removing the client auto-encrypt tests

charts/consul/test/unit/api-gateway-controller-deployment.bats

@@ -908,45 +908,6 @@ load _helpers
 #--------------------------------------------------------------------
 # global.cloud
 
-@test "apiGateway/Deployment: -tls-server-name is not specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled but global.cloud.enabled is not set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/api-gateway-controller-deployment.yaml  \
-      --set 'apiGateway.enabled=true' \
-      --set 'apiGateway.image=foo' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "false" ]
-}
-
-@test "apiGateway/Deployment: -tls-server-name is specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled and global.cloud.enabled is set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/api-gateway-controller-deployment.yaml  \
-      --set 'apiGateway.enabled=true' \
-      --set 'apiGateway.image=foo' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      --set 'global.cloud.enabled=true' \
-      --set 'global.cloud.secretName=consul-hcp-config' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
-
 @test "apiGateway/Deployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
   cd `chart_dir`
   run helm template \

charts/consul/test/unit/client-daemonset.bats

@@ -2626,42 +2626,6 @@ rollingUpdate:
 #--------------------------------------------------------------------
 # global.cloud
 
-@test "client/DaemonSet: -tls-server-name is not specified on command of client-acl-init init container when tls and auto-encrypt is enabled but global.cloud.enabled is not set" {
-  cd `chart_dir`
-  local object=$(helm template \
-     -s templates/client-daemonset.yaml  \
-      --set 'global.acls.manageSystemACLs=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "client-acl-init")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "false" ]
-}
-
-@test "client/DaemonSet: -tls-server-name is specified on command of client-acl-init init container when tls and auto-encrypt is enabled and global.cloud.enabled is set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/client-daemonset.yaml  \
-      --set 'global.acls.manageSystemACLs=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      --set 'global.cloud.enabled=true' \
-      --set 'global.cloud.secretName=consul-hcp-config' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "client-acl-init")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
 @test "client/DaemonSet: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
   cd `chart_dir`
   run helm template \

charts/consul/test/unit/client-snapshot-agent-deployment.bats

@@ -1157,42 +1157,6 @@ MIICFjCCAZsCCQCdwLtdjbzlYzAKBggqhkjOPQQDAjB0MQswCQYDVQQGEwJDQTEL' \
 #--------------------------------------------------------------------
 # global.cloud
 
-@test "client/SnapshotAgentDeployment: -tls-server-name is not specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled but global.cloud.enabled is not set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/client-snapshot-agent-deployment.yaml  \
-      --set 'client.snapshotAgent.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "false" ]
-}
-
-@test "client/SnapshotAgentDeployment: -tls-server-name is specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled and global.cloud.enabled is set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/client-snapshot-agent-deployment.yaml  \
-      --set 'client.snapshotAgent.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      --set 'global.cloud.enabled=true' \
-      --set 'global.cloud.secretName=consul-hcp-config' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
 @test "client/SnapshotAgentDeployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
   cd `chart_dir`
   run helm template \

charts/consul/test/unit/connect-inject-deployment.bats

@@ -830,16 +830,9 @@ load _helpers
   local actual=$(echo "$env" |
     jq -r '. | select( .name == "CONSUL_LOGIN_DATACENTER").value' | tee /dev/stderr)
   [ "${actual}" = "dc1" ]
-
-@test "connectInject/Deployment: CONSUL_HTTP_TOKEN_FILE is set when acls are enabled" {
-  cd `chart_dir`
-  local actual=$(helm template \
-      -s templates/connect-inject-deployment.yaml \
-      --set 'connectInject.enabled=true' \
-      --set 'global.acls.manageSystemACLs=true' \
-      . | tee /dev/stderr |
-      yq '[.spec.template.spec.containers[0].env[1].name] | any(contains("CONSUL_HTTP_TOKEN_FILE"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
+  local actual=$(echo "$env" |
+    jq -r '. | select( .name == "CONSUL_LOGIN_META").value' | tee /dev/stderr)
+  [ "${actual}" = 'component=connect-injector,pod=$(NAMESPACE)/$(POD_NAME)' ]
 }
 
 @test "connectInject/Deployment: sets global auth method and primary datacenter when federation and acls and namespaces are enabled" {
@@ -2344,42 +2337,6 @@ reservedNameTest() {
 #--------------------------------------------------------------------
 # global.cloud
 
-@test "connectInject/Deployment: -tls-server-name is not specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled but global.cloud.enabled is not set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/connect-inject-deployment.yaml  \
-      --set 'connectInject.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "false" ]
-}
-
-@test "connectInject/Deployment: -tls-server-name is specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled and global.cloud.enabled is set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/connect-inject-deployment.yaml  \
-      --set 'connectInject.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      --set 'global.cloud.enabled=true' \
-      --set 'global.cloud.secretName=consul-hcp-config' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
 @test "connectInject/Deployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
   cd `chart_dir`
   run helm template \

charts/consul/test/unit/controller-deployment.bats

@@ -844,42 +844,6 @@ load _helpers
 #--------------------------------------------------------------------
 # global.cloud
 
