test: Remove accept-certificate flag where token is used

Signed-off-by: Din Music <din.music@canonical.com>
canonical · Sep 23, 2024 · 8c5649b · 8c5649b
1 parent bacbd34
commit 8c5649b
Show file tree

Hide file tree

Showing 9 changed files with 35 additions and 35 deletions.
diff --git a/test/includes/setup.sh b/test/includes/setup.sh
@@ -4,7 +4,7 @@ ensure_has_localhost_remote() {
     local addr="${1}"
     if ! lxc remote list | grep -q "localhost"; then
         token="$(lxc config trust add --name foo -q)"
-        lxc remote add localhost "https://${addr}" --accept-certificate --token "${token}"
+        lxc remote add localhost "https://${addr}" --token "${token}"
     fi
 }
 

diff --git a/test/suites/clustering.sh b/test/suites/clustering.sh
@@ -250,7 +250,7 @@ test_clustering_membership() {
 
   # Client certificate are shared across all nodes.
   token="$(LXD_DIR=${LXD_ONE_DIR} lxc config trust add --name foo -q)"
-  lxc remote add cluster 10.1.1.101:8443 --accept-certificate --token="${token}"
+  lxc remote add cluster 10.1.1.101:8443 --token="${token}"
   lxc remote set-url cluster https://10.1.1.102:8443
   lxc network list cluster: | grep -q "${bridge}"
   lxc remote remove cluster
@@ -1895,7 +1895,7 @@ test_clustering_address() {
   # that the REST API is exposed.
   url="https://10.1.1.101:8443"
   token="$(LXD_DIR="${LXD_ONE_DIR}" lxc config trust add --name foo --quiet)"
-  lxc remote add cluster --token "${token}" --accept-certificate "${url}"
+  lxc remote add cluster --token "${token}" "${url}"
   lxc storage list cluster: | grep -q data
 
   # Add a newline at the end of each line. YAML as weird rules..
@@ -2764,9 +2764,9 @@ test_clustering_image_refresh() {
 
   # Add remotes
   token="$(LXD_DIR="${LXD_ONE_DIR}" lxc config trust add --name foo --quiet)"
-  lxc remote add public "https://10.1.1.104:8443" --accept-certificate --token foo --public
+  lxc remote add public "https://10.1.1.104:8443" --token foo --public
   token="$(LXD_DIR="${LXD_ONE_DIR}" lxc config trust add --name foo --quiet)"
-  lxc remote add cluster "https://10.1.1.101:8443" --accept-certificate --token "${token}"
+  lxc remote add cluster "https://10.1.1.101:8443" --token "${token}"
 
   LXD_DIR="${LXD_REMOTE_DIR}" lxc init testimage c1
 
@@ -3461,7 +3461,7 @@ test_clustering_groups() {
   spawn_lxd_and_join_cluster "${ns3}" "${bridge}" "${cert}" 3 1 "${LXD_THREE_DIR}" "${LXD_ONE_DIR}"
 
   token="$(LXD_DIR="${LXD_ONE_DIR}" lxc config trust add --name foo --quiet)"
-  lxc remote add cluster --token "${token}" --accept-certificate "https://10.1.1.101:8443"
+  lxc remote add cluster --token "${token}" "https://10.1.1.101:8443"
 
   # Initially, there is only the default group
   lxc cluster group show cluster:default
@@ -3929,7 +3929,7 @@ test_clustering_trust_add() {
   # and query LXD_ONE for it. LXD_TWO should cancel the operation by sending a DELETE /1.0/operations/{uuid} to LXD_ONE
   # and needs to parse the metadata of the operation into the correct type to complete the trust process.
   # The expiry time should be parsed and found to be expired so the add action should fail.
-  ! lxc remote add lxd_two "${lxd_two_address}" --accept-certificate --token "${lxd_one_token}" || false
+  ! lxc remote add lxd_two "${lxd_two_address}" --token "${lxd_one_token}" || false
 
