From 4aee4e49d46128013490a1d83eb4419c6bd546a2 Mon Sep 17 00:00:00 2001 From: Marcel Levy <marcel@spirl.com> Date: Wed, 11 Sep 2024 09:41:09 -0700 Subject: [PATCH] Remove -ttl from integration tests --- .../windows-service/04-create-registration-entries | 2 +- .../04-create-registration-entries | 2 +- .../suites/admin-endpoints/05-create-registration-entries | 6 +++--- test/integration/suites/agent-cli/07-check-api-watch | 2 +- .../suites/debug-endpoints/04-create-registration-entries | 4 ++-- .../delegatedidentity/04-create-registration-entries | 4 ++-- .../suites/downstream-endpoints/04-create-entries | 4 ++-- .../envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh | 6 +++--- .../suites/envoy-sds-v3/00-test-envoy-releases | 4 ++-- .../fetch-x509-svids/04-create-registration-entries | 2 +- .../fetch-x509-svids/06-create-registration-entries | 2 +- .../ghostunnel-federation/04-create-workload-entries | 4 ++-- .../suites/join-token/04-create-workload-entry | 4 +++- .../02-create-intermediate-downstream-entries | 4 ++-- .../nested-rotation/04-create-leafA-downstream-entry | 2 +- .../nested-rotation/07-create-leafB-downstream-entry | 2 +- .../suites/nested-rotation/09-create-workload-entries | 8 ++++---- .../suites/node-attestation/04-test-x509pop-attestation | 2 +- .../04-assert-jwks-using-workload-api | 3 ++- test/integration/suites/rotation/04-create-workload-entry | 2 +- test/integration/suites/spire-server-cli/03-entry | 4 ++-- test/integration/suites/upgrade/01-run-upgrade-tests | 2 +- 22 files changed, 39 insertions(+), 36 deletions(-) diff --git a/test/integration/suites-windows/windows-service/04-create-registration-entries b/test/integration/suites-windows/windows-service/04-create-registration-entries index 9aac6412ab6..506fe604625 100644 --- a/test/integration/suites-windows/windows-service/04-create-registration-entries +++ b/test/integration/suites-windows/windows-service/04-create-registration-entries @@ -7,6 +7,6 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ -selector "windows:user_name:User Manager\ContainerUser" \ - -ttl 0 + -x509SVIDTTL 0 assert-synced-entry "spiffe://domain.test/workload" diff --git a/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries b/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries index 88de142502e..6edd0903cd8 100644 --- a/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries +++ b/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries @@ -6,7 +6,7 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ -selector "windows:user_name:User Manager\ContainerUser" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent" "spiffe://domain.test/workload" diff --git a/test/integration/suites/admin-endpoints/05-create-registration-entries b/test/integration/suites/admin-endpoints/05-create-registration-entries index abf06df863d..589304e608d 100755 --- a/test/integration/suites/admin-endpoints/05-create-registration-entries +++ b/test/integration/suites/admin-endpoints/05-create-registration-entries @@ -7,7 +7,7 @@ docker compose exec -T spire-server-a \ -spiffeID "spiffe://domain-a.test/admin" \ -selector "unix:uid:1001" \ -admin \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent-a" "spiffe://domain-a.test/admin" log-debug "creating foreign admin registration entry..." @@ -17,7 +17,7 @@ docker compose exec -T spire-server-b \ -spiffeID "spiffe://domain-b.test/admin" \ -selector "unix:uid:1003" \ -federatesWith "spiffe://domain-a.test" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent-b" "spiffe://domain-b.test/admin" log-debug "creating regular registration entry..." @@ -26,5 +26,5 @@ docker compose exec -T spire-server-a \ -parentID "spiffe://domain-a.test/spire/agent/x509pop/$(fingerprint conf/domain-a/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain-a.test/workload" \ -selector "unix:uid:1002" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent-a" "spiffe://domain-a.test/workload" diff --git a/test/integration/suites/agent-cli/07-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch index 47dc61f1fb2..c7846bbc932 100755 --- a/test/integration/suites/agent-cli/07-check-api-watch +++ b/test/integration/suites/agent-cli/07-check-api-watch @@ -8,7 +8,7 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload-$m" \ -selector "unix:uid:1001" \ - -ttl 20 & + -x509SVIDTTL 20 & # Get the PID of the last background process API_WATCH_PID=$! diff --git a/test/integration/suites/debug-endpoints/04-create-registration-entries b/test/integration/suites/debug-endpoints/04-create-registration-entries index 7eef854da04..33c41a9b150 100755 --- a/test/integration/suites/debug-endpoints/04-create-registration-entries +++ b/test/integration/suites/debug-endpoints/04-create-registration-entries @@ -7,7 +7,7 @@ docker compose exec -T spire-server \ -spiffeID "spiffe://domain.test/admin" \ -selector "unix:uid:1001" \ -admin \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent" "spiffe://domain.test/admin" log-debug "creating regular registration entry..." @@ -16,6 +16,6 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ -selector "unix:uid:1002" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent" "spiffe://domain.test/workload" diff --git a/test/integration/suites/delegatedidentity/04-create-registration-entries b/test/integration/suites/delegatedidentity/04-create-registration-entries index 000c073069c..0ba8854c5c0 100755 --- a/test/integration/suites/delegatedidentity/04-create-registration-entries +++ b/test/integration/suites/delegatedidentity/04-create-registration-entries @@ -6,7 +6,7 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/authorized_delegate" \ -selector "unix:uid:1001" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent" "spiffe://domain.test/authorized_delegate" log-debug "creating registration entry for workload..." @@ -15,5 +15,5 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ -selector "unix:uid:1002" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent" "spiffe://domain.test/workload" diff --git a/test/integration/suites/downstream-endpoints/04-create-entries b/test/integration/suites/downstream-endpoints/04-create-entries index a8c4dbd9bd7..29b4d56d7e1 100755 --- a/test/integration/suites/downstream-endpoints/04-create-entries +++ b/test/integration/suites/downstream-endpoints/04-create-entries @@ -7,7 +7,7 @@ docker compose exec -T spire-server \ -spiffeID "spiffe://domain.test/downstream" \ -selector "unix:uid:1001" \ -downstream \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent" "spiffe://domain.test/downstream" log-debug "creating workload registration entry..." @@ -16,6 +16,6 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ -selector "unix:uid:1002" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent" "spiffe://domain.test/workload" diff --git a/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh b/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh index d2d25109615..3492f51b7c5 100755 --- a/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh +++ b/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh @@ -59,7 +59,7 @@ setup-tests() { -spiffeID "spiffe://federated-domain.test/downstream-proxy" \ -selector "unix:uid:0" \ -federatesWith "spiffe://domain.test" \ - -ttl 0 + -x509SVIDTTL 0 log-debug "creating registration entry for upstream proxy..." docker compose exec -T upstream-spire-server \ @@ -68,7 +68,7 @@ setup-tests() { -spiffeID "spiffe://domain.test/upstream-proxy" \ -selector "unix:uid:0" \ -federatesWith "spiffe://federated-domain.test" \ - -ttl 0 + -x509SVIDTTL 0 log-debug "creating registration entry for downstream proxy..." docker compose exec -T upstream-spire-server \ @@ -76,7 +76,7 @@ setup-tests() { -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/downstream/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/downstream-proxy" \ -selector "unix:uid:0" \ - -ttl 0 + -x509SVIDTTL 0 } test-envoy() { diff --git a/test/integration/suites/envoy-sds-v3/00-test-envoy-releases b/test/integration/suites/envoy-sds-v3/00-test-envoy-releases index f2f2e29c880..9ab835901f3 100755 --- a/test/integration/suites/envoy-sds-v3/00-test-envoy-releases +++ b/test/integration/suites/envoy-sds-v3/00-test-envoy-releases @@ -20,7 +20,7 @@ setup-tests() { -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/upstream-agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/upstream-workload" \ -selector "unix:uid:0" \ - -ttl 0 + -x509SVIDTTL 0 log-debug "creating registration entry for downstream workload..." docker compose exec -T spire-server \ @@ -28,7 +28,7 @@ setup-tests() { -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/downstream-agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/downstream-workload" \ -selector "unix:uid:0" \ - -ttl 0 + -x509SVIDTTL 0 } test-envoy() { diff --git a/test/integration/suites/fetch-x509-svids/04-create-registration-entries b/test/integration/suites/fetch-x509-svids/04-create-registration-entries index 6a3d23b3db0..318b53162db 100755 --- a/test/integration/suites/fetch-x509-svids/04-create-registration-entries +++ b/test/integration/suites/fetch-x509-svids/04-create-registration-entries @@ -10,7 +10,7 @@ for ((m=1;m<=$SIZE;m++)); do -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload-$m" \ -selector "unix:uid:1001" \ - -ttl 0 & + -x509SVIDTTL 