Revert changes of uid

Signed-off-by: Agustín Martínez Fayó <[email protected]>
amartinezfayo · Mar 14, 2024 · 3b9cedc · 3b9cedc
1 parent 92c9dcf
commit 3b9cedc
Show file tree

Hide file tree

Showing 17 changed files with 32 additions and 32 deletions.
diff --git a/test/integration/setup/adminclient/client.go b/test/integration/setup/adminclient/client.go
@@ -487,7 +487,7 @@ func batchCreateEntry(ctx context.Context, c *itclient.Client) error {
 		Selectors: []*types.Selector{
 			{
 				Type:  "unix",
-				Value: "uid:1000",
+				Value: "uid:1001",
 			},
 		},
 	}
@@ -583,7 +583,7 @@ func getEntry(ctx context.Context, c *itclient.Client) error {
 		Selectors: []*types.Selector{
 			{
 				Type:  "unix",
-				Value: "uid:1000",
+				Value: "uid:1001",
 			},
 		},
 	}
@@ -620,7 +620,7 @@ func batchUpdateEntry(ctx context.Context, c *itclient.Client) error {
 		Selectors: []*types.Selector{
 			{
 				Type:  "unix",
-				Value: "uid:1000",
+				Value: "uid:1001",
 			},
 			{
 				Type:  "unix",

diff --git a/test/integration/suites/admin-endpoints/05-create-registration-entries b/test/integration/suites/admin-endpoints/05-create-registration-entries
@@ -5,7 +5,7 @@ docker-compose exec -T spire-server-a \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain-a.test/spire/agent/x509pop/$(fingerprint conf/domain-a/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain-a.test/admin" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -admin \
     -ttl 0
 check-synced-entry "spire-agent-a" "spiffe://domain-a.test/admin"

diff --git a/test/integration/suites/admin-endpoints/06-test-endpoints b/test/integration/suites/admin-endpoints/06-test-endpoints
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 log-debug "test admin workload..."
-docker-compose exec -u 1000 -T spire-agent-a \
+docker-compose exec -u 1001 -T spire-agent-a \
 	/opt/spire/conf/agent/adminclient -trustDomain domain-a.test -serverAddr spire-server-a:8081 || fail-now "failed to check admin endpoints"
 
 log-debug "test foreign admin workload..."

diff --git a/test/integration/suites/debug-endpoints/04-create-registration-entries b/test/integration/suites/debug-endpoints/04-create-registration-entries
@@ -5,7 +5,7 @@ docker-compose exec -T spire-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/admin" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -admin \
     -ttl 0
 check-synced-entry "spire-agent" "spiffe://domain.test/admin"

diff --git a/test/integration/suites/debug-endpoints/05-test-endpoints b/test/integration/suites/debug-endpoints/05-test-endpoints
@@ -15,7 +15,7 @@ for ((i=1; i<=MAXCHECKS;i++)); do
 done
 
 # Verify server TCP server does not implements Debug endpoint
-docker-compose exec -u 1000 -T spire-agent \
+docker-compose exec -u 1001 -T spire-agent \
 	/opt/spire/conf/agent/debugclient -testCase "serverWithWorkload" || fail-now "failed to check server debug endpoints using admin workload"
 
 docker-compose exec -u 1002 -T spire-agent \

diff --git a/test/integration/suites/delegatedidentity/04-create-registration-entries b/test/integration/suites/delegatedidentity/04-create-registration-entries
@@ -5,7 +5,7 @@ docker-compose exec -T spire-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/authorized_delegate" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -ttl 0
 check-synced-entry "spire-agent" "spiffe://domain.test/authorized_delegate"
 

diff --git a/test/integration/suites/delegatedidentity/05-test-endpoints b/test/integration/suites/delegatedidentity/05-test-endpoints
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 log-info "Test Delegated Identity API (for success)"
-docker-compose exec -u 1000 -T spire-agent \
+docker-compose exec -u 1001 -T spire-agent \
 	/opt/spire/conf/agent/delegatedidentityclient -expectedID spiffe://domain.test/workload || fail-now "Failed to check Delegated Identity API"
 
 log-info "Test Delegated Identity API (expecting permission denied)"

