rename variables to be consistent

Signed-off-by: Marcos Yacob <marcosyacob@gmail.com>
spiffe · Sep 28, 2024 · b22951a · b22951a
1 parent 5373843
commit b22951a
Show file tree

Hide file tree

Showing 9 changed files with 61 additions and 89 deletions.
diff --git a/test/integration/suites/force-rotation-self-signed/12-taint-x509authority b/test/integration/suites/force-rotation-self-signed/12-taint-x509authority
@@ -9,23 +9,23 @@ check-logs() {
 }
 
 # Fetch old authority ID
-oldAuthority=$(docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation root-server \
+old_authority=$(docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation root-server \
       /opt/spire/bin/spire-server \
       localauthority x509 show -output json | jq .old.authority_id -r) || fail-now "Failed to fetch old authority ID"
 
 # Taint the old authority
 docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation root-server \
       /opt/spire/bin/spire-server \
-      localauthority x509 taint -authorityID "${oldAuthority}" || fail-now "Failed to taint old authority"
+      localauthority x509 taint -authorityID "${old_authority}" || fail-now "Failed to taint old authority"
 
 # Root server logs
 check-logs root-server \
-      "X\.509 authority tainted successfully|local_authority_id=${oldAuthority}" \
+      "X\.509 authority tainted successfully|local_authority_id=${old_authority}" \
       "Server SVID signed using a tainted authority, forcing rotation of the Server SVID"
 
 # Root agent logs
 check-logs root-agent \
-      "New tainted X.509 authorities found|subject_key_ids=${oldAuthority}" \
+      "New tainted X.509 authorities found|subject_key_ids=${old_authority}" \
       "Scheduled rotation for SVID entries due to tainted X\.509 authorities|count=3" \
       "Agent SVID is tainted by a root authority, forcing rotation"
 
@@ -36,7 +36,7 @@ check-logs intermediateA-server \
       "Current root CA is signed by a tainted upstream authority, preparing rotation" \
       "Server SVID signed using a tainted authority, forcing rotation of the Server SVID"
 check-logs intermediateA-agent \
-      "New tainted X\.509 authorities found|subject_key_ids=${oldAuthority}" \
+      "New tainted X\.509 authorities found|subject_key_ids=${old_authority}" \
       "Scheduled rotation for SVID entries due to tainted X.509 authorities|count=2" \
       "Agent SVID is tainted by a root authority, forcing rotation"
 
@@ -45,7 +45,7 @@ check-logs intermediateB-server \
       "Current root CA is signed by a tainted upstream authority, preparing rotation" \
       "Server SVID signed using a tainted authority, forcing rotation of the Server SVID"
 check-logs intermediateB-agent \
-      "New tainted X\.509 authorities found|subject_key_ids=${oldAuthority}" \
+      "New tainted X\.509 authorities found|subject_key_ids=${old_authority}" \
       "Scheduled rotation for SVID entries due to tainted X\.509 authorities|count=2" \
       "Agent SVID is tainted by a root authority, forcing rotation"
 
@@ -54,7 +54,7 @@ check-logs leafA-server \
       "Current root CA is signed by a tainted upstream authority, preparing rotation" \
       "Server SVID signed using a tainted authority, forcing rotation of the Server SVID"
 check-logs leafA-agent \
-      "New tainted X.509 authorities found|subject_key_ids=${oldAuthority}" \
+      "New tainted X.509 authorities found|subject_key_ids=${old_authority}" \
       "Scheduled rotation for SVID entries due to tainted X\.509 authorities|count=1" \
       "Agent SVID is tainted by a root authority, forcing rotation"
 
