contrasttest: always patch reference values on generate

Signed-off-by: Paul Meyer <[email protected]>
edgelesssys · Aug 30, 2024 · 4c77c03 · 4c77c03
1 parent af6bb57
commit 4c77c03
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 43 deletions.
diff --git a/e2e/internal/contrasttest/contrasttest.go b/e2e/internal/contrasttest/contrasttest.go
@@ -11,6 +11,7 @@ import (
 	"crypto/rand"
 	"crypto/x509"
 	"encoding/hex"
+	"encoding/json"
 	"fmt"
 	"io"
 	"os"
@@ -24,6 +25,7 @@ import (
 	"github.com/edgelesssys/contrast/e2e/internal/kubeclient"
 	"github.com/edgelesssys/contrast/internal/kubeapi"
 	"github.com/edgelesssys/contrast/internal/kuberesource"
+	"github.com/edgelesssys/contrast/internal/manifest"
 	"github.com/edgelesssys/contrast/internal/platforms"
 	ksync "github.com/katexochen/sync/api/client"
 	"github.com/spf13/cobra"
@@ -172,6 +174,45 @@ func (ct *ContrastTest) Generate(t *testing.T) {
 	require.NoError(err)
 	require.NotEmpty(hash, "expected apply to fill coordinator policy hash")
 	ct.coordinatorPolicyHash = string(hash)
+
+	ct.patchReferenceValues(t, ct.Platform)
+}
+
+// patchReferenceValues modifies the manifest to contain multiple reference values for testing
+// cases with multiple validators, as well as filling in bare-metal SNP-specific values.
+func (ct *ContrastTest) patchReferenceValues(t *testing.T, platform platforms.Platform) {
+	manifestBytes, err := os.ReadFile(ct.WorkDir + "/manifest.json")
+	require.NoError(t, err)
+	var m manifest.Manifest
+	require.NoError(t, json.Unmarshal(manifestBytes, &m))
+
+	switch platform {
+	case platforms.AKSCloudHypervisorSNP:
+		// Duplicate the reference values to test multiple validators by having at least 2.
+		m.ReferenceValues.SNP = append(m.ReferenceValues.SNP, m.ReferenceValues.SNP[len(m.ReferenceValues.SNP)-1])
+
+		// Make the last set of reference values invalid by changing the SVNs.
+		m.ReferenceValues.SNP[len(m.ReferenceValues.SNP)-1].MinimumTCB = manifest.SNPTCB{
+			BootloaderVersion: toPtr(manifest.SVN(255)),
+			TEEVersion:        toPtr(manifest.SVN(255)),
+			SNPVersion:        toPtr(manifest.SVN(255)),
+			MicrocodeVersion:  toPtr(manifest.SVN(255)),
+		}
+	case platforms.K3sQEMUSNP:
+		// The generate command doesn't fill in all required fields when
+		// generating a manifest for baremetal SNP. Do that now.
+		for i, snp := range m.ReferenceValues.SNP {
+			snp.MinimumTCB.BootloaderVersion = toPtr(manifest.SVN(0))
+			snp.MinimumTCB.TEEVersion = toPtr(manifest.SVN(0))
+			snp.MinimumTCB.SNPVersion = toPtr(manifest.SVN(0))
+			snp.MinimumTCB.MicrocodeVersion = toPtr(manifest.SVN(0))
+			m.ReferenceValues.SNP[i] = snp
+		}
+	}
+
+	manifestBytes, err = json.Marshal(m)
+	require.NoError(t, err)
+	require.NoError(t, os.WriteFile(ct.WorkDir+"/manifest.json", manifestBytes, 0o644))
 }
 
 // Apply the generated resources to the Kubernetes test environment.
@@ -310,3 +351,7 @@ func makeNamespace(t *testing.T) string {
 
 	return strings.Join(append(re.FindAllString(strings.ToLower(t.Name()), -1), hex.EncodeToString(buf)), "-")
 }
+
+func toPtr[T any](t T) *T {
+	return &t
+}
diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go
@@ -61,8 +61,6 @@ func TestOpenSSL(t *testing.T) {
 	ct.Init(t, resources)
 	require.True(t, t.Run("generate", ct.Generate), "contrast generate needs to succeed for subsequent tests")
 
-	patchReferenceValues(t, platform, ct)
-
 	require.True(t, t.Run("apply", ct.Apply), "Kubernetes resources need to be applied for subsequent tests")
 
 	require.True(t, t.Run("set", ct.Set), "contrast set needs to succeed for subsequent tests")
@@ -260,44 +258,3 @@ func opensslConnectCmd(addr, caCert string) string {
 		`openssl s_client -connect %s -verify_return_error -x509_strict -CAfile /contrast/tls-config/%s -cert /contrast/tls-config/certChain.pem -key /contrast/tls-config/key.pem </dev/null`,
 		addr, caCert)
 }
-
-func toPtr[T any](t T) *T {
-	return &t
-}
-
-// patchReferenceValues modifies the manifest to contain multiple reference values for testing
-// cases with multiple validators, as well as filling in bare-metal SNP-specific values.
-func patchReferenceValues(t *testing.T, platform platforms.Platform, ct *contrasttest.ContrastTest) {
-	manifestBytes, err := os.ReadFile(ct.WorkDir + "/manifest.json")
-	require.NoError(t, err)
-	var m manifest.Manifest
-	require.NoError(t, json.Unmarshal(manifestBytes, &m))
-
-	switch platform {
-	case platforms.AKSCloudHypervisorSNP:
-		// Duplicate the reference values to test multiple validators by having at least 2.
-		m.ReferenceValues.SNP = append(m.ReferenceValues.SNP, m.ReferenceValues.SNP[len(m.ReferenceValues.SNP)-1])
-
-		// Make the last set of reference values invalid by changing the SVNs.
-		m.ReferenceValues.SNP[len(m.ReferenceValues.SNP)-1].MinimumTCB = manifest.SNPTCB{
-			BootloaderVersion: toPtr(manifest.SVN(255)),
-			TEEVersion:        toPtr(manifest.SVN(255)),
-			SNPVersion:        toPtr(manifest.SVN(255)),
-			MicrocodeVersion:  toPtr(manifest.SVN(255)),
-		}
-	case platforms.K3sQEMUSNP:
-		// The generate command doesn't fill in all required fields when
-		// generating a manifest for baremetal SNP. Do that now.
-		for i, snp := range m.ReferenceValues.SNP {
-			snp.MinimumTCB.BootloaderVersion = toPtr(manifest.SVN(0))
-			snp.MinimumTCB.TEEVersion = toPtr(manifest.SVN(0))
-			snp.MinimumTCB.SNPVersion = toPtr(manifest.SVN(0))
-			snp.MinimumTCB.MicrocodeVersion = toPtr(manifest.SVN(0))
-			m.ReferenceValues.SNP[i] = snp
-		}
-	}
-
-	manifestBytes, err = json.Marshal(m)
-	require.NoError(t, err)
-	require.NoError(t, os.WriteFile(ct.WorkDir+"/manifest.json", manifestBytes, 0o644))
-}