#!/bin/bash

log-debug "banning agent..."

docker-compose exec -T spire-server \
    /opt/spire/bin/spire-server agent ban \
    -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)"

# Check at most 30 times (with one second in between) that the agent has
# successfully banned
MAXCHECKS=30
CHECKINTERVAL=1
for ((i=1;i<=MAXCHECKS;i++)); do
    log-info "checking for agent is shutting down ($i of $MAXCHECKS max)..."
    docker-compose logs spire-agent
    if docker-compose logs spire-agent | grep "Agent is banned: removing SVID and shutting down"; then
	exit 0
    fi
    sleep "${CHECKINTERVAL}"
done

fail-now "timed out waiting for agent to shutdown"