@@ -63,6 +63,6 @@ check-logs leafB-server \
       "Current root CA is signed by a tainted upstream authority, preparing rotation" \
       "Server SVID signed using a tainted authority, forcing rotation of the Server SVID"
 check-logs leafB-agent \
-      "New tainted X.509 authorities found|subject_key_ids=${oldAuthority}" \
+      "New tainted X.509 authorities found|subject_key_ids=${old_authority}" \
       "Scheduled rotation for SVID entries due to tainted X\.509 authorities|count=1" \
       "Agent SVID is tainted by a root authority, forcing rotation"
diff --git a/test/integration/suites/force-rotation-self-signed/13-verify-svids-rotates b/test/integration/suites/force-rotation-self-signed/13-verify-svids-rotates
@@ -27,13 +27,13 @@ check-tainted-authorities() {
     local agent=$2
     local agent_dir=$3
 
-    x509Authorities=$(fetch-x509-authorities "$server")
+    log-debug "Checking tainted authorities for $server and $agent"
+    x509_authorities=$(fetch-x509-authorities "$server")
 
-    taintedFound=$(echo "$x509Authorities" | jq '.[] | select(.tainted == true)') || fail-now "Tainted authority not found"
+    echo "$x509_authorities" | jq '.[] | select(.tainted == true)' || fail-now "Tainted authority not found"
+    non_tainted_found=$(echo "$x509_authorities" | jq '.[] | select(.tainted == false)') || fail-now "Non-tainted authority not found"
 
-    nonTaintedFound=$(echo "$x509Authorities" | jq '.[] | select(.tainted == false)') || fail-now "Non-tainted authority not found"
-
-    echo "$nonTaintedFound" | jq -r .asn1 | base64 -d | openssl x509 -inform der > "$agent_dir/agent/non-tainted.pem"
+    echo "$non_tainted_found" | jq -r .asn1 | base64 -d | openssl x509 -inform der > "$agent_dir/agent/non-tainted.pem"
 
     RETRY_COUNT=0
 
@@ -45,7 +45,7 @@ check-tainted-authorities() {
             break
         else
             RETRY_COUNT=$((RETRY_COUNT + 1))
-            echo "Verification failed, retrying in $RETRY_DELAY seconds... ($RETRY_COUNT/$MAX_RETRIES)"
+            log-debug "Verification failed, retrying in $RETRY_DELAY seconds... ($RETRY_COUNT/$MAX_RETRIES)"
             sleep $RETRY_DELAY
         fi
 

diff --git a/test/integration/suites/force-rotation-self-signed/14-revoke-x509authority b/test/integration/suites/force-rotation-self-signed/14-revoke-x509authority
@@ -8,59 +8,53 @@ get-x509-authorities-count() {
     docker compose exec -T $server /opt/spire/bin/spire-server bundle show -output json | jq '.x509_authorities | length'
 }
 
-check-log-line() {
-    local server=$1
-    local pattern=$2
-    docker compose logs $server | grep -qE "$pattern" || fail-now "Log line not found on $server: $pattern"
-}
-
-oldAuthority=$(docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation root-server \
+old_authority=$(docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation root-server \
     /opt/spire/bin/spire-server localauthority x509 show -output json | jq .old.authority_id -r) || fail-now "Failed to get old authority"
 
-log-debug "Old authority: $oldAuthority"
+log-debug "Old authority: $old_authority"
 
-x509AuthoritiesCount=$(get-x509-authorities-count root-server)
+x509_authorities_count=$(get-x509-authorities-count root-server)
 
-if [ $x509AuthoritiesCount -eq 2 ]; then
+if [ $x509_authorities_count -eq 2 ]; then
     log-debug "Two X.509 Authorities found"
 else
-    fail-now "Expected to be two X.509 Authorities. Found $x509AuthoritiesCount."
+    fail-now "Expected to be two X.509 Authorities. Found $x509_authorities_count."
 fi
 
-taintedFound=$(docker compose exec -T root-server /opt/spire/bin/spire-server bundle show -output json | jq '.x509_authorities[] | select(.tainted == true)')
+tainted_found=$(docker compose exec -T root-server /opt/spire/bin/spire-server bundle show -output json | jq '.x509_authorities[] | select(.tainted == true)')
 
