From afb3eefeb59ca407a9fb1dd6d06fde0914c98375 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Wed, 14 Aug 2024 15:23:33 -0700 Subject: [PATCH 01/13] reduce flakiness in evict-agent CI Signed-off-by: amoore877 --- .../suites/evict-agent/04-ban-agent | 19 +++++++++---------- .../suites/evict-agent/05-agent-shutdown | 16 ++++++++++++++++ ...iled-to-start => 06-agent-failed-to-start} | 0 .../{06-delete-agent => 07-delete-agent} | 0 .../{07-start-agent => 09-start-agent} | 0 5 files changed, 25 insertions(+), 10 deletions(-) create mode 100644 test/integration/suites/evict-agent/05-agent-shutdown rename test/integration/suites/evict-agent/{05-agent-failed-to-start => 06-agent-failed-to-start} (100%) rename test/integration/suites/evict-agent/{06-delete-agent => 07-delete-agent} (100%) rename test/integration/suites/evict-agent/{07-start-agent => 09-start-agent} (100%) diff --git a/test/integration/suites/evict-agent/04-ban-agent b/test/integration/suites/evict-agent/04-ban-agent index 5bf2276269..6415991444 100755 --- a/test/integration/suites/evict-agent/04-ban-agent +++ b/test/integration/suites/evict-agent/04-ban-agent @@ -2,21 +2,20 @@ log-debug "banning agent..." -docker compose exec -T spire-server \ - /opt/spire/bin/spire-server agent ban \ - -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" - -# Check at most 30 times (with one second in between) that the agent has -# successfully banned +# Attempt at most 30 times (with one second in between) to ban the agent MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do - log-info "checking for agent is shutting down ($i of $MAXCHECKS max)..." - docker compose logs spire-agent - if docker compose logs spire-agent | grep "Agent is banned: removing SVID and shutting down"; then + log-info "attempting to ban agent ($i of $MAXCHECKS max)..." + + docker compose exec -T spire-server \ + /opt/spire/bin/spire-server agent ban \ + -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" + docker compose logs spire-server + if docker compose logs spire-server | grep "Agent banned"; then exit 0 fi sleep "${CHECKINTERVAL}" done -fail-now "timed out waiting for agent to shutdown" +fail-now "timed out waiting for successful ban" diff --git a/test/integration/suites/evict-agent/05-agent-shutdown b/test/integration/suites/evict-agent/05-agent-shutdown new file mode 100644 index 0000000000..b859673d2b --- /dev/null +++ b/test/integration/suites/evict-agent/05-agent-shutdown @@ -0,0 +1,16 @@ +#!/bin/bash + +# Check at most 30 times (with one second in between) that the agent has +# been successfully banned +MAXCHECKS=30 +CHECKINTERVAL=1 +for ((i=1;i<=MAXCHECKS;i++)); do + log-info "checking for agent is shutting down ($i of $MAXCHECKS max)..." + docker compose logs spire-agent + if docker compose logs spire-agent | grep "Agent is banned: removing SVID and shutting down"; then + exit 0 + fi + sleep "${CHECKINTERVAL}" +done + +fail-now "timed out waiting for agent to shutdown" diff --git a/test/integration/suites/evict-agent/05-agent-failed-to-start b/test/integration/suites/evict-agent/06-agent-failed-to-start similarity index 100% rename from test/integration/suites/evict-agent/05-agent-failed-to-start rename to test/integration/suites/evict-agent/06-agent-failed-to-start diff --git a/test/integration/suites/evict-agent/06-delete-agent b/test/integration/suites/evict-agent/07-delete-agent similarity index 100% rename from test/integration/suites/evict-agent/06-delete-agent rename to test/integration/suites/evict-agent/07-delete-agent diff --git a/test/integration/suites/evict-agent/07-start-agent b/test/integration/suites/evict-agent/09-start-agent similarity index 100% rename from test/integration/suites/evict-agent/07-start-agent rename to