   # Expect the operation to be cancelled.
   LXD_DIR="${LXD_ONE_DIR}" lxc operation list --format csv | grep -qF "${operation_uuid},TOKEN,Executing operation,CANCELLED"
@@ -3955,7 +3955,7 @@ test_clustering_trust_add() {
   # LXD_TWO does not have the operation running locally, so it should find the UUID of the operation in the database
   # and query LXD_ONE for it. LXD_TWO should cancel the operation by sending a DELETE /1.0/operations/{uuid} to LXD_ONE
   # and needs to parse the metadata of the operation into the correct type to complete the trust process.
-  lxc remote add lxd_two "${lxd_two_address}" --accept-certificate --token "${lxd_one_token}"
+  lxc remote add lxd_two "${lxd_two_address}" --token "${lxd_one_token}"
 
   # Expect the operation to be cancelled.
   LXD_DIR="${LXD_ONE_DIR}" lxc operation list --format csv | grep -qF "${operation_uuid},TOKEN,Executing operation,CANCELLED"

diff --git a/test/suites/image.sh b/test/suites/image.sh
@@ -9,10 +9,10 @@ test_image_expiry() {
 
   token="$(lxc config trust add --name foo -q)"
   # shellcheck disable=2153
-  lxc_remote remote add l1 "${LXD_ADDR}" --accept-certificate --token "${token}"
+  lxc_remote remote add l1 "${LXD_ADDR}" --token "${token}"
 
   token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)"
-  lxc_remote remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}"
+  lxc_remote remote add l2 "${LXD2_ADDR}" --token "${token}"
 
   # Create containers from a remote image in two projects.
   lxc_remote project create l2:p1 -c features.images=true -c features.profiles=false
@@ -133,7 +133,7 @@ test_image_refresh() {
   ensure_import_testimage
 
   token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)"
-  lxc_remote remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}"
+  lxc_remote remote add l2 "${LXD2_ADDR}" --token "${token}"
 
   poolDriver="$(lxc storage show "$(lxc profile device get default root pool)" | awk '/^driver:/ {print $2}')"
 

diff --git a/test/suites/image_auto_update.sh b/test/suites/image_auto_update.sh
@@ -13,7 +13,7 @@ test_image_auto_update() {
   fp1="$(LXD_DIR=${LXD2_DIR} lxc image info testimage | awk '/^Fingerprint/ {print $2}')"
 
   token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)"
-  lxc remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}"
+  lxc remote add l2 "${LXD2_ADDR}" --token "${token}"
   lxc init l2:testimage c1
 
   # Now the first image image is in the local store, since it was

diff --git a/test/suites/image_prefer_cached.sh b/test/suites/image_prefer_cached.sh
@@ -16,7 +16,7 @@ test_image_prefer_cached() {
   fp1="$(LXD_DIR=${LXD2_DIR} lxc image info testimage | awk '/^Fingerprint/ {print $2}')"
 
   token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)"
-  lxc remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}"
+  lxc remote add l2 "${LXD2_ADDR}" --token "${token}"
   lxc init l2:testimage c1
 
   # Now the first image image is in the local store, since it was

diff --git a/test/suites/migration.sh b/test/suites/migration.sh
@@ -14,10 +14,10 @@ test_migration() {
 
   token="$(lxc config trust add --name foo -q)"
   # shellcheck disable=2153
-  lxc_remote remote add l1 "${LXD_ADDR}" --accept-certificate --token "${token}"
+  lxc_remote remote add l1 "${LXD_ADDR}" --token "${token}"
 
   token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)"
-  lxc_remote remote add l2 "${LXD2_ADDR}" --accept-certificate --token "${token}"
+  lxc_remote remote add l2 "${LXD2_ADDR}" --token "${token}"
 
   migration "$LXD2_DIR"
 

diff --git a/test/suites/pki.sh b/test/suites/pki.sh
@@ -47,7 +47,7 @@ test_pki() {
 
   # Add a certificate to the trust store that is not signed by the CA before enabling CA mode.
   token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo --quiet --project default)"
-  lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}"
+  lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token "${token}"
 
