We need the variable because it is set within the loop. The chaos_api_list we iterate over can contain multiple URLs and we need to check if we find at least one working API. Only if we exit the loop because we finished iteration and apiAvailable is still false we know that none of the URLs returned by chaos_api_list did work. However, if we find at least one working API, we also exit the loop prematurely and apiAvailable will be true, skipping the exit.

Okay, then the logic is off here.

I don't like having ! tests for things like this, it's backwards logic and doesn't account for changes in the API response.

What happens if the API is changed to return a 403?

Do we currently keep iterating through the list of URLs even after we find an open endpoint?

Do we track which URL was 200, or which URL was 401?

1. Get list of URLs
2. Check for response from URL in URLs.
3. if 200 then use that URL and stop looking
4. else if 401 then check if we can authenticate
5. if we can't then continue
6. if were at the end of the list then we haven't found a valid URL, log and exit.

Do we currently keep iterating through the list of URLs even after we find an open endpoint?

No.

Do we track which URL was 200, or which URL was 401?

Yes. As we exit the loop once we found a responding URL, it's the one set at this moment in API_URL. We know if we got 200 or 401 by setting

Get list of URLs
Check for response from URL in URLs.
if 200 then use that URL and stop looking
else if 401 then check if we can authenticate
if we can't then continue
if were at the end of the list then we haven't found a valid URL, log and exit.

This is (almost) exactly what we do.

I don't like having ! tests for things like this, it's backwards logic and doesn't account for changes in the API response.

I see your point but we adhere to the HTTP return codes used everywhere. I can reverse the logic to explicitly check for 200 and 400 instead, but this would change nothing if FTL decides to change the response code.

I like explicit, if we need 200 or 401 then check for 200 or 401.

Read through

        # Test if http status code was 200 (OK) or 401 (authentication required)
        if [ ! "${authStatus}" = 200 ] && [ ! "${authStatus}" = 401 ]; then

And tell me what we're looking for, compared to (pseudocode-ish):

# Test if http status code is 200 (OK)
if [ "${authStatus}" = 200 ]; then
    needAuth=false
# Test if http status is 401 (Auth required)
elif [ "${authStatus}" = 401]; then
    # Check if 2FA is required
    needTOTP=$(echo "${authData}"| jq --raw-output .session.totp 2>/dev/null)
else
    # Remove the first URL from the list
    local last_api_list
    last_api_list="${chaos_api_list}"
    chaos_api_list="${chaos_api_list#* }"

    # If the list did not change, we are at the last element
    if [ "${last_api_list}" = "${chaos_api_list}" ]; then
        # Remove the last element
        chaos_api_list=""
       
        # List of URLs is empty and we have not found a valid URL
        echo "API not available. Please check FTL.log"
        echo "Exiting."
        exit 1

    fi
fi

Logic is now reverted.