-if [[ -z "$taintedFound" ]]; then
+if [[ -z "$tainted_found" ]]; then
     fail-now "Tainted authority expected"
 fi
 
 docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation root-server \
-    /opt/spire/bin/spire-server localauthority x509 revoke -authorityID $oldAuthority -output json || fail-now "Failed to revoke authority"
+    /opt/spire/bin/spire-server localauthority x509 revoke -authorityID $old_authority -output json || fail-now "Failed to revoke authority"
 
-check-log-line root-server "X\.509 authority revoked successfully|local_authority_id=$oldAuthority"
-check-log-line intermediateA-server "X\.509 authority revoked|subject_key_id=$oldAuthority"
-check-log-line intermediateB-server "X\.509 authority revoked|subject_key_id=$oldAuthority"
-check-log-line leafA-server "X\.509 authority revoked|subject_key_id=$oldAuthority"
-check-log-line leafB-server "X\.509 authority revoked|subject_key_id=$oldAuthority"
+check-log-line root-server "X\.509 authority revoked successfully|local_authority_id=$old_authority"
+check-log-line intermediateA-server "X\.509 authority revoked|subject_key_id=$old_authority"
+check-log-line intermediateB-server "X\.509 authority revoked|subject_key_id=$old_authority"
+check-log-line leafA-server "X\.509 authority revoked|subject_key_id=$old_authority"
+check-log-line leafB-server "X\.509 authority revoked|subject_key_id=$old_authority"
 
 servers=("root-server" "intermediateA-server" "intermediateB-server" "leafA-server" "leafB-server")
 
 for server in "${servers[@]}"; do
-    RETRY_COUNT=0
-    while [[ $RETRY_COUNT -lt $MAX_RETRIES ]]; do
+    retry_count=0
+    while [[ $retry_count -lt $MAX_RETRIES ]]; do
         log-debug "Checking if X.509 Authority is revoked on $server"
-        x509AuthoritiesCount=$(get-x509-authorities-count $server)
+        x509_authorities_count=$(get-x509-authorities-count $server)
 
-        if [ $x509AuthoritiesCount -eq 1 ]; then
+        if [ $x509_authorities_count -eq 1 ]; then
             log-debug "Revoked X.509 Authority successfully on $server"
             break
         else
-            RETRY_COUNT=$((RETRY_COUNT + 1))
-            echo "Revocation is not propagated on $server, retrying in $RETRY_DELAY seconds... ($RETRY_COUNT/$MAX_RETRIES)"
+            retry_count=$((retry_count + 1))
+            echo "Revocation is not propagated on $server, retrying in $RETRY_DELAY seconds... ($retry_count/$MAX_RETRIES)"
             sleep $RETRY_DELAY
         fi
 
         # Fail if retries exceed the maximum
-        if [ $RETRY_COUNT -eq $MAX_RETRIES ]; then
+        if [ $retry_count -eq $MAX_RETRIES ]; then
             fail-now "Revocation is not propagated on $server failed after $MAX_RETRIES attempts."
         fi
     done

diff --git a/test/integration/suites/force-rotation-self-signed/15-verify-revoked-x509authority b/test/integration/suites/force-rotation-self-signed/15-verify-revoked-x509authority
@@ -16,7 +16,7 @@ validate-agent() {
         docker compose exec -u 1001 -T $agent \
             /opt/spire/bin/spire-agent api fetch x509 \
             -socketPath /opt/spire/sockets/workload_api.sock \
-            -write /tmp || fail_now "x509-SVID check failed for $agent"
+            -write /tmp || fail-now "x509-SVID check failed for $agent"
 
         local bundle_count=$(docker compose exec -T $agent \
             openssl storeutl -noout -text -certs /tmp/bundle.0.pem | grep -c "Certificate:")

