diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 1f1e78b..aa4ca1c 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -11,4 +11,13 @@ platformAutomerge: false, prHourlyLimit: 6, prConcurrentLimit: 20, + customManagers: [ + { + "customType": "regex", + "fileMatch": ["\.sh",], + "matchStrings": [ + "datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?( extractVersion=(?.*?))?\\s(?.*?)=\"(?.*?)\"" + ], + }, + ] } diff --git a/MAINTENANCE.md b/MAINTENANCE.md new file mode 100644 index 0000000..c6a34f9 --- /dev/null +++ b/MAINTENANCE.md @@ -0,0 +1,39 @@ +# MAINTENANCE.md + +_This file serves as a reference for the maintenance procedures and guidelines for the C8 SM checks in this project._ +_Note: Please keep this document updated with any changes in maintenance procedures, dependencies, actions, or restrictions._ + +## Maintenance Procedures + +### Before New Releases + +- Update documentation related to new features or changes. + - `README.md` + - Official Camunda documentation: + - [C8SM: Troubleshooting](https://github.com/camunda/camunda-docs/blob/main/docs/self-managed/operational-guides/troubleshooting/troubleshooting.md) + +- Make internal announcements on Slack regarding upcoming releases. + - `#infex-internal` + - `#engineering` if relevant + +### After New Releases + +_Nothing referenced yet._ + +## Dependencies + +### Upstream Dependencies: dependencies of this project + +None referenced yet. + +### Downstream Dependencies: things that depend on this project + +None referenced yet. + +## Actions + +- Notify the **Product Management Team** of any new releases, especially if there are breaking changes or critical updates. + +## Restrictions + +- N/A diff --git a/README.md b/README.md index 573b330..5bae7fe 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ -# # C8 Self-Managed Checks +# C8 Self-Managed Checks +[![Camunda](https://img.shields.io/badge/Camunda-FC5D0D)](https://www.camunda.com/) + [![License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) ## Overview @@ -91,14 +95,14 @@ This script retrieves an access token from an authorization server using client ```bash Usage: ./checks/zeebe/token.sh [-h] [-a AUTH_SERVER_URL] [-i CLIENT_ID] [-s CLIENT_SECRET] [-u TOKEN_AUDIENCE] Options: - -h Display this help message - -a AUTH_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/token) - -i CLIENT_ID Specify the client ID - -s CLIENT_SECRET Specify the client secret - -u TOKEN_AUDIENCE Specify the token audience - -k Skip TLS verification (insecure mode) - -r CACERT Specify the path to CA certificate file - -j CLIENTCERT Specify the path to client certificate file + -h Display this help message + -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/token) + -i ZEEBE_CLIENT_ID Specify the client ID + -s ZEEBE_CLIENT_SECRET Specify the client secret + -u ZEEBE_TOKEN_AUDIENCE Specify the token audience + -k Skip TLS verification (insecure mode) + -r CACERT Specify the path to CA certificate file + -j CLIENTCERT Specify the path to client certificate file ``` ##### Example: @@ -121,17 +125,17 @@ This script verifies connectivity to a Zeebe instance using HTTP/2 and gRPC prot ```bash Usage: ./checks/zeebe/connectivity.sh [-h] [-H