diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml index 4eda0c822e1..d03d41c9922 100644 --- a/.github/workflows/pr_build.yaml +++ b/.github/workflows/pr_build.yaml @@ -180,7 +180,7 @@ jobs: - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 - name: Build images run: make images-no-load - name: Export images diff --git a/ADOPTERS.md b/ADOPTERS.md index ba8eab8f394..8cdddce3295 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -20,6 +20,7 @@ Known end users with notable contributions to the advancement of the project inc SPIFFE and SPIRE are being used by numerous other companies, both large and small, to build higher layer products and services. The list includes but is not limited to: +* AccuKnox * Amazon * Arm * Cisco diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fd80e9129c..b58e2886fcc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,23 @@ # Changelog +## [1.10.1] - 2024-08-01 + +### Added + +- New Grafana dashboard template (#5188) +- `aws_rolesanywhere_trustanchor` BundlePublisher plugin (#5048) + +### Changed + +- `spire` UpstreamAuthority to optionally use the Preferred TTL on intermediate authorities (#5264) +- Federation endpoint to support custom bundle and certificates for authorization (#5163) +- Small documentation improvements (#5235, #5220) + +### Fixed + +- Event-based cache to handle events missed at the cache startup (#5289) +- LRU cache to no longer send update notifications to all subscribers (#5281) + ## [1.10.0] - 2024-06-24 ### Added diff --git a/go.mod b/go.mod index 47d50260056..ba1f6b8d45b 100644 --- a/go.mod +++ b/go.mod @@ -3,10 +3,10 @@ module github.com/spiffe/spire go 1.22.3 require ( - cloud.google.com/go/iam v1.1.10 - cloud.google.com/go/kms v1.18.2 - cloud.google.com/go/secretmanager v1.13.3 - cloud.google.com/go/security v1.17.2 + cloud.google.com/go/iam v1.1.12 + cloud.google.com/go/kms v1.18.4 + cloud.google.com/go/secretmanager v1.13.5 + cloud.google.com/go/security v1.17.4 cloud.google.com/go/storage v1.43.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 @@ -27,7 +27,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/iam v1.34.1 github.com/aws/aws-sdk-go-v2/service/kms v1.35.1 github.com/aws/aws-sdk-go-v2/service/organizations v1.30.2 - github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.13.1 + github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.14.0 github.com/aws/aws-sdk-go-v2/service/s3 v1.58.2 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1 github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 @@ -59,11 +59,11 @@ require ( github.com/imkira/go-observer v1.0.3 github.com/jackc/pgx/v5 v5.6.0 github.com/jinzhu/gorm v1.9.16 - github.com/lestrrat-go/jwx/v2 v2.1.0 + github.com/lestrrat-go/jwx/v2 v2.1.1 github.com/lib/pq v1.10.9 github.com/mattn/go-sqlite3 v1.14.22 github.com/mitchellh/cli v1.1.5 - github.com/open-policy-agent/opa v0.66.0 + github.com/open-policy-agent/opa v0.67.0 github.com/prometheus/client_golang v1.19.1 github.com/shirou/gopsutil/v3 v3.24.5 github.com/sigstore/cosign/v2 v2.2.4 @@ -83,8 +83,8 @@ require ( golang.org/x/sync v0.7.0 golang.org/x/sys v0.22.0 golang.org/x/time v0.5.0 - google.golang.org/api v0.189.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20240722135656-d784300faade + google.golang.org/api v0.190.0 + google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf google.golang.org/grpc v1.65.0 google.golang.org/protobuf v1.34.2 k8s.io/api v0.30.3 @@ -97,10 +97,10 @@ require ( require ( cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.7.2 // indirect + cloud.google.com/go/auth v0.7.3 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect - cloud.google.com/go/longrunning v0.5.9 // indirect + cloud.google.com/go/longrunning v0.5.11 // indirect filippo.io/edwards25519 v1.1.0 // indirect github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect @@ -218,7 +218,7 @@ require ( github.com/google/go-tdx-guest v0.3.1 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/logger v1.1.1 // indirect - github.com/google/s2a-go v0.1.7 // indirect + github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/gorilla/mux v1.8.1 // indirect @@ -247,7 +247,7 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/lestrrat-go/blackmagic v1.0.2 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect - github.com/lestrrat-go/httprc v1.0.5 // indirect + github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect github.com/lestrrat-go/option v1.0.1 // indirect github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect @@ -324,12 +324,12 @@ require ( go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect - go.opentelemetry.io/otel v1.27.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.27.0 // indirect - go.opentelemetry.io/otel/sdk v1.27.0 // indirect - go.opentelemetry.io/otel/trace v1.27.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect go.step.sm/crypto v0.44.2 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect @@ -338,8 +338,8 @@ require ( golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect - google.golang.org/genproto v0.0.0-20240722135656-d784300faade // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d // indirect + google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index acef694486d..994df1b1a26 100644 --- a/go.sum +++ b/go.sum @@ -70,8 +70,8 @@ cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMK cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= -cloud.google.com/go/auth v0.7.2 h1:uiha352VrCDMXg+yoBtaD0tUF4Kv9vrtrWPYXwutnDE= -cloud.google.com/go/auth v0.7.2/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= +cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= +cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= @@ -217,8 +217,8 @@ cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHD cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= -cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI= -cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps= +cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= +cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= @@ -228,8 +228,8 @@ cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0 cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= -cloud.google.com/go/kms v1.18.2 h1:EGgD0B9k9tOOkbPhYW1PHo2W0teamAUYMOUIcDRMfPk= -cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= +cloud.google.com/go/kms v1.18.4 h1:dYN3OCsQ6wJLLtOnI8DGUwQ5shMusXsWCCC+s09ATsk= +cloud.google.com/go/kms v1.18.4/go.mod h1:SG1bgQ3UWW6/KdPo9uuJnzELXY5YTTMJtDYvajiQ22g= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= @@ -239,8 +239,8 @@ cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6 cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= -cloud.google.com/go/longrunning v0.5.9 h1:haH9pAuXdPAMqHvzX0zlWQigXT7B0+CL4/2nXXdBo5k= -cloud.google.com/go/longrunning v0.5.9/go.mod h1:HD+0l9/OOW0za6UWdKJtXoFAX/BGg/3Wj8p10NeWF7c= +cloud.google.com/go/longrunning v0.5.11 h1:Havn1kGjz3whCfoD8dxMLP73Ph5w+ODyZB9RUsDxtGk= +cloud.google.com/go/longrunning v0.5.11/go.mod h1:rDn7//lmlfWV1Dx6IB4RatCPenTwwmqXuiP0/RgoEO4= cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= @@ -328,15 +328,15 @@ cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJe cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= -cloud.google.com/go/secretmanager v1.13.3 h1:VqUVYY3U6uFXOhPdZgAoZH9m8E6p7eK02TsDRj2SBf4= -cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= +cloud.google.com/go/secretmanager v1.13.5 h1:tXlHvpm97mFD0Lv50N4U4zlXfkoTNay3BmpNA/W7/oI= +cloud.google.com/go/secretmanager v1.13.5/go.mod h1:/OeZ88l5Z6nBVilV0SXgv6XJ243KP2aIhSWRMrbvDCQ= cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q= cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= -cloud.google.com/go/security v1.17.2 h1:pEkUeR1PFNwoFAIXPMa4PBCYb75UT8LmNfjQy1fm/Co= -cloud.google.com/go/security v1.17.2/go.mod h1:6eqX/AgDw56KwguEBfFNiNQ+Vzi+V6+GopklexYuJ0U= +cloud.google.com/go/security v1.17.4 h1:ERhxAa02mnMEIIAXvzje+qJ+yWniP6l5uOX+k9ELCaA= +cloud.google.com/go/security v1.17.4/go.mod h1:KMuDJH+sEB3KTODd/tLJ7kZK+u2PQt+Cfu0oAxzIhgo= cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= @@ -607,8 +607,8 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.35.1 h1:0gP2OJJT6HM2BYltZ9x+A87OE8LJ github.com/aws/aws-sdk-go-v2/service/kms v1.35.1/go.mod h1:hGONorZkQCfR5DW6l2xdy7zC8vfO0r9pJlwyg6gmGeo= github.com/aws/aws-sdk-go-v2/service/organizations v1.30.2 h1:+tGF0JH2u4HwneqNFAKFHqENwfpBweKj67+LbwTKpqE= github.com/aws/aws-sdk-go-v2/service/organizations v1.30.2/go.mod h1:6wxO8s5wMumyNRsOgOgcIvqvF8rIf8Cj7Khhn/bFI0c= -github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.13.1 h1:2p65lTZ1OGnAGdDsMGFolNT8v0RAr2pF5eAo0jhgSlA= -github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.13.1/go.mod h1:43wn4yPVFL3PHXixCOGzLb8LwWJovqlFQz3qGOAkcYY= +github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.14.0 h1:LoDKjG6X8Hj/Kiqmgpu/jW52GDTeToC6BehMbgHsZkg= +github.com/aws/aws-sdk-go-v2/service/rolesanywhere v1.14.0/go.mod h1:7IIMPfX6TzfxRIJIp1NLYWFkApDOMnlb5XrynzpxMkA= github.com/aws/aws-sdk-go-v2/service/s3 v1.58.2 h1:sZXIzO38GZOU+O0C+INqbH7C2yALwfMWpd64tONS/NE= github.com/aws/aws-sdk-go-v2/service/s3 v1.58.2/go.mod h1:Lcxzg5rojyVPU/0eFwLtcyTaek/6Mtic5B1gJo7e/zE= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1 h1:ZoYRD8IJqPkzjBnpokiMNO6L/DQprtpVpD6k0YSaF5U= @@ -992,8 +992,8 @@ github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b h1:RMpPgZTSApbPf7xaVel+QkoGPRLFLrwFO89uDUHEGf0= github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= -github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= +github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/tink/go v1.7.0 h1:6Eox8zONGebBFcCBqkVmt60LaWZa6xg1cl/DwAh/J1w= github.com/google/tink/go v1.7.0/go.mod h1:GAUOd+QE3pgj9q8VKIGTCP33c/B7eb4NhxLcgTJZStM= github.com/google/trillian v1.6.0 h1:jMBeDBIkINFvS2n6oV5maDqfRlxREAc6CW9QYWQ0qT4= @@ -1168,12 +1168,12 @@ github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/httprc v1.0.5 h1:bsTfiH8xaKOJPrg1R+E3iE/AWZr/x0Phj9PBTG/OLUk= -github.com/lestrrat-go/httprc v1.0.5/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= +github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k= +github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.1.0 h1:0zs7Ya6+39qoit7gwAf+cYm1zzgS3fceIdo7RmQ5lkw= -github.com/lestrrat-go/jwx/v2 v2.1.0/go.mod h1:Xpw9QIaUGiIUD1Wx0NcY1sIHwFf8lDuZn/cmxtXYRys= +github.com/lestrrat-go/jwx/v2 v2.1.1 h1:Y2ltVl8J6izLYFs54BVcpXLv5msSW4o8eXwnzZLI32E= +github.com/lestrrat-go/jwx/v2 v2.1.1/go.mod h1:4LvZg7oxu6Q5VJwn7Mk/UwooNRnTHUpXBj2C4j3HNx0= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= @@ -1278,8 +1278,8 @@ github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAl github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= -github.com/open-policy-agent/opa v0.66.0 h1:DbrvfJQja0FBRcPOB3Z/BOckocN+M4ApNWyNhSRJt0w= -github.com/open-policy-agent/opa v0.66.0/go.mod h1:EIgNnJcol7AvQR/IcWLwL13k64gHVbNAVG46b2G+/EY= +github.com/open-policy-agent/opa v0.67.0 h1:FOdsO9yNhfmrh+72oVK7ImWmzruG+VSpfbr5IBqEWVs= +github.com/open-policy-agent/opa v0.67.0/go.mod h1:aqKlHc8E2VAAylYE9x09zJYr/fYzGX+JKne89UGqFzk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -1520,26 +1520,26 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= -go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= -go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 h1:R3X6ZXmNPRR8ul6i3WgFURCHzaXjHdm0karRG/+dj3s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0/go.mod h1:QWFXnDavXWwMx2EEcZsf3yxgEKAqsxQ+Syjp+seyInw= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0 h1:FyjCyI9jVEfqhUh2MoSkmolPjfh5fp2hnV0b0irxH4Q= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.22.0/go.mod h1:hYwym2nDEeZfG/motx0p7L7J1N1vyzIThemQsb4g2qY= -go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= -go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= -go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= -go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= -go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= -go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= -go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.step.sm/crypto v0.44.2 h1:t3p3uQ7raP2jp2ha9P6xkQF85TJZh+87xmjSLaib+jk= go.step.sm/crypto v0.44.2/go.mod h1:x1439EnFhadzhkuaGX7sz03LEMQ+jV4gRamf5LCZJQQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -2000,8 +2000,8 @@ google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7Twe google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= -google.golang.org/api v0.189.0 h1:equMo30LypAkdkLMBqfeIqtyAnlyig1JSZArl4XPwdI= -google.golang.org/api v0.189.0/go.mod h1:FLWGJKb0hb+pU2j+rJqwbnsF+ym+fQs73rbJ+KAUgy8= +google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= +google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -2127,12 +2127,12 @@ google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= -google.golang.org/genproto v0.0.0-20240722135656-d784300faade h1:lKFsS7wpngDgSCeFn7MoLy+wBDQZ1UQIJD4UNM1Qvkg= -google.golang.org/genproto v0.0.0-20240722135656-d784300faade/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= -google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY= -google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240722135656-d784300faade h1:oCRSWfwGXQsqlVdErcyTt4A93Y8fo0/9D4b1gnI++qo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240722135656-d784300faade/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go index 0d11ca29e0a..433bad44173 100644 --- a/pkg/agent/agent.go +++ b/pkg/agent/agent.go @@ -44,7 +44,8 @@ const ( ) type Agent struct { - c *Config + c *Config + sto storage.Storage } // Run the agent @@ -56,7 +57,8 @@ func (a *Agent) Run(ctx context.Context) error { return err } - sto, err := storage.Open(a.c.DataDir) + var err error + a.sto, err = storage.Open(a.c.DataDir) if err != nil { return fmt.Errorf("failed to open storage: %w", err) } @@ -109,7 +111,7 @@ func (a *Agent) Run(ctx context.Context) error { ) for { - as, err = a.attest(ctx, sto, cat, metrics, nodeAttestor) + as, err = a.attest(ctx, a.sto, cat, metrics, nodeAttestor) if err == nil { break } @@ -136,7 +138,7 @@ func (a *Agent) Run(ctx context.Context) error { } } } else { - as, err = a.attest(ctx, sto, cat, metrics, nodeAttestor) + as, err = a.attest(ctx, a.sto, cat, metrics, nodeAttestor) if err != nil { return err } @@ -144,7 +146,7 @@ func (a *Agent) Run(ctx context.Context) error { svidStoreCache := a.newSVIDStoreCache() - manager, err := a.newManager(ctx, sto, cat, metrics, as, svidStoreCache, nodeAttestor) + manager, err := a.newManager(ctx, a.sto, cat, metrics, as, svidStoreCache, nodeAttestor) if err != nil { return err } @@ -389,11 +391,14 @@ func (a *Agent) waitForTestDial(ctx context.Context) error { // CheckHealth is used as a top-level health check for the agent. func (a *Agent) CheckHealth() health.State { - err := a.checkWorkloadAPI() - - // Both liveness and readiness checks are done by - // agents ability to create new Workload API client - // for the X509SVID service. + err := errors.Join( + a.checkWorkloadAPI(), + a.checkSVID(), + ) + + // Both liveness and readiness checks verify that: + // - the workload API endpoint is available + // - the agent has an SVID // TODO: Better live check for agent. return health.State{ Ready: err == nil, @@ -407,6 +412,20 @@ func (a *Agent) CheckHealth() health.State { } } +func (a *Agent) checkSVID() error { + if a.sto == nil { + return errors.New("storage not initialized") + } + svid, _, err := a.sto.LoadSVID() + if err != nil { + return fmt.Errorf("loading SVID: %w", err) + } + if svid == nil { + return errors.New("SVID is nil") + } + return nil +} + func (a *Agent) checkWorkloadAPI() error { clientOption, err := util.GetWorkloadAPIClientOption(a.c.BindAddress) if err != nil { diff --git a/pkg/common/version/version.go b/pkg/common/version/version.go index de403b9dc96..cfc2d30467d 100644 --- a/pkg/common/version/version.go +++ b/pkg/common/version/version.go @@ -8,7 +8,7 @@ const ( // IMPORTANT: When updating, make sure to reconcile the versions list that // is part of the upgrade integration test. See // test/integration/suites/upgrade/README.md for details. - Base = "1.10.1" + Base = "1.10.2" ) var ( diff --git a/pkg/server/datastore/sqlstore/migration.go b/pkg/server/datastore/sqlstore/migration.go index ec67acb9718..c1533227130 100644 --- a/pkg/server/datastore/sqlstore/migration.go +++ b/pkg/server/datastore/sqlstore/migration.go @@ -238,6 +238,7 @@ import ( // | v1.9.6 | | | // |*********|********|***************************************************************************| // | v1.10.0 | | | +// | v1.10.1 | | | // ================================================================================================ const ( diff --git a/pkg/server/server.go b/pkg/server/server.go index 8afddd695e8..b24c86e7543 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -397,6 +397,7 @@ func (s *Server) newEndpointsServer(ctx context.Context, catalog catalog.Catalog CacheReloadInterval: s.config.CacheReloadInterval, EventsBasedCache: s.config.EventsBasedCache, PruneEventsOlderThan: s.config.PruneEventsOlderThan, + SQLTransactionTimeout: s.config.SQLTransactionTimeout, AuditLogEnabled: s.config.AuditLogEnabled, AuthPolicyEngine: authPolicyEngine, BundleManager: bundleManager, diff --git a/test/integration/common b/test/integration/common index e493ecb07d2..baf0b7d13fa 100644 --- a/test/integration/common +++ b/test/integration/common @@ -37,7 +37,7 @@ docker-up() { else log-debug "bringing up $*..." fi - docker-compose up -d "$@" || fail-now "failed to bring up services." + docker compose up -d "$@" || fail-now "failed to bring up services." } docker-wait-for-healthy() { @@ -70,17 +70,17 @@ docker-stop() { else log-debug "stopping $*..." fi - docker-compose stop "$@" + docker compose stop "$@" } docker-down() { log-debug "bringing down services..." - docker-compose down + docker compose down } docker-cleanup() { log-debug "cleaning up services..." - docker-compose down -v --remove-orphans + docker compose down -v --remove-orphans } fingerprint() { @@ -90,6 +90,23 @@ fingerprint() { openssl x509 -in "$1" -outform DER | openssl sha1 -r | awk '{print $1}' } +check-server-started() { + # Check at most 20 times (with one second in between) that the server has + # successfully started. + MAXCHECKS=20 + CHECKINTERVAL=1 + for ((i=1;i<=MAXCHECKS;i++)); do + log-info "checking for starting server APIs ($i of $MAXCHECKS max)..." + docker compose logs "$1" + if docker compose logs "$1" | grep "Starting Server APIs"; then + return 0 + fi + sleep "${CHECKINTERVAL}" + done + + fail-now "timed out waiting for server to start" +} + check-synced-entry() { # Check at most 30 times (with one second in between) that the agent has # successfully synced down the workload entry. @@ -97,8 +114,8 @@ check-synced-entry() { CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for synced entry ($i of $MAXCHECKS max)..." - docker-compose logs "$1" - if docker-compose logs "$1" | grep "$2"; then + docker compose logs "$1" + if docker compose logs "$1" | grep "$2"; then return 0 fi sleep "${CHECKINTERVAL}" @@ -113,7 +130,7 @@ check-x509-svid-count() { for ((i=1;i<=MAXCHECKS;i++)); do log-info "check X.509-SVID count on agent debug endpoint ($((i)) of $MAXCHECKS max)..." - COUNT=$(docker-compose exec -T "$1" /opt/spire/conf/agent/debugclient -testCase "printDebugPage" | jq '.svidsCount') + COUNT=$(docker compose exec -T "$1" /opt/spire/conf/agent/debugclient -testCase "printDebugPage" | jq '.svidsCount') log-info "X.509-SVID Count: ${COUNT}" if [ "$COUNT" -eq "$2" ]; then log-info "X.509-SVID count of $COUNT from cache matches the expected count of $2" diff --git a/test/integration/suites-windows/windows-service/02-bootstrap-agent b/test/integration/suites-windows/windows-service/02-bootstrap-agent index 3ff7ec941b1..678b5abcbae 100644 --- a/test/integration/suites-windows/windows-service/02-bootstrap-agent +++ b/test/integration/suites-windows/windows-service/02-bootstrap-agent @@ -1,5 +1,5 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ c:/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt || fail-now "failed to bootstrap agent" diff --git a/test/integration/suites-windows/windows-service/04-create-registration-entries b/test/integration/suites-windows/windows-service/04-create-registration-entries index 890c9385f24..9aac6412ab6 100644 --- a/test/integration/suites-windows/windows-service/04-create-registration-entries +++ b/test/integration/suites-windows/windows-service/04-create-registration-entries @@ -2,7 +2,7 @@ source ./common log-debug "creating regular registration entry..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ c:/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ diff --git a/test/integration/suites-windows/windows-service/05-test-fetch-svid b/test/integration/suites-windows/windows-service/05-test-fetch-svid index 83168a2b636..b2a50b8c85a 100644 --- a/test/integration/suites-windows/windows-service/05-test-fetch-svid +++ b/test/integration/suites-windows/windows-service/05-test-fetch-svid @@ -1,9 +1,9 @@ #!/bin/bash log-debug "test fetch x509 SVID..." -docker-compose exec -T -u ContainerUser spire-agent \ +docker compose exec -T -u ContainerUser spire-agent \ c:/spire/bin/spire-agent api fetch x509 || fail-now "failed to fetch x509" log-debug "test fetch JWT SVID..." -docker-compose exec -T -u ContainerUser spire-agent \ +docker compose exec -T -u ContainerUser spire-agent \ c:/spire/bin/spire-agent api fetch jwt -audience mydb || fail-now "failed to fetch JWT" diff --git a/test/integration/suites-windows/windows-service/common b/test/integration/suites-windows/windows-service/common index 0f0c42be095..8a3ee30a346 100644 --- a/test/integration/suites-windows/windows-service/common +++ b/test/integration/suites-windows/windows-service/common @@ -22,7 +22,7 @@ assert-service-status() { for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for $1 service $2 ($i of $MAXCHECKS max)..." scCommand=$([ "$2" == "STOPPED" ] && echo "query" || echo "interrogate") - if docker-compose exec -T -u ContainerAdministrator "$1" sc "$scCommand" "$1" | grep -wq "$2"; then + if docker compose exec -T -u ContainerAdministrator "$1" sc "$scCommand" "$1" | grep -wq "$2"; then log-info "$1 is in $2 state" return 0 fi @@ -49,18 +49,18 @@ assert-graceful-shutdown() { create-service() { log-info "creating $1 service..." - docker-compose exec -T -u ContainerAdministrator "$1" \ + docker compose exec -T -u ContainerAdministrator "$1" \ sc create "$1" binPath="$2" || grep "STOPPED" fail-now "failed to create $1 service" } stop-service() { log-info "stopping $1 service..." - docker-compose exec -T -u ContainerAdministrator "$1" \ + docker compose exec -T -u ContainerAdministrator "$1" \ sc stop "$1" || fail-now "failed to stop $1 service" } start-service(){ log-info "starting $1 service..." - docker-compose exec -T -u ContainerAdministrator "$1" \ + docker compose exec -T -u ContainerAdministrator "$1" \ sc start "$@" | grep -wq "START_PENDING\|RUNNING" || fail-now "failed to start $2 service" } diff --git a/test/integration/suites-windows/windows-service/docker-compose.yaml b/test/integration/suites-windows/windows-service/docker-compose.yaml index a74aef26846..68b99f25905 100644 --- a/test/integration/suites-windows/windows-service/docker-compose.yaml +++ b/test/integration/suites-windows/windows-service/docker-compose.yaml @@ -1,5 +1,3 @@ -version: '3' - services: spire-server: image: spire-server-windows:latest-local diff --git a/test/integration/suites-windows/windows-service/teardown b/test/integration/suites-windows/windows-service/teardown index 9953dcd3f97..fabbf145ae5 100644 --- a/test/integration/suites-windows/windows-service/teardown +++ b/test/integration/suites-windows/windows-service/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites-windows/windows-workload-attestor/02-bootstrap-agent b/test/integration/suites-windows/windows-workload-attestor/02-bootstrap-agent index e550686d6e6..eb23db89f2a 100644 --- a/test/integration/suites-windows/windows-workload-attestor/02-bootstrap-agent +++ b/test/integration/suites-windows/windows-workload-attestor/02-bootstrap-agent @@ -1,6 +1,6 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ c:/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt diff --git a/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries b/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries index ed0bc941e74..88de142502e 100644 --- a/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries +++ b/test/integration/suites-windows/windows-workload-attestor/04-create-registration-entries @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating regular registration entry..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ c:/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ diff --git a/test/integration/suites-windows/windows-workload-attestor/05-test-fetch-svid b/test/integration/suites-windows/windows-workload-attestor/05-test-fetch-svid index 747d708de07..bef49564150 100644 --- a/test/integration/suites-windows/windows-workload-attestor/05-test-fetch-svid +++ b/test/integration/suites-windows/windows-workload-attestor/05-test-fetch-svid @@ -1,10 +1,10 @@ #!/bin/bash log-debug "test fetch x509 SVID..." -docker-compose exec -T spire-agent \ +docker compose exec -T spire-agent \ c:/spire/bin/spire-agent api fetch x509 || fail-now "failed to fetch x509" log-debug "test fetch JWT SVID..." -docker-compose exec -T spire-agent \ +docker compose exec -T spire-agent \ c:/spire/bin/spire-agent api fetch jwt -audience mydb || fail-now "failed to fetch jwt" diff --git a/test/integration/suites-windows/windows-workload-attestor/docker-compose.yaml b/test/integration/suites-windows/windows-workload-attestor/docker-compose.yaml index accd40ac2af..7031e06e623 100644 --- a/test/integration/suites-windows/windows-workload-attestor/docker-compose.yaml +++ b/test/integration/suites-windows/windows-workload-attestor/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server-windows:latest-local diff --git a/test/integration/suites-windows/windows-workload-attestor/teardown b/test/integration/suites-windows/windows-workload-attestor/teardown index 9953dcd3f97..fabbf145ae5 100644 --- a/test/integration/suites-windows/windows-workload-attestor/teardown +++ b/test/integration/suites-windows/windows-workload-attestor/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/admin-endpoints/02-bootstrap-federation-bundles b/test/integration/suites/admin-endpoints/02-bootstrap-federation-bundles index 80e2196ef4d..94f3406cd1a 100755 --- a/test/integration/suites/admin-endpoints/02-bootstrap-federation-bundles +++ b/test/integration/suites/admin-endpoints/02-bootstrap-federation-bundles @@ -1,13 +1,13 @@ #!/bin/bash log-debug "bootstrapping bundle from server b to server a..." -docker-compose exec -T spire-server-b \ +docker compose exec -T spire-server-b \ /opt/spire/bin/spire-server bundle show -format spiffe \ -| docker-compose exec -T spire-server-a \ +| docker compose exec -T spire-server-a \ /opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://domain-b.test log-debug "bootstrapping bundle from server a to server b..." -docker-compose exec -T spire-server-a \ +docker compose exec -T spire-server-a \ /opt/spire/bin/spire-server bundle show -format spiffe \ -| docker-compose exec -T spire-server-b \ +| docker compose exec -T spire-server-b \ /opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://domain-a.test diff --git a/test/integration/suites/admin-endpoints/03-bootstrap-agent b/test/integration/suites/admin-endpoints/03-bootstrap-agent index daf53656ad4..7661d79c8fe 100755 --- a/test/integration/suites/admin-endpoints/03-bootstrap-agent +++ b/test/integration/suites/admin-endpoints/03-bootstrap-agent @@ -1,9 +1,9 @@ #!/bin/bash log-debug "bootstrapping agent a..." -docker-compose exec -T spire-server-a \ +docker compose exec -T spire-server-a \ /opt/spire/bin/spire-server bundle show > conf/domain-a/agent/bootstrap.crt log-debug "bootstrapping agent b..." -docker-compose exec -T spire-server-b \ +docker compose exec -T spire-server-b \ /opt/spire/bin/spire-server bundle show > conf/domain-b/agent/bootstrap.crt diff --git a/test/integration/suites/admin-endpoints/05-create-registration-entries b/test/integration/suites/admin-endpoints/05-create-registration-entries index 62115bc0ba6..abf06df863d 100755 --- a/test/integration/suites/admin-endpoints/05-create-registration-entries +++ b/test/integration/suites/admin-endpoints/05-create-registration-entries @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating admin registration entry on server a..." -docker-compose exec -T spire-server-a \ +docker compose exec -T spire-server-a \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain-a.test/spire/agent/x509pop/$(fingerprint conf/domain-a/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain-a.test/admin" \ @@ -11,7 +11,7 @@ docker-compose exec -T spire-server-a \ check-synced-entry "spire-agent-a" "spiffe://domain-a.test/admin" log-debug "creating foreign admin registration entry..." -docker-compose exec -T spire-server-b \ +docker compose exec -T spire-server-b \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain-b.test/spire/agent/x509pop/$(fingerprint conf/domain-b/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain-b.test/admin" \ @@ -21,7 +21,7 @@ docker-compose exec -T spire-server-b \ check-synced-entry "spire-agent-b" "spiffe://domain-b.test/admin" log-debug "creating regular registration entry..." -docker-compose exec -T spire-server-a \ +docker compose exec -T spire-server-a \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain-a.test/spire/agent/x509pop/$(fingerprint conf/domain-a/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain-a.test/workload" \ diff --git a/test/integration/suites/admin-endpoints/06-test-endpoints b/test/integration/suites/admin-endpoints/06-test-endpoints index 9c64362f0f1..42c04000354 100755 --- a/test/integration/suites/admin-endpoints/06-test-endpoints +++ b/test/integration/suites/admin-endpoints/06-test-endpoints @@ -1,13 +1,13 @@ #!/bin/bash log-debug "test admin workload..." -docker-compose exec -u 1001 -T spire-agent-a \ +docker compose exec -u 1001 -T spire-agent-a \ /opt/spire/conf/agent/adminclient -trustDomain domain-a.test -serverAddr spire-server-a:8081 || fail-now "failed to check admin endpoints" log-debug "test foreign admin workload..." -docker-compose exec -u 1003 -T spire-agent-b \ +docker compose exec -u 1003 -T spire-agent-b \ /opt/spire/conf/agent/adminclient -trustDomain domain-a.test -serverAddr spire-server-a:8081 || fail-now "failed to check admin foreign td endpoints" log-debug "test regular workload..." -docker-compose exec -u 1002 -T spire-agent-a \ +docker compose exec -u 1002 -T spire-agent-a \ /opt/spire/conf/agent/adminclient -trustDomain domain-a.test -serverAddr spire-server-a:8081 -expectErrors || fail-now "failed to check admin endpoints" diff --git a/test/integration/suites/admin-endpoints/docker-compose.yaml b/test/integration/suites/admin-endpoints/docker-compose.yaml index 7db0796187d..42cd43bf098 100644 --- a/test/integration/suites/admin-endpoints/docker-compose.yaml +++ b/test/integration/suites/admin-endpoints/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server-a: image: spire-server:latest-local diff --git a/test/integration/suites/admin-endpoints/teardown b/test/integration/suites/admin-endpoints/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/admin-endpoints/teardown +++ b/test/integration/suites/admin-endpoints/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/agent-cli/02-bootstrap-agent b/test/integration/suites/agent-cli/02-bootstrap-agent index 405147f2fd5..8ee7d32c269 100755 --- a/test/integration/suites/agent-cli/02-bootstrap-agent +++ b/test/integration/suites/agent-cli/02-bootstrap-agent @@ -1,5 +1,5 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt diff --git a/test/integration/suites/agent-cli/04-check-healthy b/test/integration/suites/agent-cli/04-check-healthy index ecdad5a80c4..0b33eacfe6a 100755 --- a/test/integration/suites/agent-cli/04-check-healthy +++ b/test/integration/suites/agent-cli/04-check-healthy @@ -7,7 +7,7 @@ HEALTHCHECK_FAIL=0 for ((m=1;m<=$RETRIES;m++)); do - AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list) + AGENTS=$(docker compose exec -T spire-server /opt/spire/bin/spire-server agent list) if [ "$AGENTS" != "No attested agents found" ]; then AGENT_FOUND=1 break @@ -15,8 +15,8 @@ for ((m=1;m<=$RETRIES;m++)); do done -HEALTH=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck) -HEALTH_FAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck -socketPath invalid/path 2>&1 &) +HEALTH=$(docker compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck) +HEALTH_FAIL=$(docker compose exec -T spire-agent /opt/spire/bin/spire-agent healthcheck -socketPath invalid/path 2>&1 &) if [[ "$HEALTH" =~ "Agent is healthy." ]]; then HEALTHCHECK=1 diff --git a/test/integration/suites/agent-cli/05-check-valid-config b/test/integration/suites/agent-cli/05-check-valid-config index d5f21f329a5..36d1e2a90ba 100755 --- a/test/integration/suites/agent-cli/05-check-valid-config +++ b/test/integration/suites/agent-cli/05-check-valid-config @@ -4,10 +4,10 @@ VALID_CONFIG=0 INVALID_CONFIG=0 # Assert that 'validate' command works -VALIDATE=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate) +VALIDATE=$(docker compose exec -T spire-agent /opt/spire/bin/spire-agent validate) # Assert that 'validate' command fails with an invalid path -VALIDATE_FAIL=$(docker-compose exec -T spire-agent /opt/spire/bin/spire-agent validate -config invalid/path 2>&1 &) +VALIDATE_FAIL=$(docker compose exec -T spire-agent /opt/spire/bin/spire-agent validate -config invalid/path 2>&1 &) if [[ "$VALIDATE" =~ "SPIRE agent configuration file is valid." ]]; then VALID_CONFIG=1 diff --git a/test/integration/suites/agent-cli/06-check-api-watch-fail b/test/integration/suites/agent-cli/06-check-api-watch-fail index 0aea539dd46..1f651ba3967 100755 --- a/test/integration/suites/agent-cli/06-check-api-watch-fail +++ b/test/integration/suites/agent-cli/06-check-api-watch-fail @@ -4,7 +4,7 @@ SVID_RECEIVED=1 TIMEOUT_REACHED=0 # Run the background process and store its output in a temporary file -(docker-compose exec -u 1001 -T spire-agent /opt/spire/bin/spire-agent api watch < /dev/null > api_watch_output.txt) & +(docker compose exec -u 1001 -T spire-agent /opt/spire/bin/spire-agent api watch < /dev/null > api_watch_output.txt) & # Get the PID of the last background process API_WATCH_PID=$! diff --git a/test/integration/suites/agent-cli/07-check-api-watch b/test/integration/suites/agent-cli/07-check-api-watch index b8c281f56ec..47dc61f1fb2 100755 --- a/test/integration/suites/agent-cli/07-check-api-watch +++ b/test/integration/suites/agent-cli/07-check-api-watch @@ -3,7 +3,7 @@ TIMEOUT_REACHED=0 RETRIES=3 -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload-$m" \ @@ -14,7 +14,7 @@ docker-compose exec -T spire-server \ API_WATCH_PID=$! # Run the background process and store its output in a temporary file -(docker-compose exec -u 1001 -T spire-agent /opt/spire/bin/spire-agent api watch < /dev/null > api_watch_output.txt) & +(docker compose exec -u 1001 -T spire-agent /opt/spire/bin/spire-agent api watch < /dev/null > api_watch_output.txt) & # Wait for the background process to complete wait $API_WATCH_PID diff --git a/test/integration/suites/agent-cli/docker-compose.yaml b/test/integration/suites/agent-cli/docker-compose.yaml index 0e67183c237..288be5fd27f 100644 --- a/test/integration/suites/agent-cli/docker-compose.yaml +++ b/test/integration/suites/agent-cli/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/agent-cli/teardown b/test/integration/suites/agent-cli/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/agent-cli/teardown +++ b/test/integration/suites/agent-cli/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/datastore-mysql-replication/01-test-variants b/test/integration/suites/datastore-mysql-replication/01-test-variants index 831425a03b3..fd4b4063e6f 100755 --- a/test/integration/suites/datastore-mysql-replication/01-test-variants +++ b/test/integration/suites/datastore-mysql-replication/01-test-variants @@ -17,7 +17,7 @@ wait-mysql-container-initialized() { local init_check_interval=3 for ((i = 1; i <= max_init_checks; i++)); do log-info "waiting for ${service} database initialization (${i} of ${max_init_checks} max)..." - if docker-compose logs "${service}" | grep "${init_msg}"; then + if docker compose logs "${service}" | grep "${init_msg}"; then return 1 fi sleep "${init_check_interval}" @@ -34,7 +34,7 @@ wait-mysql-container-ready() { local ready_check_interval=3 for ((i = 1; i <= max_ready_checks; i++)); do log-info "waiting for ${service} to be ready (${i} of ${max_ready_checks} max)..." - if docker-compose exec -T "${service}" mysql -uspire -ptest -e "show databases;" >/dev/null; then + if docker compose exec -T "${service}" mysql -uspire -ptest -e "show databases;" >/dev/null; then return 1 break fi @@ -83,7 +83,7 @@ START GROUP_REPLICATION; SET @@GLOBAL.group_replication_bootstrap_group=0; SELECT * FROM performance_schema.replication_group_members; " - docker-compose exec -T "${service}" mysql -uroot "-p$mysql_root_password" -e "${replication_script}" + docker compose exec -T "${service}" mysql -uroot "-p$mysql_root_password" -e "${replication_script}" } # Setup a replica server with group replication. It is compatible with MySQL 5.7 and above. @@ -95,7 +95,7 @@ configure-readonly-group-replication() { CHANGE MASTER TO MASTER_USER='${replication_user}' FOR CHANNEL '${replication_channel}'; START GROUP_REPLICATION; " - docker-compose exec -T "${service}" mysql -uroot "-p$mysql_root_password" -e "${replication_script}" + docker compose exec -T "${service}" mysql -uroot "-p$mysql_root_password" -e "${replication_script}" } test-mysql-replication() { diff --git a/test/integration/suites/datastore-mysql/01-test-variants b/test/integration/suites/datastore-mysql/01-test-variants index d1320410ba5..3d140956818 100755 --- a/test/integration/suites/datastore-mysql/01-test-variants +++ b/test/integration/suites/datastore-mysql/01-test-variants @@ -16,7 +16,7 @@ test-mysql() { INIT= for ((i=1;i<=MAXINITCHECKS;i++)); do log-info "waiting for ${SERVICE} database initialization ($i of $MAXINITCHECKS max)..." - if docker-compose logs "${SERVICE}" | grep "$INITMSG"; then + if docker compose logs "${SERVICE}" | grep "$INITMSG"; then INIT=1 break fi @@ -35,7 +35,7 @@ test-mysql() { READY= for ((i=1;i<=MAXREADYCHECKS;i++)); do log-info "waiting for ${SERVICE} to be ready ($i of $MAXREADYCHECKS max)..." - if docker-compose exec -T "${SERVICE}" mysql -uspire -ptest -e "show databases;" > /dev/null; then + if docker compose exec -T "${SERVICE}" mysql -uspire -ptest -e "show databases;" > /dev/null; then READY=1 break fi diff --git a/test/integration/suites/datastore-mysql/docker-compose.yaml b/test/integration/suites/datastore-mysql/docker-compose.yaml index 27602ac68e4..98ff40192ae 100644 --- a/test/integration/suites/datastore-mysql/docker-compose.yaml +++ b/test/integration/suites/datastore-mysql/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: mysql-5-7: image: mysql:5.7 diff --git a/test/integration/suites/datastore-postgres-replication/01-test-variants b/test/integration/suites/datastore-postgres-replication/01-test-variants index be52d463f9c..a9bff82df72 100755 --- a/test/integration/suites/datastore-postgres-replication/01-test-variants +++ b/test/integration/suites/datastore-postgres-replication/01-test-variants @@ -10,7 +10,7 @@ wait-container-ready() { local ready= for ((i=1;i<=max_checks;i++)); do log-info "waiting for ${service} ($i of $max_checks max)..." - if docker-compose exec -T "${service}" pg_isready -h localhost -U postgres >/dev/null; then + if docker compose exec -T "${service}" pg_isready -h localhost -U postgres >/dev/null; then return 1 fi sleep "${check_interval}" diff --git a/test/integration/suites/datastore-postgres-replication/docker-compose.yaml b/test/integration/suites/datastore-postgres-replication/docker-compose.yaml index 8474e5d8d3f..c5a559c1acb 100644 --- a/test/integration/suites/datastore-postgres-replication/docker-compose.yaml +++ b/test/integration/suites/datastore-postgres-replication/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: postgres-10-readwrite: image: postgres:10 diff --git a/test/integration/suites/datastore-postgres/01-test-variants b/test/integration/suites/datastore-postgres/01-test-variants index 8cd4ac4d6df..ae74d896c4c 100755 --- a/test/integration/suites/datastore-postgres/01-test-variants +++ b/test/integration/suites/datastore-postgres/01-test-variants @@ -12,7 +12,7 @@ test-postgres() { READY= for ((i=1;i<=MAXCHECKS;i++)); do log-info "waiting for ${SERVICE} ($i of $MAXCHECKS max)..." - if docker-compose exec -T "${SERVICE}" pg_isready -h localhost -U postgres >/dev/null; then + if docker compose exec -T "${SERVICE}" pg_isready -h localhost -U postgres >/dev/null; then READY=1 break fi diff --git a/test/integration/suites/datastore-postgres/docker-compose.yaml b/test/integration/suites/datastore-postgres/docker-compose.yaml index 3b99e159e75..3bf4250651e 100644 --- a/test/integration/suites/datastore-postgres/docker-compose.yaml +++ b/test/integration/suites/datastore-postgres/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: postgres-10: image: postgres:10 diff --git a/test/integration/suites/debug-endpoints/02-bootstrap-agent b/test/integration/suites/debug-endpoints/02-bootstrap-agent index 405147f2fd5..8ee7d32c269 100755 --- a/test/integration/suites/debug-endpoints/02-bootstrap-agent +++ b/test/integration/suites/debug-endpoints/02-bootstrap-agent @@ -1,5 +1,5 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt diff --git a/test/integration/suites/debug-endpoints/04-create-registration-entries b/test/integration/suites/debug-endpoints/04-create-registration-entries index 6eed24af318..7eef854da04 100755 --- a/test/integration/suites/debug-endpoints/04-create-registration-entries +++ b/test/integration/suites/debug-endpoints/04-create-registration-entries @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating admin registration entry..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/admin" \ @@ -11,7 +11,7 @@ docker-compose exec -T spire-server \ check-synced-entry "spire-agent" "spiffe://domain.test/admin" log-debug "creating regular registration entry..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ diff --git a/test/integration/suites/debug-endpoints/05-test-endpoints b/test/integration/suites/debug-endpoints/05-test-endpoints index ac4a6c25c19..c1bd8bf382f 100755 --- a/test/integration/suites/debug-endpoints/05-test-endpoints +++ b/test/integration/suites/debug-endpoints/05-test-endpoints @@ -5,21 +5,21 @@ CHECKINTERVAL=1 # Call debug endpoints every 1s for 30s for ((i=1; i<=MAXCHECKS;i++)); do log-info "test server debug endpoints ($i of $MAXCHECKS max)..." - docker-compose exec -T spire-server \ + docker compose exec -T spire-server \ /opt/spire/conf/server/debugclient || fail-now "failed to check server debug endpoints" log-info "test agent debug endpoints ($i of $MAXCHECKS max)..." - docker-compose exec -T spire-agent \ + docker compose exec -T spire-agent \ /opt/spire/conf/agent/debugclient || fail-now "failed to check agent debug endpoints" sleep $CHECKINTERVAL done # Verify server TCP server does not implements Debug endpoint -docker-compose exec -u 1001 -T spire-agent \ +docker compose exec -u 1001 -T spire-agent \ /opt/spire/conf/agent/debugclient -testCase "serverWithWorkload" || fail-now "failed to check server debug endpoints using admin workload" -docker-compose exec -u 1002 -T spire-agent \ +docker compose exec -u 1002 -T spire-agent \ /opt/spire/conf/agent/debugclient -testCase "serverWithWorkload" || fail-now "failed to check server debug endpoints using regular workload" -docker-compose exec -T spire-agent \ +docker compose exec -T spire-agent \ /opt/spire/conf/agent/debugclient -testCase "serverWithInsecure" || fail-now "failed to check server debug endpoints using insecure connection" diff --git a/test/integration/suites/debug-endpoints/docker-compose.yaml b/test/integration/suites/debug-endpoints/docker-compose.yaml index 0e67183c237..288be5fd27f 100644 --- a/test/integration/suites/debug-endpoints/docker-compose.yaml +++ b/test/integration/suites/debug-endpoints/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/debug-endpoints/teardown b/test/integration/suites/debug-endpoints/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/debug-endpoints/teardown +++ b/test/integration/suites/debug-endpoints/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/delegatedidentity/02-bootstrap-agent b/test/integration/suites/delegatedidentity/02-bootstrap-agent index 405147f2fd5..8ee7d32c269 100755 --- a/test/integration/suites/delegatedidentity/02-bootstrap-agent +++ b/test/integration/suites/delegatedidentity/02-bootstrap-agent @@ -1,5 +1,5 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt diff --git a/test/integration/suites/delegatedidentity/04-create-registration-entries b/test/integration/suites/delegatedidentity/04-create-registration-entries index d21a2505a39..000c073069c 100755 --- a/test/integration/suites/delegatedidentity/04-create-registration-entries +++ b/test/integration/suites/delegatedidentity/04-create-registration-entries @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating registration entry for authorized client..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/authorized_delegate" \ @@ -10,7 +10,7 @@ docker-compose exec -T spire-server \ check-synced-entry "spire-agent" "spiffe://domain.test/authorized_delegate" log-debug "creating registration entry for workload..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ diff --git a/test/integration/suites/delegatedidentity/05-test-endpoints b/test/integration/suites/delegatedidentity/05-test-endpoints index 78f30110289..2881dfd56af 100755 --- a/test/integration/suites/delegatedidentity/05-test-endpoints +++ b/test/integration/suites/delegatedidentity/05-test-endpoints @@ -1,9 +1,9 @@ #!/bin/bash log-info "Test Delegated Identity API (for success)" -docker-compose exec -u 1001 -T spire-agent \ +docker compose exec -u 1001 -T spire-agent \ /opt/spire/conf/agent/delegatedidentityclient -expectedID spiffe://domain.test/workload || fail-now "Failed to check Delegated Identity API" log-info "Test Delegated Identity API (expecting permission denied)" -docker-compose exec -u 1002 -T spire-agent \ +docker compose exec -u 1002 -T spire-agent \ /opt/spire/conf/agent/delegatedidentityclient || fail-now "Failed to check Delegated Identity API" diff --git a/test/integration/suites/delegatedidentity/docker-compose.yaml b/test/integration/suites/delegatedidentity/docker-compose.yaml index 0e67183c237..288be5fd27f 100644 --- a/test/integration/suites/delegatedidentity/docker-compose.yaml +++ b/test/integration/suites/delegatedidentity/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/delegatedidentity/teardown b/test/integration/suites/delegatedidentity/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/delegatedidentity/teardown +++ b/test/integration/suites/delegatedidentity/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/downstream-endpoints/02-bootstrap-agent b/test/integration/suites/downstream-endpoints/02-bootstrap-agent index 405147f2fd5..8ee7d32c269 100755 --- a/test/integration/suites/downstream-endpoints/02-bootstrap-agent +++ b/test/integration/suites/downstream-endpoints/02-bootstrap-agent @@ -1,5 +1,5 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt diff --git a/test/integration/suites/downstream-endpoints/04-create-entries b/test/integration/suites/downstream-endpoints/04-create-entries index 470658106bc..a8c4dbd9bd7 100755 --- a/test/integration/suites/downstream-endpoints/04-create-entries +++ b/test/integration/suites/downstream-endpoints/04-create-entries @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating downstream registration entry..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/downstream" \ @@ -11,7 +11,7 @@ docker-compose exec -T spire-server \ check-synced-entry "spire-agent" "spiffe://domain.test/downstream" log-debug "creating workload registration entry..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ diff --git a/test/integration/suites/downstream-endpoints/05-test-endpoints b/test/integration/suites/downstream-endpoints/05-test-endpoints index ac67cc48e64..185501fec09 100755 --- a/test/integration/suites/downstream-endpoints/05-test-endpoints +++ b/test/integration/suites/downstream-endpoints/05-test-endpoints @@ -1,9 +1,9 @@ #!