test/integration/suites/evict-agent/09-start-agent From d87b96737a6ddeae07b0f4bb227f137e80752eb7 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Wed, 14 Aug 2024 15:53:20 -0700 Subject: [PATCH 02/13] chmod +X Signed-off-by: amoore877 --- test/integration/suites/evict-agent/05-agent-shutdown | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 test/integration/suites/evict-agent/05-agent-shutdown diff --git a/test/integration/suites/evict-agent/05-agent-shutdown b/test/integration/suites/evict-agent/05-agent-shutdown old mode 100644 new mode 100755 From aa46d9887def62cf5297b1c2f77fd9c75dc66770 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 08:07:38 -0700 Subject: [PATCH 03/13] more fixes for test organization Signed-off-by: amoore877 --- .../suites/evict-agent/04-ban-agent | 5 +++-- .../evict-agent/06-agent-failed-to-start | 2 +- .../suites/evict-agent/07-delete-agent | 7 ------- .../suites/evict-agent/07-evict-agent | 17 +++++++++++++++ .../{08-evict-agent => 08-agent-reattest} | 21 +++---------------- 5 files changed, 24 insertions(+), 28 deletions(-) delete mode 100755 test/integration/suites/evict-agent/07-delete-agent create mode 100755 test/integration/suites/evict-agent/07-evict-agent rename test/integration/suites/evict-agent/{08-evict-agent => 08-agent-reattest} (58%) diff --git a/test/integration/suites/evict-agent/04-ban-agent b/test/integration/suites/evict-agent/04-ban-agent index 6415991444..1aba534254 100755 --- a/test/integration/suites/evict-agent/04-ban-agent +++ b/test/integration/suites/evict-agent/04-ban-agent @@ -5,12 +5,13 @@ log-debug "banning agent..." # Attempt at most 30 times (with one second in between) to ban the agent MAXCHECKS=30 CHECKINTERVAL=1 +spiffe_id="spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" for ((i=1;i<=MAXCHECKS;i++)); do - log-info "attempting to ban agent ($i of $MAXCHECKS max)..." + log-info "attempting to ban agent ${spiffe_id} ($i of $MAXCHECKS max)..." docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent ban \ - -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" + -spiffeID "${spiffe_id}" docker compose logs spire-server if docker compose logs spire-server | grep "Agent banned"; then exit 0 diff --git a/test/integration/suites/evict-agent/06-agent-failed-to-start b/test/integration/suites/evict-agent/06-agent-failed-to-start index 8116e35744..9a4132c7e2 100755 --- a/test/integration/suites/evict-agent/06-agent-failed-to-start +++ b/test/integration/suites/evict-agent/06-agent-failed-to-start @@ -3,7 +3,7 @@ log-debug "starting agent again..." docker-up spire-agent -# Check at most 30 times (with one second in between) that the agent is not able to get new +# Check at most 30 times (with one second in between) that the agent is not able to get new # workload entries. MAXCHECKS=30 CHECKINTERVAL=1 diff --git a/test/integration/suites/evict-agent/07-delete-agent b/test/integration/suites/evict-agent/07-delete-agent deleted file mode 100755 index 29fbe58c4e..0000000000 --- a/test/integration/suites/evict-agent/07-delete-agent +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -log-debug "deleting agent to enable reattestation..." - -docker compose exec -T spire-server \ - /opt/spire/bin/spire-server agent evict \ - -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" diff --git a/test/integration/suites/evict-agent/07-evict-agent b/test/integration/suites/evict-agent/07-evict-agent new file mode 100755 index 0000000000..38065e9989 --- /dev/null +++ b/test/integration/suites/evict-agent/07-evict-agent @@ -0,0 +1,17 @@ +#!