Remove -ttl from integration tests

spiffe · Sep 11, 2024 · 4aee4e4 · 4aee4e4
1 parent 131234c
commit 4aee4e4
Show file tree

Hide file tree

Showing 22 changed files with 39 additions and 36 deletions.
diff --git a/test/integration/suites-windows/windows-service/04-create-registration-entries b/test/integration/suites-windows/windows-service/04-create-registration-entries
@@ -7,6 +7,6 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "windows:user_name:User Manager\ContainerUser" \
-    -ttl 0
+    -x509SVIDTTL 0
 
 assert-synced-entry "spiffe://domain.test/workload"
diff --git a/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries b/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries
@@ -6,7 +6,7 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "windows:user_name:User Manager\ContainerUser" \
-    -ttl 0
+    -x509SVIDTTL 0
 
 check-synced-entry "spire-agent" "spiffe://domain.test/workload"
 
diff --git a/test/integration/suites/admin-endpoints/05-create-registration-entries b/test/integration/suites/admin-endpoints/05-create-registration-entries
@@ -7,7 +7,7 @@ docker compose exec -T spire-server-a \
     -spiffeID "spiffe://domain-a.test/admin" \
     -selector "unix:uid:1001" \
     -admin \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent-a" "spiffe://domain-a.test/admin"
 
 log-debug "creating foreign admin registration entry..."
@@ -17,7 +17,7 @@ docker compose exec -T spire-server-b \
     -spiffeID "spiffe://domain-b.test/admin" \
     -selector "unix:uid:1003" \
     -federatesWith "spiffe://domain-a.test" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent-b" "spiffe://domain-b.test/admin"
 
 log-debug "creating regular registration entry..."
@@ -26,5 +26,5 @@ docker compose exec -T spire-server-a \
     -parentID "spiffe://domain-a.test/spire/agent/x509pop/$(fingerprint conf/domain-a/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain-a.test/workload" \
     -selector "unix:uid:1002" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent-a" "spiffe://domain-a.test/workload"
diff --git a/test/integration/suites/agent-cli/07-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch
@@ -8,7 +8,7 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload-$m" \
     -selector "unix:uid:1001" \
-    -ttl 20 &
+    -x509SVIDTTL 20 &
 
 # Get the PID of the last background process
 API_WATCH_PID=$!

diff --git a/test/integration/suites/debug-endpoints/04-create-registration-entries b/test/integration/suites/debug-endpoints/04-create-registration-entries
@@ -7,7 +7,7 @@ docker compose exec -T spire-server \
     -spiffeID "spiffe://domain.test/admin" \
     -selector "unix:uid:1001" \
     -admin \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/admin"
 
 log-debug "creating regular registration entry..."
@@ -16,6 +16,6 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:1002" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/workload"
 
diff --git a/test/integration/suites/delegatedidentity/04-create-registration-entries b/test/integration/suites/delegatedidentity/04-create-registration-entries
@@ -6,7 +6,7 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/authorized_delegate" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/authorized_delegate"
 
 log-debug "creating registration entry for workload..."
@@ -15,5 +15,5 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:1002" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/workload"
diff --git a/test/integration/suites/downstream-endpoints/04-create-entries b/test/integration/suites/downstream-endpoints/04-create-entries
@@ -7,7 +7,7 @@ docker compose exec -T spire-server \
     -spiffeID "spiffe://domain.test/downstream" \
     -selector "unix:uid:1001" \
     -downstream \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/downstream"
 
 log-debug "creating workload registration entry..."
@@ -16,6 +16,6 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:1002" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/workload"
 
diff --git a/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh b/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh
@@ -59,7 +59,7 @@ setup-tests() {
         -spiffeID "spiffe://federated-domain.test/downstream-proxy" \
         -selector "unix:uid:0" \
         -federatesWith "spiffe://domain.test" \
-        -ttl 0
+        -x509SVIDTTL 0
 
     log-debug "creating registration entry for upstream proxy..."
     docker compose exec -T upstream-spire-server \
@@ -68,15 +68,15 @@ setup-tests() {
         -spiffeID "spiffe://domain.test/upstream-proxy" \
         -selector "unix:uid:0" \
         -federatesWith "spiffe://federated-domain.test" \
-        -ttl 0
+        -x509SVIDTTL 0
 
     log-debug "creating registration entry for downstream proxy..."
     docker compose exec -T upstream-spire-server \
         /opt/spire/bin/spire-server entry create \
         -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/downstream/agent/agent.crt.pem)" \
         -spiffeID "spiffe://domain.test/downstream-proxy" \
         -selector "unix:uid:0" \
-        -ttl 0
+        -x509SVIDTTL 0
 }
 
