Make gen_pki.sh & debug_helper.sh bash8 compliant

Now that bash8 is available on PyPI we can use it to clean up the bash
scripts in Keystone. This also uses bash8 in tox. For now we can add
files to the tox check manually as we make them compliant.

Change-Id: I87a7478949114163f0614b1a6d8b249e14afe0df

examples/pki/gen_pki.sh

@@ -24,21 +24,21 @@ CMS_DIR=$CURRENT_DIR/cms
 
 
 function rm_old {
-  rm -rf $CERTS_DIR/*.pem
-  rm -rf $PRIVATE_DIR/*.pem
+    rm -rf $CERTS_DIR/*.pem
+    rm -rf $PRIVATE_DIR/*.pem
 }
 
 function cleanup {
-  rm -rf *.conf > /dev/null 2>&1
-  rm -rf index* > /dev/null 2>&1
-  rm -rf *.crt > /dev/null 2>&1
-  rm -rf newcerts > /dev/null 2>&1
-  rm -rf *.pem > /dev/null 2>&1
-  rm -rf serial* > /dev/null 2>&1
+    rm -rf *.conf > /dev/null 2>&1
+    rm -rf index* > /dev/null 2>&1
+    rm -rf *.crt > /dev/null 2>&1
+    rm -rf newcerts > /dev/null 2>&1
+    rm -rf *.pem > /dev/null 2>&1
+    rm -rf serial* > /dev/null 2>&1
 }
 
 function generate_ca_conf {
-  echo '
+    echo '
 [ req ]
 default_bits            = 2048
 default_keyfile         = cakey.pem
@@ -65,7 +65,7 @@ basicConstraints        = critical,CA:true
 }
 
 function generate_ssl_req_conf {
-  echo '
+    echo '
 [ req ]
 default_bits            = 2048
 default_keyfile         = keystonekey.pem
@@ -86,7 +86,7 @@ emailAddress            = keystone@openstack.org
 }
 
 function generate_cms_signing_req_conf {
-  echo '
+    echo '
 [ req ]
 default_bits            = 2048
 default_keyfile         = keystonekey.pem
@@ -107,7 +107,7 @@ emailAddress            = keystone@openstack.org
 }
 
 function generate_signing_conf {
-  echo '
+    echo '
 [ ca ]
 default_ca      = signing_ca
 
@@ -138,75 +138,74 @@ commonName              = supplied
 }
 
 function setup {
-  touch index.txt
-  echo '10' > serial
-  generate_ca_conf
-  mkdir newcerts
+    touch index.txt
+    echo '10' > serial
+    generate_ca_conf
+    mkdir newcerts
 }
 
 function check_error {
-  if [ $1 != 0 ] ; then
-    echo "Failed! rc=${1}"
-    echo 'Bailing ...'
-    cleanup
-    exit $1
-  else
-    echo 'Done'
-  fi
+    if [ $1 != 0 ] ; then
+        echo "Failed! rc=${1}"
+        echo 'Bailing ...'
+        cleanup
+        exit $1
+    else
+        echo 'Done'
+    fi
 }
 
 function generate_ca {
-  echo 'Generating New CA Certificate ...'
-  openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
-  check_error $?
+    echo 'Generating New CA Certificate ...'
+    openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
+    check_error $?
 }
 
 function ssl_cert_req {
-  echo 'Generating SSL Certificate Request ...'
-  generate_ssl_req_conf
-  openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
-  check_error $?
-  #openssl req -in req.pem -text -noout
+    echo 'Generating SSL Certificate Request ...'
+    generate_ssl_req_conf
+    openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
+    check_error $?
+    #openssl req -in req.pem -text -noout
 }
 
 function cms_signing_cert_req {
-  echo 'Generating CMS Signing Certificate Request ...'
-  generate_cms_signing_req_conf
-  openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
-  check_error $?
-  #openssl req -in req.pem -text -noout
+    echo 'Generating CMS Signing Certificate Request ...'
+    generate_cms_signing_req_conf
+    openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
+    check_error $?
+    #openssl req -in req.pem -text -noout
 }
 
 function issue_certs {
-  generate_signing_conf
-  echo 'Issuing SSL Certificate ...'
-  openssl ca -in ssl_req.pem -config signing.conf -batch
-  check_error $?
-  openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem
-  check_error $?
-  echo 'Issuing CMS Signing Certificate ...'
-  openssl ca -in cms_signing_req.pem -config signing.conf -batch
-  check_error $?
-  openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
-  check_error $?
+    generate_signing_conf
+    echo 'Issuing SSL Certificate ...'
+    openssl ca -in ssl_req.pem -config signing.conf -batch
+    check_error $?
+    openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem
+    check_error $?
+    echo 'Issuing CMS Signing Certificate ...'
+    openssl ca -in cms_signing_req.pem -config signing.conf -batch
+    check_error $?
+    openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
+    check_error $?
 }
 
 function create_middleware_cert {
-  cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem
-  cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem
+    cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem
+    cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem
 }
 
 function check_openssl {
-  echo 'Checking openssl availability ...'
-  which openssl
-  check_error $?
+    echo 'Checking openssl availability ...'
+    which openssl
+    check_error $?
 }
 
 function gen_sample_cms {
-  for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"
-  do
-    openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
-  done
+    for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"; do
+        openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
+    done
 }
 
 check_openssl

test-requirements.txt

@@ -1,4 +1,5 @@
 hacking>=0.8.0,<0.9
+bash8
 
 # Optional backend: SQL
 pysqlite

tools/debug_helper.sh

@@ -8,8 +8,7 @@ TESTS_TO_RUN=$TMP_DIR/ks_to_run
 
 python -m testtools.run discover -t ./ ./keystone/tests --list > $ALL_TESTS
 
-if [ "$1" ]
-then
+if [ "$1" ]; then
     grep "$1" < $ALL_TESTS > $TESTS_TO_RUN
 else
     mv $ALL_TESTS $TESTS_TO_RUN

tox.ini

@@ -40,6 +40,11 @@ commands =
   bash -c "find keystone -type f -regex '.*\.pot*' -print0| \
            xargs -0 -n 1 msgfmt --check-format -o /dev/null"
 
+[testenv:bash8]
+envdir = {toxworkdir}/venv
+commands =
+  bash8 examples/pki/gen_pki.sh tools/debug_helper.sh
+
 [tox:jenkins]
 downloadcache = ~/cache/pip