Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration test: Force rotation nested spire with self-signed authority #5439

Open
MarcosDY opened this issue Aug 27, 2024 · 0 comments
Open

Integration test: Force rotation nested spire with self-signed authority #5439

MarcosDY opened this issue Aug 27, 2024 · 0 comments
Labels
priority/backlog Issue is approved and in the backlog

Comments

@MarcosDY
Copy link
Collaborator

MarcosDY commented Aug 27, 2024
edited
Loading

Possible test plan:

Start Nested SPIRE using Self-Signed Authorities

                         root-server
                              |
                         root-agent
                        /           \
         intermediateA-server   intermediateA-server
                |                       |
         intermediateA-agent    intermediateA-agent
                |                       |
           leafA-server            leafA-server
                |                       |
           leafA-agent             leafA-agent

Test steps:

  • Create one or more entries per agent.
  • Prepare a new bundle in the root-server.
  • Verify that the new bundle is propagated to leaf servers/agents.
  • Activate the new bundle in the root-server.
  • Create a new entry and verify that the SVID is using the new bundle.
  • Taint the old authority.
  • Verify that all Workload SVIDs from root-agent to leaf agents are updated with new SVIDs.
  • Verify that Server and Agent SVIDs are tainted and updated.
  • Verify that a workload (X) receives a notification for a new SVID.
  • Revoke the old authority.
  • Verify that workloads remain connected.
@MarcosDY MarcosDY added the priority/backlog Issue is approved and in the backlog label Aug 29, 2024
@MarcosDY MarcosDY changed the title Integration test: Force rotation nested spire without Upstream authority Integration test: Force rotation nested spire with selfsigned authority Aug 31, 2024
@MarcosDY MarcosDY changed the title Integration test: Force rotation nested spire with selfsigned authority Integration test: Force rotation nested spire with self-signed authority Aug 31, 2024
@MarcosDY MarcosDY mentioned this issue Sep 28, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/backlog Issue is approved and in the backlog
Projects
Force rotation and bundle revocation
Status: In pull request
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MarcosDY