fix script

2025-08-06 06:37:02 +02:00 · 2025-08-04 23:52:20 -04:00 · 2025-08-04 23:52:20 -04:00 · 32d4240dd9
commit 32d4240dd9
parent dcb263ca70
6 changed files with 22 additions and 8 deletions
--- a/enos/enos-scenario-dr-replication.hcl
+++ b/enos/enos-scenario-dr-replication.hcl
@ -1302,6 +1302,7 @@ scenario "dr_replication" {
      vault_root_token        = step.create_secondary_cluster.root_token
      verify_pki_certs        = false
      verify_aws_engine_creds = false
+      verify_ssh_secrets      = false
    }
  }

--- a/enos/enos-scenario-pr-replication.hcl
+++ b/enos/enos-scenario-pr-replication.hcl
@ -992,6 +992,7 @@ scenario "pr_replication" {
      vault_root_token        = step.create_secondary_cluster.root_token
      verify_pki_certs        = false
      verify_aws_engine_creds = false
+      verify_ssh_secrets      = false
    }
  }

--- a/enos/modules/verify_secrets_engines/scripts/ssh-verify-ca.sh
+++ b/enos/modules/verify_secrets_engines/scripts/ssh-verify-ca.sh
@ -9,14 +9,20 @@ fail() {
  exit 1
 }

+log() {
+  echo "[DEBUG] $1" >&2
+}
+
 [[ -z "$VERIFY_SSH_SECRETS" ]] && fail "VERIFY_SSH_SECRETS env variable has not been set"
 [[ -z "$CA_KEY_TYPE" ]] && fail "CA_KEY_TYPE env variable has not been set"
 [[ -z "$VAULT_ADDR" ]] && fail "VAULT_ADDR env variable has not been set"
 [[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set"
 [[ -z "$VAULT_INSTALL_DIR" ]] && fail "VAULT_INSTALL_DIR env variable has not been set"

-# Exit if VERIFY_SSH_SECRETS is set to false
-[[ "${VERIFY_SSH_SECRETS}" == false ]] && exit 0
+if [[ "$VERIFY_SSH_SECRETS" == "false" ]]; then
+  log "VERIFY_SSH_SECRETS is false; exiting script"
+  exit 0
+fi

 binpath=${VAULT_INSTALL_DIR}/vault
 test -x "$binpath" || fail "unable to locate vault binary at $binpath"
--- a/enos/modules/verify_secrets_engines/scripts/ssh-verify-otp.sh
+++ b/enos/modules/verify_secrets_engines/scripts/ssh-verify-otp.sh
@ -21,8 +21,10 @@ log() {
 [[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set"
 [[ -z "$VAULT_INSTALL_DIR" ]] && fail "VAULT_INSTALL_DIR env variable has not been set"

-# Exit if VERIFY_SSH_SECRETS is set to false
-[[ "${VERIFY_SSH_SECRETS}" == false ]] && exit 0
+if [[ "$VERIFY_SSH_SECRETS" == "false" ]]; then
+  log "VERIFY_SSH_SECRETS is false; exiting script"
+  exit 0
+fi

 binpath=${VAULT_INSTALL_DIR}/vault
 test -x "$binpath" || fail "unable to locate vault binary at $binpath"
--- a/enos/modules/verify_secrets_engines/scripts/ssh-verify-role.sh
+++ b/enos/modules/verify_secrets_engines/scripts/ssh-verify-role.sh
@ -37,8 +37,10 @@ log "Starting env var checks"
 [[ -z "$DEFAULT_USER" ]] && fail "DEFAULT_USER env variable has not been set"
 [[ -z "$ALLOWED_USERS" ]] && fail "ALLOWED_USERS env variable has not been set"

-# Exit if VERIFY_SSH_SECRETS is set to false
-[[ "${VERIFY_SSH_SECRETS}" == false ]] && exit 0
+if [[ "$VERIFY_SSH_SECRETS" == "false" ]]; then
+  log "VERIFY_SSH_SECRETS is false; exiting script"
+  exit 0
+fi

 # Type-specific required vars
 case "$KEY_TYPE" in
--- a/enos/modules/verify_secrets_engines/scripts/ssh-verify-signed-key.sh
+++ b/enos/modules/verify_secrets_engines/scripts/ssh-verify-signed-key.sh
@ -16,8 +16,10 @@ fail() {
 [[ -z "$VAULT_TOKEN" ]] && fail "VAULT_TOKEN env variable has not been set"
 [[ -z "$VAULT_INSTALL_DIR" ]] && fail "VAULT_INSTALL_DIR env variable has not been set"

-# Exit if VERIFY_SSH_SECRETS is set to false
-[[ "${VERIFY_SSH_SECRETS}" == false ]] && exit 0
+if [[ "$VERIFY_SSH_SECRETS" == "false" ]]; then
+  log "VERIFY_SSH_SECRETS is false; exiting script"
+  exit 0
+fi

 SIGNED_KEY_PATH=$(mktemp)
 trap 'rm -f "$SIGNED_KEY_PATH"' EXIT