diff --git a/test/integration/suites/downstream-endpoints/04-create-entries b/test/integration/suites/downstream-endpoints/04-create-entries
@@ -5,7 +5,7 @@ docker-compose exec -T spire-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/downstream" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -downstream \
     -ttl 0
 check-synced-entry "spire-agent" "spiffe://domain.test/downstream"

diff --git a/test/integration/suites/downstream-endpoints/05-test-endpoints b/test/integration/suites/downstream-endpoints/05-test-endpoints
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 log-debug "test downstream workload..."
-docker-compose exec -u 1000 -T spire-agent \
+docker-compose exec -u 1001 -T spire-agent \
 	/opt/spire/conf/agent/downstreamclient || fail-now "failed to check downstream endpoints"
 
 log-debug "Test regular workload..."

diff --git a/test/integration/suites/fetch-x509-svids/04-create-registration-entries b/test/integration/suites/fetch-x509-svids/04-create-registration-entries
@@ -2,14 +2,14 @@
 
 SIZE=10
 
-# Create entries for uid 1000
+# Create entries for uid 1001
 for ((m=1;m<=$SIZE;m++)); do
   log-debug "creating registration entry: $m"
   docker-compose exec -T spire-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/workload-$m" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -ttl 0 &
 done
 

diff --git a/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids b/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids
@@ -3,7 +3,7 @@
 ENTRYCOUNT=10
 CACHESIZE=8
 
-X509SVIDCOUNT=$(docker-compose exec -u 1000 -T spire-agent \
+X509SVIDCOUNT=$(docker-compose exec -u 1001 -T spire-agent \
   /opt/spire/bin/spire-agent api fetch x509 \
   -socketPath /opt/spire/sockets/workload_api.sock | grep -i "spiffe://domain.test" | wc -l || fail-now "X.509-SVID check failed")
 

diff --git a/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids b/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids
@@ -13,7 +13,7 @@ else
   log-info "Expected $ENTRYCOUNT X.509-SVIDs and received $X509SVIDCOUNT for uid 1002";
 fi
 
-X509SVIDCOUNT=$(docker-compose exec -u 1000 -T spire-agent \
+X509SVIDCOUNT=$(docker-compose exec -u 1001 -T spire-agent \
   /opt/spire/bin/spire-agent api fetch x509 \
   -socketPath /opt/spire/sockets/workload_api.sock | grep -i "spiffe://domain.test" | wc -l || fail-now "X.509-SVID check failed")
 

diff --git a/test/integration/suites/nested-rotation/09-create-workload-entries b/test/integration/suites/nested-rotation/09-create-workload-entries
@@ -5,7 +5,7 @@ docker-compose exec -T intermediateA-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateA/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/intermediateA/workload" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -ttl 0
 check-synced-entry "intermediateA-agent" "spiffe://domain.test/intermediateA/workload"
 
@@ -14,7 +14,7 @@ docker-compose exec -T leafA-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafA/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/leafA/workload" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -ttl 0
 check-synced-entry "leafA-agent" "spiffe://domain.test/leafA/workload"
 
@@ -23,7 +23,7 @@ docker-compose exec -T intermediateB-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateB/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/intermediateB/workload" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -ttl 0
 check-synced-entry "intermediateB-agent" "spiffe://domain.test/intermediateB/workload"
 
@@ -32,6 +32,6 @@ docker-compose exec -T leafB-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafB/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/leafB/workload" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -ttl 0
 check-synced-entry "leafB-agent" "spiffe://domain.test/leafB/workload"
diff --git a/test/integration/suites/nested-rotation/10-check-svids b/test/integration/suites/nested-rotation/10-check-svids
@@ -5,15 +5,15 @@ CHECKINTERVAL=6
 
 validateX509SVID() {
   # Write svid on disk
-  docker-compose exec -u 1000 -T $1 \
+  docker-compose exec -u 1001 -T $1 \
       /opt/spire/bin/spire-agent api fetch x509 \
       -socketPath /opt/spire/sockets/workload_api.sock \
       -write /tmp || fail-now "x509-SVID check failed"
 