/bin/bash log-debug "test downstream workload..." -docker-compose exec -u 1001 -T spire-agent \ +docker compose exec -u 1001 -T spire-agent \ /opt/spire/conf/agent/downstreamclient || fail-now "failed to check downstream endpoints" log-debug "Test regular workload..." -docker-compose exec -u 1002 -T spire-agent \ +docker compose exec -u 1002 -T spire-agent \ /opt/spire/conf/agent/downstreamclient -expectErrors || fail-now "failed to check permission errors on downstream endpoints" diff --git a/test/integration/suites/downstream-endpoints/docker-compose.yaml b/test/integration/suites/downstream-endpoints/docker-compose.yaml index 0e67183c237..288be5fd27f 100644 --- a/test/integration/suites/downstream-endpoints/docker-compose.yaml +++ b/test/integration/suites/downstream-endpoints/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/downstream-endpoints/teardown b/test/integration/suites/downstream-endpoints/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/downstream-endpoints/teardown +++ b/test/integration/suites/downstream-endpoints/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh b/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh index 4fc8e8fa6b8..d2d25109615 100755 --- a/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh +++ b/test/integration/suites/envoy-sds-v3-spiffe-auth/00-test-envoy-releases.sh @@ -7,24 +7,24 @@ setup-tests() { # Bootstrap agents log-debug "bootstrapping downstream federated agent..." - docker-compose exec -T downstream-federated-spire-server \ + docker compose exec -T downstream-federated-spire-server \ /opt/spire/bin/spire-server bundle show > conf/downstream-federated/agent/bootstrap.crt log-debug "bootstrapping upstream agent..." - docker-compose exec -T upstream-spire-server \ + docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server bundle show > conf/upstream/agent/bootstrap.crt - docker-compose exec -T upstream-spire-server \ + docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server bundle show > conf/downstream/agent/bootstrap.crt log-debug "creating federation relationship from downstream federated to upstream server and set bundle in same command..." - docker-compose exec -T downstream-federated-spire-server \ + docker compose exec -T downstream-federated-spire-server \ /opt/spire/bin/spire-server bundle show -format spiffe > conf/upstream/server/federated-domain.test.bundle # On macOS, there can be a delay propagating the file on the bind mount to the other container sleep 1 - docker-compose exec -T upstream-spire-server \ + docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server federation create \ -bundleEndpointProfile "https_spiffe" \ -bundleEndpointURL "https://downstream-federated-spire-server:8443" \ @@ -34,17 +34,17 @@ setup-tests() { -trustDomainBundlePath "/opt/spire/conf/server/federated-domain.test.bundle" log-debug "bootstrapping bundle from upstream to downstream federated server..." - docker-compose exec -T upstream-spire-server \ + docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server bundle show -format spiffe > conf/downstream-federated/server/domain.test.bundle # On macOS, there can be a delay propagating the file on the bind mount to the other container sleep 1 - docker-compose exec -T downstream-federated-spire-server \ + docker compose exec -T downstream-federated-spire-server \ /opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://domain.test -path /opt/spire/conf/server/domain.test.bundle log-debug "creating federation relationship from upstream to downstream federated server..." - docker-compose exec -T downstream-federated-spire-server \ + docker compose exec -T downstream-federated-spire-server \ /opt/spire/bin/spire-server federation create \ -bundleEndpointProfile "https_spiffe" \ -bundleEndpointURL "https://upstream-spire-server" \ @@ -53,7 +53,7 @@ setup-tests() { # Register workloads log-debug "creating registration entry for downstream federated proxy..." - docker-compose exec -T downstream-federated-spire-server \ + docker compose exec -T downstream-federated-spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://federated-domain.test/spire/agent/x509pop/$(fingerprint conf/downstream-federated/agent/agent.crt.pem)" \ -spiffeID "spiffe://federated-domain.test/downstream-proxy" \ @@ -62,7 +62,7 @@ setup-tests() { -ttl 0 log-debug "creating registration entry for upstream proxy..." - docker-compose exec -T upstream-spire-server \ + docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/upstream/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/upstream-proxy" \ @@ -71,7 +71,7 @@ setup-tests() { -ttl 0 log-debug "creating registration entry for downstream proxy..." - docker-compose exec -T upstream-spire-server \ + docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/downstream/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/downstream-proxy" \ @@ -87,11 +87,11 @@ test-envoy() { local check_interval=1 # Remove howdy, it i necessary for VERIFY to get again messages - docker-compose exec -T upstream-socat rm -f /tmp/howdy + docker compose exec -T upstream-socat rm -f /tmp/howdy log-debug "Checking mTLS: ${mTLSSocat}" - TRY() { docker-compose exec -T ${mTLSSocat} /bin/sh -c 'echo HELLO_MTLS | socat -u STDIN TCP:localhost:8001'; } - VERIFY() { docker-compose exec -T upstream-socat cat /tmp/howdy | grep -q HELLO_MTLS; } + TRY() { docker compose exec -T ${mTLSSocat} /bin/sh -c 'echo HELLO_MTLS | socat -u STDIN TCP:localhost:8001'; } + VERIFY() { docker compose exec -T upstream-socat cat /tmp/howdy | grep -q HELLO_MTLS; } local mtls_federated_ok= for ((i=1;i<=max_checks_per_port;i++)); do @@ -105,8 +105,8 @@ test-envoy() { done log-debug "Checking TLS: ${tlsSocat}" - TRY() { docker-compose exec -T ${tlsSocat} /bin/sh -c 'echo HELLO_TLS | socat -u STDIN TCP:localhost:8002'; } - VERIFY() { docker-compose exec -T upstream-socat cat /tmp/howdy | grep -q HELLO_TLS; } + TRY() { docker compose exec -T ${tlsSocat} /bin/sh -c 'echo HELLO_TLS | socat -u STDIN TCP:localhost:8002'; } + VERIFY() { docker compose exec -T upstream-socat cat /tmp/howdy | grep -q HELLO_TLS; } tls_federated_ok= for ((i=1;i<=max_checks_per_port;i++)); do @@ -160,7 +160,7 @@ for release in "${ENVOY_RELEASES_TO_TEST[@]}"; do test-envoy "downstream-federated-socat-mtls" "downstream-federated-socat-tls" # stop and clear everything but the server container - docker-compose stop \ + docker compose stop \ upstream-proxy \ downstream-proxy \ downstream-federated-proxy \ @@ -170,5 +170,5 @@ for release in "${ENVOY_RELEASES_TO_TEST[@]}"; do downstream-federated-socat-mtls \ downstream-federated-socat-tls - docker-compose rm -f + docker compose rm -f done diff --git a/test/integration/suites/envoy-sds-v3-spiffe-auth/docker-compose.yaml b/test/integration/suites/envoy-sds-v3-spiffe-auth/docker-compose.yaml index 61fa1b752c1..ab835096179 100644 --- a/test/integration/suites/envoy-sds-v3-spiffe-auth/docker-compose.yaml +++ b/test/integration/suites/envoy-sds-v3-spiffe-auth/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: upstream-spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/envoy-sds-v3-spiffe-auth/teardown b/test/integration/suites/envoy-sds-v3-spiffe-auth/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/envoy-sds-v3-spiffe-auth/teardown +++ b/test/integration/suites/envoy-sds-v3-spiffe-auth/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/envoy-sds-v3/00-test-envoy-releases b/test/integration/suites/envoy-sds-v3/00-test-envoy-releases index 61eb93e3b8e..f2f2e29c880 100755 --- a/test/integration/suites/envoy-sds-v3/00-test-envoy-releases +++ b/test/integration/suites/envoy-sds-v3/00-test-envoy-releases @@ -6,16 +6,16 @@ setup-tests() { # Bootstrap the agent log-debug "bootstrapping downstream agent..." - docker-compose exec -T spire-server \ + docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/downstream-agent/bootstrap.crt log-debug "bootstrapping upstream agent..." - docker-compose exec -T spire-server \ + docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/upstream-agent/bootstrap.crt # Register the workload log-debug "creating registration entry for upstream workload..." - docker-compose exec -T spire-server \ + docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/upstream-agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/upstream-workload" \ @@ -23,7 +23,7 @@ setup-tests() { -ttl 0 log-debug "creating registration entry for downstream workload..." - docker-compose exec -T spire-server \ + docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/downstream-agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/downstream-workload" \ @@ -37,8 +37,8 @@ test-envoy() { MAXCHECKSPERPORT=15 CHECKINTERVAL=1 - TRY() { docker-compose exec -T downstream-socat-mtls /bin/sh -c 'echo HELLO_MTLS | socat -u STDIN TCP:localhost:8001'; } - VERIFY() { docker-compose exec -T upstream-socat cat /tmp/howdy | grep -q HELLO_MTLS; } + TRY() { docker compose exec -T downstream-socat-mtls /bin/sh -c 'echo HELLO_MTLS | socat -u STDIN TCP:localhost:8001'; } + VERIFY() { docker compose exec -T upstream-socat cat /tmp/howdy | grep -q HELLO_MTLS; } MTLS_OK= for ((i=1;i<=MAXCHECKSPERPORT;i++)); do @@ -51,8 +51,8 @@ test-envoy() { sleep "${CHECKINTERVAL}" done - TRY() { docker-compose exec -T downstream-socat-tls /bin/sh -c 'echo HELLO_TLS | socat -u STDIN TCP:localhost:8002'; } - VERIFY() { docker-compose exec -T upstream-socat cat /tmp/howdy | grep -q HELLO_TLS; } + TRY() { docker compose exec -T downstream-socat-tls /bin/sh -c 'echo HELLO_TLS | socat -u STDIN TCP:localhost:8002'; } + VERIFY() { docker compose exec -T upstream-socat cat /tmp/howdy | grep -q HELLO_TLS; } TLS_OK= for ((i=1;i<=MAXCHECKSPERPORT;i++)); do @@ -104,12 +104,12 @@ for release in "${ENVOY_RELEASES_TO_TEST[@]}"; do test-envoy # stop and clear everything but the server container - docker-compose stop \ + docker compose stop \ upstream-proxy \ downstream-proxy \ upstream-socat \ downstream-socat-mtls \ downstream-socat-tls - docker-compose rm -f + docker compose rm -f done diff --git a/test/integration/suites/envoy-sds-v3/docker-compose.yaml b/test/integration/suites/envoy-sds-v3/docker-compose.yaml index 3adb5163b8f..3bcb0ef6c03 100644 --- a/test/integration/suites/envoy-sds-v3/docker-compose.yaml +++ b/test/integration/suites/envoy-sds-v3/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/envoy-sds-v3/teardown b/test/integration/suites/envoy-sds-v3/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/envoy-sds-v3/teardown +++ b/test/integration/suites/envoy-sds-v3/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/evict-agent/02-bootstrap-agent b/test/integration/suites/evict-agent/02-bootstrap-agent index 0740035bf1f..4b33d1418c9 100755 --- a/test/integration/suites/evict-agent/02-bootstrap-agent +++ b/test/integration/suites/evict-agent/02-bootstrap-agent @@ -6,8 +6,8 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "trying to bootstrap agent ($i of $MAXCHECKS max)..." - docker-compose logs spire-agent - if docker-compose exec -T spire-server \ + docker compose logs spire-agent + if docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt; then exit 0 fi diff --git a/test/integration/suites/evict-agent/04-ban-agent b/test/integration/suites/evict-agent/04-ban-agent index d1abb28bb81..5bf22762690 100755 --- a/test/integration/suites/evict-agent/04-ban-agent +++ b/test/integration/suites/evict-agent/04-ban-agent @@ -2,7 +2,7 @@ log-debug "banning agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent ban \ -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" @@ -12,8 +12,8 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for agent is shutting down ($i of $MAXCHECKS max)..." - docker-compose logs spire-agent - if docker-compose logs spire-agent | grep "Agent is banned: removing SVID and shutting down"; then + docker compose logs spire-agent + if docker compose logs spire-agent | grep "Agent is banned: removing SVID and shutting down"; then exit 0 fi sleep "${CHECKINTERVAL}" diff --git a/test/integration/suites/evict-agent/05-agent-failed-to-start b/test/integration/suites/evict-agent/05-agent-failed-to-start index 5b79db924b0..8116e357442 100755 --- a/test/integration/suites/evict-agent/05-agent-failed-to-start +++ b/test/integration/suites/evict-agent/05-agent-failed-to-start @@ -9,8 +9,8 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking that the agent is not able to start ($i of $MAXCHECKS max)..." - docker-compose logs spire-agent - if docker-compose logs spire-agent | grep "failed to fetch authorized entries:"; then + docker compose logs spire-agent + if docker compose logs spire-agent | grep "failed to fetch authorized entries:"; then exit 0 fi sleep "${CHECKINTERVAL}" diff --git a/test/integration/suites/evict-agent/06-delete-agent b/test/integration/suites/evict-agent/06-delete-agent index b38817920a4..29fbe58c4e3 100755 --- a/test/integration/suites/evict-agent/06-delete-agent +++ b/test/integration/suites/evict-agent/06-delete-agent @@ -2,6 +2,6 @@ log-debug "deleting agent to enable reattestation..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent evict \ -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" diff --git a/test/integration/suites/evict-agent/07-start-agent b/test/integration/suites/evict-agent/07-start-agent index 1b06da157aa..1981d7b37ea 100755 --- a/test/integration/suites/evict-agent/07-start-agent +++ b/test/integration/suites/evict-agent/07-start-agent @@ -9,8 +9,8 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking that the agent is back up ($i of $MAXCHECKS max)..." - docker-compose logs spire-agent - if docker-compose logs spire-agent | grep "Starting Workload and SDS APIs"; then + docker compose logs spire-agent + if docker compose logs spire-agent | grep "Starting Workload and SDS APIs"; then exit 0 fi sleep "${CHECKINTERVAL}" diff --git a/test/integration/suites/evict-agent/08-evict-agent b/test/integration/suites/evict-agent/08-evict-agent index 1026b8c3444..d7b5de12900 100755 --- a/test/integration/suites/evict-agent/08-evict-agent +++ b/test/integration/suites/evict-agent/08-evict-agent @@ -7,7 +7,7 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "attempting to evict agent ($i of $MAXCHECKS max)..." - if docker-compose exec -T spire-server \ + if docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent evict \ -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)"; then exit 0 @@ -21,8 +21,8 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for agent to get notification and try to reattest ($i of $MAXCHECKS max)..." - docker-compose logs spire-agent - if docker-compose logs spire-agent | grep "Agent needs to re-attest; will attempt to re-attest"; then + docker compose logs spire-agent + if docker compose logs spire-agent | grep "Agent needs to re-attest; will attempt to re-attest"; then exit 0 fi sleep "${CHECKINTERVAL}" @@ -33,8 +33,8 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for agent to get notification and try to reattest ($i of $MAXCHECKS max)..." - docker-compose logs spire-agent - if docker-compose logs spire-agent | grep "Successfully reattested node"; then + docker compose logs spire-agent + if docker compose logs spire-agent | grep "Successfully reattested node"; then exit 0 fi sleep "${CHECKINTERVAL}" diff --git a/test/integration/suites/evict-agent/docker-compose.yaml b/test/integration/suites/evict-agent/docker-compose.yaml index 0e67183c237..288be5fd27f 100644 --- a/test/integration/suites/evict-agent/docker-compose.yaml +++ b/test/integration/suites/evict-agent/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/evict-agent/teardown b/test/integration/suites/evict-agent/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/evict-agent/teardown +++ b/test/integration/suites/evict-agent/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/fetch-x509-svids/02-bootstrap-agent b/test/integration/suites/fetch-x509-svids/02-bootstrap-agent index 405147f2fd5..8ee7d32c269 100755 --- a/test/integration/suites/fetch-x509-svids/02-bootstrap-agent +++ b/test/integration/suites/fetch-x509-svids/02-bootstrap-agent @@ -1,5 +1,5 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt diff --git a/test/integration/suites/fetch-x509-svids/04-create-registration-entries b/test/integration/suites/fetch-x509-svids/04-create-registration-entries index 18667771221..6a3d23b3db0 100755 --- a/test/integration/suites/fetch-x509-svids/04-create-registration-entries +++ b/test/integration/suites/fetch-x509-svids/04-create-registration-entries @@ -5,7 +5,7 @@ SIZE=10 # Create entries for uid 1001 for ((m=1;m<=$SIZE;m++)); do log-debug "creating registration entry: $m" - docker-compose exec -T spire-server \ + docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload-$m" \ diff --git a/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids b/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids index 4bb53c55dfb..2518884a740 100755 --- a/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids +++ b/test/integration/suites/fetch-x509-svids/05-fetch-x509-svids @@ -3,7 +3,7 @@ ENTRYCOUNT=10 CACHESIZE=8 -X509SVIDCOUNT=$(docker-compose exec -u 1001 -T spire-agent \ +X509SVIDCOUNT=$(docker compose exec -u 1001 -T spire-agent \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/sockets/workload_api.sock | grep -i "spiffe://domain.test" | wc -l || fail-now "X.509-SVID check failed") diff --git a/test/integration/suites/fetch-x509-svids/06-create-registration-entries b/test/integration/suites/fetch-x509-svids/06-create-registration-entries index f93ae194186..05ed54b1ac3 100755 --- a/test/integration/suites/fetch-x509-svids/06-create-registration-entries +++ b/test/integration/suites/fetch-x509-svids/06-create-registration-entries @@ -5,7 +5,7 @@ SIZE=10 # Create entries for uid 1002 for ((m=1;m<=$SIZE;m++)); do log-debug "creating registration entry...