diff --git a/test/integration/setup/adminclient/client.go b/test/integration/setup/adminclient/client.go index 9fb81b226c..09f35b445b 100644 --- a/test/integration/setup/adminclient/client.go +++ b/test/integration/setup/adminclient/client.go @@ -487,7 +487,7 @@ func batchCreateEntry(ctx context.Context, c *itclient.Client) error { Selectors: []*types.Selector{ { Type: "unix", - Value: "uid:1000", + Value: "uid:1001", }, }, } @@ -583,7 +583,7 @@ func getEntry(ctx context.Context, c *itclient.Client) error { Selectors: []*types.Selector{ { Type: "unix", - Value: "uid:1000", + Value: "uid:1001", }, }, } @@ -620,7 +620,7 @@ func batchUpdateEntry(ctx context.Context, c *itclient.Client) error { Selectors: []*types.Selector{ { Type: "unix", - Value: "uid:1000", + Value: "uid:1001", }, { Type: "unix", diff --git a/test/integration/suites/admin-endpoints/05-create-registration-entries b/test/integration/suites/admin-endpoints/05-create-registration-entries index e6da526b91..62115bc0ba 100755 --- a/test/integration/suites/admin-endpoints/05-create-registration-entries +++ b/test/integration/suites/admin-endpoints/05-create-registration-entries @@ -5,7 +5,7 @@ docker-compose exec -T spire-server-a \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain-a.test/spire/agent/x509pop/$(fingerprint conf/domain-a/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain-a.test/admin" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -admin \ -ttl 0 check-synced-entry "spire-agent-a" "spiffe://domain-a.test/admin" diff --git a/test/integration/suites/admin-endpoints/06-test-endpoints b/test/integration/suites/admin-endpoints/06-test-endpoints index c821a55dc9..9c64362f0f 100755 --- a/test/integration/suites/admin-endpoints/06-test-endpoints +++ b/test/integration/suites/admin-endpoints/06-test-endpoints @@ -1,7 +1,7 @@ #!/bin/bash log-debug "test admin workload..." -docker-compose exec -u 1000 -T spire-agent-a \ +docker-compose exec -u 1001 -T spire-agent-a \ /opt/spire/conf/agent/adminclient -trustDomain domain-a.test -serverAddr spire-server-a:8081 || fail-now "failed to check admin endpoints" log-debug "test foreign admin workload..." diff --git a/test/integration/suites/debug-endpoints/04-create-registration-entries b/test/integration/suites/debug-endpoints/04-create-registration-entries index 99d2bc7e54..6eed24af31 100755 --- a/test/integration/suites/debug-endpoints/04-create-registration-entries +++ b/test/integration/suites/debug-endpoints/04-create-registration-entries @@ -5,7 +5,7 @@ docker-compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/admin" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -admin \ -ttl 0 check-synced-entry "spire-agent" "spiffe://domain.test/admin" diff --git a/test/integration/suites/debug-endpoints/05-test-endpoints b/test/integration/suites/debug-endpoints/05-test-endpoints index b610e4d582..ac4a6c25c1 100755 --- a/test/integration/suites/debug-endpoints/05-test-endpoints +++ b/test/integration/suites/debug-endpoints/05-test-endpoints @@ -15,7 +15,7 @@ for ((i=1; i<=MAXCHECKS;i++)); do done # Verify server TCP server does not implements Debug endpoint -docker-compose exec -u 1000 -T spire-agent \ +docker-compose exec -u 1001 -T spire-agent \ /opt/spire/conf/agent/debugclient -testCase "serverWithWorkload" || fail-now "failed to check server debug endpoints using admin workload" docker-compose exec -u 1002 -T spire-agent \ diff --git a/test/integration/suites/delegatedidentity/04-create-registration-entries b/test/integration/suites/delegatedidentity/04-create-registration-entries index 9066954d7d..d21a2505a3 100755 --- a/test/integration/suites/delegatedidentity/04-create-registration-entries +++ b/test/integration/suites/delegatedidentity/04-create-registration-entries @@ -5,7 +5,7 @@ docker-compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/authorized_delegate" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -ttl 0 check-synced-entry "spire-agent" "spiffe://domain.test/authorized_delegate" diff --git a/test/integration/suites/delegatedidentity/05-test-endpoints b/test/integration/suites/delegatedidentity/05-test-endpoints index 413f88e621..78f3011028 100755 --- a/test/integration/suites/delegatedidentity/05-test-endpoints +++ b/test/integration/suites/delegatedidentity/05-test-endpoints @@ -1,7 +1,7 @@ #!