#!/bin/bash

# 45 seconds should be enough for the server to prepare and rotate into a new
# CA and mint a new SVID with the new CA. Check every three seconds that the
# is valid.
NUMCHECKS=15
CHECKINTERVAL=3
for ((i=1;i<=NUMCHECKS;i++)); do
    log-info "checking X509-SVID ($i of $NUMCHECKS)..."
    docker compose exec -T spire-agent \
        /opt/spire/bin/spire-agent api fetch x509 || fail-now "SVID check failed"
    sleep "${CHECKINTERVAL}"
done