/bin/bash + +log-debug "evicting agent to re-enable attestation..." + +# Check at most 30 times (with one second in between) that we can evict the agent +MAXCHECKS=30 +CHECKINTERVAL=1 +spiffe_id="spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" +for ((i=1;i<=MAXCHECKS;i++)); do + log-info "attempting to evict agent ${spiffe_id} ($i of $MAXCHECKS max)..." + if docker compose exec -T spire-server \ + /opt/spire/bin/spire-server agent evict \ + -spiffeID ${spiffe_id}; then + exit 0 + fi + sleep "${CHECKINTERVAL}" +done diff --git a/test/integration/suites/evict-agent/08-evict-agent b/test/integration/suites/evict-agent/08-agent-reattest similarity index 58% rename from test/integration/suites/evict-agent/08-evict-agent rename to test/integration/suites/evict-agent/08-agent-reattest index d7b5de1290..7215cb03cd 100755 --- a/test/integration/suites/evict-agent/08-evict-agent +++ b/test/integration/suites/evict-agent/08-agent-reattest @@ -1,22 +1,8 @@ #!/bin/bash -log-debug "deleting agent..." +log-debug "agent re-attesting..." -# Check at most 30 times (with one second in between) that we can evict the agent, it may take a while for it to start up -MAXCHECKS=30 -CHECKINTERVAL=1 -for ((i=1;i<=MAXCHECKS;i++)); do - log-info "attempting to evict agent ($i of $MAXCHECKS max)..." - if docker compose exec -T spire-server \ - /opt/spire/bin/spire-server agent evict \ - -spiffeID "spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)"; then - exit 0 - fi - sleep "${CHECKINTERVAL}" -done - - -# Check at most 30 times (with one second in between) that the agent has to re-attest +# Check at most 30 times (with one second in between) that the agent is able to re-attest MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do @@ -40,5 +26,4 @@ for ((i=1;i<=MAXCHECKS;i++)); do sleep "${CHECKINTERVAL}" done -fail-now "timed out waiting for agent to shut down" - +fail-now "timed out waiting for agent to re-attest" From 8c2eb6aa3d248e2c8ef8059357ecddcb1c13e896 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 08:51:48 -0700 Subject: [PATCH 04/13] more splitting up of discrete steps Signed-off-by: amoore877 --- .../suites/evict-agent/08-agent-reattest | 29 ------------------- .../evict-agent/08-agent-reattest-attempt | 17 +++++++++++ .../suites/evict-agent/09-agent-reattested | 15 ++++++++++ .../{09-start-agent => 10-start-agent} | 0 4 files changed, 32 insertions(+), 29 deletions(-) delete mode 100755 test/integration/suites/evict-agent/08-agent-reattest create mode 100755 test/integration/suites/evict-agent/08-agent-reattest-attempt create mode 100755 test/integration/suites/evict-agent/09-agent-reattested rename test/integration/suites/evict-agent/{09-start-agent => 10-start-agent} (100%) diff --git a/test/integration/suites/evict-agent/08-agent-reattest b/test/integration/suites/evict-agent/08-agent-reattest deleted file mode 100755 index 7215cb03cd..0000000000 --- a/test/integration/suites/evict-agent/08-agent-reattest +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -log-debug "agent re-attesting..." - -# Check at most 30 times (with one second in between) that the agent is able to re-attest -MAXCHECKS=30 -CHECKINTERVAL=1 -for ((i=1;i<=MAXCHECKS;i++)); do - log-info "checking for agent to get notification and try to reattest ($i of $MAXCHECKS max)..." - docker compose logs spire-agent - if docker compose logs spire-agent | grep "Agent needs to re-attest; will attempt to re-attest"; then - exit 0 - fi - sleep "${CHECKINTERVAL}" -done - -# Check at most 30 times (with one second in between) that the agent has re-attested -MAXCHECKS=30 -CHECKINTERVAL=1 -for ((i=1;i<=MAXCHECKS;i++)); do - log-info "checking for agent to get notification and try to reattest ($i of $MAXCHECKS max)..." - docker compose logs spire-agent - if docker compose logs spire-agent | grep "Successfully reattested node"; then - exit 0 - fi - sleep "${CHECKINTERVAL}" -done - -fail-now "timed out waiting for agent to re-attest" diff --git a/test/integration/suites/evict-agent/08-agent-reattest-attempt b/test/integration/suites/evict-agent/08-agent-reattest-attempt new file mode 100755 index 0000000000..910c060bdd --- /dev/null +++ b/test/integration/suites/evict-agent/08-agent-reattest-attempt @@ -0,0 +1,17 @@ +#!