($m)" - docker-compose exec -T spire-server \ + docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload/$m" \ diff --git a/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids b/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids index 9a46e296029..7ff7f43b14c 100755 --- a/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids +++ b/test/integration/suites/fetch-x509-svids/07-fetch-x509-svids @@ -3,7 +3,7 @@ CACHESIZE=8 ENTRYCOUNT=10 -X509SVIDCOUNT=$(docker-compose exec -u 1002 -T spire-agent \ +X509SVIDCOUNT=$(docker compose exec -u 1002 -T spire-agent \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/sockets/workload_api.sock | grep -i "spiffe://domain.test" | wc -l || fail-now "X.509-SVID check failed") @@ -13,7 +13,7 @@ else log-info "Expected $ENTRYCOUNT X.509-SVIDs and received $X509SVIDCOUNT for uid 1002"; fi -X509SVIDCOUNT=$(docker-compose exec -u 1001 -T spire-agent \ +X509SVIDCOUNT=$(docker compose exec -u 1001 -T spire-agent \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/sockets/workload_api.sock | grep -i "spiffe://domain.test" | wc -l || fail-now "X.509-SVID check failed") diff --git a/test/integration/suites/fetch-x509-svids/docker-compose.yaml b/test/integration/suites/fetch-x509-svids/docker-compose.yaml index 0e67183c237..288be5fd27f 100644 --- a/test/integration/suites/fetch-x509-svids/docker-compose.yaml +++ b/test/integration/suites/fetch-x509-svids/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/fetch-x509-svids/teardown b/test/integration/suites/fetch-x509-svids/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/fetch-x509-svids/teardown +++ b/test/integration/suites/fetch-x509-svids/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/ghostunnel-federation/02-bootstrap-federation-and-agents b/test/integration/suites/ghostunnel-federation/02-bootstrap-federation-and-agents index ac5d224c63f..a22cb104f79 100755 --- a/test/integration/suites/ghostunnel-federation/02-bootstrap-federation-and-agents +++ b/test/integration/suites/ghostunnel-federation/02-bootstrap-federation-and-agents @@ -3,29 +3,29 @@ set -e log-debug "bootstrapping downstream agent..." -docker-compose exec -T downstream-spire-server \ +docker compose exec -T downstream-spire-server \ /opt/spire/bin/spire-server bundle show > conf/downstream/agent/bootstrap.crt log-debug "bootstrapping upstream agent..." -docker-compose exec -T upstream-spire-server \ +docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server bundle show > conf/upstream/agent/bootstrap.crt log-debug "bootstrapping bundle from downstream to upstream server..." -docker-compose exec -T downstream-spire-server \ +docker compose exec -T downstream-spire-server \ /opt/spire/bin/spire-server bundle show -format spiffe > conf/upstream/server/downstream-domain.test.bundle # On macOS, there can be a delay propagating the file on the bind mount to the other container sleep 1 -docker-compose exec -T upstream-spire-server \ +docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://downstream-domain.test -path /opt/spire/conf/server/downstream-domain.test.bundle log-debug "bootstrapping bundle from upstream to downstream server..." -docker-compose exec -T upstream-spire-server \ +docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server bundle show -format spiffe > conf/downstream/server/upstream-domain.test.bundle # On macOS, there can be a delay propagating the file on the bind mount to the other container sleep 1 -docker-compose exec -T downstream-spire-server \ +docker compose exec -T downstream-spire-server \ /opt/spire/bin/spire-server bundle set -format spiffe -id spiffe://upstream-domain.test -path /opt/spire/conf/server/upstream-domain.test.bundle diff --git a/test/integration/suites/ghostunnel-federation/04-create-workload-entries b/test/integration/suites/ghostunnel-federation/04-create-workload-entries index edd691b7211..95f293e1005 100755 --- a/test/integration/suites/ghostunnel-federation/04-create-workload-entries +++ b/test/integration/suites/ghostunnel-federation/04-create-workload-entries @@ -3,7 +3,7 @@ set -o pipefail log-debug "creating registration entry for downstream workload..." -docker-compose exec -T downstream-spire-server \ +docker compose exec -T downstream-spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://downstream-domain.test/spire/agent/x509pop/$(fingerprint conf/downstream/agent/agent.crt.pem)" \ -spiffeID "spiffe://downstream-domain.test/downstream-workload" \ @@ -12,7 +12,7 @@ docker-compose exec -T downstream-spire-server \ -ttl 0 log-debug "creating registration entry for upstream workload..." -docker-compose exec -T upstream-spire-server \ +docker compose exec -T upstream-spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://upstream-domain.test/spire/agent/x509pop/$(fingerprint conf/upstream/agent/agent.crt.pem)" \ -spiffeID "spiffe://upstream-domain.test/upstream-workload" \ diff --git a/test/integration/suites/ghostunnel-federation/05-check-workload-connectivity b/test/integration/suites/ghostunnel-federation/05-check-workload-connectivity index dcbf77b1b36..ff4415be008 100755 --- a/test/integration/suites/ghostunnel-federation/05-check-workload-connectivity +++ b/test/integration/suites/ghostunnel-federation/05-check-workload-connectivity @@ -3,14 +3,14 @@ MAXCHECKSPERPORT=15 CHECKINTERVAL=1 -TRY() { docker-compose exec -T downstream-workload /bin/sh -c 'echo HELLO | socat -u STDIN TCP:localhost:8000'; } -VERIFY() { docker-compose exec -T upstream-workload cat /tmp/howdy | grep -q HELLO; } +TRY() { docker compose exec -T downstream-workload /bin/sh -c 'echo HELLO | socat -u STDIN TCP:localhost:8000'; } +VERIFY() { docker compose exec -T upstream-workload cat /tmp/howdy | grep -q HELLO; } for ((i=1;i<=MAXCHECKSPERPORT;i++)); do log-debug "Checking proxy ($i of $MAXCHECKSPERPORT max)..." if TRY && VERIFY; then log-info "Proxy OK" - docker-compose exec -T upstream-workload rm /tmp/howdy + docker compose exec -T upstream-workload rm /tmp/howdy exit 0 fi diff --git a/test/integration/suites/ghostunnel-federation/10-stop-agents b/test/integration/suites/ghostunnel-federation/10-stop-agents index 37109ea5cb3..df59c26c52f 100755 --- a/test/integration/suites/ghostunnel-federation/10-stop-agents +++ b/test/integration/suites/ghostunnel-federation/10-stop-agents @@ -3,7 +3,7 @@ set -e log-debug "stopping downstream agent" -docker-compose exec -T downstream-workload supervisorctl --configuration /opt/supervisord/supervisord.conf stop spire-agent +docker compose exec -T downstream-workload supervisorctl --configuration /opt/supervisord/supervisord.conf stop spire-agent log-debug "stopping upstream agent" -docker-compose exec -T upstream-workload supervisorctl --configuration /opt/supervisord/supervisord.conf stop spire-agent +docker compose exec -T upstream-workload supervisorctl --configuration /opt/supervisord/supervisord.conf stop spire-agent diff --git a/test/integration/suites/ghostunnel-federation/12-start-agents b/test/integration/suites/ghostunnel-federation/12-start-agents index 0ef85f0e571..5f05f86afef 100755 --- a/test/integration/suites/ghostunnel-federation/12-start-agents +++ b/test/integration/suites/ghostunnel-federation/12-start-agents @@ -3,7 +3,7 @@ set -e log-debug "starting downstream agent" -docker-compose exec -T downstream-workload supervisorctl --configuration /opt/supervisord/supervisord.conf start spire-agent +docker compose exec -T downstream-workload supervisorctl --configuration /opt/supervisord/supervisord.conf start spire-agent log-debug "starting upstream agent" -docker-compose exec -T upstream-workload supervisorctl --configuration /opt/supervisord/supervisord.conf start spire-agent +docker compose exec -T upstream-workload supervisorctl --configuration /opt/supervisord/supervisord.conf start spire-agent diff --git a/test/integration/suites/ghostunnel-federation/docker-compose.yaml b/test/integration/suites/ghostunnel-federation/docker-compose.yaml index bdb531edae8..7a1dd548cb9 100644 --- a/test/integration/suites/ghostunnel-federation/docker-compose.yaml +++ b/test/integration/suites/ghostunnel-federation/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: upstream-spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/ghostunnel-federation/teardown b/test/integration/suites/ghostunnel-federation/teardown index 4e1a70d2a8c..1e223d55da5 100755 --- a/test/integration/suites/ghostunnel-federation/teardown +++ b/test/integration/suites/ghostunnel-federation/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "${SUCCESS}" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/join-token/02-bootstrap-agents b/test/integration/suites/join-token/02-bootstrap-agents index 8677eb97644..a55942aac25 100755 --- a/test/integration/suites/join-token/02-bootstrap-agents +++ b/test/integration/suites/join-token/02-bootstrap-agents @@ -1,11 +1,11 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt log-info "generating join token..." -TOKEN=$(docker-compose exec -T spire-server \ +TOKEN=$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server token generate -spiffeID spiffe://domain.test/node | awk '{print $2}' | tr -d '\r') # Inserts the join token into the agent configuration diff --git a/test/integration/suites/join-token/04-create-workload-entry b/test/integration/suites/join-token/04-create-workload-entry index 9d261b885ad..c945899c4dc 100755 --- a/test/integration/suites/join-token/04-create-workload-entry +++ b/test/integration/suites/join-token/04-create-workload-entry @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating registration entry..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/node" \ -spiffeID "spiffe://domain.test/workload" \ @@ -14,8 +14,8 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for synced workload entry ($i of $MAXCHECKS max)..." - docker-compose logs spire-agent - if docker-compose logs spire-agent | grep "spiffe://domain.test/workload"; then + docker compose logs spire-agent + if docker compose logs spire-agent | grep "spiffe://domain.test/workload"; then exit 0 fi sleep "${CHECKINTERVAL}" diff --git a/test/integration/suites/join-token/05-check-svid b/test/integration/suites/join-token/05-check-svid index 57d9fc4005c..1eef411a2b5 100755 --- a/test/integration/suites/join-token/05-check-svid +++ b/test/integration/suites/join-token/05-check-svid @@ -1,5 +1,5 @@ #!/bin/bash log-info "checking X509-SVID..." -docker-compose exec -T spire-agent \ +docker compose exec -T spire-agent \ /opt/spire/bin/spire-agent api fetch x509 || fail-now "SVID check failed" diff --git a/test/integration/suites/join-token/06-start-bad-agent b/test/integration/suites/join-token/06-start-bad-agent index 5b9841b3d89..285c1c3f180 100755 --- a/test/integration/suites/join-token/06-start-bad-agent +++ b/test/integration/suites/join-token/06-start-bad-agent @@ -5,7 +5,7 @@ docker-up bad-spire-agent MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do - docker-compose logs bad-spire-agent | tee bad-agent-logs + docker compose logs bad-spire-agent | tee bad-agent-logs if grep -sq "failed to attest: join token does not exist or has already been used" bad-agent-logs; then exit 0 fi diff --git a/test/integration/suites/join-token/docker-compose.yaml b/test/integration/suites/join-token/docker-compose.yaml index 6e2fc0c2225..a66628b3968 100644 --- a/test/integration/suites/join-token/docker-compose.yaml +++ b/test/integration/suites/join-token/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/join-token/teardown b/test/integration/suites/join-token/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/join-token/teardown +++ b/test/integration/suites/join-token/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/nested-rotation/01-start-root b/test/integration/suites/nested-rotation/01-start-root index d24209b2a23..4b4e9713cd7 100755 --- a/test/integration/suites/nested-rotation/01-start-root +++ b/test/integration/suites/nested-rotation/01-start-root @@ -2,9 +2,10 @@ log-debug "Starting root-server..." docker-up root-server +check-server-started "root-server" log-debug "bootstrapping root-agent..." -docker-compose exec -T root-server \ +docker compose exec -T root-server \ /opt/spire/bin/spire-server bundle show > root/agent/bootstrap.crt log-debug "Starting root-agent..." diff --git a/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries b/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries index 0a6d0d7aa99..d5f5ed2bf68 100755 --- a/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries +++ b/test/integration/suites/nested-rotation/02-create-intermediate-downstream-entries @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating intermediateA downstream registration entry..." -docker-compose exec -T root-server \ +docker compose exec -T root-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint root/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/intermediateA" \ @@ -11,7 +11,7 @@ docker-compose exec -T root-server \ check-synced-entry "root-agent" "spiffe://domain.test/intermediateA" log-debug "creating intermediateB downstream registration entry..." -docker-compose exec -T root-server \ +docker compose exec -T root-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint root/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/intermediateB" \ diff --git a/test/integration/suites/nested-rotation/03-start-intermediateA b/test/integration/suites/nested-rotation/03-start-intermediateA index b001c1d75f1..deff493764e 100755 --- a/test/integration/suites/nested-rotation/03-start-intermediateA +++ b/test/integration/suites/nested-rotation/03-start-intermediateA @@ -2,9 +2,10 @@ log-debug "Starting intermediateA-server.." docker-up intermediateA-server +check-server-started "intermediateA-server" log-debug "bootstrapping intermediateA agent..." -docker-compose exec -T intermediateA-server \ +docker compose exec -T intermediateA-server \ /opt/spire/bin/spire-server bundle show > intermediateA/agent/bootstrap.crt log-debug "Starting intermediateA-agent..." diff --git a/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry b/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry index 37e535f8728..60b22ee3cb2 100755 --- a/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry +++ b/test/integration/suites/nested-rotation/04-create-leafA-downstream-entry @@ -2,7 +2,7 @@ log-debug "creating leafA downstream registration entry..." # Create downstream registation entry on intermediateA-server for `leafA-server` -docker-compose exec -T intermediateA-server \ +docker compose exec -T intermediateA-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateA/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/leafA" \ diff --git a/test/integration/suites/nested-rotation/05-start-leafA b/test/integration/suites/nested-rotation/05-start-leafA index 92ea93c81d1..838e87202dc 100755 --- a/test/integration/suites/nested-rotation/05-start-leafA +++ b/test/integration/suites/nested-rotation/05-start-leafA @@ -2,9 +2,10 @@ log-debug "Starting leafA-server.." docker-up leafA-server +check-server-started "leafA-server" log-debug "bootstrapping leafA agent..." -docker-compose exec -T leafA-server \ +docker compose exec -T leafA-server \ /opt/spire/bin/spire-server bundle show > leafA/agent/bootstrap.crt log-debug "Starting leafA-agent..." diff --git a/test/integration/suites/nested-rotation/06-start-intermediateB b/test/integration/suites/nested-rotation/06-start-intermediateB index a14d7bc72e4..ee85af6bd1c 100755 --- a/test/integration/suites/nested-rotation/06-start-intermediateB +++ b/test/integration/suites/nested-rotation/06-start-intermediateB @@ -2,9 +2,10 @@ log-debug "Starting intermediateB-server.." docker-up intermediateB-server +check-server-started "intermediateB-server" log-debug "bootstrapping intermediateB downstream agent..." -docker-compose exec -T intermediateB-server \ +docker compose exec -T intermediateB-server \ /opt/spire/bin/spire-server bundle show > intermediateB/agent/bootstrap.crt log-debug "Starting intermediateB-agent..." diff --git a/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry b/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry index 008735bd7dd..ec419c107ff 100755 --- a/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry +++ b/test/integration/suites/nested-rotation/07-create-leafB-downstream-entry @@ -2,7 +2,7 @@ log-debug "creating leafB downstream registration entry..." # Create downstream registration entry on itermediateB for leafB-server -docker-compose exec -T intermediateB-server \ +docker compose exec -T intermediateB-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateB/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/leafB" \ diff --git a/test/integration/suites/nested-rotation/08-start-leafB b/test/integration/suites/nested-rotation/08-start-leafB index 852b3829e21..61c33265948 100755 --- a/test/integration/suites/nested-rotation/08-start-leafB +++ b/test/integration/suites/nested-rotation/08-start-leafB @@ -2,9 +2,10 @@ log-debug "Starting leafB-server.." docker-up leafB-server +check-server-started "leafB-server" log-debug "bootstrapping leafB agent..." -docker-compose exec -T leafB-server \ +docker compose exec -T leafB-server \ /opt/spire/bin/spire-server bundle show > leafB/agent/bootstrap.crt log-debug "Starting leafB-agent..." diff --git a/test/integration/suites/nested-rotation/09-create-workload-entries b/test/integration/suites/nested-rotation/09-create-workload-entries index 12e16679f44..c6061b977d7 100755 --- a/test/integration/suites/nested-rotation/09-create-workload-entries +++ b/test/integration/suites/nested-rotation/09-create-workload-entries @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating intermediateA workload registration entry..." -docker-compose exec -T intermediateA-server \ +docker compose exec -T intermediateA-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateA/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/intermediateA/workload" \ @@ -10,7 +10,7 @@ docker-compose exec -T intermediateA-server \ check-synced-entry "intermediateA-agent" "spiffe://domain.test/intermediateA/workload" log-debug "creating leafA workload registration entry..." -docker-compose exec -T leafA-server \ +docker compose exec -T leafA-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafA/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/leafA/workload" \ @@ -19,7 +19,7 @@ docker-compose exec -T leafA-server \ check-synced-entry "leafA-agent" "spiffe://domain.test/leafA/workload" log-debug "creating intermediateB workload registration entry..." -docker-compose exec -T intermediateB-server \ +docker compose exec -T intermediateB-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint intermediateB/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/intermediateB/workload" \ @@ -28,7 +28,7 @@ docker-compose exec -T intermediateB-server \ check-synced-entry "intermediateB-agent" "spiffe://domain.test/intermediateB/workload" log-debug "creating leafB workload registration entry..." -docker-compose exec -T leafB-server \ +docker compose exec -T leafB-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint leafB/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/leafB/workload" \ diff --git a/test/integration/suites/nested-rotation/10-check-svids b/test/integration/suites/nested-rotation/10-check-svids index 82814838652..01612dd8f19 100755 --- a/test/integration/suites/nested-rotation/10-check-svids +++ b/test/integration/suites/nested-rotation/10-check-svids @@ -5,29 +5,29 @@ CHECKINTERVAL=6 validateX509SVID() { # Write svid on disk - docker-compose exec -u 1001 -T $1 \ + docker compose exec -u 1001 -T $1 \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/sockets/workload_api.sock \ -write /tmp || fail-now "x509-SVID check failed" # Copy SVID - docker cp $(docker-compose ps -q $1):/tmp/svid.0.pem - | docker cp - $(docker-compose ps -q $2):/opt/ + docker cp $(docker compose ps -q $1):/tmp/svid.0.pem - | docker cp - $(docker compose ps -q $2):/opt/ - docker-compose exec -u 1001 -T $2 \ + docker compose exec -u 1001 -T $2 \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/sockets/workload_api.sock \ -write /tmp || fail-now "x509-SVID check failed" - docker-compose exec -T $2 openssl verify -verbose -CAfile /tmp/bundle.0.pem -untrusted /opt/svid.0.pem /opt/svid.0.pem + docker compose exec -T $2 openssl verify -verbose -CAfile /tmp/bundle.0.pem -untrusted /opt/svid.0.pem /opt/svid.0.pem } validateJWTSVID() { # Fetch JWT-SVID and extract token - token=$(docker-compose exec -u 1001 -T $1 \ + token=$(docker compose exec -u 1001 -T $1 \ /opt/spire/bin/spire-agent api fetch jwt -audience testIt -socketPath /opt/spire/sockets/workload_api.sock -output json | jq -r '.[0].svids[0].svid') || fail-now "JWT-SVID check failed" # Validate token - docker-compose exec -u 1001 -T $2 \ + docker compose exec -u 1001 -T $2 \ /opt/spire/bin/spire-agent api validate jwt -audience testIt -svid "${token}" \ -socketPath /opt/spire/sockets/workload_api.sock } diff --git a/test/integration/suites/nested-rotation/docker-compose.yaml b/test/integration/suites/nested-rotation/docker-compose.yaml index 3dd9b52c9e9..31b2081970e 100644 --- a/test/integration/suites/nested-rotation/docker-compose.yaml +++ b/test/integration/suites/nested-rotation/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: # Root root-server: diff --git a/test/integration/suites/nested-rotation/teardown b/test/integration/suites/nested-rotation/teardown index 56a07428470..f28d5eaffd9 100755 --- a/test/integration/suites/nested-rotation/teardown +++ b/test/integration/suites/nested-rotation/teardown @@ -1,7 +1,7 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/node-attestation/02-start-agent b/test/integration/suites/node-attestation/02-start-agent index 054b213c19c..fc5ae5816af 100755 --- a/test/integration/suites/node-attestation/02-start-agent +++ b/test/integration/suites/node-attestation/02-start-agent @@ -1,8 +1,8 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt log-debug "starting agent..." -docker-compose up -d "spire-agent" || fail-now "failed to bring up services." +docker compose up -d "spire-agent" || fail-now "failed to bring up services." diff --git a/test/integration/suites/node-attestation/03-test-node-attestation b/test/integration/suites/node-attestation/03-test-node-attestation index c493b63d8d2..2236027a1df 100755 --- a/test/integration/suites/node-attestation/03-test-node-attestation +++ b/test/integration/suites/node-attestation/03-test-node-attestation @@ -1,31 +1,31 @@ #!/bin/bash # Test node attestation api -jointoken=`docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep jointoken` +jointoken=`docker compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep jointoken` echo "Created Join Token" $jointoken -svid1=`docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep jointokenattest -tokenName $jointoken` +svid1=`docker compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep jointokenattest -tokenName $jointoken` if [[ $? -ne 0 ]]; then fail-now "Failed to do initial join token attestation" fi echo "Received initial SVID:" $svid1 -svid2=`docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep renew -certificate "${svid1}"` +svid2=`docker compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep renew -certificate "${svid1}"` if [[ $? -ne 0 ]]; then fail-now "Failed to do SVID renewal" fi echo "Received renewed SVID:" $svid2 -docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep ban -tokenName ${jointoken} +docker compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep ban -tokenName ${jointoken} if [[ $? -ne 0 ]]; then fail-now "Failed to do initial join token attestation" fi echo "Agent banned" -if docker-compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep renew -certificate "${svid2}" +if docker compose exec -u 1000 -T spire-server /opt/spire/conf/server/node-attestation -testStep renew -certificate "${svid2}" then fail-now "Expected agent to be banned" fi diff --git a/test/integration/suites/node-attestation/04-test-x509pop-attestation b/test/integration/suites/node-attestation/04-test-x509pop-attestation index 207194e7acb..32f3230bfd7 100755 --- a/test/integration/suites/node-attestation/04-test-x509pop-attestation +++ b/test/integration/suites/node-attestation/04-test-x509pop-attestation @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating admin registration entry..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/admin" \ @@ -11,4 +11,4 @@ docker-compose exec -T spire-server \ check-synced-entry "spire-agent" "spiffe://domain.test/admin" log-debug "running x509pop test..." -docker-compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep x509pop || fail-now "failed to check x509pop attestion" +docker compose exec -u 1000 -T spire-agent /opt/spire/conf/agent/node-attestation -testStep x509pop || fail-now "failed to check x509pop attestion" diff --git a/test/integration/suites/node-attestation/docker-compose.yaml b/test/integration/suites/node-attestation/docker-compose.yaml index 0e67183c237..288be5fd27f 100644 --- a/test/integration/suites/node-attestation/docker-compose.yaml +++ b/test/integration/suites/node-attestation/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/node-attestation/teardown b/test/integration/suites/node-attestation/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/node-attestation/teardown +++ b/test/integration/suites/node-attestation/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/node-re-attestation/02-start-agent b/test/integration/suites/node-re-attestation/02-start-agent index bd1b490a6a1..1d09e3fad80 100755 --- a/test/integration/suites/node-re-attestation/02-start-agent +++ b/test/integration/suites/node-re-attestation/02-start-agent @@ -2,11 +2,11 @@ source ./common log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt log-info "generating join token..." -TOKEN=$(docker-compose exec -T spire-server \ +TOKEN=$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server token generate -spiffeID spiffe://domain.test/node -output json | jq -r ".value") # Inserts the join token into the agent configuration @@ -14,10 +14,10 @@ log-debug "using join token ${TOKEN}..." sed -i.bak "s#TOKEN#${TOKEN}#g" conf/agent/agent_jointoken.conf log-debug "starting agent a..." -docker-compose up -d "spire-agent-a" || fail-now "failed to bring up services." +docker compose up -d "spire-agent-a" || fail-now "failed to bring up services." log-debug "starting agent b..." -docker-compose up -d "spire-agent-b" || fail-now "failed to bring up services." +docker compose up -d "spire-agent-b" || fail-now "failed to bring up services." AGENT_A_SPIFFE_ID_PATH="/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" AGENT_B_SPIFFE_ID_PATH="/spire/agent/join_token/$(grep -oP '(?<=join_token = ")[^"]*' conf/agent/agent_jointoken.conf)" diff --git a/test/integration/suites/node-re-attestation/03-evict-agents b/test/integration/suites/node-re-attestation/03-evict-agents index 40ff98e4209..42fa5d75e6f 100755 --- a/test/integration/suites/node-re-attestation/03-evict-agents +++ b/test/integration/suites/node-re-attestation/03-evict-agents @@ -5,10 +5,10 @@ AGENT_A_SPIFFE_ID="spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/a AGENT_B_SPIFFE_ID="spiffe://domain.test/spire/agent/join_token/$(grep -oP '(?<=join_token = ")[^"]*' conf/agent/agent_jointoken.conf)" log-debug "evicting agents..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent evict -spiffeID $AGENT_A_SPIFFE_ID || fail-now "failed to evict agent a." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent evict -spiffeID $AGENT_B_SPIFFE_ID || fail-now "failed to evict agent b." check-evict-agents $AGENT_A_SPIFFE_ID $AGENT_B_SPIFFE_ID diff --git a/test/integration/suites/node-re-attestation/04-check-re-attest b/test/integration/suites/node-re-attestation/04-check-re-attest index 8076c15c2e1..96200cf9436 100755 --- a/test/integration/suites/node-re-attestation/04-check-re-attest +++ b/test/integration/suites/node-re-attestation/04-check-re-attest @@ -1,7 +1,7 @@ #!/bin/bash source ./common -docker-compose restart "spire-agent-a" "spire-agent-b" || fail-now "failed to stop services." +docker compose restart "spire-agent-a" "spire-agent-b" || fail-now "failed to stop services." # spire-agent-b can't re-attest because join_token implements trust on first use model. AGENT_A_SPIFFE_ID_PATH="/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" diff --git a/test/integration/suites/node-re-attestation/common b/test/integration/suites/node-re-attestation/common index 0ac4d570a37..eec629bd0a9 100644 --- a/test/integration/suites/node-re-attestation/common +++ b/test/integration/suites/node-re-attestation/common @@ -8,7 +8,7 @@ check-attested-agents () { for ((i=1;i<=MAXCHECKS;i++)); do log-debug "checking attested agents ($i of $MAXCHECKS max)......" MATCHING_COUNT=0 - AGENTS=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server agent list -output json) + AGENTS=$(docker compose exec -T spire-server /opt/spire/bin/spire-server agent list -output json) AGENTS_COUNT=$(jq -r '.agents | length' <<< "$AGENTS") for spiffe_id_path in "$@"; do @@ -34,7 +34,7 @@ check-evict-agents() { MATCHING_COUNT=0 log-info "checking for evicted agent ($i of $MAXCHECKS max)..." for spiffe_id in "$@"; do - if docker-compose logs "spire-server" | grep "Agent is not attested" | grep "caller_id=\"$spiffe_id\""; then + if docker compose logs "spire-server" | grep "Agent is not attested" | grep "caller_id=\"$spiffe_id\""; then MATCHING_COUNT=$((MATCHING_COUNT+1)) fi done diff --git a/test/integration/suites/node-re-attestation/docker-compose.yaml b/test/integration/suites/node-re-attestation/docker-compose.yaml index 5bfbf7e010c..8077f1a15c9 100644 --- a/test/integration/suites/node-re-attestation/docker-compose.yaml +++ b/test/integration/suites/node-re-attestation/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/node-re-attestation/teardown b/test/integration/suites/node-re-attestation/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/node-re-attestation/teardown +++ b/test/integration/suites/node-re-attestation/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/oidc-discovery-provider/02-bootstrap-agent b/test/integration/suites/oidc-discovery-provider/02-bootstrap-agent index 820c12d21e2..27a2eca7f6f 100755 --- a/test/integration/suites/oidc-discovery-provider/02-bootstrap-agent +++ b/test/integration/suites/oidc-discovery-provider/02-bootstrap-agent @@ -1,5 +1,5 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show -socketPath /opt/spire/conf/server/api.sock >conf/agent/bootstrap.crt diff --git a/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api b/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api index 0651eee5935..c0ec626ddfc 100755 --- a/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api +++ b/test/integration/suites/oidc-discovery-provider/04-assert-jwks-using-workload-api @@ -5,7 +5,7 @@ source common docker-up spire-agent log-debug "creating registration entry for oidc-provider" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create -socketPath /opt/spire/conf/server/api.sock \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/oidc-provider" \ diff --git a/test/integration/suites/oidc-discovery-provider/common b/test/integration/suites/oidc-discovery-provider/common index 52b103418a1..5938db2dd22 100644 --- a/test/integration/suites/oidc-discovery-provider/common +++ b/test/integration/suites/oidc-discovery-provider/common @@ -4,7 +4,7 @@ check-equal-keys() { PROVIDER_SOCKET_PATH=$1 JWK=$(curl --unix-socket $PROVIDER_SOCKET_PATH http://localhost/keys | jq ".keys[0]" || fail-now "Failed to fetch JWK from provider") - BUNDLE=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server bundle show -socketPath /opt/spire/conf/server/api.sock -output json | jq ".jwt_authorities[0]" || fail-now "Failed to fetch JWT bundle from SPIRE server") + BUNDLE=$(docker compose exec -T spire-server /opt/spire/bin/spire-server bundle show -socketPath /opt/spire/conf/server/api.sock -output json | jq ".jwt_authorities[0]" || fail-now "Failed to fetch JWT bundle from SPIRE server") PROVIDER_KEY_ID=$(echo ${JWK} | jq -r ".kid") BUNDLE_KEY_ID=$(echo ${BUNDLE} | jq -r ".key_id") diff --git a/test/integration/suites/oidc-discovery-provider/docker-compose.yaml b/test/integration/suites/oidc-discovery-provider/docker-compose.yaml index 6857a1332cd..f76f0635b44 100644 --- a/test/integration/suites/oidc-discovery-provider/docker-compose.yaml +++ b/test/integration/suites/oidc-discovery-provider/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/oidc-discovery-provider/teardown b/test/integration/suites/oidc-discovery-provider/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/oidc-discovery-provider/teardown +++ b/test/integration/suites/oidc-discovery-provider/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/rotation/02-bootstrap-agent b/test/integration/suites/rotation/02-bootstrap-agent index 405147f2fd5..8ee7d32c269 100755 --- a/test/integration/suites/rotation/02-bootstrap-agent +++ b/test/integration/suites/rotation/02-bootstrap-agent @@ -1,5 +1,5 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt diff --git a/test/integration/suites/rotation/04-create-workload-entry b/test/integration/suites/rotation/04-create-workload-entry index 8686f3eaa94..784ca9c291e 100755 --- a/test/integration/suites/rotation/04-create-workload-entry +++ b/test/integration/suites/rotation/04-create-workload-entry @@ -1,7 +1,7 @@ #!