ${SERVERLOGS}; then
			echo "${green}ok${norm}."
			return
		fi
		echo "${yellow}nope${norm}."
	done

	echo "${red}FAILED: node attestation did not succeed in time.${norm}" >&2
	echo "${yellow}Log at ${SERVERLOGS}${norm}" >&2
	exit -1
}

trap cleanup EXIT
start_minikube
apply_server_config
wait_for_server
apply_agent_config
wait_for_agent
check_for_node_attestation

echo "${bold}Success.${norm}"