fix tests

ziti/cmd/pki/pki_create_client.go

@@ -29,6 +29,7 @@ import (
 	"github.com/spf13/cobra"
 	"io"
 	"net/url"
+	"strings"
 )
 
 // PKICreateClientOptions the options for the create spring command
@@ -128,27 +129,34 @@ func (o *PKICreateClientOptions) Run() error {
 	}
 
 	if o.Flags.SpiffeID != "" {
-		var trustDomain *url.URL
-		for _, uri := range signer.Cert.URIs {
-			if uri.Scheme == "spiffe" {
-				if trustDomain != nil {
-					return errors.New("signing cert contained multiple spiffe ids")
+		if !strings.HasPrefix(o.Flags.SpiffeID, "spiffe://") {
+			var trustDomain *url.URL
+			for _, uri := range signer.Cert.URIs {
+				if uri.Scheme == "spiffe" {
+					if trustDomain != nil {
+						return errors.New("signing cert contained multiple spiffe ids")
+					}
+					trustDomain = uri
 				}
-				trustDomain = uri
 			}
-		}
-
-		if trustDomain == nil {
-			return errors.New("signing cert doesn't have a spiffe id. unknown trust domain")
-		}
 
-		spiffeId := *trustDomain
-		sid, serr := url.Parse(o.Flags.SpiffeID)
-		if serr != nil {
-			return serr
+			if trustDomain != nil {
+				spiffeId := *trustDomain
+				sid, serr := url.Parse(o.Flags.SpiffeID)
+				if serr != nil {
+					return serr
+				}
+				spiffeId.Path = sid.Path
+				template.URIs = append(template.URIs, &spiffeId)
+			}
+		} else {
+			// just use whatever spiffe id was provided
+			sid, serr := url.Parse(o.Flags.SpiffeID)
+			if serr != nil {
+				return serr
+			}
+			template.URIs = append(template.URIs, sid)
 		}
-		spiffeId.Path = sid.Path
-		template.URIs = append(template.URIs, &spiffeId)
 	}
 
 	privateKeyOptions, err := o.ObtainPrivateKeyOptions()

ziti/cmd/pki/pki_create_client_test.go

@@ -18,8 +18,6 @@ func TestClientCertNoSpiffeIdFromIntermediate(t *testing.T) {
 		fmt.Sprintf("--ca-name=%s", intCaNameWithoutSpiffeIdName),
 		fmt.Sprintf("--client-name=%s", name),
 		fmt.Sprintf("--client-file=%s", name),
-		fmt.Sprintf("--dns=%s", "localhost,dns.entry"),
-		fmt.Sprintf("--ip=%s", "127.0.0.1,::1"),
 	}
 
 	svr.SetArgs(args)
@@ -32,11 +30,6 @@ func TestClientCertNoSpiffeIdFromIntermediate(t *testing.T) {
 	assert.NotNil(t, bundle)
 	assert.Nil(t, e)
 
-	assert.Contains(t, bundle.Cert.DNSNames, "dns.entry")
-	assert.Contains(t, bundle.Cert.DNSNames, "localhost")
-	ips := ipsAsStrings(bundle.Cert.IPAddresses)
-	assert.Contains(t, ips, "127.0.0.1")
-	assert.Contains(t, ips, "::1")
 	assert.Nil(t, bundle.Cert.URIs)
 }
 
@@ -49,8 +42,6 @@ func TestClientCertSpiffeIdFromIntermediate(t *testing.T) {
 		fmt.Sprintf("--ca-name=%s", intCaNameWithSpiffeIdName),
 		fmt.Sprintf("--client-name=%s", name),
 		fmt.Sprintf("--client-file=%s", name),
-		fmt.Sprintf("--dns=%s", "localhost,dns.entry"),
-		fmt.Sprintf("--ip=%s", "127.0.0.1,::1"),
 	}
 
 	svr.SetArgs(addSpiffeArg("/some/path", args))
@@ -63,12 +54,6 @@ func TestClientCertSpiffeIdFromIntermediate(t *testing.T) {
 	assert.NotNil(t, bundle)
 	assert.Nil(t, e)
 	urls := URLSlice(bundle.Cert.URIs)
-
-	assert.Contains(t, bundle.Cert.DNSNames, "dns.entry")
-	assert.Contains(t, bundle.Cert.DNSNames, "localhost")
-	ips := ipsAsStrings(bundle.Cert.IPAddresses)
-	assert.Contains(t, ips, "127.0.0.1")
-	assert.Contains(t, ips, "::1")
 	assert.Contains(t, urls.Hosts(), rootCaWithSpiffeIdName)
 	assert.Contains(t, urls.Paths(), "/some/path")
 }

ziti/cmd/pki/pki_create_server.go

@@ -147,17 +147,15 @@ func (o *PKICreateServerOptions) Run() error {
 				}
 			}
 
-			if trustDomain == nil {
-				return errors.New("signing cert doesn't have a spiffe id. unknown trust domain")
-			}
-
-			spiffeId := *trustDomain
-			sid, serr := url.Parse(o.Flags.SpiffeID)
-			if serr != nil {
-				return serr
+			if trustDomain != nil {
+				spiffeId := *trustDomain
+				sid, serr := url.Parse(o.Flags.SpiffeID)
+				if serr != nil {
+					return serr
+				}
+				spiffeId.Path = sid.Path
+				template.URIs = append(template.URIs, &spiffeId)
 			}
-			spiffeId.Path = sid.Path
-			template.URIs = append(template.URIs, &spiffeId)
 		} else {
 			// just use whatever spiffe id was provided
 			sid, serr := url.Parse(o.Flags.SpiffeID)