/bin/bash log-debug "creating registration entry..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/workload" \ @@ -14,8 +14,8 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for synced workload entry ($i of $MAXCHECKS max)..." - docker-compose logs spire-agent - if docker-compose logs spire-agent | grep "spiffe://domain.test/workload"; then + docker compose logs spire-agent + if docker compose logs spire-agent | grep "spiffe://domain.test/workload"; then exit 0 fi sleep "${CHECKINTERVAL}" diff --git a/test/integration/suites/rotation/05-check-svids b/test/integration/suites/rotation/05-check-svids index 8f5dec45671..3c04e58fb75 100755 --- a/test/integration/suites/rotation/05-check-svids +++ b/test/integration/suites/rotation/05-check-svids @@ -7,7 +7,7 @@ NUMCHECKS=15 CHECKINTERVAL=3 for ((i=1;i<=NUMCHECKS;i++)); do log-info "checking X509-SVID ($i of $NUMCHECKS)..." - docker-compose exec -T spire-agent \ + docker compose exec -T spire-agent \ /opt/spire/bin/spire-agent api fetch x509 || fail-now "SVID check failed" sleep "${CHECKINTERVAL}" done diff --git a/test/integration/suites/rotation/docker-compose.yaml b/test/integration/suites/rotation/docker-compose.yaml index 0e67183c237..288be5fd27f 100644 --- a/test/integration/suites/rotation/docker-compose.yaml +++ b/test/integration/suites/rotation/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/rotation/teardown b/test/integration/suites/rotation/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/rotation/teardown +++ b/test/integration/suites/rotation/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/spire-server-cli/02-bundle b/test/integration/suites/spire-server-cli/02-bundle index 3c879b9ab4c..85e57a9f7e1 100755 --- a/test/integration/suites/spire-server-cli/02-bundle +++ b/test/integration/suites/spire-server-cli/02-bundle @@ -1,67 +1,67 @@ #!/bin/bash # Verify 'bundle count' correctly indicates a single bundle (the server bundle) -docker-compose exec -T spire-server /opt/spire/bin/spire-server bundle count | grep 1 || fail-now "failed to count 1 bundle" +docker compose exec -T spire-server /opt/spire/bin/spire-server bundle count | grep 1 || fail-now "failed to count 1 bundle" # Verify 'bundle show' -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show | openssl x509 -text -noout | grep URI:spiffe://domain.test || fail-now "failed to show bundle (pem)" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show -format spiffe || fail-now "failed to show bundle (spiffe)" # Verify federated bundle can be created (pem) -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " cat /opt/spire/conf/fixture/ca.pem | /opt/spire/bin/spire-server bundle set -id spiffe://federated.td" || fail-now "failed to create bundle (pem)" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " /opt/spire/bin/spire-server bundle list -id spiffe://federated.td | grep 'makw2ekuHKWC4hBhCkpr5qY4bI8YUcXfxg/1AiEA67kMyH7bQnr7OVLUrL+b9ylA'" || fail-now "federated bundle not found" # Verify federated bundle can be updated (pem) -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle set -id spiffe://federated.td -path /opt/spire/conf/fixture/ca2.pem || fail-now "failed to set bundle with path (pem)" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " /opt/spire/bin/spire-server bundle list -id spiffe://federated.td | grep 'q+2ZoNyl4udPj7IMYIGX8yuCNRmh7m3d9tvoDgIgbS26wSwDjngGqdiHHL8fTcg'" || fail-now "federated bundle was not updated" # Verify federated bundle can be created (spiffe) -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " cat /opt/spire/conf/fixture/ca.spiffe | /opt/spire/bin/spire-server bundle set -id spiffe://federated2.td -format spiffe" || fail-now "failed to create bundle (spiffe)" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " /opt/spire/bin/spire-server bundle list -id spiffe://federated2.td -format spiffe | grep 'fK-wKTnKL7KFLM27lqq5DC-bxrVaH6rDV-IcCSEOeL4'" || fail-now "federated bundle not found" # Verify 'bundle count' correctly indicates two bundles -docker-compose exec -T spire-server /opt/spire/bin/spire-server bundle count | grep 3 || fail-now "failed to count 3 bundles" +docker compose exec -T spire-server /opt/spire/bin/spire-server bundle count | grep 3 || fail-now "failed to count 3 bundles" # Verify federated bundle can be updated (pem) -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle set -id spiffe://federated2.td -path /opt/spire/conf/fixture/ca2.spiffe -format spiffe || fail-now "failed to set bundle with path (spiffe)" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " /opt/spire/bin/spire-server bundle list -id spiffe://federated2.td -format spiffe | grep 'HxVuaUnxgi431G5D3g9hqeaQhEbsyQZXmaas7qsUC_c'" || fail-now "federated bundle was not updated" # Verify 'bundle list' contains both federated bundles -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " /opt/spire/bin/spire-server bundle list | grep -E 'federated.td|federated2.td' -c | grep 2" || fail-now "Unexpected amout of federated bundles" # Verify delete -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle delete -id spiffe://federated.td || fail-now "failed to delete federated bundle" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " /opt/spire/bin/spire-server bundle list | grep -E 'federated.td|federated2.td' -c | grep 1" || fail-now "Unexpected amout of federated bundles" # Verify 'bundle count' correctly indicates two bundles (server bundle and one federated bundle) -docker-compose exec -T spire-server /opt/spire/bin/spire-server bundle count | grep 2 || fail-now "failed to count 2 bundles" +docker compose exec -T spire-server /opt/spire/bin/spire-server bundle count | grep 2 || fail-now "failed to count 2 bundles" diff --git a/test/integration/suites/spire-server-cli/03-entry b/test/integration/suites/spire-server-cli/03-entry index 776d896d2e6..5e7288d250a 100755 --- a/test/integration/suites/spire-server-cli/03-entry +++ b/test/integration/suites/spire-server-cli/03-entry @@ -1,18 +1,18 @@ #!/bin/bash # Create bundles of federated trust domains to be used by other commands -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " cat /opt/spire/conf/fixture/ca.pem | /opt/spire/bin/spire-server bundle set -id spiffe://federated1.test" || fail-now "failed to create federated bundle 1" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ ash -c " cat /opt/spire/conf/fixture/ca.pem | /opt/spire/bin/spire-server bundle set -id spiffe://federated2.test" || fail-now "failed to create federated bundle 2" # Verify entry create -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -selector s1:v1 \ -parentID spiffe://domain.test/parent \ @@ -20,14 +20,14 @@ docker-compose exec -T spire-server \ -federatesWith spiffe://federated1.test \ -admin || fail-now "failed to create entry 1" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -selector notUpdated:notUpdated \ -parentID spiffe://domain.test/parentNotUpdated \ -spiffeID spiffe://domain.test/child2NotUpdated \ -downstream || fail-now "failed to create entry 2" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -selector otherS:otherV \ -spiffeID spiffe://domain.test/otherChild \ @@ -36,11 +36,11 @@ docker-compose exec -T spire-server \ -ttl 123 || fail-now "failed to create entry 3" # Verify entry count correctly indicates three entries -docker-compose exec -T spire-server /opt/spire/bin/spire-server entry count | grep 3 || fail-now "failed to count 3 entries" +docker compose exec -T spire-server /opt/spire/bin/spire-server entry count | grep 3 || fail-now "failed to count 3 entries" # Verify entry show and set variables entryID1, entryID2 and entryID3 # Entry 1 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -spiffeID spiffe://domain.test/child1)" @@ -70,7 +70,7 @@ entryID1="$(echo "$showResult" | grep "Entry ID")" || fail-now "failed to show e entryID1="${entryID1#*: }" # Entry 2 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -spiffeID spiffe://domain.test/child2NotUpdated)" @@ -101,7 +101,7 @@ entryID2="$(echo "$showResult" | grep "Entry ID")" || fail-now "failed to show e entryID2="${entryID2#*: }" # Entry 3 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -spiffeID spiffe://domain.test/otherChild)" @@ -132,7 +132,7 @@ entryID3="$(echo "$showResult" | grep "Entry ID")" || fail-now "failed to show e entryID3="${entryID3#*: }" # Verify entry update -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry update \ -entryID ${entryID1} \ -selector s1:v1 \ @@ -141,7 +141,7 @@ docker-compose exec -T spire-server \ -federatesWith spiffe://federated1.test \ -ttl 456 || fail-now "failed to update entry 1" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry update \ -entryID ${entryID2} \ -selector s1:v1 -selector s2:v2 \ @@ -150,7 +150,7 @@ docker-compose exec -T spire-server \ -federatesWith spiffe://federated1.test -federatesWith spiffe://federated2.test \ -dns dnsname2 || fail-now "failed to update entry 2" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry update \ -entryID ${entryID3} \ -selector otherS:otherV \ @@ -161,7 +161,7 @@ docker-compose exec -T spire-server \ # Verify entry show after updates # Entry 1 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -spiffeID spiffe://domain.test/child1)" @@ -191,7 +191,7 @@ echo $(echo "$showResult" | grep "Admin" || echo "Failed when expected") \ | grep "Failed when expected" || fail-now "failed to show entry 1 after update, 'grep Admin' should fail" # Entry 2 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -spiffeID spiffe://domain.test/child2)" @@ -224,7 +224,7 @@ echo $(echo "$showResult" | grep "Admin" || echo "Failed when expected") \ | grep "Failed when expected" || fail-now "failed to show entry 2 after update, 'grep Admin' should fail" # Entry 3 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -spiffeID spiffe://domain.test/child3)" @@ -254,7 +254,7 @@ echo "$showResult" | grep "Admin" | grep "true" || fail-now "failed to show entr # Verify entry show using filters # By parent -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -parentID spiffe://domain.test/parent)" @@ -263,7 +263,7 @@ echo "$showResult" | grep "Entry ID" | grep ${entryID1} || fail-now "failed to s echo "$showResult" | grep "Entry ID" | grep ${entryID2} || fail-now "failed to show entries by parentID, expected Entry ID 2 not found" # By selectors (default matcher, SUPERSET) -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -selector s1:v1)" @@ -271,7 +271,7 @@ echo "$showResult" | grep "Found 2 entries" || fail-now "failed to show entry 1 echo "$showResult" | grep ${entryID1} || fail-now "failed to show entry 1 by selector, unexpected Entry ID" echo "$showResult" | grep ${entryID2} || fail-now "failed to show entry 1 by selector, unexpected Entry ID" -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -selector s1:v1 -selector s2:v2)" @@ -279,7 +279,7 @@ echo "$showResult" | grep "Found 1 entry" || fail-now "failed to show entry 2 by echo "$showResult" | grep ${entryID2} || fail-now "failed to show entry 2 by selector, unexpected Entry ID" # By selectors (change matcher) -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -selector s1:v1 \ -matchSelectorsOn exact)" @@ -288,7 +288,7 @@ echo "$showResult" | grep "Found 1 entry" || fail-now "failed to show entry 1 by echo "$showResult" | grep ${entryID1} || fail-now "failed to show entry 1 by selector, unexpected Entry ID" # Verify entry delete -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show)" echo "$showResult" | grep "Found 3 entries" || fail-now "failed to show entries before delete" @@ -296,11 +296,11 @@ echo "$showResult" | grep "Entry ID" | grep ${entryID1} || fail-now "failed to s echo "$showResult" | grep "Entry ID" | grep ${entryID2} || fail-now "failed to show entries before delete, expected Entry ID 2 not found" echo "$showResult" | grep "Entry ID" | grep ${entryID3} || fail-now "failed to show entries before delete, expected Entry ID 3 not found" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry delete \ -entryID ${entryID1} || fail-now "failed to delete entry 1" -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show)" echo "$showResult" | grep "Found 2 entries" || fail-now "failed to show entries after delete" @@ -308,4 +308,4 @@ echo "$showResult" | grep "Entry ID" | grep ${entryID2} || fail-now "failed to s echo "$showResult" | grep "Entry ID" | grep ${entryID3} || fail-now "failed to show entries after delete, expected Entry ID 3 not found" # Verify entry count correctly indicates two entries -docker-compose exec -T spire-server /opt/spire/bin/spire-server entry count | grep 2 || fail-now "failed to count 2 entries" +docker compose exec -T spire-server /opt/spire/bin/spire-server entry count | grep 2 || fail-now "failed to count 2 entries" diff --git a/test/integration/suites/spire-server-cli/04-bootstrap-agents b/test/integration/suites/spire-server-cli/04-bootstrap-agents index 37c9fcfeb14..fcd187964ca 100755 --- a/test/integration/suites/spire-server-cli/04-bootstrap-agents +++ b/test/integration/suites/spire-server-cli/04-bootstrap-agents @@ -1,7 +1,7 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt # Set conf files for each agent @@ -12,7 +12,7 @@ cp -R conf/agent/ conf/agent-3 # Set a different join token for each agent # Agent 1 log-info "generating join token for agent 1..." -TOKEN=$(docker-compose exec -T spire-server \ +TOKEN=$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server token generate -spiffeID spiffe://domain.test/node1 | awk '{print $2}' | tr -d '\r') log-debug "using join token ${TOKEN} for agent 1..." @@ -20,7 +20,7 @@ sed -i.bak "s#TOKEN#${TOKEN}#g" conf/agent-1/agent.conf # Agent 2 log-info "generating join token for agent 2..." -TOKEN=$(docker-compose exec -T spire-server \ +TOKEN=$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server token generate -spiffeID spiffe://domain.test/node2 | awk '{print $2}' | tr -d '\r') log-debug "using join token ${TOKEN} for agent 2..." @@ -28,7 +28,7 @@ sed -i.bak "s#TOKEN#${TOKEN}#g" conf/agent-2/agent.conf # Agent 3 log-info "generating join token for agent 3..." -TOKEN=$(docker-compose exec -T spire-server \ +TOKEN=$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server token generate -spiffeID spiffe://domain.test/node3 | awk '{print $2}' | tr -d '\r') log-debug "using join token ${TOKEN} for agent 3..." diff --git a/test/integration/suites/spire-server-cli/06-agent b/test/integration/suites/spire-server-cli/06-agent index c132634dfa0..662f48c3c1f 100755 --- a/test/integration/suites/spire-server-cli/06-agent +++ b/test/integration/suites/spire-server-cli/06-agent @@ -1,10 +1,10 @@ #!