diff --git a/test/integration/suites/force-rotation-upstream-authority/04-create-workload-entry b/test/integration/suites/force-rotation-upstream-authority/04-create-workload-entry
@@ -7,22 +7,8 @@ docker compose exec -T spire-server \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:0" \
     -x509SVIDTTL 0
-
-# Check at most 30 times (with one second in between) that the agent has
-# successfully synced down the workload entry.
-MAXCHECKS=30
-CHECKINTERVAL=1
-for ((i=1;i<=MAXCHECKS;i++)); do
-    log-info "checking for synced workload entry ($i of $MAXCHECKS max)..."
-    docker compose logs spire-agent
-    if docker compose logs spire-agent | grep "spiffe://domain.test/workload"; then
-        exit 0
-    fi
-    sleep "${CHECKINTERVAL}"
-done
-
-fail-now "timed out waiting for agent to sync down entry"
+check-synced-entry "spire-agent" "spiffe://domain.test/workload"
 
 log-info "checking X509-SVID"
 docker compose exec -T spire-agent \
-    /opt/spire/bin/spire-agent api fetch x509 || fail-now "SVID check failed"
+    /opt/spire/bin/spire-agent api fetch x509 || fail-now "SVID check failed"
diff --git a/test/integration/suites/force-rotation-upstream-authority/06-prepare-x509-authority b/test/integration/suites/force-rotation-upstream-authority/06-prepare-x509-authority
@@ -1,9 +1,5 @@
 #!/bin/bash
 
-# Constants
-MAXCHECKS=30
-RETRY_DELAY=1
-
 # Initial check for x509 authorities in spire-server
 x509_authorities=$(docker compose exec -T spire-server \
     /opt/spire/bin/spire-server bundle show -output json | jq '.x509_authorities' -c)

diff --git a/test/integration/suites/force-rotation-upstream-authority/09-verify-svid-rotation b/test/integration/suites/force-rotation-upstream-authority/09-verify-svid-rotation
@@ -25,20 +25,20 @@ check-tainted-authorities() {
     local agent=$2
     local agent_dir=$3
 
-    x509Authorities=$(fetch-x509-authorities "$server")
-    echo "$x509Authorities" | jq '.[] | select(.tainted == true)' || fail-now "Tainted authority not found"
+    x509_authorities=$(fetch-x509-authorities "$server")
+    echo "$x509_authorities" | jq '.[] | select(.tainted == true)' || fail-now "Tainted authority not found"
 
-    RETRY_COUNT=0
+    retry_count=0
 
-    while [[ $RETRY_COUNT -lt $MAX_RETRIES ]]; do
+    while [[ $retry_count -lt $MAX_RETRIES ]]; do
         verify-svid "$agent" "$agent_dir"
 
         if [ $? -eq 0 ]; then
             log-info "SVID rotated"
             break
         else
-            RETRY_COUNT=$((RETRY_COUNT + 1))
-	    log-debug "Verification failed, retrying in $RETRY_DELAY seconds... ($RETRY_COUNT/$MAX_RETRIES)"
+            retry_count=$((retry_count + 1))
+	    log-debug "Verification failed, retrying in $RETRY_DELAY seconds... ($retry_count/$MAX_RETRIES)"
             sleep $RETRY_DELAY
         fi
 

diff --git a/test/integration/suites/force-rotation-upstream-authority/10-revoke-upstream-authority b/test/integration/suites/force-rotation-upstream-authority/10-revoke-upstream-authority
@@ -1,38 +1,35 @@
 #!/bin/bash
 
-MAX_RETRIES=10
-RETRY_DELAY=1 # seconds between retries
-
 get-x509-authorities-count() {
     local server=$1
 }
 
-oldUpstreamAuthority=$(docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation spire-server \
+old_upstream_authority=$(docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation spire-server \
       /opt/spire/bin/spire-server \
       localauthority x509 show -output json | jq -r .old.upstream_authority_subject_key_id) || fail-now "Failed to fetch old upstrem authority ID"
 
-log-debug "Old authority: $oldUpstreamAuthority"
+log-debug "Old authority: $old_upstream_authority"
 
 
-x509AuthoritiesCount=$(docker compose exec -T spire-server \
+x509_authorities_count=$(docker compose exec -T spire-server \
     /opt/spire/bin/spire-server bundle \
     show -output json | jq '.x509_authorities | length')
 
