e2e: specify multiple reference values in openssl test

The openssl test now additionally uses multiple reference values to test attestation with multiple validators. Only the second one of the provided validators should successfully validate the attestation document.
edgelesssys · Aug 16, 2024 · 7eb0c68 · 7eb0c68
1 parent f5ae738
commit 7eb0c68
Showing 1 changed file with 24 additions and 12 deletions.
diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go
@@ -61,7 +61,7 @@ func TestOpenSSL(t *testing.T) {
 	ct.Init(t, resources)
 	require.True(t, t.Run("generate", ct.Generate), "contrast generate needs to succeed for subsequent tests")
 
-	patchReferenceValues(t, platform, ct)
+	patchManifest(t, platform, ct)
 
 	require.True(t, t.Run("apply", ct.Apply), "Kubernetes resources need to be applied for subsequent tests")
 
@@ -265,26 +265,38 @@ func toPtr[T any](t T) *T {
 	return &t
 }
 
-func patchReferenceValues(t *testing.T, platform platforms.Platform, ct *contrasttest.ContrastTest) {
+// patchManifest modifies the manifest to contain multiple reference values for testing
+// cases with multiple validators, as well as filling in bare-metal SNP-specific values.
+func patchManifest(t *testing.T, platform platforms.Platform, ct *contrasttest.ContrastTest) {
+	manifestBytes, err := os.ReadFile(ct.WorkDir + "/manifest.json")
+	require.NoError(t, err)
+	var m manifest.Manifest
+	require.NoError(t, json.Unmarshal(manifestBytes, &m))
+
+	// Duplicate the reference values to test multiple validators.
+	m.ReferenceValues.SNP = append(m.ReferenceValues.SNP, m.ReferenceValues.SNP[0])
+	// Make the first set of reference values invalid by changing the SVNs.
+	m.ReferenceValues.SNP[0].MinimumTCB = manifest.SNPTCB{
+		BootloaderVersion: toPtr(manifest.SVN(255)),
+		TEEVersion:        toPtr(manifest.SVN(255)),
+		SNPVersion:        toPtr(manifest.SVN(255)),
+		MicrocodeVersion:  toPtr(manifest.SVN(255)),
+	}
+
+	// Fill in bare-metal-SNP-specific values.
 	if platform == platforms.K3sQEMUSNP {
 		// The generate command doesn't fill in all required fields when
 		// generating a manifest for baremetal SNP. Do that now.
-
-		manifestBytes, err := os.ReadFile(ct.WorkDir + "/manifest.json")
-		require.NoError(t, err)
-		var m manifest.Manifest
-		require.NoError(t, json.Unmarshal(manifestBytes, &m))
-
 		for i, snp := range m.ReferenceValues.SNP {
 			snp.MinimumTCB.BootloaderVersion = toPtr(manifest.SVN(0))
 			snp.MinimumTCB.TEEVersion = toPtr(manifest.SVN(0))
 			snp.MinimumTCB.SNPVersion = toPtr(manifest.SVN(0))
 			snp.MinimumTCB.MicrocodeVersion = toPtr(manifest.SVN(0))
 			m.ReferenceValues.SNP[i] = snp
 		}
-
-		manifestBytes, err = json.Marshal(m)
-		require.NoError(t, err)
-		require.NoError(t, os.WriteFile(ct.WorkDir+"/manifest.json", manifestBytes, 0o644))
 	}
+
+	manifestBytes, err = json.Marshal(m)
+	require.NoError(t, err)
+	require.NoError(t, os.WriteFile(ct.WorkDir+"/manifest.json", manifestBytes, 0o644))
 }