/bin/bash # Verify agent count correctly indicates three agents -docker-compose exec -T spire-server /opt/spire/bin/spire-server agent count | grep 3 || fail-now "failed to count 3 agents" +docker compose exec -T spire-server /opt/spire/bin/spire-server agent count | grep 3 || fail-now "failed to count 3 agents" # Verify 3 agents were created -listResult="$(docker-compose exec -T spire-server \ +listResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent list)" echo "$listResult" | grep "Found 3 attested agents" || fail-now "failed to list the 3 agents initially" @@ -12,21 +12,21 @@ echo "$listResult" | grep "Attestation type" | grep "join_token" || fail-now "un # Get agent SPIFFE IDs from entries, knowing they were attested using join-token # Agent 1 -agentID1="$(docker-compose exec -T spire-server \ +agentID1="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -spiffeID spiffe://domain.test/node1)" agentID1="$(echo "$agentID1" | grep "Parent ID")" || fail-now "failed to extract agentID1" agentID1="${agentID1#*: }" # Agent 2 -agentID2="$(docker-compose exec -T spire-server \ +agentID2="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -spiffeID spiffe://domain.test/node2)" agentID2="$(echo "$agentID2" | grep "Parent ID")" || fail-now "failed to extract agentID2" agentID2="${agentID2#*: }" # Agent 3 -agentID3="$(docker-compose exec -T spire-server \ +agentID3="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show \ -spiffeID spiffe://domain.test/node3)" agentID3="$(echo "$agentID3" | grep "Parent ID")" || fail-now "failed to extract agentID3" @@ -39,7 +39,7 @@ echo "$listResult" | grep "$agentID3" || fail-now "agentID3=$agentID3 not found # Verify agent show # Agent 1 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent show -spiffeID $agentID1)" echo "$showResult" | grep "Found an attested agent given its SPIFFE ID" || fail-now "failed to show agent 1" @@ -47,7 +47,7 @@ echo "$showResult" | grep "SPIFFE ID" | grep "$agentID1" || fail-now "unexpected echo "$showResult" | grep "Attestation type" | grep "join_token" || fail-now "unexpected attestation type for agent 1" # Agent 2 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent show -spiffeID $agentID2)" echo "$showResult" | grep "Found an attested agent given its SPIFFE ID" || fail-now "failed to show agent 2" @@ -55,7 +55,7 @@ echo "$showResult" | grep "SPIFFE ID" | grep "$agentID2" || fail-now "unexpected echo "$showResult" | grep "Attestation type" | grep "join_token" || fail-now "unexpected attestation type for agent 2" # Agent 3 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent show -spiffeID $agentID3)" echo "$showResult" | grep "Found an attested agent given its SPIFFE ID" || fail-now "failed to show agent 3" @@ -63,33 +63,33 @@ echo "$showResult" | grep "SPIFFE ID" | grep "$agentID3" || fail-now "unexpected echo "$showResult" | grep "Attestation type" | grep "join_token" || fail-now "unexpected attestation type for agent 3" # Verify agent ban -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent ban -spiffeID "$agentID1" | grep "Agent banned successfully" || fail-now "failed to ban agent 1" # Verify agent list after ban -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent list | grep "Found 3 attested agents" || fail-now "failed to list the agents after ban" # Verify agent show after ban Agent 1 -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent show -spiffeID $agentID1 | grep "Banned : true" || fail-now "agent 1 was not banned" # Verify agent evict -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent evict -spiffeID "$agentID1" | grep "Agent evicted successfully" || fail-now "failed to evict agent 1" # Verify agent list after evict -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent list | grep "Found 2 attested agents" || fail-now "failed to list the agents after evict" # Verify agent show after evict # Agent 1 -echo "$(docker-compose exec -T spire-server \ +echo "$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent show -spiffeID $agentID1 || echo "OK: agent 1 not found")" \ | grep "OK: agent 1 not found" || fail-now "agent 1 was found after evict" # Agent 2 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent show -spiffeID $agentID2)" echo "$showResult" | grep "Found an attested agent given its SPIFFE ID" || fail-now "failed to show agent 2 after evict" @@ -97,7 +97,7 @@ echo "$showResult" | grep "SPIFFE ID" | grep "$agentID2" || fail-now "unexpected echo "$showResult" | grep "Attestation type" | grep "join_token" || fail-now "unexpected attestation type for agent 2 after evict" # Agent 3 -showResult="$(docker-compose exec -T spire-server \ +showResult="$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent show -spiffeID $agentID3)" echo "$showResult" | grep "Found an attested agent given its SPIFFE ID" || fail-now "failed to show agent 3 after evict" diff --git a/test/integration/suites/spire-server-cli/docker-compose.yaml b/test/integration/suites/spire-server-cli/docker-compose.yaml index 54ec848b52e..e6ae49a11c6 100644 --- a/test/integration/suites/spire-server-cli/docker-compose.yaml +++ b/test/integration/suites/spire-server-cli/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server-alpine diff --git a/test/integration/suites/spire-server-cli/teardown b/test/integration/suites/spire-server-cli/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/spire-server-cli/teardown +++ b/test/integration/suites/spire-server-cli/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/svidstore/02-bootstrap-agent b/test/integration/suites/svidstore/02-bootstrap-agent index 405147f2fd5..8ee7d32c269 100755 --- a/test/integration/suites/svidstore/02-bootstrap-agent +++ b/test/integration/suites/svidstore/02-bootstrap-agent @@ -1,5 +1,5 @@ #!/bin/bash log-debug "bootstrapping agent..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server bundle show > conf/agent/bootstrap.crt diff --git a/test/integration/suites/svidstore/04-create-entries b/test/integration/suites/svidstore/04-create-entries index 795fde61ffa..14cea19c71d 100755 --- a/test/integration/suites/svidstore/04-create-entries +++ b/test/integration/suites/svidstore/04-create-entries @@ -3,19 +3,19 @@ source ./common log-debug "creating registration entries that must have it's SVIDs stored ..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/stored-1" \ -selector "disk:name:stored-1" \ -storeSVID true -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/stored-2" \ -selector "disk:name:stored-2" \ -storeSVID true -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/stored-3" \ @@ -27,12 +27,12 @@ check-synced-entry "spire-agent" "spiffe://domain.test/stored-2" check-synced-entry "spire-agent" "spiffe://domain.test/stored-3" log-debug "creating registration entries that should not have the SVID stored..." -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/not-stored-1" \ -selector "disk:name:not-stored-1" -docker-compose exec -T spire-server \ +docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry create \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ -spiffeID "spiffe://domain.test/not-stored-2" \ diff --git a/test/integration/suites/svidstore/05-update-entries b/test/integration/suites/svidstore/05-update-entries index 402cb17a894..1a945d5c4dd 100755 --- a/test/integration/suites/svidstore/05-update-entries +++ b/test/integration/suites/svidstore/05-update-entries @@ -3,9 +3,9 @@ source ./common log-debug "updating registration entries that has stored SVIDs..." -ids=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server entry show -output json | jq -r '.entries[] | select(.store_svid == true) | .id') +ids=$(docker compose exec -T spire-server /opt/spire/bin/spire-server entry show -output json | jq -r '.entries[] | select(.store_svid == true) | .id') for id in $ids; do - docker-compose exec -T spire-server \ + docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry update \ -entryID $id \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ @@ -14,10 +14,10 @@ for id in $ids; do done log-debug "updating registration entries that don't have stored SVIDs..." -ids=$(docker-compose exec -T spire-server \ +ids=$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show -output json | jq -r '.entries[] | select(.spiffe_id.path | contains("not-stored")) | .id') for id in $ids; do - docker-compose exec -T spire-server \ + docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry update \ -entryID "$id" \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ diff --git a/test/integration/suites/svidstore/06-delete-entries b/test/integration/suites/svidstore/06-delete-entries index d003fd40699..f239702a4a9 100755 --- a/test/integration/suites/svidstore/06-delete-entries +++ b/test/integration/suites/svidstore/06-delete-entries @@ -3,9 +3,9 @@ source ./common log-debug "deleting all registration entries..." -ids=$(docker-compose exec -T spire-server /opt/spire/bin/spire-server entry show -output json | jq -r '.entries[] | .id') +ids=$(docker compose exec -T spire-server /opt/spire/bin/spire-server entry show -output json | jq -r '.entries[] | .id') for id in $ids; do - docker-compose exec -T spire-server /opt/spire/bin/spire-server entry delete -entryID $id + docker compose exec -T spire-server /opt/spire/bin/spire-server entry delete -entryID $id done check-deleted-svids diff --git a/test/integration/suites/svidstore/common b/test/integration/suites/svidstore/common index b2a8b813414..4aeb5974a8f 100644 --- a/test/integration/suites/svidstore/common +++ b/test/integration/suites/svidstore/common @@ -1,7 +1,7 @@ #!/bin/bash check-stored-svids() { - stored_ids=$(docker-compose exec -T spire-server \ + stored_ids=$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show -output json | jq -r '.entries[] | select(.store_svid == true) | .id') for id in $stored_ids; do @@ -10,8 +10,8 @@ check-stored-svids() { CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for stored entry ($i of $MAXCHECKS max)..." - docker-compose logs "spire-agent" - if docker-compose logs "spire-agent" | grep '"SVID stored successfully" entry='"$id"''; then + docker compose logs "spire-agent" + if docker compose logs "spire-agent" | grep '"SVID stored successfully" entry='"$id"''; then found=1 break fi @@ -23,20 +23,20 @@ check-stored-svids() { fi done - docker-compose exec -u 1000 -T spire-server \ + docker compose exec -u 1000 -T spire-server \ /opt/spire/conf/server/checkstoredsvids /opt/spire/conf/agent/svids.json || fail-now "failed to check stored svids" } check-deleted-svids() { - stored_ids=$(docker-compose exec -T spire-server \ + stored_ids=$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show -output json | jq -r '.entries[] | select(.store_svid == true) | .id') no_entries=0 MAXCHECKS=10 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do - stored_ids=$(docker-compose exec -T spire-server \ + stored_ids=$(docker compose exec -T spire-server \ /opt/spire/bin/spire-server entry show -output json | jq -r '.entries[] | select(.store_svid == true) | .id') if [ -z "$stored_ids" ]; then no_entries=1 @@ -48,6 +48,6 @@ check-deleted-svids() { fail-now "timed out waiting for agent to delete all svids" fi - docker-compose exec -u 1000 -T spire-server \ + docker compose exec -u 1000 -T spire-server \ /opt/spire/conf/server/checkstoredsvids /opt/spire/conf/agent/svids.json || fail-now "failed to check stored svids" } diff --git a/test/integration/suites/svidstore/docker-compose.yaml b/test/integration/suites/svidstore/docker-compose.yaml index ce2790afe64..5014dd2efa2 100644 --- a/test/integration/suites/svidstore/docker-compose.yaml +++ b/test/integration/suites/svidstore/docker-compose.yaml @@ -1,4 +1,3 @@ -version: '3' services: spire-server: image: spire-server:latest-local diff --git a/test/integration/suites/svidstore/teardown b/test/integration/suites/svidstore/teardown index 9953dcd3f97..fabbf145ae5 100755 --- a/test/integration/suites/svidstore/teardown +++ b/test/integration/suites/svidstore/teardown @@ -1,6 +1,6 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/upgrade/00-setup b/test/integration/suites/upgrade/00-setup index f2fefdd432b..ddb69cbd942 100755 --- a/test/integration/suites/upgrade/00-setup +++ b/test/integration/suites/upgrade/00-setup @@ -57,7 +57,6 @@ EOF # version we want to test against the latest # cat < docker-compose.yaml -version: '3' networks: our-network: {} services: diff --git a/test/integration/suites/upgrade/01-run-upgrade-tests b/test/integration/suites/upgrade/01-run-upgrade-tests index 449d514b3ca..8909633391d 100755 --- a/test/integration/suites/upgrade/01-run-upgrade-tests +++ b/test/integration/suites/upgrade/01-run-upgrade-tests @@ -18,7 +18,7 @@ start-old-server() { bootstrap-agent() { # TODO: Remove -socketPath argument in 1.7.0 and rely on the default socket path - docker-compose exec -T "spire-server-$1" \ + docker compose exec -T "spire-server-$1" \ /opt/spire/bin/spire-server bundle show \ -socketPath /opt/spire/data/server/socket/api.sock > conf/agent/bootstrap.crt } @@ -35,7 +35,7 @@ start-old-agent() { create-registration-entry() { log-debug "creating registration entry..." # TODO: Remove -socketPath argument in 1.7.0 and rely on the default socket path - docker-compose exec -T "spire-server-$1" \ + docker compose exec -T "spire-server-$1" \ /opt/spire/bin/spire-server entry create \ -socketPath /opt/spire/data/server/socket/api.sock \ -parentID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" \ @@ -49,8 +49,8 @@ create-registration-entry() { local _checkinterval=1 for ((i=1;i<=_maxchecks;i++)); do log-info "checking for synced workload entry ($i of $_maxchecks max)..." - docker-compose logs "spire-agent-$1" - if docker-compose logs "spire-agent-$1" | grep "spiffe://domain.test/workload"; then + docker compose logs "spire-agent-$1" + if docker compose logs "spire-agent-$1" | grep "spiffe://domain.test/workload"; then return fi sleep "${_checkinterval}" @@ -60,7 +60,7 @@ create-registration-entry() { check-old-agent-svid() { log-info "checking X509-SVID on $1 agent..." - docker-compose exec -T "spire-agent-$1" \ + docker compose exec -T "spire-agent-$1" \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/data/agent/socket/api.sock \ -write /opt/test/before-server-upgrade || fail-now "SVID check failed" @@ -80,7 +80,7 @@ upgrade-server() { # Validates that the current version of the codebase is ahead of the version # being updated. check-codebase-version-is-ahead() { - _current_version=$(docker-compose exec -T spire-server-latest-local \ + _current_version=$(docker compose exec -T spire-server-latest-local \ /opt/spire/bin/spire-server --version 2>&1 | cut -d'-' -f 1) if [ "$_current_version" = "$1" ]; then @@ -99,7 +99,7 @@ check-old-agent-svid-after-upgrade() { for ((i=1;i<=_maxchecks;i++)); do log-info "checking X509-SVID after server upgrade ($i of $_maxchecks max)..." # TODO: Remove -socketPath argument in 1.7.0 and rely on the default socket path - docker-compose exec -T "spire-agent-$1" \ + docker compose exec -T "spire-agent-$1" \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/data/agent/socket/api.sock \ -write /opt/test/after-server-upgrade || fail-now "SVID check failed" @@ -128,7 +128,7 @@ stop-and-evict-agent() { log-info "evicting agent..." # TODO: Remove -socketPath argument in 1.7.0 and rely on the default socket path - docker-compose exec -T "spire-server-$1" \ + docker compose exec -T "spire-server-$1" \ /opt/spire/bin/spire-server agent evict \ -socketPath /opt/spire/data/server/socket/api.sock \ -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" @@ -139,7 +139,7 @@ stop-and-evict-agent() { check-new-agent-svid-after-upgrade() { log-info "checking X509-SVID after agent upgrade..." # TODO: Remove -socketPath argument in 1.7.0 and rely on the default socket path - docker-compose exec -T spire-agent-latest-local \ + docker compose exec -T spire-agent-latest-local \ /opt/spire/bin/spire-agent api fetch x509 \ -socketPath /opt/spire/data/agent/socket/api.sock \ -write /opt/test/after-agent-upgrade || fail-now "SVID check failed" diff --git a/test/integration/suites/upgrade/02-verify-codebase-version-is-updated b/test/integration/suites/upgrade/02-verify-codebase-version-is-updated index d0a773b62a2..ce06d9386d5 100755 --- a/test/integration/suites/upgrade/02-verify-codebase-version-is-updated +++ b/test/integration/suites/upgrade/02-verify-codebase-version-is-updated @@ -47,7 +47,7 @@ check-version-against-latest-release() { # Get current version from latest local image docker-up spire-server-latest-local -_commit_version=$(docker-compose exec -T spire-server-latest-local \ +_commit_version=$(docker compose exec -T spire-server-latest-local \ /opt/spire/bin/spire-server --version 2>&1 | cut -d'-' -f 1) docker-down diff --git a/test/integration/suites/upgrade/teardown b/test/integration/suites/upgrade/teardown index 9ae8c44c90c..2e181faa53c 100755 --- a/test/integration/suites/upgrade/teardown +++ b/test/integration/suites/upgrade/teardown @@ -1,5 +1,5 @@ #!/bin/bash if [ -z "$SUCCESS" ]; then - docker-compose logs + docker compose logs fi docker-down diff --git a/test/integration/suites/upgrade/versions.txt b/test/integration/suites/upgrade/versions.txt index 76567256213..2da4f09fbf1 100644 --- a/test/integration/suites/upgrade/versions.txt +++ b/test/integration/suites/upgrade/versions.txt @@ -6,3 +6,4 @@ 1.9.5 1.9.6 1.10.0 +1.10.1 diff --git a/test/integration/test-one.sh b/test/integration/test-one.sh index dc29eadabcf..60e23e304d4 100755 --- a/test/integration/test-one.sh +++ b/test/integration/test-one.sh @@ -50,7 +50,7 @@ cleanup() { fail-now "\"${TESTNAME}\" failed to tear down." fi - # double check that if docker-compose was used that we clean everything up. + # double check that if docker compose was used that we clean everything up. # this helps us to not pollute the local docker state. if [ -f "${RUNDIR}/docker-compose.yaml" ]; then docker-cleanup