   # Shutdown LXD. The CA certificate and revokation list must be present at start up to enable PKI.
   shutdown_lxd "${LXD5_DIR}"
@@ -74,12 +74,12 @@ test_pki() {
 
     # Try adding remote using an incorrect token. This should fail even though the client certificate
     # has been signed by the CA because `core.trust_ca_certificates` is not enabled.
-    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token=bar || false
+    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token=bar || false
 
     # Add remote using the correct token.
     # This should work because the client certificate is signed by the CA.
     token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo -q)"
-    lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}"
+    lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token "${token}"
 
     # Should have trust store entry because `core.trust_ca_certificates` is disabled.
     lxc_remote config trust ls pki-lxd: | grep -wF unrestricted
@@ -108,7 +108,7 @@ test_pki() {
 
     # The certificate is now revoked, we shouldn't be able to re-add it.
     token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo -q)"
-    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}" || false
+    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token "${token}" || false
     ! lxc config trust ls | grep -wF unrestricted || false
 
     ### Restricted CA signed client certificate with `core.trust_ca_certificates` disabled.
@@ -120,12 +120,12 @@ test_pki() {
 
     # Try adding remote using an incorrect token. This should fail even though the client certificate
     # has been signed by the CA because `core.trust_ca_certificates` is not enabled.
-    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token=bar || false
+    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token=bar || false
 
     # Add remote using the correct token (restricted).
     # This should work because the client certificate is signed by the CA.
     token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo --quiet --restricted)"
-    lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}"
+    lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token "${token}"
 
     # Should have a trust store entry because `core.trust_ca_certificates` is disabled.
     lxc_remote config trust ls pki-lxd: | grep -wF restricted
@@ -164,7 +164,7 @@ test_pki() {
 
     # The certificate is now revoked, we shouldn't be able to re-add it.
     token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo -q)"
-    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}" || false
+    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token "${token}" || false
     ! lxc config trust ls | grep -wF restricted || false
 
     ### CA signed certificate with `core.trust_ca_certificates` enabled.
@@ -191,7 +191,7 @@ test_pki() {
 
     # Add the remote again using an incorrect token.
     # This should succeed as is the same as the test above but with an incorrect token rather than no token.
-    lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token=bar
+    lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token=bar
 
     # Client cert should not be present in trust store.
     ! lxc_remote config trust ls pki-lxd: | grep -wF ca-trusted || false
@@ -237,25 +237,25 @@ test_pki() {
     # Try adding a remote using a revoked client certificate, and the correct token.
     # This should fail, and the revoked certificate should not be added to the trust store.
     token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo -q)"
-    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}" || false
+    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token "${token}" || false
     ! lxc config trust ls | grep -wF prior-revoked || false
 
     # Try adding a remote using a revoked client certificate, and an incorrect token.
     # This should fail, as if the certificate is revoked and token is wrong then no access should be allowed.
-    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token=incorrect || false
+    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token=incorrect || false
 
     # Unset `core.trust_ca_certificates` and re-test, there should be no change in behaviour as the certificate is revoked.
     LXD_DIR=${LXD5_DIR} lxc config unset core.trust_ca_certificates
 
     # Try adding a remote using a revoked client certificate, and the correct token.
     # This should fail, and the revoked certificate should not be added to the trust store.
     token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo -q)"
-    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token "${token}" || false
+    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token "${token}" || false
     ! lxc config trust ls | grep -wF prior-revoked || false
 
     # Try adding a remote using a revoked client certificate, and an incorrect token.
     # This should fail, as if the certificate is revoked and token is wrong then no access should be allowed.
-    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --accept-certificate --token=incorrect || false
+    ! lxc_remote remote add pki-lxd "${LXD5_ADDR}" --token=incorrect || false
 