 test-envoy() {

diff --git a/test/integration/suites/envoy-sds-v3/00-test-envoy-releases b/test/integration/suites/envoy-sds-v3/00-test-envoy-releases
@@ -20,15 +20,15 @@ setup-tests() {
         -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/upstream-agent/agent.crt.pem)" \
         -spiffeID "spiffe://domain.test/upstream-workload" \
         -selector "unix:uid:0" \
-        -ttl 0
+        -x509SVIDTTL 0
 
     log-debug "creating registration entry for downstream workload..."
     docker compose exec -T spire-server \
         /opt/spire/bin/spire-server entry create \
         -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/downstream-agent/agent.crt.pem)" \
         -spiffeID "spiffe://domain.test/downstream-workload" \
         -selector "unix:uid:0" \
-        -ttl 0
+        -x509SVIDTTL 0
 }
 
 test-envoy() {

diff --git a/test/integration/suites/fetch-x509-svids/04-create-registration-entries b/test/integration/suites/fetch-x509-svids/04-create-registration-entries
@@ -10,7 +10,7 @@ for ((m=1;m<=$SIZE;m++)); do
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload-$m" \
     -selector "unix:uid:1001" \
-    -ttl 0 &
+    -x509SVIDTTL 0 &
 done
 
 for ((m=1;m<=$SIZE;m++)); do

diff --git a/test/integration/suites/fetch-x509-svids/06-create-registration-entries b/test/integration/suites/fetch-x509-svids/06-create-registration-entries
@@ -10,7 +10,7 @@ for ((m=1;m<=$SIZE;m++)); do
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload/$m" \
     -selector "unix:uid:1002" \
-    -ttl 0 &
+    -x509SVIDTTL 0 &
 done
 
 for ((m=1;m<=$SIZE;m++)); do

diff --git a/test/integration/suites/ghostunnel-federation/04-create-workload-entries b/test/integration/suites/ghostunnel-federation/04-create-workload-entries
@@ -9,7 +9,7 @@ docker compose exec -T downstream-spire-server \
     -spiffeID "spiffe://downstream-domain.test/downstream-workload" \
     -selector "unix:uid:0" \
     -federatesWith "spiffe://upstream-domain.test" \
-    -ttl 0
+    -x509SVIDTTL 0
 
 log-debug "creating registration entry for upstream workload..."
 docker compose exec -T upstream-spire-server \
@@ -18,4 +18,4 @@ docker compose exec -T upstream-spire-server \
     -spiffeID "spiffe://upstream-domain.test/upstream-workload" \
     -selector "unix:uid:0" \
     -federatesWith "spiffe://downstream-domain.test" \
-    -ttl 0
+    -x509SVIDTTL 0
diff --git a/test/integration/suites/join-token/04-create-workload-entry b/test/integration/suites/join-token/04-create-workload-entry
@@ -6,7 +6,9 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/node" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:0" \
-    -ttl 0
+    -x509SVIDTTL 0 \
+    -jwtSVIDTTL 0
+
 
 # Check at most 30 times (with one second in between) that the agent has
 # successfully synced down the workload entry.

diff --git a/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries b/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries
@@ -7,7 +7,7 @@ docker compose exec -T root-server \
     -spiffeID "spiffe://domain.test/intermediateA" \
     -selector "docker:label:org.integration.name:intermediateA" \
     -downstream \
-    -ttl 3600
+    -x509SVIDTTL 3600
 check-synced-entry "root-agent" "spiffe://domain.test/intermediateA"
 
 log-debug "creating intermediateB downstream registration entry..."
@@ -17,5 +17,5 @@ docker compose exec -T root-server \
     -spiffeID "spiffe://domain.test/intermediateB" \
     -selector "docker:label:org.integration.name:intermediateB" \
     -downstream \
-    -ttl 3600
+    -x509SVIDTTL 3600
 check-synced-entry "root-agent" "spiffe://domain.test/intermediateB"
diff --git a/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry b/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry
@@ -8,6 +8,6 @@ docker compose exec -T intermediateA-server \
     -spiffeID "spiffe://domain.test/leafA" \
     -selector "docker:label:org.integration.name:leafA" \
     -downstream \
-    -ttl 90
+    -x509SVIDTTL 90
 
