Skip to content

Commit

Permalink
e2e: apply k8s resources from Go
Browse files Browse the repository at this point in the history
  • Loading branch information
burgerdev committed Mar 12, 2024
1 parent 2e0b244 commit 57c221d
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 8 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/e2e_openssl.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
- name: Build, deploy, contrast generate, contrast set, contrast verify
run: |
just coordinator initializer openssl
just deploy openssl contrast.cli
just generate openssl contrast.cli
- name: Setup Summary
run: |
cat ./workspace/just.namespace | tee -a "${GITHUB_STEP_SUMMARY}"
Expand Down
55 changes: 50 additions & 5 deletions e2e/openssl/openssl_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,11 @@ package openssl
import (
"bytes"
"context"
"crypto/sha256"
"crypto/tls"
"crypto/x509"
"encoding/base64"
"encoding/hex"
"io"
"os"
"path"
Expand All @@ -17,8 +20,10 @@ import (

"github.com/edgelesssys/contrast/cli/cmd"
"github.com/edgelesssys/contrast/e2e/internal/kubeclient"
"github.com/edgelesssys/contrast/internal/kubeapi"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
)

// namespace the tests are executed in.
Expand All @@ -36,6 +41,49 @@ func TestOpenSSL(t *testing.T) {
namespace := os.Getenv(namespaceEnv)
require.NotEmpty(t, namespace, "environment variable %q must be set", namespaceEnv)

resources, err := filepath.Glob("./workspace/deployment/*.yml")
require.NoError(t, err)

var coordinatorPolicyHash string
require.True(t, t.Run("apply", func(t *testing.T) {
require := require.New(t)

var objects []*unstructured.Unstructured
for _, file := range resources {
yaml, err := os.ReadFile(file)
require.NoError(err)
fileObjects, err := kubeapi.UnmarshalUnstructuredK8SResource(yaml)
require.NoError(err)
objects = append(objects, fileObjects...)
}

for _, obj := range objects {
annotations := obj.GetAnnotations()
if annotations == nil {
continue
}
role, ok := annotations["contrast.edgeless.systems/pod-role"]
if !ok || role != "coordinator" {
continue
}
policyB64, ok := annotations["io.katacontainers.config.agent.policy"]

require.True(ok, "encountered coordinator without policy")
policy, err := base64.StdEncoding.DecodeString(policyB64)
require.NoError(err)
hash := sha256.Sum256(policy)
coordinatorPolicyHash = hex.EncodeToString(hash[:])
}

ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
defer cancel()

c := kubeclient.NewForTest(t)
require.NoError(c.Apply(ctx, objects...))
}), "Kubernetes resources need to be applied for subsequent tests")

require.NotEmpty(t, coordinatorPolicyHash, "expected apply to fill coordinator policy hash")

require.True(t, t.Run("set", func(t *testing.T) {
require := require.New(t)

Expand All @@ -48,11 +96,8 @@ func TestOpenSSL(t *testing.T) {
require.NoError(err)
defer cancelPortForward()

resources, err := filepath.Glob("./workspace/deployment/*.yml")
require.NoError(err)

args := []string{
"--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking
"--coordinator-policy-hash", coordinatorPolicyHash,
"--coordinator", coordinator,
"--workspace-dir", "./workspace",
}
Expand Down Expand Up @@ -88,7 +133,7 @@ func TestOpenSSL(t *testing.T) {
verify := cmd.NewVerifyCmd()
verify.SetArgs([]string{
"--workspace-dir", workspaceDir,
"--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking
"--coordinator-policy-hash", coordinatorPolicyHash,
"--coordinator", coordinator,
})
verify.SetOut(io.Discard)
Expand Down
5 changes: 3 additions & 2 deletions internal/kubeapi/kubeapi.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ type (
// UnmarshalK8SResources unmarshals a Kubernetes resource into a list of objects that can be
// type casted to a Kubernetes resource.
func UnmarshalK8SResources(data []byte) ([]any, error) {
objs, err := unmarshalUnstructuredK8SResource(data)
objs, err := UnmarshalUnstructuredK8SResource(data)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -77,7 +77,8 @@ func UnmarshalK8SResources(data []byte) ([]any, error) {
return result, nil
}

func unmarshalUnstructuredK8SResource(data []byte) ([]*unstructured.Unstructured, error) {
// UnmarshalUnstructuredK8SResource parses the input YAML into unstructured Kubernetes resources.
func UnmarshalUnstructuredK8SResource(data []byte) ([]*unstructured.Unstructured, error) {
documentsData, err := splitYAML(data)
if err != nil {
return nil, fmt.Errorf("splitting YAML into multiple documents: %w", err)
Expand Down

0 comments on commit 57c221d

Please sign in to comment.