diff --git a/control-plane/connect-inject/peering_acceptor_controller_test.go b/control-plane/connect-inject/peering_acceptor_controller_test.go index 0c7b3a30b7..b5b6b1aae9 100644 --- a/control-plane/connect-inject/peering_acceptor_controller_test.go +++ b/control-plane/connect-inject/peering_acceptor_controller_test.go @@ -620,9 +620,9 @@ func TestReconcile_CreateUpdatePeeringAcceptor(t *testing.T) { decodedTokenData, err := base64.StdEncoding.DecodeString(string(createdSecret.Data["data"])) require.NoError(t, err) - require.Contains(t, string(decodedTokenData), "\"CA\":null") + require.Contains(t, string(decodedTokenData), "\"CA\":") require.Contains(t, string(decodedTokenData), "\"ServerAddresses\"") - require.Contains(t, string(decodedTokenData), "\"ServerName\":\"server.dc1.consul\"") + require.Contains(t, string(decodedTokenData), "\"ServerName\":\"server.dc1.peering.11111111-2222-3333-4444-555555555555.consul\"") if len(tt.expectedTokenAddresses) > 0 { for _, addr := range tt.externalAddresses { require.Contains(t, string(decodedTokenData), addr) @@ -1162,7 +1162,6 @@ func TestAcceptorUpdateStatus(t *testing.T) { require.Equal(t, tt.expStatus.SecretRef.Backend, acceptor.SecretRef().Backend) require.Equal(t, tt.expStatus.SecretRef.ResourceVersion, acceptor.SecretRef().ResourceVersion) require.Equal(t, tt.expStatus.Conditions[0].Message, acceptor.Status.Conditions[0].Message) - }) } } diff --git a/control-plane/connect-inject/peering_dialer_controller_test.go b/control-plane/connect-inject/peering_dialer_controller_test.go index 287ce924a3..3c316212fb 100644 --- a/control-plane/connect-inject/peering_dialer_controller_test.go +++ b/control-plane/connect-inject/peering_dialer_controller_test.go @@ -296,8 +296,11 @@ func TestReconcile_CreateUpdatePeeringDialer(t *testing.T) { // If the peering is supposed to already exist in Consul, then establish a peering with the existing token, so the peering will exist on the dialing side. if tt.peeringExists { - _, _, err := dialerClient.Peerings().Establish(context.Background(), api.PeeringEstablishRequest{PeerName: tt.peeringName, PeeringToken: encodedPeeringToken}, nil) - require.NoError(t, err) + retry.Run(t, func(r *retry.R) { + _, _, err = dialerClient.Peerings().Establish(context.Background(), api.PeeringEstablishRequest{PeerName: tt.peeringName, PeeringToken: encodedPeeringToken}, nil) + require.NoError(r, err) + }) + k8sObjects = append(k8sObjects, createSecret("dialer-token-old", "default", "token", "old-token")) // Create a new token to be used by Reconcile(). The original token has already been // used once to simulate establishing an existing peering. @@ -424,9 +427,12 @@ func TestReconcile_VersionAnnotationPeeringDialer(t *testing.T) { // Create test consul server. acceptorPeerServer, err := testutil.NewTestServerConfigT(t, func(c *testutil.TestServerConfig) { - // We set the datacenter because the server name, typically formatted as "server.." + // We set different cluster id for the connect CA because the server name, + // typically formatted as server.dc1.peering..consul // must be unique on the acceptor and dialer peers. - c.Datacenter = "acceptor-dc" + c.Connect["ca_config"] = map[string]interface{}{ + "cluster_id": "00000000-2222-3333-4444-555555555555", + } }) require.NoError(t, err) defer acceptorPeerServer.Stop() @@ -499,8 +505,11 @@ func TestReconcile_VersionAnnotationPeeringDialer(t *testing.T) { go watcher.Run() // Establish a peering with the generated token. - _, _, err = dialerClient.Peerings().Establish(context.Background(), api.PeeringEstablishRequest{PeerName: "peering", PeeringToken: generatedToken.PeeringToken}, nil) - require.NoError(t, err) + retry.Run(t, func(r *retry.R) { + _, _, err = dialerClient.Peerings().Establish(context.Background(), api.PeeringEstablishRequest{PeerName: "peering", PeeringToken: generatedToken.PeeringToken}, nil) + require.NoError(r, err) + }) + k8sObjects = append(k8sObjects, createSecret("dialer-token-old", "default", "token", "old-token")) // Create a new token to be potentially used by Reconcile(). The original token has already been