#!/bin/bash
# Script to test the Secret Discovery Service (SDS) API endpoints
SERVER="localhost:8080"
SECRET_NAME="test_server_cert"
SECRET_YAML=$(cat <<EOF
resources:
- "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret
name: test_server_cert
tls_certificate:
certificate_chain:
inline_string: |
# Placeholder for real certificate chain
-----BEGIN CERTIFICATE-----
MjAyNl9uaWNlbGlzdGVuZXJfY2VydGlmaWNhdGVfMg==
-----END CERTIFICATE-----
private_key:
inline_string: |
# Placeholder for real private key
-----BEGIN PRIVATE KEY-----
MjAyNl9zZWNyZXRfa2V5X2ZlYjA2bWMyMQ==
-----END PRIVATE KEY-----
EOF
)
# --- ESCAPING FOR ADD SECRET (CASE 1) ---
ESCAPED_YAML=$(echo "${SECRET_YAML}" | sed 's/"/\\"/g' | sed ':a;N;$!ba;s/\n/\\n/g')
ESCAPED_YAML=${ESCAPED_YAML/inline_string: |/inline_string: |2\\n}
ESCAPED_YAML=${ESCAPED_YAML/private_key:\\n inline_string: |/private_key:\\n inline_string: |2\\n}
JSON_ADD_PAYLOAD="{\"YAML\": \"${ESCAPED_YAML}\"}"
# --- PAYLOAD FOR REMOVE SECRET (CASE 3) ---
JSON_REMOVE_PAYLOAD="{\"name\":\"${SECRET_NAME}\"}"
# -----------------------------------------------------------------------------
# Case 1: ADD a Secret
# -----------------------------------------------------------------------------
echo "š 1. Attempting to ADD Secret: ${SECRET_NAME}"
echo "COMMAND: curl -X POST \"${SERVER}/add-secret\" -H \"Content-Type: application/json\" -d '${JSON_ADD_PAYLOAD}'"
curl -X POST "${SERVER}/add-secret" \
-H "Content-Type: application/json" \
-d "${JSON_ADD_PAYLOAD}"
if [ $? -eq 0 ]; then
echo -e "\nā
ADD successful (check server logs for details)."
else
echo -e "\nā ADD FAILED."
fi
echo "---"
# -----------------------------------------------------------------------------
# Case 2: LIST / GET the Secret
# -----------------------------------------------------------------------------
echo "š 2. Attempting to LIST ALL Secrets"
echo "COMMAND: curl -X GET \"${SERVER}/list-secrets\""
curl -X GET "${SERVER}/list-secrets"
echo -e "\n---"
echo "š 2. Attempting to GET Secret by name: ${SECRET_NAME}"
echo "COMMAND: curl -X GET \"${SERVER}/get-secret?name=${SECRET_NAME}&format=yaml\""
curl -X GET "${SERVER}/get-secret?name=${SECRET_NAME}&format=yaml"
echo -e "\nā
LIST/GET requests sent."
echo "---"
# -----------------------------------------------------------------------------
# Case 3: REMOVE the Secret (FIXED: JSON payload for name)
# -----------------------------------------------------------------------------
echo "šļø 3. Attempting to REMOVE Secret: ${SECRET_NAME}"
# Print the corrected command
echo "COMMAND: curl -X POST \"${SERVER}/remove-secret\" -H \"Content-Type: application/json\" -d '${JSON_REMOVE_PAYLOAD}'"
# Execute the corrected command
curl -X POST "${SERVER}/remove-secret" \
-H "Content-Type: application/json" \
-d "${JSON_REMOVE_PAYLOAD}"
if [ $? -eq 0 ]; then
echo -e "\nā
REMOVE successful (check server logs for details)."
else
echo -e "\nā REMOVE FAILED."
fi
echo "---"
# -----------------------------------------------------------------------------
# Optional Verification: LIST after removal
# -----------------------------------------------------------------------------
echo "āØ Optional: LIST ALL Secrets after removal to verify cache update"
echo "COMMAND: curl -X GET \"${SERVER}/list-secrets\""
curl -X GET "${SERVER}/list-secrets"
echo -e "\n\nScript finished."
