From 491b29bed84db2156f2b0eec01c929cb9d8b13b6 Mon Sep 17 00:00:00 2001
From: Lance Bragstad <ldbragst@us.ibm.com>
Date: Tue, 13 May 2014 14:02:29 +0000
Subject: [PATCH] Make gen_pki.sh & debug_helper.sh bash8 compliant

Now that bash8 is available on PyPI we can use it to clean up the bash
scripts in Keystone. This also uses bash8 in tox. For now we can add
files to the tox check manually as we make them compliant.

Change-Id: I87a7478949114163f0614b1a6d8b249e14afe0df
---
 examples/pki/gen_pki.sh | 113 ++++++++++++++++++++--------------------
 test-requirements.txt   |   1 +
 tools/debug_helper.sh   |   3 +-
 tox.ini                 |   5 ++
 4 files changed, 63 insertions(+), 59 deletions(-)

diff --git a/examples/pki/gen_pki.sh b/examples/pki/gen_pki.sh
index 85369d29f..655502659 100755
--- a/examples/pki/gen_pki.sh
+++ b/examples/pki/gen_pki.sh
@@ -24,21 +24,21 @@ CMS_DIR=$CURRENT_DIR/cms
 
 
 function rm_old {
-  rm -rf $CERTS_DIR/*.pem
-  rm -rf $PRIVATE_DIR/*.pem
+    rm -rf $CERTS_DIR/*.pem
+    rm -rf $PRIVATE_DIR/*.pem
 }
 
 function cleanup {
-  rm -rf *.conf > /dev/null 2>&1
-  rm -rf index* > /dev/null 2>&1
-  rm -rf *.crt > /dev/null 2>&1
-  rm -rf newcerts > /dev/null 2>&1
-  rm -rf *.pem > /dev/null 2>&1
-  rm -rf serial* > /dev/null 2>&1
+    rm -rf *.conf > /dev/null 2>&1
+    rm -rf index* > /dev/null 2>&1
+    rm -rf *.crt > /dev/null 2>&1
+    rm -rf newcerts > /dev/null 2>&1
+    rm -rf *.pem > /dev/null 2>&1
+    rm -rf serial* > /dev/null 2>&1
 }
 
 function generate_ca_conf {
-  echo '
+    echo '
 [ req ]
 default_bits            = 2048
 default_keyfile         = cakey.pem
@@ -65,7 +65,7 @@ basicConstraints        = critical,CA:true
 }
 
 function generate_ssl_req_conf {
-  echo '
+    echo '
 [ req ]
 default_bits            = 2048
 default_keyfile         = keystonekey.pem
@@ -86,7 +86,7 @@ emailAddress            = keystone@openstack.org
 }
 
 function generate_cms_signing_req_conf {
-  echo '
+    echo '
 [ req ]
 default_bits            = 2048
 default_keyfile         = keystonekey.pem
@@ -107,7 +107,7 @@ emailAddress            = keystone@openstack.org
 }
 
 function generate_signing_conf {
-  echo '
+    echo '
 [ ca ]
 default_ca      = signing_ca
 
@@ -138,75 +138,74 @@ commonName              = supplied
 }
 
 function setup {
-  touch index.txt
-  echo '10' > serial
-  generate_ca_conf
-  mkdir newcerts
+    touch index.txt
+    echo '10' > serial
+    generate_ca_conf
+    mkdir newcerts
 }
 
 function check_error {
-  if [ $1 != 0 ] ; then
-    echo "Failed! rc=${1}"
-    echo 'Bailing ...'
-    cleanup
-    exit $1
-  else
-    echo 'Done'
-  fi
+    if [ $1 != 0 ] ; then
+        echo "Failed! rc=${1}"
+        echo 'Bailing ...'
+        cleanup
+        exit $1
+    else
+        echo 'Done'
+    fi
 }
 
 function generate_ca {
-  echo 'Generating New CA Certificate ...'
-  openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
-  check_error $?
+    echo 'Generating New CA Certificate ...'
+    openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
+    check_error $?
 }
 
 function ssl_cert_req {
-  echo 'Generating SSL Certificate Request ...'
-  generate_ssl_req_conf
-  openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
-  check_error $?
-  #openssl req -in req.pem -text -noout
+    echo 'Generating SSL Certificate Request ...'
+    generate_ssl_req_conf
+    openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
+    check_error $?
+    #openssl req -in req.pem -text -noout
 }
 
 function cms_signing_cert_req {
-  echo 'Generating CMS Signing Certificate Request ...'
-  generate_cms_signing_req_conf
-  openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
-  check_error $?
-  #openssl req -in req.pem -text -noout
+    echo 'Generating CMS Signing Certificate Request ...'
+    generate_cms_signing_req_conf
+    openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
+    check_error $?
+    #openssl req -in req.pem -text -noout
 }
 
 function issue_certs {
-  generate_signing_conf
-  echo 'Issuing SSL Certificate ...'
-  openssl ca -in ssl_req.pem -config signing.conf -batch
-  check_error $?
-  openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem
-  check_error $?
-  echo 'Issuing CMS Signing Certificate ...'
-  openssl ca -in cms_signing_req.pem -config signing.conf -batch
-  check_error $?
-  openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
-  check_error $?
+    generate_signing_conf
+    echo 'Issuing SSL Certificate ...'
+    openssl ca -in ssl_req.pem -config signing.conf -batch
+    check_error $?
+    openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem
+    check_error $?
+    echo 'Issuing CMS Signing Certificate ...'
+    openssl ca -in cms_signing_req.pem -config signing.conf -batch
+    check_error $?
+    openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
+    check_error $?
 }
 
 function create_middleware_cert {
-  cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem
-  cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem
+    cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem
+    cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem
 }
 
 function check_openssl {
-  echo 'Checking openssl availability ...'
-  which openssl
-  check_error $?
+    echo 'Checking openssl availability ...'
+    which openssl
+    check_error $?
 }
 
 function gen_sample_cms {
-  for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"
-  do
-    openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
-  done
+    for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"; do
+        openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
+    done
 }
 
 check_openssl
diff --git a/test-requirements.txt b/test-requirements.txt
index f983eabde..a5dd07957 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,4 +1,5 @@
 hacking>=0.8.0,<0.9
+bash8
 
 # Optional backend: SQL
 pysqlite
diff --git a/tools/debug_helper.sh b/tools/debug_helper.sh
index 64088f528..e373cce94 100755
--- a/tools/debug_helper.sh
+++ b/tools/debug_helper.sh
@@ -8,8 +8,7 @@ TESTS_TO_RUN=$TMP_DIR/ks_to_run
 
 python -m testtools.run discover -t ./ ./keystone/tests --list > $ALL_TESTS
 
-if [ "$1" ]
-then
+if [ "$1" ]; then
     grep "$1" < $ALL_TESTS > $TESTS_TO_RUN
 else
     mv $ALL_TESTS $TESTS_TO_RUN
diff --git a/tox.ini b/tox.ini
index 580190287..4c3c399cf 100644
--- a/tox.ini
+++ b/tox.ini
@@ -40,6 +40,11 @@ commands =
   bash -c "find keystone -type f -regex '.*\.pot*' -print0| \
            xargs -0 -n 1 msgfmt --check-format -o /dev/null"
 
+[testenv:bash8]
+envdir = {toxworkdir}/venv
+commands =
+  bash8 examples/pki/gen_pki.sh tools/debug_helper.sh
+
 [tox:jenkins]
 downloadcache = ~/cache/pip