-@test "controller/Deployment: -tls-server-name is not specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled but global.cloud.enabled is not set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/controller-deployment.yaml  \
-      --set 'controller.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "false" ]
-}
-
-@test "controller/Deployment: -tls-server-name is specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled and global.cloud.enabled is set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/controller-deployment.yaml  \
-      --set 'controller.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      --set 'global.cloud.enabled=true' \
-      --set 'global.cloud.secretName=consul-hcp-config' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
 @test "controller/Deployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
   cd `chart_dir`
   run helm template \

charts/consul/test/unit/ingress-gateways-deployment.bats

@@ -1149,44 +1149,6 @@ key2: value2' \
 #--------------------------------------------------------------------
 # global.cloud
 
-@test "ingressGateways/Deployment: -tls-server-name is not specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled but global.cloud.enabled is not set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/ingress-gateways-deployment.yaml  \
-      --set 'ingressGateways.enabled=true' \
-      --set 'connectInject.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      . | tee /dev/stderr |
-      yq -s -r '.[0].spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "false" ]
-}
-
-@test "ingressGateways/Deployment: -tls-server-name is specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled and global.cloud.enabled is set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/ingress-gateways-deployment.yaml  \
-      --set 'ingressGateways.enabled=true' \
-      --set 'connectInject.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      --set 'global.cloud.enabled=true' \
-      --set 'global.cloud.secretName=consul-hcp-config' \
-      . | tee /dev/stderr |
-      yq -s -r '.[0].spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
 @test "ingressGateways/Deployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
   cd `chart_dir`
   run helm template \

charts/consul/test/unit/mesh-gateway-deployment.bats

@@ -1348,44 +1348,6 @@ key2: value2' \
 #--------------------------------------------------------------------
 # global.cloud
 
-@test "meshGateway/Deployment: -tls-server-name is not specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled but global.cloud.enabled is not set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/mesh-gateway-deployment.yaml  \
-      --set 'meshGateway.enabled=true' \
-      --set 'connectInject.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "false" ]
-}
-
-@test "meshGateway/Deployment: -tls-server-name is specified on command of get-auto-encrypt-client-ca init container when tls and auto-encrypt is enabled and global.cloud.enabled is set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/mesh-gateway-deployment.yaml  \
-      --set 'meshGateway.enabled=true' \
-      --set 'connectInject.enabled=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      --set 'global.cloud.enabled=true' \
-      --set 'global.cloud.secretName=consul-hcp-config' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.initContainers[] | select(.name == "get-auto-encrypt-client-ca")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
 @test "meshGateway/Deployment: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
   cd `chart_dir`
   run helm template \

charts/consul/test/unit/server-acl-init-job.bats

@@ -1895,45 +1895,6 @@ load _helpers
 #--------------------------------------------------------------------
 # global.cloud
 
-
-@test "serverACLInit/Job: -tls-server-name is not specified on command of post-install-job container when tls and auto-encrypt is enabled but global.cloud.enabled is not set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/server-acl-init-job.yaml  \
-      --set 'connectInject.enabled=true' \
-      --set 'global.acls.manageSystemACLs=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.containers[] | select(.name == "post-install-job")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-consul-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "false" ]
-}
-
-@test "serverACLInit/Job: -tls-server-name is specified on command of post-install-job container when tls and auto-encrypt is enabled and global.cloud.enabled is set" {
-  cd `chart_dir`
-  local object=$(helm template \
-      -s templates/server-acl-init-job.yaml  \
-      --set 'connectInject.enabled=true' \
-      --set 'global.acls.manageSystemACLs=true' \
-      --set 'global.tls.enabled=true' \
-      --set 'global.tls.enableAutoEncrypt=true' \
-      --set 'global.datacenter=dc-foo' \
-      --set 'global.domain=bar' \
-      --set 'global.cloud.enabled=true' \
-      --set 'global.cloud.secretName=consul-hcp-config' \
-      . | tee /dev/stderr |
-      yq '.spec.template.spec.containers[] | select(.name == "post-install-job")' | tee /dev/stderr)
-
-  local actual=$(echo $object |
-      yq -r '.command | any(contains("-consul-tls-server-name=server.dc-foo.bar"))' | tee /dev/stderr)
-  [ "${actual}" = "true" ]
-}
-
 @test "serverACLInit/Job: fails when global.cloud.enabled is set and global.cloud.secretName is not set" {
   cd `chart_dir`
   run helm template \