/bin/bash log-info "Test Delegated Identity API (for success)" -docker-compose exec -u 1000 -T spire-agent \ +docker-compose exec -u 1001 -T spire-agent \ /opt/spire/conf/agent/delegatedidentityclient -expectedID spiffe://domain.test/workload || fail-now "Failed to check Delegated Identity API" log-info "Test Delegated Identity API (expecting permission denied)" diff --git a/test/integration/suites/downstream-endpoints/04-create-entries b/test/integration/suites/downstream-endpoints/04-create-entries index f603e90778..470658106b 100755 --- a/test/integration/suites/downstream-endpoints/04-create-entries +++ b/test/integration/suites/downstream-endpoints/04-create-entries @@ -5,7 +5,7 @@ docker-compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/downstream" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -downstream \ -ttl 0 check-synced-entry "spire-agent" "spiffe://domain.test/downstream" diff --git a/test/integration/suites/downstream-endpoints/05-test-endpoints b/test/integration/suites/downstream-endpoints/05-test-endpoints index ecc3523215..ac67cc48e6 100755 --- a/test/integration/suites/downstream-endpoints/05-test-endpoints +++ b/test/integration/suites/downstream-endpoints/05-test-endpoints @@ -1,7 +1,7 @@ #!/bin/bash log-debug "test downstream workload..." -docker-compose exec -u 1000 -T spire-agent \ +docker-compose exec -u 1001 -T spire-agent \ /opt/spire/conf/agent/downstreamclient || fail-now "failed to check downstream endpoints" log-debug "Test regular workload..." diff --git a/test/integration/suites/fetch-x509-svids/04-create-registration-entries b/test/integration/suites/fetch-x509-svids/04-create-registration-entries index 1b7dcf77eb..1866777122 100755 --- a/test/integration/suites/fetch-x509-svids/04-create-registration-entries +++ b/test/integration/suites/fetch-x509-svids/04-create-registration-entries @@ -2,14 +2,14 @@ SIZE=10 -# Create entries for uid 1000 +# Create entries for uid 1001 for ((m=1;m<=$SIZE;m++)); do log-debug "creating registration entry: $m" docker-compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload-$m" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -ttl 0 & done diff --git a/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids b/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids index 25317b705f..5174d444e0 100755 --- a/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids +++ b/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids @@ -3,7 +3,7 @@ ENTRYCOUNT=10 CACHESIZE=8 -X509SVIDCOUNT=$(docker-compose exec -u 1000 -T spire-agent \ +X509SVIDCOUNT=$(docker-compose exec -u 1001 -T spire-agent \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/sockets/workload_api.sock | grep -i "spiffe://domain.test" | wc -l || fail-now "X.509-SVID check failed") diff --git a/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids b/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids index fb86dfe570..ce888d462a 100755 --- a/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids +++ b/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids @@ -13,7 +13,7 @@ else log-info "Expected $ENTRYCOUNT X.509-SVIDs and received $X509SVIDCOUNT for uid 1002"; fi -X509SVIDCOUNT=$(docker-compose exec -u 1000 -T spire-agent \ +X509SVIDCOUNT=$(docker-compose exec -u 1001 -T spire-agent \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/sockets/workload_api.sock | grep -i "spiffe://domain.test" | wc -l || fail-now "X.509-SVID check failed") diff --git a/test/integration/suites/nested-rotation/09-create-workload-entries b/test/integration/suites/nested-rotation/09-create-workload-entries index ede113f1ab..12e16679f4 100755 --- a/test/integration/suites/nested-rotation/09-create-workload-entries +++ b/test/integration/suites/nested-rotation/09-create-workload-entries @@ -5,7 +5,7 @@ docker-compose exec -T intermediateA-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateA/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/intermediateA/workload" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -ttl 0 check-synced-entry "intermediateA-agent" "spiffe://domain.test/intermediateA/workload" @@ -14,7 +14,7 @@ docker-compose exec -T leafA-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafA/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/leafA/workload" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -ttl 0 check-synced-entry "leafA-agent" "spiffe://domain.test/leafA/workload" @@ -23,7 +23,7 @@ docker-compose exec -T intermediateB-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateB/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/intermediateB/workload" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -ttl 0 check-synced-entry "intermediateB-agent" "spiffe://domain.test/intermediateB/workload" @@ -32,6 +32,6 @@ docker-compose exec -T leafB-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafB/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/leafB/workload" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -ttl 0 check-synced-entry "leafB-agent" "spiffe://domain.test/leafB/workload" diff --git a/test/integration/suites/nested-rotation/10-check-svids b/test/integration/suites/nested-rotation/10-check-svids index 0b926b3bc0..03d483b872 100755 --- a/test/integration/suites/nested-rotation/10-check-svids +++ b/test/integration/suites/nested-rotation/10-check-svids @@ -5,7 +5,7 @@ CHECKINTERVAL=6 validateX509SVID() { # Write svid on disk - docker-compose exec -u 1000 -T $1 \ + docker-compose exec -u 1001 -T $1 \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/sockets/workload_api.sock \ -write /tmp || fail-now "x509-SVID check failed" @@ -13,7 +13,7 @@ validateX509SVID() { # Copy SVID docker cp $(docker-compose ps -q $1):/tmp/svid.0.pem - | docker cp - $(docker-compose ps -q $2):/opt/ - docker-compose exec -u 1000 -T $2 \ + docker-compose exec -u 1001 -T $2 \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/sockets/workload_api.sock \ -write /tmp || fail-now "x509-SVID check failed" @@ -23,11 +23,11 @@ validateX509SVID() { validateJWTSVID() { # Fetch JWT-SVID and extract token - token=$(docker-compose exec -u 1000 -T $1 \ + token=$(docker-compose exec -u 1001 -T $1 \ /opt/spire/bin/spire-agent api fetch jwt -audience testIt -socketPath /opt/spire/sockets/workload_api.sock | sed -n '2p') || fail-now "JWT-SVID check failed" # Validate token - docker-compose exec -u 1000 -T $2 \ + docker-compose exec -u 1001 -T $2 \ /opt/spire/bin/spire-agent api validate jwt -audience testIt -svid "${token}" \ -socketPath /opt/spire/sockets/workload_api.sock } diff --git a/test/integration/suites/node-attestation/03-test-node-attestation b/test/integration/suites/node-attestation/03-test-node-attestation index c493b63d8d..fcc83e5e2e 100755 --- a/test/integration/suites/node-attestation/03-test-node-attestation +++ b/test/integration/suites/node-attestation/03-test-node-attestation @@ -1,31 +1,31 @@ #!/bin/bash # Test node attestation api -jointoken=`docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep jointoken` +jointoken=`docker-compose exec -u 1001 -T spire-server /opt/spire/conf/server/node-attestation -testStep jointoken` echo "Created Join Token" $jointoken -svid1=`docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep jointokenattest -tokenName $jointoken` +svid1=`docker-compose exec -u 1001 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep jointokenattest -tokenName $jointoken` if [[ $? -ne 0 ]]; then fail-now "Failed to do initial join token attestation" fi echo "Received initial SVID:" $svid1 -svid2=`docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep renew -certificate "${svid1}"` +svid2=`docker-compose exec -u 1001 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep renew -certificate "${svid1}"` if [[ $? -ne 0 ]]; then fail-now "Failed to do SVID renewal" fi echo "Received renewed SVID:" $svid2 -docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep ban -tokenName ${jointoken} +docker-compose exec -u 1001 -T spire-server /opt/spire/conf/server/node-attestation -testStep ban -tokenName ${jointoken} if [[ $? -ne 0 ]]; then fail-now "Failed to do initial join token attestation" fi echo "Agent banned" -if docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep renew -certificate "${svid2}" +if docker-compose exec -u 1001 -T spire-server /opt/spire/conf/server/node-attestation -testStep renew -certificate "${svid2}" then fail-now "Expected agent to be banned" fi diff --git a/test/integration/suites/node-attestation/04-test-x509pop-attestation b/test/integration/suites/node-attestation/04-test-x509pop-attestation index 207194e7ac..c652c7acd6 100755 --- a/test/integration/suites/node-attestation/04-test-x509pop-attestation +++ b/test/integration/suites/node-attestation/04-test-x509pop-attestation @@ -5,10 +5,10 @@ docker-compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/admin" \ - -selector "unix:uid:1000" \ + -selector "unix:uid:1001" \ -admin \ -ttl 0 check-synced-entry "spire-agent" "spiffe://domain.test/admin" log-debug "running x509pop test..." -docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep x509pop || fail-now "failed to check x509pop attestion" +docker-compose exec -u 1001 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep x509pop || fail-now "failed to check x509pop attestion" diff --git a/test/integration/suites/svidstore/common b/test/integration/suites/svidstore/common index b2a8b81341..f94d6b5ff1 100644 --- a/test/integration/suites/svidstore/common +++ b/test/integration/suites/svidstore/common @@ -23,7 +23,7 @@ check-stored-svids() { fi done - docker-compose exec -u 1000 -T spire-server \ + docker-compose exec -u 1001 -T spire-server \ /opt/spire/conf/server/checkstoredsvids /opt/spire/conf/agent/svids.json || fail-now "failed to check stored svids" } @@ -48,6 +48,6 @@ check-deleted-svids() { fail-now "timed out waiting for agent to delete all svids" fi - docker-compose exec -u 1000 -T spire-server \ + docker-compose exec -u 1001 -T spire-server \ /opt/spire/conf/server/checkstoredsvids /opt/spire/conf/agent/svids.json || fail-now "failed to check stored svids" }