ZEEBE_HOST] Options: - -h Display this help message - -H ZEEBE_HOST Specify the Zeebe host (e.g., zeebe.c8.camunda.example.com) - -f PROTO_FILE Specify the path to gateway.proto file or leave empty to download it - -k Skip TLS verification (insecure mode) - -r CACERT Specify the path to CA certificate file - -j CLIENTCERT Specify the path to Client certificate file - -a AUTH_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/t -oken) - -i CLIENT_ID Specify the client ID - -s CLIENT_SECRET Specify the client secret - -u TOKEN_AUDIENCE Specify the token audience + -h Display this help message + -H ZEEBE_HOST Specify the Zeebe host with the port (e.g., zeebe.c8.camunda.example.com:443) + -p ZEEBE_VERSION Specify the Zeebe version (default is latest version: 8.x.x) + -f PROTO_FILE Specify the path to gateway.proto file or leave empty to download it (default behavior is to download the protofile) + -k Skip TLS verification (insecure mode) + -r CACERT Specify the path to CA certificate file + -j CLIENTCERT Specify the path to Client certificate file + -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/token) + -i ZEEBE_CLIENT_ID Specify the client ID + -s ZEEBE_CLIENT_SECRET Specify the client secret + -u ZEEBE_TOKEN_AUDIENCE Specify the token audience ``` ##### Example: diff --git a/checks/kube/connectivity.sh b/checks/kube/connectivity.sh index 8763914..77c2d3a 100755 --- a/checks/kube/connectivity.sh +++ b/checks/kube/connectivity.sh @@ -57,13 +57,19 @@ command -v kubectl >/dev/null 2>&1 || { echo >&2 "Error: kubectl is required but # check if all services can be resolved in pods with curl in the pod check_services_resolution() { - echo "Check services can be resolved in the pods" + echo "[INFO] Check services can be resolved in the pods" local pods - pods=$(kubectl get pods -n "$NAMESPACE" -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}') + local pods_command + pods_command="kubectl get pods -n \"$NAMESPACE\" -o jsonpath='{range .items[*]}{.metadata.name}{\"\n\"}{end}'" + echo "[INFO] Running command: ${pods_command}" + pods=$(eval "${pods_command}") local services - services=$(kubectl get services -n "$NAMESPACE" -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}') + local services_command + services_command="kubectl get services -n \"$NAMESPACE\" -o jsonpath='{range .items[*]}{.metadata.name}{\"\n\"}{end}'" + echo "[INFO] Running command: ${services_command}" + services=$(eval "${services_command}") # for each pod, we check if all the services can be resolved for pod in $pods; do @@ -75,13 +81,16 @@ check_services_resolution() { for service in $services; do local curl_output - curl_output=$(kubectl exec -n "$NAMESPACE" "$pod" -- curl -s -v --max-time 1 "$service" 2>&1) + local curl_command + curl_command="kubectl exec -n \"$NAMESPACE\" \"$pod\" -- curl -s -v --max-time 1 \"$service\"" + echo "[INFO] Running command: ${curl_command}" + curl_output=$(eval "${curl_command}" 2>&1) # Check if the output contains "Trying ip:port" (IPv4 or IPv6) if echo "$curl_output" | grep -Eq "Trying ([0-9.]