diff --git a/enos/modules/verify_secrets_engines/scripts/kv-pki-issue-certificates.sh b/enos/modules/verify_secrets_engines/scripts/kv-pki-issue-certificates.sh index 373b687bd163..15424b014812 100755 --- a/enos/modules/verify_secrets_engines/scripts/kv-pki-issue-certificates.sh +++ b/enos/modules/verify_secrets_engines/scripts/kv-pki-issue-certificates.sh @@ -30,23 +30,23 @@ ROLE_NAME="${COMMON_NAME}-role" mkdir "${TMP_TEST_RESULTS}" # Generating root CA.crt -"$binpath" write ${MOUNT}/root/generate/internal common_name="${COMMON_NAME}.com" ttl="${TTL}" -format=json | jq -r '.data.certificate' > "${TMP_TEST_RESULTS}/${CRT_NAME}" +"$binpath" write "${MOUNT}/root/generate/internal" common_name="${COMMON_NAME}.com" ttl="${TTL}" -format=json | jq -r '.data.certificate' > "${TMP_TEST_RESULTS}/${CRT_NAME}" # Creating a role -"$binpath" write ${MOUNT}/roles/${ROLE_NAME} allowed_domains="${COMMON_NAME}.com" allow_subdomains=true max_ttl="${TTL+5}" +"$binpath" write "${MOUNT}/roles/${ROLE_NAME}" allowed_domains="${COMMON_NAME}.com" allow_subdomains=true max_ttl="${TTL+5}" # Issue Certificate openssl req -new -newkey rsa:2048 -nodes -subj "/CN=www.${COMMON_NAME}.com" -keyout "${TMP_TEST_RESULTS}/${PRIV_KEY_NAME}" -out "${TMP_TEST_RESULTS}/${CSR_NAME}" # Sign Certificate -"$binpath" write ${MOUNT}/sign/${ROLE_NAME} csr="@${TMP_TEST_RESULTS}/${CSR_NAME}" format=pem ttl="${TTL+5}" | jq -r '.data.certificate' > "${TMP_TEST_RESULTS}/${SIGNED_CRT_NAME}" +"$binpath" write "${MOUNT}/sign/${ROLE_NAME}" csr="@${TMP_TEST_RESULTS}/${CSR_NAME}" format=pem ttl="${TTL+5}" | jq -r '.data.certificate' > "${TMP_TEST_RESULTS}/${SIGNED_CRT_NAME}" # ------ Generate and sign intermediate ------ INTERMEDIATE_COMMON_NAME="intermediate_${COMMON_NAME}" INTERMEDIATE_CSR_NAME="${MOUNT}_${INTERMEDIATE_COMMON_NAME}.csr" INTERMEDIATE_SIGNED_CRT_NAME="${MOUNT}_${INTERMEDIATE_COMMON_NAME}_signed.crt" # Setting AIA fields for Certificate -"$binpath" write ${MOUNT}/config/urls issuing_certificates="${VAULT_ADDR}/v1/pki/ca" crl_distribution_points="${VAULT_ADDR}/v1/pki/crl" +"$binpath" write "${MOUNT}/config/urls" issuing_certificates="${VAULT_ADDR}/v1/pki/ca" crl_distribution_points="${VAULT_ADDR}/v1/pki/crl" # Generate Intermediate Certificate -"$binpath" write ${MOUNT}/intermediate/generate/internal common_name="${INTERMEDIATE_COMMON_NAME}.com" ttl="${TTL}" | jq -r '.data.csr' > "${TMP_TEST_RESULTS}/${INTERMEDIATE_CSR_NAME}" +"$binpath" write "${MOUNT}/intermediate/generate/internal" common_name="${INTERMEDIATE_COMMON_NAME}.com" ttl="${TTL}" | jq -r '.data.csr' > "${TMP_TEST_RESULTS}/${INTERMEDIATE_CSR_NAME}" # Sign Intermediate Certificate -"$binpath" write ${MOUNT}/root/sign-intermediate csr="@${TMP_TEST_RESULTS}/${INTERMEDIATE_CSR_NAME}" format=pem_bundle ttl="${TTL}" | jq -r '.data.certificate' > "${TMP_TEST_RESULTS}/${INTERMEDIATE_SIGNED_CRT_NAME}" +"$binpath" write "${MOUNT}/root/sign-intermediate" csr="@${TMP_TEST_RESULTS}/${INTERMEDIATE_CSR_NAME}" format=pem_bundle ttl="${TTL}" | jq -r '.data.certificate' > "${TMP_TEST_RESULTS}/${INTERMEDIATE_SIGNED_CRT_NAME}" # Import Signed Intermediate Certificate into Vault -"$binpath" write ${MOUNT}/intermediate/set-signed certificate="@${TMP_TEST_RESULTS}/${INTERMEDIATE_SIGNED_CRT_NAME}" +"$binpath" write "${MOUNT}/intermediate/set-signed" certificate="@${TMP_TEST_RESULTS}/${INTERMEDIATE_SIGNED_CRT_NAME}" diff --git a/enos/modules/verify_secrets_engines/scripts/kv-pki-verify-certificates.sh b/enos/modules/verify_secrets_engines/scripts/kv-pki-verify-certificates.sh index af70b88e65b5..761601be6334 100755 --- a/enos/modules/verify_secrets_engines/scripts/kv-pki-verify-certificates.sh +++ b/enos/modules/verify_secrets_engines/scripts/kv-pki-verify-certificates.sh @@ -22,13 +22,13 @@ test -x "$binpath" || fail "unable to locate vault binary at $binpath" || fail " export VAULT_FORMAT=json # Getting Certificates -VAULT_CERTS=$("$binpath" list -format=json ${MOUNT}/certs | jq -r '.[]') +VAULT_CERTS=$("$binpath" list -format=json "${MOUNT}/certs" | jq -r '.[]') [[ -z "$VAULT_CERTS" ]] && fail "VAULT_CERTS should include vault certificates" # Verifying Certificates for CERT in $VAULT_CERTS; do echo "Getting Certificate from Vault PKI: ${CERT}" - "$binpath" read ${MOUNT}/cert/$CERT | jq -r '.data.certificate' > "${TMP_TEST_RESULTS}/tmp_vault_cert.pem" + "$binpath" read "${MOUNT}/cert/${CERT}" | jq -r '.data.certificate' > "${TMP_TEST_RESULTS}/tmp_vault_cert.pem" echo "Verifying Certificate..." openssl x509 -in "${TMP_TEST_RESULTS}/tmp_vault_cert.pem" -text -noout || fail "The certificate appears to be improperly configured or contains errors" done