   # Copy SVID
   docker cp $(docker-compose ps -q $1):/tmp/svid.0.pem - | docker cp - $(docker-compose ps -q $2):/opt/
 
-  docker-compose exec -u 1000 -T $2 \
+  docker-compose exec -u 1001 -T $2 \
       /opt/spire/bin/spire-agent api fetch x509 \
       -socketPath /opt/spire/sockets/workload_api.sock \
       -write /tmp || fail-now "x509-SVID check failed"
@@ -23,11 +23,11 @@ validateX509SVID() {
 
 validateJWTSVID() {
    # Fetch JWT-SVID and extract token
-  token=$(docker-compose exec -u 1000 -T $1 \
+  token=$(docker-compose exec -u 1001 -T $1 \
       /opt/spire/bin/spire-agent api fetch jwt -audience testIt -socketPath /opt/spire/sockets/workload_api.sock | sed -n '2p') || fail-now "JWT-SVID check failed"
 
   # Validate token
-  docker-compose exec -u 1000 -T $2 \
+  docker-compose exec -u 1001 -T $2 \
       /opt/spire/bin/spire-agent api validate jwt -audience testIt  -svid "${token}" \
         -socketPath /opt/spire/sockets/workload_api.sock
 }

diff --git a/test/integration/suites/node-attestation/03-test-node-attestation b/test/integration/suites/node-attestation/03-test-node-attestation
@@ -1,31 +1,31 @@
 #!/bin/bash
 
 # Test node attestation api
-jointoken=`docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep jointoken`
+jointoken=`docker-compose exec -u 1001 -T spire-server /opt/spire/conf/server/node-attestation -testStep jointoken`
 echo "Created Join Token" $jointoken
 
-svid1=`docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep jointokenattest -tokenName $jointoken`
+svid1=`docker-compose exec -u 1001 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep jointokenattest -tokenName $jointoken`
 if [[ $? -ne 0 ]];
 then
 	fail-now "Failed to do initial join token attestation"
 fi
 echo "Received initial SVID:" $svid1
 
-svid2=`docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep renew -certificate "${svid1}"`
+svid2=`docker-compose exec -u 1001 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep renew -certificate "${svid1}"`
 if [[ $? -ne 0 ]];
 then
 	fail-now "Failed to do SVID renewal"
 fi
 echo "Received renewed SVID:" $svid2
 
-docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep ban -tokenName ${jointoken} 
+docker-compose exec -u 1001 -T spire-server /opt/spire/conf/server/node-attestation -testStep ban -tokenName ${jointoken} 
 if [[ $? -ne 0 ]];
 then
 	fail-now "Failed to do initial join token attestation"
 fi
 echo "Agent banned"
 
-if docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep renew -certificate "${svid2}" 
+if docker-compose exec -u 1001 -T spire-server /opt/spire/conf/server/node-attestation -testStep renew -certificate "${svid2}" 
 then
 	fail-now "Expected agent to be banned"
 fi
diff --git a/test/integration/suites/node-attestation/04-test-x509pop-attestation b/test/integration/suites/node-attestation/04-test-x509pop-attestation
@@ -5,10 +5,10 @@ docker-compose exec -T spire-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/admin" \
-    -selector "unix:uid:1000" \
+    -selector "unix:uid:1001" \
     -admin \
     -ttl 0
 check-synced-entry "spire-agent" "spiffe://domain.test/admin"
 
 log-debug "running x509pop test..."
-docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep x509pop || fail-now "failed to check x509pop attestion"
+docker-compose exec -u 1001 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep x509pop || fail-now "failed to check x509pop attestion"
diff --git a/test/integration/suites/svidstore/common b/test/integration/suites/svidstore/common
@@ -23,7 +23,7 @@ check-stored-svids() {
       fi
     done
 
-    docker-compose exec -u 1000 -T spire-server \
+    docker-compose exec -u 1001 -T spire-server \
       /opt/spire/conf/server/checkstoredsvids /opt/spire/conf/agent/svids.json  || fail-now "failed to check stored svids"
 }
 
@@ -48,6 +48,6 @@ check-deleted-svids() {
       fail-now "timed out waiting for agent to delete all svids"
     fi
 
-    docker-compose exec -u 1000 -T spire-server \
+    docker-compose exec -u 1001 -T spire-server \
       /opt/spire/conf/server/checkstoredsvids /opt/spire/conf/agent/svids.json  || fail-now "failed to check stored svids"
 }