*|\[[0-9a-fA-F:]*\]):[0-9]*"; then echo "[OK] Service $service resolved successfully from pod $pod in namespace $NAMESPACE" else - echo "[KO] Service $service resolution failed from pod $pod in namespace $NAMESPACE: $curl_output" >&2 + echo "[FAIL] Service $service resolution failed from pod $pod in namespace $NAMESPACE: $curl_output" >&2 SCRIPT_STATUS_OUTPUT=2 fi done @@ -90,18 +99,27 @@ check_services_resolution() { check_services_resolution check_ingress_class_and_config() { - echo "Check ingress and associated configuration" + echo "[INFO] Check ingress and associated configuration" + local annotation_found annotation_found=0 - ingress_list=$(kubectl get ingress -n "$NAMESPACE" -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}') + local ingress_list + local ingress_list_command + ingress_list_command="kubectl get ingress -n \"$NAMESPACE\" -o jsonpath='{range .items[*]}{.metadata.name}{\"\n\"}{end}'" + echo "[INFO] Running command: ${ingress_list_command}" + ingress_list=$(eval "${ingress_list_command}") # check each ingress listed for ingress_name in $ingress_list; do - ingress_class=$(kubectl get ingress -n "$NAMESPACE" "$ingress_name" -o jsonpath='{.spec.ingressClassName}') + local ingress_class + local ingress_class_command + ingress_class_command="kubectl get ingress -n \"$NAMESPACE\" \"$ingress_name\" -o jsonpath='{.spec.ingressClassName}'" + echo "[INFO] Running command: ${ingress_class_command}" + ingress_class=$(eval "${ingress_class_command}") if [ "$ingress_class" != "nginx" ]; then - echo "[KO] Ingress class is not nginx for $ingress_name. Actual class: $ingress_class." >&2 + echo "[FAIL] Ingress class is not nginx for $ingress_name. Actual class: $ingress_class." >&2 echo "If you configured it on purpose, please the SKIP_CHECK_INGRESS_CLASS option." >&2 SCRIPT_STATUS_OUTPUT=3 else @@ -114,7 +132,7 @@ check_ingress_class_and_config() { done if [ "$annotation_found" -eq 0 ]; then - echo "[KO] None of the ingresses contain the annotation nginx.ingress.kubernetes.io/backend-protocol: GRPC, which is required for zeebe ingress." >&2 + echo "[FAIL] None of the ingresses contain the annotation nginx.ingress.kubernetes.io/backend-protocol: GRPC, which is required for zeebe ingress." >&2 SCRIPT_STATUS_OUTPUT=5 fi } @@ -124,7 +142,7 @@ fi # Check if SCRIPT_STATUS_OUTPUT is not equal to zero if [ "$SCRIPT_STATUS_OUTPUT" -ne 0 ]; then - echo "[KO] ${LVL_1_SCRIPT_NAME}: At least one of the tests failed (error code: ${SCRIPT_STATUS_OUTPUT})." 1>&2 + echo "[FAIL] ${LVL_1_SCRIPT_NAME}: At least one of the tests failed (error code: ${SCRIPT_STATUS_OUTPUT})." 1>&2 exit $SCRIPT_STATUS_OUTPUT else echo "[OK] ${LVL_1_SCRIPT_NAME}: All test passed." diff --git a/checks/kube/deployment.sh b/checks/kube/deployment.sh index 9036e24..6e90c51 100755 --- a/checks/kube/deployment.sh +++ b/checks/kube/deployment.sh @@ -67,21 +67,24 @@ command -v kubectl >/dev/null 2>&1 || { echo >&2 "Error: kubectl is required but # Helm checks of the deployment check_helm_deployment() { - echo "Check status of the last helm deployment" + echo "[INFO] Check status of the last helm deployment" local last_deployment - last_deployment=$(helm list -n "$NAMESPACE" | grep "$HELM_DEPLOYMENT_NAME" | head -n 1) + local last_deployment_command + last_deployment_command="helm list -n \"$NAMESPACE\" | grep \"$HELM_DEPLOYMENT_NAME\" | head -n 1" + echo "[INFO] Running command: ${last_deployment_command}" + last_deployment=$(eval "${last_deployment_command}") if [[ -n "$last_deployment" ]]; then deployment_status=$(echo "$last_deployment" | awk '{ print $8 }') if [[ "$deployment_status" == "deployed" ]]; then echo "[OK] Last Helm deployment $HELM_DEPLOYMENT_NAME was successful" else - echo "[KO] Last Helm deployment $HELM_DEPLOYMENT_NAME was not successful: (status=$deployment_status)" >&2 + echo "[FAIL] Last Helm deployment $HELM_DEPLOYMENT_NAME was not successful: (status=$deployment_status)" >&2 SCRIPT_STATUS_OUTPUT=2 fi else - echo "[KO] No deployment found for $HELM_DEPLOYMENT_NAME in namespace $NAMESPACE" >&2 + echo "[FAIL] No deployment found for $HELM_DEPLOYMENT_NAME in namespace $NAMESPACE" >&2 SCRIPT_STATUS_OUTPUT=3 fi } @@ -92,15 +95,18 @@ fi # check if any pod is in an unhealthy state in the namespace check_unhealthy_pods() { - echo "Check absenced of unhealthy containers" + echo "[INFO] Check absenced of unhealthy containers" local unhealthy_pods - unhealthy_pods=$(kubectl get pods -n "$NAMESPACE" --field-selector=status.phase!=Running --no-headers) + local unhealthy_pods_command + unhealthy_pods_command="kubectl get pods -n \"$NAMESPACE\" --field-selector=status.phase!=Running --no-headers" + echo "[INFO] Running command: ${unhealthy_pods_command}" + unhealthy_pods=$(eval "${unhealthy_pods_command}") if [[ -z "$unhealthy_pods" ]]; then echo "[OK] All pods are in an healthy state in namespace $NAMESPACE" else - echo "[KO] Pods in unhealthy state in namespace $NAMESPACE:" >&2 + echo "[FAIL] Pods in unhealthy state in namespace $NAMESPACE:" >&2 echo "$unhealthy_pods" >&2 SCRIPT_STATUS_OUTPUT=4 fi @@ -111,15 +117,18 @@ check_unhealthy_pods check_containers_in_pods() { local required_containers required_containers=("${REQUIRED_CONTAINERS[@]}") - echo "Check presence of required containers ${required_containers[*]}" + echo "[INFO] Check presence of required containers ${required_containers[*]}" local pods_containers - pods_containers=$(kubectl get pods -n "$NAMESPACE" -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.containers[*].name}{"\n"}{end}') + local pods_containers_command + pods_containers_command="kubectl get pods -n \"$NAMESPACE\" -o jsonpath='{range .items[*]}{.metadata.name}{\"\t\"}{.spec.containers[*].name}{\"\n\"}{end}'" + echo "[INFO] Running command: ${pods_containers_command}" + pods_containers=$(eval "${pods_containers_command}") for container in "${required_containers[@]}"; do # Check if the container exists in any pod if ! echo "$pods_containers" | awk -v container="$container" '$0 ~ container { found = 1; exit } END { exit !found }'; then - echo "[KO] The following required container is missing in the pods in namespace $NAMESPACE: $container" >&2 + echo "[FAIL] The following required container is missing in the pods in namespace $NAMESPACE: $container" >&2 SCRIPT_STATUS_OUTPUT=5 fi done @@ -128,7 +137,7 @@ check_containers_in_pods # Check if SCRIPT_STATUS_OUTPUT is not equal to zero if [ "$SCRIPT_STATUS_OUTPUT" -ne 0 ]; then - echo "[KO] ${LVL_1_SCRIPT_NAME}: At least one of the tests failed (error code: ${SCRIPT_STATUS_OUTPUT})." 