Some improvements

Signed-off-by: Marcos Yacob <[email protected]>

test/integration/suites/force-rotation-jwt-authority/05-prepare-jwt-authority

@@ -20,17 +20,17 @@ searching="JWT key prepared|local_authority_id=${prepared_authority_id}"
 check-log-line spire-server "$searching"
 
 # Check for updated x509 authorities in spire-server
+# Check for updated JWT authorities in spire-server
 jwt_authorities=$(docker compose exec -T spire-server \
     /opt/spire/bin/spire-server bundle show -output json | jq '.jwt_authorities' -c)
 amount_authorities=$(echo "$jwt_authorities" | jq length)
 
-# Ensure two bundles are present after preparation
+# Ensure two JWT authorities are present after preparation
 if [[ $amount_authorities -ne 2 ]]; then
-    fail-now "Two bundles expected after prepare"
+    fail-now "Two JWT authorities expected after prepare"
 fi
 
 # Ensure the prepared authority is present
-if [[ $(echo "$jwt_authorities" | jq -r ".[] | select(.key_id == \"$prepared_authority_id\")") == "" ]]; then
+if ! echo "$jwt_authorities" | jq -e ".[] | select(.key_id == \"$prepared_authority_id\")" > /dev/null; then
     fail-now "Prepared authority not found"
 fi
-

test/integration/suites/force-rotation-jwt-authority/06-fetch-jwt-svid

@@ -5,9 +5,9 @@ prepared_authority=$(docker compose exec -t -e SPIRE_SERVER_FFLAGS=forced_rotati
     localauthority jwt show -output json | jq -r .active.authority_id) || fail-now "Failed to fetch prepared JWT authority ID"
 
 svid_json=$(docker compose exec spire-agent ./bin/spire-agent \
-	api fetch jwt -audience aud -output json)
+    api fetch jwt -audience aud -output json) || fail-now "Failed to fetch JWT SVID"
 
-jwt_svid=$(echo $svid_json | jq -c '.[0].svids.[0].svid') || fail-now "Failed to fetch JWT SVID"
+jwt_svid=$(echo $svid_json | jq -c '.[0].svids[0].svid') || fail-now "Failed to parse JWT SVID"
 
 # Store JWT SVID for the next steps
 echo $jwt_svid > conf/agent/jwt_svid
@@ -20,7 +20,7 @@ if [[ $skid != $prepared_authority ]]; then
     fail-now "JWT SVID key ID does not match the prepared authority ID, got $skid, expected $prepared_authority"
 fi
 
-keys=$(echo $svid_json | jq -c '.[1].bundles.["spiffe://domain.test"] | @base64d | fromjson')
+keys=$(echo $svid_json | jq -c '.[1].bundles["spiffe://domain.test"] | @base64d | fromjson')
 
 retry_count=0
 max_retries=20
@@ -37,8 +37,8 @@ while [[ $retry_count -lt $max_retries ]]; do
         sleep 2
         # Re-fetch the JWT SVID and keys
         svid_json=$(docker compose exec spire-agent ./bin/spire-agent \
-            api fetch jwt -audience aud -output json)
-        jwt_svid=$(echo $svid_json | jq -c '.[0].svids[0].svid')
+            api fetch jwt -audience aud -output json) || fail-now "Failed to re-fetch JWT SVID"
+        jwt_svid=$(echo $svid_json | jq -c '.[0].svids[0].svid') || fail-now "Failed to parse re-fetched JWT SVID"
         keys=$(echo $svid_json | jq -c '.[1].bundles["spiffe://domain.test"] | @base64d | fromjson')
     fi
 done
@@ -48,4 +48,3 @@ if [[ $success == false ]]; then
 fi
 
 echo $keys | jq --arg kid $prepared_authority -e '.keys[] | select(.kid == $kid)' > /dev/null || fail-now "Prepared authority not found in JWT SVID bundle"
-

test/integration/suites/force-rotation-jwt-authority/09-verify-svid-rotation

@@ -19,4 +19,3 @@ skid=$(echo "$jwt_svid" | jq -r 'split(".") | .[0] | @base64d | fromjson | .kid'
 if [[ $skid != $active_authority ]]; then
     fail-now "JWT SVID key ID does not match the active authority ID, got $skid, expected $active_authority"
 fi
-

test/integration/suites/force-rotation-jwt-authority/11-verify-revoked-jwt-authority

@@ -10,7 +10,7 @@ for i in {1..20}; do
     svid_json=$(docker compose exec spire-agent ./bin/spire-agent \
         api fetch jwt -audience aud -output json)
 
-    keys=$(echo $svid_json | jq -c '.[1].bundles.["spiffe://domain.test"] | @base64d | fromjson')
+    keys=$(echo $svid_json | jq -c '.[1].bundles["spiffe://domain.test"] | @base64d | fromjson')
 
     keysLen=$(echo $keys | jq -c '.keys | length')
     if [[ $keysLen -eq 1 ]]; then