     # Check we can't access anything with the revoked certificate.
     [ "$(curl -s --cert "${LXD_CONF}/client.pem" --cacert "${LXD5_DIR}/server.crt" "https://${LXD5_ADDR}/1.0/instances" | jq -e -r '.error')" = "not authorized" ]
@@ -267,7 +267,7 @@ test_pki() {
   # in the trust store, but not signed by the CA. So here we are checking that mTLS for a client does not work when CA
   # mode is enabled.
   token="$(LXD_DIR=${LXD5_DIR} lxc config trust add --name foo -q)"
-  ! lxc_remote remote add pki-lxd2 "${LXD5_ADDR}" --accept-certificate --token "${token}" || false
+  ! lxc_remote remote add pki-lxd2 "${LXD5_ADDR}" --token "${token}" || false
 
   # Confirm that the certificate we added earlier cannot authenticate with LXD.
   lxc_remote info pki-lxd: | grep -F 'auth: untrusted'

diff --git a/test/suites/projects.sh b/test/suites/projects.sh
@@ -802,7 +802,7 @@ test_projects_limits() {
     (LXD_DIR=${LXD_REMOTE_DIR} deps/import-busybox --alias remoteimage --template start --public)
 
     token="$(LXD_DIR=${LXD_REMOTE_DIR} lxc config trust add --name foo -q)"
-    lxc remote add l2 "${LXD_REMOTE_ADDR}" --accept-certificate --token "${token}"
+    lxc remote add l2 "${LXD_REMOTE_ADDR}" --token "${token}"
 
     # Relax all constraints except the disk limits, which won't be enough for the
     # image to be downloaded.

diff --git a/test/suites/remote.sh b/test/suites/remote.sh
@@ -3,7 +3,7 @@ test_remote_url() {
   # shellcheck disable=2153
   for url in "${LXD_ADDR}" "https://${LXD_ADDR}"; do
     token="$(lxc config trust add --name foo -q)"
-    lxc_remote remote add test "${url}" --accept-certificate --token "${token}"
+    lxc_remote remote add test "${url}" --token "${token}"
     lxc_remote info test:
     lxc_remote config trust list | awk '/@/ {print $8}' | while read -r line ; do
       lxc_remote config trust remove "\"${line}\""
@@ -19,7 +19,7 @@ test_remote_url() {
   urls="${LXD_DIR}/unix.socket unix:${LXD_DIR}/unix.socket unix://${LXD_DIR}/unix.socket"
 
   # an invalid protocol returns an error
-  ! lxc_remote remote add test "${url}" --accept-certificate --token foo --protocol foo || false
+  ! lxc_remote remote add test "${url}" --token foo --protocol foo || false
 
   for url in ${urls}; do
     lxc_remote remote add test "${url}"
@@ -147,11 +147,11 @@ test_remote_url_with_token() {
 }
 
 test_remote_admin() {
-  ! lxc_remote remote add badpass "${LXD_ADDR}" --accept-certificate --token badtoken || false
+  ! lxc_remote remote add badpass "${LXD_ADDR}" --token badtoken || false
   ! lxc_remote list badpass: || false
 
   token="$(lxc config trust add --name foo -q)"
-  lxc_remote remote add foo "${LXD_ADDR}" --accept-certificate --token "${token}"
+  lxc_remote remote add foo "${LXD_ADDR}" --token "${token}"
   lxc_remote remote list | grep 'foo'
 
   lxc_remote remote set-default foo
@@ -177,7 +177,7 @@ test_remote_admin() {
 
   # Test for #623
   token="$(lxc config trust add --name foo -q)"
-  lxc_remote remote add test-623 "${LXD_ADDR}" --accept-certificate --token "${token}"
+  lxc_remote remote add test-623 "${LXD_ADDR}" --token "${token}"
   lxc_remote remote remove test-623
 
   # now re-add under a different alias
@@ -199,7 +199,7 @@ test_remote_usage() {
   ensure_has_localhost_remote "${LXD_ADDR}"
 
   token="$(LXD_DIR=${LXD2_DIR} lxc config trust add --name foo -q)"
-  lxc_remote remote add lxd2 "${LXD2_ADDR}" --accept-certificate --token "${token}"
+  lxc_remote remote add lxd2 "${LXD2_ADDR}" --token "${token}"
 
   # we need a public image on localhost