 check-synced-entry "intermediateA-agent" "spiffe://domain.test/leafA"
diff --git a/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry b/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry
@@ -8,6 +8,6 @@ docker compose exec -T intermediateB-server \
     -spiffeID "spiffe://domain.test/leafB" \
     -selector "docker:label:org.integration.name:leafB" \
     -downstream \
-    -ttl 90
+    -x509SVIDTTL 90
 
 check-synced-entry "intermediateB-agent" "spiffe://domain.test/leafB"
diff --git a/test/integration/suites/nested-rotation/09-create-workload-entries b/test/integration/suites/nested-rotation/09-create-workload-entries
@@ -6,7 +6,7 @@ docker compose exec -T intermediateA-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateA/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/intermediateA/workload" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "intermediateA-agent" "spiffe://domain.test/intermediateA/workload"
 
 log-debug "creating leafA workload registration entry..."
@@ -15,7 +15,7 @@ docker compose exec -T leafA-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafA/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/leafA/workload" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "leafA-agent" "spiffe://domain.test/leafA/workload"
 
 log-debug "creating intermediateB workload registration entry..."
@@ -24,7 +24,7 @@ docker compose exec -T intermediateB-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateB/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/intermediateB/workload" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "intermediateB-agent" "spiffe://domain.test/intermediateB/workload"
 
 log-debug "creating leafB workload registration entry..."
@@ -33,5 +33,5 @@ docker compose exec -T leafB-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafB/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/leafB/workload" \
     -selector "unix:uid:1001" \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "leafB-agent" "spiffe://domain.test/leafB/workload"
diff --git a/test/integration/suites/node-attestation/04-test-x509pop-attestation b/test/integration/suites/node-attestation/04-test-x509pop-attestation
@@ -7,7 +7,7 @@ docker compose exec -T spire-server \
     -spiffeID "spiffe://domain.test/admin" \
     -selector "unix:uid:1000" \
     -admin \
-    -ttl 0
+    -x509SVIDTTL 0
 check-synced-entry "spire-agent" "spiffe://domain.test/admin"
 
 log-debug "running x509pop test..."

diff --git a/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api b/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api
@@ -10,7 +10,8 @@ docker compose exec -T spire-server \
   -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
   -spiffeID "spiffe://domain.test/oidc-provider" \
   -selector "docker:label:org.integration.name:oidc-discovery-provider" \
-  -ttl 0
+  -x509SVIDTTL 0 \
+  -jwtSVIDTTL 0
 
 check-synced-entry "spire-agent" "spiffe://domain.test/oidc-provider"
 

diff --git a/test/integration/suites/rotation/04-create-workload-entry b/test/integration/suites/rotation/04-create-workload-entry
@@ -6,7 +6,7 @@ docker compose exec -T spire-server \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload" \
     -selector "unix:uid:0" \
-    -ttl 0
+    -x509SVIDTTL 0
 
 # Check at most 30 times (with one second in between) that the agent has
 # successfully synced down the workload entry.

diff --git a/test/integration/suites/spire-server-cli/03-entry b/test/integration/suites/spire-server-cli/03-entry
@@ -33,7 +33,7 @@ docker compose exec -T spire-server \
         -spiffeID spiffe://domain.test/otherChild \
         -node \
         -dns dnsname1 \
-        -ttl 123 || fail-now "failed to create entry 3"
+        -x509SVIDTTL 123 || fail-now "failed to create entry 3"
 
 # Verify entry count correctly indicates three entries
 docker compose exec -T spire-server /opt/spire/bin/spire-server entry count | grep 3 || fail-now "failed to count 3 entries"
@@ -139,7 +139,7 @@ docker compose exec -T spire-server \
         -parentID spiffe://domain.test/parent \
         -spiffeID spiffe://domain.test/child1 \
         -federatesWith spiffe://federated1.test \
-        -ttl 456 || fail-now "failed to update entry 1"
+        -x509SVIDTTL 456 || fail-now "failed to update entry 1"
 
 docker compose exec -T spire-server \
 	/opt/spire/bin/spire-server entry update \

diff --git a/test/integration/suites/upgrade/01-run-upgrade-tests b/test/integration/suites/upgrade/01-run-upgrade-tests
@@ -41,7 +41,7 @@ create-registration-entry() {
         -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
         -spiffeID "spiffe://domain.test/workload" \
         -selector "unix:uid:${UID}" \
-        -ttl 0
+        -x509SVIDTTL 0
 
     # Check at most 30 times (with one second in between) that the agent has
     # successfully synced down the workload entry.