-if [ $x509AuthoritiesCount -eq 2 ]; then
+if [ $x509_authorities_count -eq 2 ]; then
     log-debug "Two X.509 Authorities found"
 else
-    fail-now "Expected to be two X.509 Authorities. Found $x509AuthoritiesCount."
+    fail-now "Expected to be two X.509 Authorities. Found $x509_authorities_count."
 fi
 
-taintedFound=$(docker compose exec -T spire-server /opt/spire/bin/spire-server bundle show -output json | jq '.x509_authorities[] | select(.tainted == true)')
+tainted_found=$(docker compose exec -T spire-server /opt/spire/bin/spire-server bundle show -output json | jq '.x509_authorities[] | select(.tainted == true)')
 
-if [[ -z "$taintedFound" ]]; then
+if [[ -z "$tainted_found" ]]; then
     fail-now "Tainted authority expected"
 fi
 
 docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation spire-server \
     /opt/spire/bin/spire-server upstreamauthority \
-    revoke -subjectKeyID $oldUpstreamAuthority -output json || fail-now "Failed to revoke upstream authority"
+    revoke -subjectKeyID $old_upstream_authority -output json || fail-now "Failed to revoke upstream authority"
 
-check-log-line spire-server "X\.509 upstream authority successfully revoked|subject_key_id=$oldUpstreamAuthority"
+check-log-line spire-server "X\.509 upstream authority successfully revoked|subject_key_id=$old_upstream_authority"
 
diff --git a/...integration/suites/force-rotation-upstream-authority/11-verify-revoked-upstream-authority b/...integration/suites/force-rotation-upstream-authority/11-verify-revoked-upstream-authority
@@ -1,13 +1,13 @@
 #!/bin/bash
 
-MAX_RETRIES=10
-RETRY_DELAY=2 # seconds between retries
+max_retries=10
+retry_delay=2 # seconds between retries
 
 validate-agent() {
     local agent=$1
     local retry_count=0
 
-    while [[ $retry_count -lt $MAX_RETRIES ]]; do
+    while [[ $retry_count -lt $max_retries ]]; do
         docker compose exec -T $agent \
             /opt/spire/bin/spire-agent api fetch x509 \
             -write /opt/spire/conf/agent || fail-now "x509-SVID check failed for $agent"
@@ -17,13 +17,13 @@ validate-agent() {
             log-debug "Validation successful for $agent: There is exactly one certificate in the chain."
             return 0
         else
-            log-debug "Validation failed for $agent: Expected 1 certificate, but found $bundle_count. Retrying in $RETRY_DELAY seconds... ($retry_count/$MAX_RETRIES)"
+            log-debug "Validation failed for $agent: Expected 1 certificate, but found $bundle_count. Retrying in $retry_delay seconds... ($retry_count/$max_retries)"
         fi
 
         retry_count=$((retry_count + 1))
-        sleep $RETRY_DELAY
+        sleep $retry_delay
 
-        if [ $retry_count -eq $MAX_RETRIES ]; then
+        if [ $retry_count -eq $max_retries ]; then
             fail-now "Validation failed for $agent: Expected 1 certificate, but found $bundle_count."
         fi
     done
@@ -43,12 +43,11 @@ check_ski() {
     fi
 }
 
-activeUpstreamAuthority=$(docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation spire-server \
+active_upstream_authority=$(docker compose exec -T -e SPIRE_SERVER_FFLAGS=forced_rotation spire-server \
       /opt/spire/bin/spire-server \
       localauthority x509 show -output json | jq -r .active.upstream_authority_subject_key_id) || fail-now "Failed to fetch old upstrem authority ID"
 
-log-debug "Active upstream authority: $activeUpstreamAuthority"
+log-debug "Active upstream authority: $active_upstream_authority"
 
 validate-agent spire-agent 
-check_ski spire-agent "$activeUpstreamAuthority"
-
+check_ski spire-agent "$active_upstream_authority"