/bin/bash + +log-debug "agent re-attesting..." + +# Check at most 30 times (with one second in between) that the agent is able to reattest +MAXCHECKS=30 +CHECKINTERVAL=1 +for ((i=1;i<=MAXCHECKS;i++)); do + log-info "checking for agent to get notification and try to reattest ($i of $MAXCHECKS max)..." + docker compose logs spire-agent + if docker compose logs spire-agent | grep "Agent needs to re-attest; will attempt to re-attest"; then + exit 0 + fi + sleep "${CHECKINTERVAL}" +done + +fail-now "timed out waiting for agent to try to re-attest" diff --git a/test/integration/suites/evict-agent/09-agent-reattested b/test/integration/suites/evict-agent/09-agent-reattested new file mode 100755 index 0000000000..cb23125799 --- /dev/null +++ b/test/integration/suites/evict-agent/09-agent-reattested @@ -0,0 +1,15 @@ +#!/bin/bash + +# Check at most 30 times (with one second in between) that the agent has re-attested +MAXCHECKS=30 +CHECKINTERVAL=1 +for ((i=1;i<=MAXCHECKS;i++)); do + log-info "checking for agent to get notification that it re-attested ($i of $MAXCHECKS max)..." + docker compose logs spire-agent + if docker compose logs spire-agent | grep "Successfully reattested node"; then + exit 0 + fi + sleep "${CHECKINTERVAL}" +done + +fail-now "timed out waiting for agent to re-attest" diff --git a/test/integration/suites/evict-agent/09-start-agent b/test/integration/suites/evict-agent/10-start-agent similarity index 100% rename from test/integration/suites/evict-agent/09-start-agent rename to test/integration/suites/evict-agent/10-start-agent From 4feded6e58db0c20a18bd7fffd16384a69f50bf2 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 08:53:07 -0700 Subject: [PATCH 05/13] evict / delete clarification Signed-off-by: amoore877 --- test/integration/suites/evict-agent/07-evict-agent | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/suites/evict-agent/07-evict-agent b/test/integration/suites/evict-agent/07-evict-agent index 38065e9989..1ff4c576b9 100755 --- a/test/integration/suites/evict-agent/07-evict-agent +++ b/test/integration/suites/evict-agent/07-evict-agent @@ -1,6 +1,6 @@ #!/bin/bash -log-debug "evicting agent to re-enable attestation..." +log-debug "evicting (deleting) agent to re-enable attestation..." # Check at most 30 times (with one second in between) that we can evict the agent MAXCHECKS=30 From 136cf44eb6205ab12c791d05b6d9d686ea463327 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 08:59:56 -0700 Subject: [PATCH 06/13] better file name Signed-off-by: amoore877 --- .../evict-agent/{05-agent-shutdown => 05-agent-is-banned} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename test/integration/suites/evict-agent/{05-agent-shutdown => 05-agent-is-banned} (81%) diff --git a/test/integration/suites/evict-agent/05-agent-shutdown b/test/integration/suites/evict-agent/05-agent-is-banned similarity index 81% rename from test/integration/suites/evict-agent/05-agent-shutdown rename to test/integration/suites/evict-agent/05-agent-is-banned index b859673d2b..da9a22e828 100755 --- a/test/integration/suites/evict-agent/05-agent-shutdown +++ b/test/integration/suites/evict-agent/05-agent-is-banned @@ -5,7 +5,7 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do - log-info "checking for agent is shutting down ($i of $MAXCHECKS max)..." + log-info "checking for agent is shutting down due to being banned ($i of $MAXCHECKS max)..." docker compose logs spire-agent if docker compose logs spire-agent | grep "Agent is