86 lines
2.4 KiB
Bash
Executable File
86 lines
2.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Check if jq is installed
|
|
if ! command -v jq &> /dev/null; then
|
|
echo "jq is required but not installed. Install it first."
|
|
exit 1
|
|
fi
|
|
|
|
# Get Zitadel domain from ingress
|
|
ZITADEL_DOMAIN="zitadel.neptune.fourlights.dev"
|
|
echo "Zitadel Domain: $ZITADEL_DOMAIN"
|
|
|
|
# Read service account details
|
|
SA_USER_ID=$(jq -r '.userId' /tmp/zitadel-sa.json)
|
|
SA_KEY_ID=$(jq -r '.keyId' /tmp/zitadel-sa.json)
|
|
|
|
# Extract private key to a file
|
|
jq -r '.key' ./zitadel-admin-sa.json > /tmp/zitadel-private-key.pem
|
|
|
|
# Create JWT header and payload
|
|
HEADER=$(echo -n '{"alg":"RS256","typ":"JWT","kid":"'$SA_KEY_ID'"}' | base64 -w 0 | tr '+/' '-_' | tr -d '=')
|
|
NOW=$(date +%s)
|
|
EXP=$((NOW + 3600)) # 1 hour expiration
|
|
|
|
PAYLOAD=$(echo -n '{
|
|
"iss": "'$SA_USER_ID'",
|
|
"sub": "'$SA_USER_ID'",
|
|
"aud": ["https://'$ZITADEL_DOMAIN'"],
|
|
"exp": '$EXP',
|
|
"iat": '$NOW'
|
|
}' | base64 -w 0 | tr '+/' '-_' | tr -d '=')
|
|
|
|
# Create signature
|
|
SIGNATURE=$(echo -n "${HEADER}.${PAYLOAD}" | openssl dgst -sha256 -sign /tmp/zitadel-private-key.pem | base64 -w 0 | tr '+/' '-_' | tr -d '=')
|
|
|
|
# Combine to create JWT
|
|
JWT="${HEADER}.${PAYLOAD}.${SIGNATURE}"
|
|
|
|
echo "JWT token generated!"
|
|
echo ""
|
|
|
|
# Exchange JWT for access token
|
|
echo "Exchanging JWT for access token..."
|
|
TOKEN_RESPONSE=$(curl -s -X POST "https://${ZITADEL_DOMAIN}/oauth/v2/token" \
|
|
-H "Content-Type: application/x-www-form-urlencoded" \
|
|
-d "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
|
|
-d "scope=openid profile email urn:zitadel:iam:org:project:id:zitadel:aud" \
|
|
-d "assertion=${JWT}")
|
|
|
|
echo "Token Response:"
|
|
echo $TOKEN_RESPONSE | jq '.'
|
|
|
|
# Extract access token
|
|
ACCESS_TOKEN=$(echo $TOKEN_RESPONSE | jq -r '.access_token')
|
|
|
|
if [ "$ACCESS_TOKEN" == "null" ] || [ -z "$ACCESS_TOKEN" ]; then
|
|
echo "Failed to get access token!"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "Testing healthz endpoint..."
|
|
# Test healthz endpoint
|
|
HEALTH_RESPONSE=$(curl -s -w "\nHTTP_STATUS:%{http_code}" \
|
|
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
|
|
"https://${ZITADEL_DOMAIN}/management/v1/healthz")
|
|
|
|
HTTP_STATUS=$(echo "$HEALTH_RESPONSE" | grep "HTTP_STATUS:" | cut -d':' -f2)
|
|
BODY=$(echo "$HEALTH_RESPONSE" | sed '/HTTP_STATUS:/d')
|
|
|
|
echo "Health Check Response:"
|
|
echo "Status Code: $HTTP_STATUS"
|
|
echo "Body: $BODY"
|
|
|
|
# Clean up
|
|
rm -f /tmp/zitadel-sa.json /tmp/zitadel-private-key.pem
|
|
|
|
if [ "$HTTP_STATUS" == "200" ]; then
|
|
echo ""
|
|
echo "✅ Health check successful!"
|
|
else
|
|
echo ""
|
|
echo "❌ Health check failed!"
|
|
fi
|
|
|