1>&2 + echo "[FAIL] ${LVL_1_SCRIPT_NAME}: At least one of the tests failed (error code: ${SCRIPT_STATUS_OUTPUT})." 1>&2 exit $SCRIPT_STATUS_OUTPUT else echo "[OK] ${LVL_1_SCRIPT_NAME}: All test passed." diff --git a/checks/zeebe/connectivity.sh b/checks/zeebe/connectivity.sh index 853da8f..c39c106 100755 --- a/checks/zeebe/connectivity.sh +++ b/checks/zeebe/connectivity.sh @@ -23,26 +23,30 @@ ZEEBE_CLIENT_SECRET="" ZEEBE_TOKEN_AUDIENCE="" ZEEBE_TOKEN_SCOPE="camunda-identity" +# renovate: datasource=github-releases depName=camunda/zeebe +ZEEBE_VERSION="8.5.0" + # Function to display script usage usage() { echo "Usage: $0 [-h] [-H ZEEBE_HOST]" echo "Options:" - echo " -h Display this help message" - echo " -H ZEEBE_HOST Specify the Zeebe host with the port (e.g., zeebe.c8.camunda.example.com:443)" - echo " -f PROTO_FILE Specify the path to gateway.proto file or leave empty to download it" - echo " -k Skip TLS verification (insecure mode)" - echo " -r CACERT Specify the path to CA certificate file" - echo " -j CLIENTCERT Specify the path to Client certificate file" - echo " -a AUTH_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/t + echo " -h Display this help message" + echo " -H ZEEBE_HOST Specify the Zeebe host with the port (e.g., zeebe.c8.camunda.example.com:443)" + echo " -p ZEEBE_VERSION Specify the Zeebe version (default is latest version: $ZEEBE_VERSION)" + echo " -f PROTO_FILE Specify the path to gateway.proto file or leave empty to download it (default behavior is to download the protofile)" + echo " -k Skip TLS verification (insecure mode)" + echo " -r CACERT Specify the path to CA certificate file" + echo " -j CLIENTCERT Specify the path to Client certificate file" + echo " -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.example.com/auth/realms/camunda-platform/protocol/openid-connect/t oken)" - echo " -i CLIENT_ID Specify the client ID" - echo " -s CLIENT_SECRET Specify the client secret" - echo " -u TOKEN_AUDIENCE Specify the token audience" + echo " -i ZEEBE_CLIENT_ID Specify the client ID" + echo " -s ZEEBE_CLIENT_SECRET Specify the client secret" + echo " -u ZEEBE_TOKEN_AUDIENCE Specify the token audience" exit 1 } # Parse command line options -while getopts ":hH:f:kr:j:a:i:s:u:" opt; do +while getopts ":hH:f:kr:j:a:i:s:u:p:" opt; do case ${opt} in h) usage @@ -74,6 +78,9 @@ while getopts ":hH:f:kr:j:a:i:s:u:" opt; do u) ZEEBE_TOKEN_AUDIENCE=$OPTARG ;; + p) + ZEEBE_VERSION=$OPTARG + ;; \?) echo "Invalid option: $OPTARG" 1>&2 usage @@ -135,7 +142,7 @@ if [ -n "${ZEEBE_AUTHORIZATION_SERVER_URL}" ] || [ -n "${ZEEBE_CLIENT_ID}" ] || if [ -n "$access_token" ]; then echo "[OK] Auth token successfuly generated" else - echo "[KO] Failed to generate access token: $token_output." 1>&2 + echo "[FAIL] Failed to generate access token: $token_output." 