#!/usr/bin/env bash
# Simulate JWKS outage for chaos testing (DEVOPS-TEN-49-001)
# Usage: JWKS_HOST=authority.local JWKS_PORT=8440 DURATION=300 ./jwks-chaos.sh
set -euo pipefail
HOST=${JWKS_HOST:-authority}
PORT=${JWKS_PORT:-8440}
DURATION=${DURATION:-300}

rule_name=stellaops-jwks-chaos

cleanup() {
  sudo iptables -D OUTPUT -p tcp --dport "$PORT" -d "$HOST" -j DROP 2>/dev/null || true
}
trap cleanup EXIT

sudo iptables -I OUTPUT -p tcp --dport "$PORT" -d "$HOST" -j DROP
echo "JWKS traffic to ${HOST}:${PORT} dropped for ${DURATION}s" >&2
sleep "$DURATION"
cleanup