banned: removing SVID and shutting down"; then exit 0 From 7261c80a1c7af68e4a32484eba306f9bbd9132c1 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 09:02:02 -0700 Subject: [PATCH 07/13] explicit new container Signed-off-by: amoore877 --- test/integration/suites/evict-agent/06-agent-failed-to-start | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/integration/suites/evict-agent/06-agent-failed-to-start b/test/integration/suites/evict-agent/06-agent-failed-to-start index 9a4132c7e2..ee7959af6b 100755 --- a/test/integration/suites/evict-agent/06-agent-failed-to-start +++ b/test/integration/suites/evict-agent/06-agent-failed-to-start @@ -1,5 +1,8 @@ #!/bin/bash +log-debug "restarting agent..." +log-debug "bringing agent down..." +docker-down spire-agent log-debug "starting agent again..." docker-up spire-agent From fee30ebb3f9cb7bb1b813d22086b8223461cee61 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 09:02:25 -0700 Subject: [PATCH 08/13] comment Signed-off-by: amoore877 --- test/integration/suites/evict-agent/08-agent-reattest-attempt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/suites/evict-agent/08-agent-reattest-attempt b/test/integration/suites/evict-agent/08-agent-reattest-attempt index 910c060bdd..a670febfea 100755 --- a/test/integration/suites/evict-agent/08-agent-reattest-attempt +++ b/test/integration/suites/evict-agent/08-agent-reattest-attempt @@ -2,7 +2,7 @@ log-debug "agent re-attesting..." -# Check at most 30 times (with one second in between) that the agent is able to reattest +# Check at most 30 times (with one second in between) that the agent knows it can re-attest MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do From 9b88caecb18c06195979c63cc0840612e0890bbb Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 09:03:57 -0700 Subject: [PATCH 09/13] explicit new container Signed-off-by: amoore877 --- test/integration/suites/evict-agent/10-start-agent | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/integration/suites/evict-agent/10-start-agent b/test/integration/suites/evict-agent/10-start-agent index 1981d7b37e..1597a12e14 100755 --- a/test/integration/suites/evict-agent/10-start-agent +++ b/test/integration/suites/evict-agent/10-start-agent @@ -1,7 +1,9 @@ #!/bin/bash log-debug "starting agent again..." - +log-debug "bringing agent down..." +docker-down spire-agent +log-debug "starting agent again..." docker-up spire-agent # Check at most 30 times (with one second in between) that the agent is back up From dc19b31b91f0391d4b79d9967cc8d422ff082386 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 09:07:35 -0700 Subject: [PATCH 10/13] check for agent deleted log Signed-off-by: amoore877 --- test/integration/suites/evict-agent/07-evict-agent | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/test/integration/suites/evict-agent/07-evict-agent b/test/integration/suites/evict-agent/07-evict-agent index 1ff4c576b9..8d63703f95 100755 --- a/test/integration/suites/evict-agent/07-evict-agent +++ b/test/integration/suites/evict-agent/07-evict-agent @@ -8,10 +8,13 @@ CHECKINTERVAL=1 spiffe_id="spiffe://domain.test/spire/agent/x509pop/$(fingerprint conf/agent/agent.crt.pem)" for ((i=1;i<=MAXCHECKS;i++)); do log-info "attempting to evict agent ${spiffe_id} ($i of $MAXCHECKS max)..." - if docker compose exec -T spire-server \ + + docker compose exec -T spire-server \ /opt/spire/bin/spire-server agent evict \ - -spiffeID ${spiffe_id}; then - exit 0 + -spiffeID ${spiffe_id} + docker compose logs spire-server + if docker compose logs spire-server | grep "Agent deleted"; then + exit 0 fi sleep "${CHECKINTERVAL}" done From 4219df900dc6e33f2552959587d633d5d39402d6 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 09:34:10 -0700 Subject: [PATCH 11/13] do not hard-down the agent after banning Signed-off-by: amoore877 --- test/integration/suites/evict-agent/06-agent-failed-to-start | 3 --- 1 file changed, 3 deletions(-) diff --git a/test/integration/suites/evict-agent/06-agent-failed-to-start b/test/integration/suites/evict-agent/06-agent-failed-to-start index ee7959af6b..9a4132c7e2 100755 --- a/test/integration/suites/evict-agent/06-agent-failed-to-start +++ b/test/integration/suites/evict-agent/06-agent-failed-to-start @@ -1,8 +1,5 @@ #!