0 & done for ((m=1;m<=$SIZE;m++)); do diff --git a/test/integration/suites/fetch-x509-svids/06-create-registration-entries b/test/integration/suites/fetch-x509-svids/06-create-registration-entries index 05ed54b1ac3..cb0f9333d60 100755 --- a/test/integration/suites/fetch-x509-svids/06-create-registration-entries +++ b/test/integration/suites/fetch-x509-svids/06-create-registration-entries @@ -10,7 +10,7 @@ for ((m=1;m<=$SIZE;m++)); do -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload/$m" \ -selector "unix:uid:1002" \ - -ttl 0 & + -x509SVIDTTL 0 & done for ((m=1;m<=$SIZE;m++)); do diff --git a/test/integration/suites/ghostunnel-federation/04-create-workload-entries b/test/integration/suites/ghostunnel-federation/04-create-workload-entries index 95f293e1005..00cc5b73428 100755 --- a/test/integration/suites/ghostunnel-federation/04-create-workload-entries +++ b/test/integration/suites/ghostunnel-federation/04-create-workload-entries @@ -9,7 +9,7 @@ docker compose exec -T downstream-spire-server \ -spiffeID "spiffe://downstream-domain.test/downstream-workload" \ -selector "unix:uid:0" \ -federatesWith "spiffe://upstream-domain.test" \ - -ttl 0 + -x509SVIDTTL 0 log-debug "creating registration entry for upstream workload..." docker compose exec -T upstream-spire-server \ @@ -18,4 +18,4 @@ docker compose exec -T upstream-spire-server \ -spiffeID "spiffe://upstream-domain.test/upstream-workload" \ -selector "unix:uid:0" \ -federatesWith "spiffe://downstream-domain.test" \ - -ttl 0 + -x509SVIDTTL 0 diff --git a/test/integration/suites/join-token/04-create-workload-entry b/test/integration/suites/join-token/04-create-workload-entry index c945899c4dc..a1d3b31555b 100755 --- a/test/integration/suites/join-token/04-create-workload-entry +++ b/test/integration/suites/join-token/04-create-workload-entry @@ -6,7 +6,9 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/node" \ -spiffeID "spiffe://domain.test/workload" \ -selector "unix:uid:0" \ - -ttl 0 + -x509SVIDTTL 0 \ + -jwtSVIDTTL 0 + # Check at most 30 times (with one second in between) that the agent has # successfully synced down the workload entry. diff --git a/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries b/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries index d5f5ed2bf68..3f4b496638b 100755 --- a/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries +++ b/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries @@ -7,7 +7,7 @@ docker compose exec -T root-server \ -spiffeID "spiffe://domain.test/intermediateA" \ -selector "docker:label:org.integration.name:intermediateA" \ -downstream \ - -ttl 3600 + -x509SVIDTTL 3600 check-synced-entry "root-agent" "spiffe://domain.test/intermediateA" log-debug "creating intermediateB downstream registration entry..." @@ -17,5 +17,5 @@ docker compose exec -T root-server \ -spiffeID "spiffe://domain.test/intermediateB" \ -selector "docker:label:org.integration.name:intermediateB" \ -downstream \ - -ttl 3600 + -x509SVIDTTL 3600 check-synced-entry "root-agent" "spiffe://domain.test/intermediateB" diff --git a/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry b/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry index 60b22ee3cb2..61d0b78b6f5 100755 --- a/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry +++ b/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry @@ -8,6 +8,6 @@ docker compose exec -T intermediateA-server \ -spiffeID "spiffe://domain.test/leafA" \ -selector "docker:label:org.integration.name:leafA" \ -downstream \ - -ttl 90 + -x509SVIDTTL 90 check-synced-entry "intermediateA-agent" "spiffe://domain.test/leafA" diff --git a/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry b/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry index ec419c107ff..2054bfec051 100755 --- a/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry +++ b/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry @@ -8,6 +8,6 @@ docker compose exec -T intermediateB-server \ -spiffeID "spiffe://domain.test/leafB" \ -selector "docker:label:org.integration.name:leafB" \ -downstream \ - -ttl 90 + -x509SVIDTTL 90 check-synced-entry "intermediateB-agent" "spiffe://domain.test/leafB" diff --git a/test/integration/suites/nested-rotation/09-create-workload-entries b/test/integration/suites/nested-rotation/09-create-workload-entries index c6061b977d7..c80851e22dc 100755 --- a/test/integration/suites/nested-rotation/09-create-workload-entries +++ b/test/integration/suites/nested-rotation/09-create-workload-entries @@ -6,7 +6,7 @@ docker compose exec -T intermediateA-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateA/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/intermediateA/workload" \ -selector "unix:uid:1001" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "intermediateA-agent" "spiffe://domain.test/intermediateA/workload" log-debug "creating leafA workload registration entry..." @@ -15,7 +15,7 @@ docker compose exec -T leafA-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafA/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/leafA/workload" \ -selector "unix:uid:1001" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "leafA-agent" "spiffe://domain.test/leafA/workload" log-debug "creating intermediateB workload registration entry..." @@ -24,7 +24,7 @@ docker compose exec -T intermediateB-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateB/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/intermediateB/workload" \ -selector "unix:uid:1001" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "intermediateB-agent" "spiffe://domain.test/intermediateB/workload" log-debug "creating leafB workload registration entry..." @@ -33,5 +33,5 @@ docker compose exec -T leafB-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafB/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/leafB/workload" \ -selector "unix:uid:1001" \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "leafB-agent" "spiffe://domain.test/leafB/workload" diff --git a/test/integration/suites/node-attestation/04-test-x509pop-attestation b/test/integration/suites/node-attestation/04-test-x509pop-attestation index 32f3230bfd7..79ad304327e 100755 --- a/test/integration/suites/node-attestation/04-test-x509pop-attestation +++ b/test/integration/suites/node-attestation/04-test-x509pop-attestation @@ -7,7 +7,7 @@ docker compose exec -T spire-server \ -spiffeID "spiffe://domain.test/admin" \ -selector "unix:uid:1000" \ -admin \ - -ttl 0 + -x509SVIDTTL 0 check-synced-entry "spire-agent" "spiffe://domain.test/admin" log-debug "running x509pop test..." diff --git a/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api b/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api index c0ec626ddfc..64953a7a80a 100755 --- a/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api +++ b/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api @@ -10,7 +10,8 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/oidc-provider" \ -selector "docker:label:org.integration.name:oidc-discovery-provider" \ - -ttl 0 + -x509SVIDTTL 0 \ + -jwtSVIDTTL 0 check-synced-entry "spire-agent" "spiffe://domain.test/oidc-provider" diff --git a/test/integration/suites/rotation/04-create-workload-entry b/test/integration/suites/rotation/04-create-workload-entry index 784ca9c291e..31e36c8c664 100755 --- a/test/integration/suites/rotation/04-create-workload-entry +++ b/test/integration/suites/rotation/04-create-workload-entry @@ -6,7 +6,7 @@ docker compose exec -T spire-server \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ -selector "unix:uid:0" \ - -ttl 0 + -x509SVIDTTL 0 # Check at most 30 times (with one second in between) that the agent has # successfully synced down the workload entry. diff --git a/test/integration/suites/spire-server-cli/03-entry b/test/integration/suites/spire-server-cli/03-entry index 5e7288d250a..a7a490475c5 100755 --- a/test/integration/suites/spire-server-cli/03-entry +++ b/test/integration/suites/spire-server-cli/03-entry @@ -33,7 +33,7 @@ docker compose exec -T spire-server \ -spiffeID spiffe://domain.test/otherChild \ -node \ -dns dnsname1 \ - -ttl 123 || fail-now "failed to create entry 3" + -x509SVIDTTL 123 || fail-now "failed to create entry 3" # Verify entry count correctly indicates three entries docker compose exec -T spire-server /opt/spire/bin/spire-server entry count | grep 3 || fail-now "failed to count 3 entries" @@ -139,7 +139,7 @@ docker compose exec -T spire-server \ -parentID spiffe://domain.test/parent \ -spiffeID spiffe://domain.test/child1 \ -federatesWith spiffe://federated1.test \ - -ttl 456 || fail-now "failed to update entry 1" + -x509SVIDTTL 456 || fail-now "failed to update entry 1" docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry update \ diff --git a/test/integration/suites/upgrade/01-run-upgrade-tests b/test/integration/suites/upgrade/01-run-upgrade-tests index 8909633391d..d51d3a16962 100755 --- a/test/integration/suites/upgrade/01-run-upgrade-tests +++ b/test/integration/suites/upgrade/01-run-upgrade-tests @@ -41,7 +41,7 @@ create-registration-entry() { -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ -selector "unix:uid:${UID}" \ - -ttl 0 + -x509SVIDTTL 0 # Check at most 30 times (with one second in between) that the agent has # successfully synced down the workload entry.