e2e: test verify subcommand from Go

edgelesssys · Feb 29, 2024 · 0779720 · 0779720
1 parent f8eb399
commit 0779720
Showing 1 changed file with 43 additions and 1 deletion.
diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go
@@ -4,12 +4,17 @@
 package openssl
 
 import (
+	"bytes"
 	"context"
+	"io"
 	"os"
+	"path"
 	"testing"
 	"time"
 
+	"github.com/edgelesssys/nunki/cli/cmd"
 	"github.com/edgelesssys/nunki/e2e/internal/kubeclient"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -21,15 +26,52 @@ const namespaceEnv = "K8S_NAMESPACE"
 // The test expects deployments/openssl to be available in the cluster (manifest set and workloads ready).
 func TestOpenSSL(t *testing.T) {
 	require := require.New(t)
+	assert := assert.New(t)
 
-	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
 	defer cancel()
 
 	c := kubeclient.NewForTest(t)
 
 	namespace := os.Getenv(namespaceEnv)
 	require.NotEmpty(namespace, "environment variable %q must be set", namespaceEnv)
 
+	// Test the nunki verify command.
+
+	output, err := os.MkdirTemp("", "nunki-verify.*")
+	require.NoError(err)
+	t.Cleanup(func() {
+		_ = os.RemoveAll(output)
+	})
+
+	coordinator, cancelPortforward, err := c.PortForwardPod(ctx, namespace, "port-forwarder-coordinator", "1313")
+	require.NoError(err)
+	t.Cleanup(cancelPortforward)
+
+	verify := cmd.NewVerifyCmd()
+	verify.SetArgs([]string{
+		"--output", output,
+		"--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking
+		"--coordinator", coordinator,
+	})
+	verify.SetOut(io.Discard) // TODO: do we need it?
+	errBuf := &bytes.Buffer{}
+	verify.SetErr(errBuf)
+
+	if err := verify.Execute(); err != nil {
+		t.Log(string(errBuf.Bytes()))
+		t.Fatalf("could not verify coordinator: %v", err)
+	}
+
+	for _, expected := range []string{"manifest.0.json", "coordinator-root.pem", "mesh-root.pem"} {
+		_, err := os.Stat(path.Join(output, expected))
+		assert.NoError(err, "expected verify output to contain file %q", expected)
+	}
+
+	// TODO(burgerdev): check the content of output files once generate and set are included here.
+
+	// Test OpenSSL certificate compatibility.
+
 	frontendPods, err := c.PodsFromDeployment(ctx, namespace, "openssl-frontend")
 	require.NoError(err)
 	require.Len(frontendPods, 1, "pod not found: %s/%s", namespace, "openssl-frontend")