/bin/bash -log-debug "restarting agent..." -log-debug "bringing agent down..." -docker-down spire-agent log-debug "starting agent again..." docker-up spire-agent From e820b02e179e820d766239e9a8f793ed73e6994d Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 10:04:33 -0700 Subject: [PATCH 12/13] bring agent back up so it attempts the re-attest Signed-off-by: amoore877 --- test/integration/suites/evict-agent/08-agent-reattest-attempt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/integration/suites/evict-agent/08-agent-reattest-attempt b/test/integration/suites/evict-agent/08-agent-reattest-attempt index a670febfea..a82ebf9ce6 100755 --- a/test/integration/suites/evict-agent/08-agent-reattest-attempt +++ b/test/integration/suites/evict-agent/08-agent-reattest-attempt @@ -7,6 +7,8 @@ MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for agent to get notification and try to reattest ($i of $MAXCHECKS max)..." + log-debug "starting agent again..." + docker-up spire-agent docker compose logs spire-agent if docker compose logs spire-agent | grep "Agent needs to re-attest; will attempt to re-attest"; then exit 0 From 27c620c4dd1c6c2a92356d7e2ce57cf249086384 Mon Sep 17 00:00:00 2001 From: amoore877 Date: Thu, 15 Aug 2024 10:35:30 -0700 Subject: [PATCH 13/13] fix comments and log checks Signed-off-by: amoore877 --- .../integration/suites/evict-agent/08-agent-reattest-attempt | 5 +++-- test/integration/suites/evict-agent/09-agent-reattested | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/test/integration/suites/evict-agent/08-agent-reattest-attempt b/test/integration/suites/evict-agent/08-agent-reattest-attempt index a82ebf9ce6..1ecb0dce9d 100755 --- a/test/integration/suites/evict-agent/08-agent-reattest-attempt +++ b/test/integration/suites/evict-agent/08-agent-reattest-attempt @@ -2,7 +2,8 @@ log-debug "agent re-attesting..." -# Check at most 30 times (with one second in between) that the agent knows it can re-attest +# Check at most 30 times (with one second in between) that the agent knows it can re-attest. +# This is not true "re-attestation" since when the agent was banned it removed its own SVID. MAXCHECKS=30 CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do @@ -10,7 +11,7 @@ for ((i=1;i<=MAXCHECKS;i++)); do log-debug "starting agent again..." docker-up spire-agent docker compose logs spire-agent - if docker compose logs spire-agent | grep "Agent needs to re-attest; will attempt to re-attest"; then + if docker compose logs spire-agent | grep "SVID is not found. Starting node attestation"; then exit 0 fi sleep "${CHECKINTERVAL}" diff --git a/test/integration/suites/evict-agent/09-agent-reattested b/test/integration/suites/evict-agent/09-agent-reattested index cb23125799..ed086920f0 100755 --- a/test/integration/suites/evict-agent/09-agent-reattested +++ b/test/integration/suites/evict-agent/09-agent-reattested @@ -6,7 +6,7 @@ CHECKINTERVAL=1 for ((i=1;i<=MAXCHECKS;i++)); do log-info "checking for agent to get notification that it re-attested ($i of $MAXCHECKS max)..." docker compose logs spire-agent - if docker compose logs spire-agent | grep "Successfully reattested node"; then + if docker compose logs spire-agent | grep "Node attestation was successful"; then exit 0 fi sleep "${CHECKINTERVAL}"