1>&2 SCRIPT_STATUS_OUTPUT=2 fi fi @@ -145,56 +152,80 @@ if [ -n "${access_token}" ]; then EXTRA_FLAGS_GRPCURL+=" -H 'Authorization: Bearer ${access_token}' " fi - -# Check if proto file path is provided, if not, download it -if [ -z "$PROTO_FILE" ]; then - PROTO_FILE="gateway.proto" - echo "Downloading gateway.proto..." - wget https://raw.githubusercontent.com/camunda/zeebe/main/zeebe/gateway-protocol/src/main/proto/gateway.proto -O $PROTO_FILE -fi - # Check HTTP/2 connectivity check_http2(){ - echo "Checking HTTP/2 connectivity to $ZEEBE_HOST" + echo "[INFO] Checking HTTP/2 connectivity to $ZEEBE_HOST" curl_command="curl -so /dev/null --http2 ${EXTRA_FLAGS_CURL} \"https://$ZEEBE_HOST\"" + echo "[INFO] Running command: ${curl_command}" + if eval "${curl_command}"; then echo "[OK] HTTP/2 connectivity" else - echo "[KO] HTTP/2 connectivity" 1>&2 - SCRIPT_STATUS_OUTPUT=3 + echo "[FAIL] HTTP/2 connectivity" 1>&2 + SCRIPT_STATUS_OUTPUT=4 fi } check_http2 +# Check if proto file path is provided, if not, download it +download_zeebe_protofile(){ + echo "[INFO] Downloading gateway.proto for zeebe=${ZEEBE_VERSION}..." + + local curl_download_command + curl_download_command="curl -f \"https://raw.githubusercontent.com/camunda/zeebe/${ZEEBE_VERSION}/zeebe/gateway-protocol/src/main/proto/gateway.proto\" -o \"$PROTO_FILE\"" + echo "[INFO] Running command: ${curl_download_command}" + + if eval "${curl_download_command}"; then + echo "[INFO] Successfuly downloaded proto file for Zeebe=${ZEEBE_VERSION}" + else + echo "[FAIL] Failed to downloaded proto file for Zeebe=${ZEEBE_VERSION}" 1>&2 + SCRIPT_STATUS_OUTPUT=3 + fi +} +if [ -z "$PROTO_FILE" ]; then + PROTO_FILE="gateway.proto" + download_zeebe_protofile +fi + # Check gRPC connectivity using grpcurl check_grpc(){ - echo "Checking gRPC connectivity to $ZEEBE_HOST" + echo "[INFO] Checking gRPC connectivity to $ZEEBE_HOST" + + local grcp_curl_command grcp_curl_command="grpcurl ${EXTRA_FLAGS_GRPCURL} -proto \"${PROTO_FILE}\" \"${ZEEBE_HOST}\" gateway_protocol.Gateway/Topology" + echo "[INFO] Running command: ${grcp_curl_command}" + + if eval "${grcp_curl_command}"; then echo "[OK] gRPC connectivity" else - echo "[KO] gRPC connectivity" 1>&2 - SCRIPT_STATUS_OUTPUT=4 + echo "[FAIL] gRPC connectivity" 1>&2 + SCRIPT_STATUS_OUTPUT=5 fi } check_grpc # Check zbctl status check_zbctl() { - echo "Checking zbctl status to $ZEEBE_HOST..." + echo "[INFO] Checking zbctl status to $ZEEBE_HOST..." + + local zbctl_command zbctl_command="ZEEBE_TOKEN_SCOPE=${ZEEBE_TOKEN_SCOPE} zbctl status --address \"${ZEEBE_HOST}\" --authzUrl \"${ZEEBE_AUTHORIZATION_SERVER_URL}\" --clientId \"${ZEEBE_CLIENT_ID}\" --clientSecret \"${ZEEBE_CLIENT_SECRET}\" --audience \"${ZEEBE_TOKEN_AUDIENCE}\" ${EXTRA_FLAGS_ZBCTL}" + + echo "[INFO] Running command: ${zbctl_command}" + if eval "${zbctl_command}"; then echo "[OK] zbctl status" else - echo "[KO] zbctl status" 1>&2 - SCRIPT_STATUS_OUTPUT=5 + echo "[FAIL] zbctl status" 1>&2 + SCRIPT_STATUS_OUTPUT=6 fi } check_zbctl # Check if SCRIPT_STATUS_OUTPUT is not equal to zero if [ "$SCRIPT_STATUS_OUTPUT" -ne 0 ]; then - echo "[KO] ${LVL_1_SCRIPT_NAME}: At least one of the tests failed (error code: ${SCRIPT_STATUS_OUTPUT})." 1>&2 + echo "[FAIL] ${LVL_1_SCRIPT_NAME}: At least one of the tests failed (error code: ${SCRIPT_STATUS_OUTPUT})." 