Fix node attestation integration test

Signed-off-by: Agustín Martínez Fayó <[email protected]>
amartinezfayo · Mar 14, 2024 · 7745e96 · 7745e96
1 parent 1038bcc
commit 7745e96
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 9 deletions.
diff --git a/test/integration/suites/node-attestation/00-setup b/test/integration/suites/node-attestation/00-setup
@@ -5,8 +5,6 @@ echo ${ROOTDIR}
 # Move test x509pop certificate and key
 mv conf/agent.key.pem conf/agent/test.key.pem
 mv conf/agent.crt.pem conf/agent/test.crt.pem
-# add read access to prevent error when reading with user 1001
-chmod +r conf/agent/test.key.pem
 
 "${ROOTDIR}/setup/node-attestation/build.sh" "${RUNDIR}/conf/server/node-attestation"
 "${ROOTDIR}/setup/node-attestation/build.sh" "${RUNDIR}/conf/agent/node-attestation"

diff --git a/test/integration/suites/node-attestation/03-test-node-attestation b/test/integration/suites/node-attestation/03-test-node-attestation
@@ -1,31 +1,31 @@
 #!/bin/bash
 
 # Test node attestation api
-jointoken=`docker-compose exec -u 1001 -T spire-server /opt/spire/conf/server/node-attestation -testStep jointoken`
+jointoken=`docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep jointoken`
 echo "Created Join Token" $jointoken
 
-svid1=`docker-compose exec -u 1001 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep jointokenattest -tokenName $jointoken`
+svid1=`docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep jointokenattest -tokenName $jointoken`
 if [[ $? -ne 0 ]];
 then
 	fail-now "Failed to do initial join token attestation"
 fi
 echo "Received initial SVID:" $svid1
 
-svid2=`docker-compose exec -u 1001 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep renew -certificate "${svid1}"`
+svid2=`docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep renew -certificate "${svid1}"`
 if [[ $? -ne 0 ]];
 then
 	fail-now "Failed to do SVID renewal"
 fi
 echo "Received renewed SVID:" $svid2
 
-docker-compose exec -u 1001 -T spire-server /opt/spire/conf/server/node-attestation -testStep ban -tokenName ${jointoken} 
+docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep ban -tokenName ${jointoken} 
 if [[ $? -ne 0 ]];
 then
 	fail-now "Failed to do initial join token attestation"
 fi
 echo "Agent banned"
 
-if docker-compose exec -u 1001 -T spire-server /opt/spire/conf/server/node-attestation -testStep renew -certificate "${svid2}" 
+if docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep renew -certificate "${svid2}" 
 then
 	fail-now "Expected agent to be banned"
 fi
diff --git a/test/integration/suites/node-attestation/04-test-x509pop-attestation b/test/integration/suites/node-attestation/04-test-x509pop-attestation
@@ -5,10 +5,10 @@ docker-compose exec -T spire-server \
     /opt/spire/bin/spire-server entry create \
     -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \
     -spiffeID "spiffe://domain.test/admin" \
-    -selector "unix:uid:1001" \
+    -selector "unix:uid:1000" \
     -admin \
     -ttl 0
 check-synced-entry "spire-agent" "spiffe://domain.test/admin"
 
 log-debug "running x509pop test..."
-docker-compose exec -u 1001 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep x509pop || fail-now "failed to check x509pop attestion"
+docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep x509pop || fail-now "failed to check x509pop attestion"