diff --git a/agent/consul/auto_encrypt_endpoint_test.go b/agent/consul/auto_encrypt_endpoint_test.go index cc260b515..7bdc300f0 100644 --- a/agent/consul/auto_encrypt_endpoint_test.go +++ b/agent/consul/auto_encrypt_endpoint_test.go @@ -69,13 +69,14 @@ func TestAutoEncryptSign(t *testing.T) { Datacenter: "dc1", Agent: "uuid", } + commonName := fmt.Sprintf("%s.agent.%s.%s", id.Agent, id.Datacenter, "consul") // Create a new private key pk, _, err := connect.GeneratePrivateKey() require.NoError(t, err, info) // Create a CSR. - csr, err := connect.CreateCSR(id, pk) + csr, err := connect.CreateCSR(id, commonName, pk) require.NoError(t, err, info) require.NotEmpty(t, csr, info) args := &structs.CASignRequest{ diff --git a/agent/consul/connect_ca_endpoint_test.go b/agent/consul/connect_ca_endpoint_test.go index d11de89b7..f3000493b 100644 --- a/agent/consul/connect_ca_endpoint_test.go +++ b/agent/consul/connect_ca_endpoint_test.go @@ -246,7 +246,7 @@ func TestConnectCAConfig_TriggerRotation(t *testing.T) { { // Generate a CSR and request signing spiffeId := connect.TestSpiffeIDService(t, "web") - csr, _ := connect.TestCSR(t, spiffeId) + csr, _ := connect.TestCSR(t, spiffeId, "node1.web.service.dc1.consul.") args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -309,7 +309,7 @@ func TestConnectCASign(t *testing.T) { // Generate a CSR and request signing spiffeId := connect.TestSpiffeIDService(t, "web") - csr, _ := connect.TestCSR(t, spiffeId) + csr, _ := connect.TestCSR(t, spiffeId, "node1.web.service.dc1.consul.") args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -319,7 +319,7 @@ func TestConnectCASign(t *testing.T) { // Generate a second CSR and request signing spiffeId2 := connect.TestSpiffeIDService(t, "web2") - csr, _ = connect.TestCSR(t, spiffeId2) + csr, _ = connect.TestCSR(t, spiffeId2, "node1.web2.service.dc1.consul.") args = &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -366,7 +366,7 @@ func BenchmarkConnectCASign(b *testing.B) { // Generate a CSR and request signing spiffeID := connect.TestSpiffeIDService(b, "web") - csr, _ := connect.TestCSR(b, spiffeID) + csr, _ := connect.TestCSR(b, spiffeID, "node1.web.service.dc1.consul.") args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -406,7 +406,7 @@ func TestConnectCASign_rateLimit(t *testing.T) { // Generate a CSR and request signing a few times in a loop. spiffeID := connect.TestSpiffeIDService(t, "web") - csr, _ := connect.TestCSR(t, spiffeID) + csr, _ := connect.TestCSR(t, spiffeID, "node1.web.service.dc1.consul.") args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -460,7 +460,7 @@ func TestConnectCASign_concurrencyLimit(t *testing.T) { // Generate a CSR and request signing a few times in a loop. spiffeID := connect.TestSpiffeIDService(t, "web") - csr, _ := connect.TestCSR(t, spiffeID) + csr, _ := connect.TestCSR(t, spiffeID, "node1.web.service.dc1.consul.") args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, @@ -625,7 +625,7 @@ func TestConnectCASignValidation(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - csr, _ := connect.TestCSR(t, tt.id) + csr, _ := connect.TestCSR(t, tt.id, "") args := &structs.CASignRequest{ Datacenter: "dc1", CSR: csr, diff --git a/agent/consul/leader_connect_test.go b/agent/consul/leader_connect_test.go index 42a54fe45..14fb36bee 100644 --- a/agent/consul/leader_connect_test.go +++ b/agent/consul/leader_connect_test.go @@ -86,7 +86,7 @@ func TestLeader_SecondaryCA_Initialize(t *testing.T) { Datacenter: "primary", Service: "foo", } - raw, _ := connect.TestCSR(t, spiffeService) + raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.primary.consul.") leafCsr, err := connect.ParseCSR(raw) require.NoError(err) @@ -216,7 +216,7 @@ func TestLeader_SecondaryCA_IntermediateRefresh(t *testing.T) { Datacenter: "dc1", Service: "foo", } - raw, _ := connect.TestCSR(t, spiffeService) + raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.primary.consul.") leafCsr, err := connect.ParseCSR(raw) require.NoError(err) @@ -434,7 +434,7 @@ func TestLeader_SecondaryCA_UpgradeBeforePrimary(t *testing.T) { Datacenter: "dc1", Service: "foo", } - raw, _ := connect.TestCSR(t, spiffeService) + raw, _ := connect.TestCSR(t, spiffeService, "node1.foo.service.primary.consul.") leafCsr, err := connect.ParseCSR(raw) require.NoError(t, err)