1>&2 exit $SCRIPT_STATUS_OUTPUT else echo "[OK] ${LVL_1_SCRIPT_NAME}: All test passed." diff --git a/checks/zeebe/token.sh b/checks/zeebe/token.sh index a156a60..e4cdc82 100755 --- a/checks/zeebe/token.sh +++ b/checks/zeebe/token.sh @@ -21,15 +21,15 @@ EXTRA_FLAGS_CURL="" usage() { echo "Usage: $0 [-h] [-a AUTH_SERVER_URL] [-i CLIENT_ID] [-s CLIENT_SECRET] [-u TOKEN_AUDIENCE]" echo "Options:" - echo " -h Display this help message" - echo " -a AUTH_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/t + echo " -h Display this help message" + echo " -a ZEEBE_AUTHORIZATION_SERVER_URL Specify the authorization server URL (e.g.: https://local.distro.ultrawombat.com/auth/realms/camunda-platform/protocol/openid-connect/t oken)" - echo " -i CLIENT_ID Specify the client ID" - echo " -s CLIENT_SECRET Specify the client secret" - echo " -u TOKEN_AUDIENCE Specify the token audience" - echo " -k Skip TLS verification (insecure mode)" - echo " -r CACERT Specify the path to CA certificate file" - echo " -j CLIENTCERT Specify the path to client certificate file" + echo " -i ZEEBE_CLIENT_ID Specify the client ID" + echo " -s ZEEBE_CLIENT_SECRET Specify the client secret" + echo " -u ZEEBE_TOKEN_AUDIENCE Specify the token audience" + echo " -k Skip TLS verification (insecure mode)" + echo " -r CACERT Specify the path to CA certificate file" + echo " -j CLIENTCERT Specify the path to client certificate file" exit 1 } @@ -96,6 +96,7 @@ command -v curl >/dev/null 2>&1 || { echo >&2 "Error: curl is required but not i curl_command="curl -f -d \"client_id=${ZEEBE_CLIENT_ID}\" -d \"client_secret=${ZEEBE_CLIENT_SECRET}\" -d \"grant_type=client_credentials\" \"${ZEEBE_AUTHORIZATION_SERVER_URL}\" ${EXTRA_FLAGS_CURL}" +echo "[INFO] Running command: ${curl_command}" # Generate access token access_token_response=$(eval "${curl_command}") @@ -105,12 +106,12 @@ curl_exit_code=$? if [ $curl_exit_code -eq 0 ]; then echo "[OK] Generated access token" else - echo "[KO] Curl command failed with exit code $curl_exit_code" 1>&2 + echo "[FAIL] Curl command failed with exit code $curl_exit_code" 1>&2 SCRIPT_STATUS_OUTPUT=2 fi if [ -z "$access_token_response" ]; then - echo "[KO] Failed to generate access token." 1>&2 + echo "[FAIL] Failed to generate access token." 1>&2 SCRIPT_STATUS_OUTPUT=3 fi @@ -118,14 +119,14 @@ fi # shellcheck disable=SC2001 token=$(echo "$access_token_response" | sed 's/.*access_token":"\([^"]*\)".*/\1/') if [ -z "$token" ]; then - echo "[KO] Failed to extract access token." 1>&2 + echo "[FAIL] Failed to extract access token." 1>&2 SCRIPT_STATUS_OUTPUT=4 else echo "[OK] Access Token: ${token}" fi if [ "$SCRIPT_STATUS_OUTPUT" -ne 0 ]; then - echo "[KO] ${LVL_1_SCRIPT_NAME}: At least one of the tests failed (error code: ${SCRIPT_STATUS_OUTPUT})." 1>&2 + echo "[FAIL] ${LVL_1_SCRIPT_NAME}: At least one of the tests failed (error code: ${SCRIPT_STATUS_OUTPUT})." 1>&2 exit $SCRIPT_STATUS_OUTPUT else echo "[OK] ${LVL_1_SCRIPT_NAME}: All test passed." diff --git a/test/README.md b/test/README.md index 8ddd745..e7dfd4b 100644 --- a/test/README.md +++ b/test/README.md @@ -1,8 +1,7 @@ # Tests - -TODO: setup a kind server in the CI, deploy C8 and run the tests against it - ## Setup a Kind cluster -See https://docs.camunda.io/docs/self-managed/setup/deploy/local/local-kubernetes-cluster/ +Setup a kind cluster https://docs.camunda.io/docs/self-managed/setup/deploy/local/local-kubernetes-cluster/. + +Then deploy C8 and perform the tests of the scripts against it.