diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go index 0c4ad65db0..c717ca0a85 100644 --- a/e2e/openssl/openssl_test.go +++ b/e2e/openssl/openssl_test.go @@ -4,12 +4,17 @@ package openssl import ( + "bytes" "context" + "io" "os" + "path" "testing" "time" + "github.com/edgelesssys/nunki/cli/cmd" "github.com/edgelesssys/nunki/e2e/internal/kubeclient" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -21,8 +26,9 @@ const namespaceEnv = "K8S_NAMESPACE" // The test expects deployments/openssl to be available in the cluster (manifest set and workloads ready). func TestOpenSSL(t *testing.T) { require := require.New(t) + assert := assert.New(t) - ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) + ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute) defer cancel() c := kubeclient.NewForTest(t) @@ -30,6 +36,42 @@ func TestOpenSSL(t *testing.T) { namespace := os.Getenv(namespaceEnv) require.NotEmpty(namespace, "environment variable %q must be set", namespaceEnv) + // Test the nunki verify command. + + output, err := os.MkdirTemp("", "nunki-verify.*") + require.NoError(err) + t.Cleanup(func() { + _ = os.RemoveAll(output) + }) + + coordinator, cancelPortforward, err := c.PortForwardPod(ctx, namespace, "port-forwarder-coordinator", "1313") + require.NoError(err) + t.Cleanup(cancelPortforward) + + verify := cmd.NewVerifyCmd() + verify.SetArgs([]string{ + "--output", output, + "--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking + "--coordinator", coordinator, + }) + verify.SetOut(io.Discard) // TODO: do we need it? + errBuf := &bytes.Buffer{} + verify.SetErr(errBuf) + + if err := verify.Execute(); err != nil { + t.Log(string(errBuf.Bytes())) + t.Fatalf("could not verify coordinator: %v", err) + } + + for _, expected := range []string{"manifest.0.json", "coordinator-root.pem", "mesh-root.pem"} { + _, err := os.Stat(path.Join(output, expected)) + assert.NoError(err, "expected verify output to contain file %q", expected) + } + + // TODO(burgerdev): check the content of output files once generate and set are included here. + + // Test OpenSSL certificate compatibility. + frontendPods, err := c.PodsFromDeployment(ctx, namespace, "openssl-frontend") require.NoError(err) require.Len(frontendPods, 1, "pod not found: %s/%s", namespace, "openssl-frontend")