From 8e8dbd0c696ee042468d8e46f351c6c7b1326d57 Mon Sep 17 00:00:00 2001
From: Martin Irungu <mi@edgeless.systems>
Date: Mon, 18 Mar 2024 15:49:30 +0100
Subject: [PATCH] e2e: added openssl function

---
 e2e/internal/kuberesource/resourcegen/main.go |   2 +
 e2e/internal/kuberesource/sets.go             | 103 ++++++++++++++++++
 2 files changed, 105 insertions(+)

diff --git a/e2e/internal/kuberesource/resourcegen/main.go b/e2e/internal/kuberesource/resourcegen/main.go
index efa9073513..e9184eb603 100644
--- a/e2e/internal/kuberesource/resourcegen/main.go
+++ b/e2e/internal/kuberesource/resourcegen/main.go
@@ -22,6 +22,8 @@ func main() {
 	switch set {
 	case "simple":
 		resources, err = kuberesource.Simple()
+	case "openssl":
+		resources, err = kuberesource.OpenSSL()
 	default:
 		fmt.Printf("Error: unknown set: %s\n", set)
 		os.Exit(1)
diff --git a/e2e/internal/kuberesource/sets.go b/e2e/internal/kuberesource/sets.go
index 80b7bc54fa..90951c5c99 100644
--- a/e2e/internal/kuberesource/sets.go
+++ b/e2e/internal/kuberesource/sets.go
@@ -49,3 +49,106 @@ func Simple() ([]any, error) {
 
 	return resources, nil
 }
+
+// OpenSSL returns a set of resources for testing with OpenSSL.
+func OpenSSL() ([]any, error) {
+	ns := "edg-default"
+	namespace := Namespace(ns)
+	coordinator := Coordinator(ns).DeploymentApplyConfiguration
+	coordinatorService := ServiceForDeployment(coordinator)
+	coordinatorForwarder := PortForwarder("coordinator", ns).
+		WithListenPort(1313).
+		WithForwardTarget("coordinator", 1313).
+		PodApplyConfiguration
+
+	opensslBackend := Deployment("openssl-backend", ns).
+		WithSpec(DeploymentSpec().
+			WithReplicas(1).
+			WithSelector(LabelSelector().
+				WithMatchLabels(map[string]string{"app.kubernetes.io/name": "openssl-backend"}),
+			).
+			WithTemplate(PodTemplateSpec().
+				WithLabels(map[string]string{"app.kubernetes.io/name": "openssl-backend"}).
+				WithSpec(PodSpec().
+					WithContainers(
+						Container().
+							WithName("openssl-backend").
+							WithImage("ghcr.io/edgelesssys/contrast/openssl:latest").
+							WithCommand("/bin/sh", "-c", "echo Workload started  \n openssl s_server -port 443 -Verify 2 -CAfile /tls-config/MeshCACert.pem -cert /tls-config/certChain.pem -key /tls-config/key.pem").
+							WithResources(ResourceRequirements().
+								WithMemoryLimitAndRequest(50),
+							),
+					),
+				),
+			),
+		)
+
+	opensslBackend, err := AddInitializer(opensslBackend, Initializer())
+	if err != nil {
+		return nil, err
+	}
+
+	opensslClient := Deployment("openssl-client", ns).
+		WithSpec(DeploymentSpec().
+			WithReplicas(1).
+			WithSelector(LabelSelector().
+				WithMatchLabels(map[string]string{"app.kubernetes.io/name": "openssl-client"}),
+			).
+			WithTemplate(PodTemplateSpec().
+				WithLabels(map[string]string{"app.kubernetes.io/name": "openssl-client"}).
+				WithSpec(PodSpec().
+					WithContainers(
+						Container().
+							WithName("openssl-client").
+							WithImage("ghcr.io/edgelesssys/contrast/openssl:latest").
+							WithCommand("/bin/sh", "-c", "echo Workload started \nwhile true; do \n  echo \"THIS IS A TEST MESSAGE\" | openssl s_client -connect openssl-frontend:443 -verify_return_error -CAfile /tls-config/RootCACert.pem\n  sleep 30\ndone\n").
+							WithResources(ResourceRequirements().
+								WithMemoryLimitAndRequest(50),
+							),
+					),
+				),
+			),
+		)
+	opensslClient, err = AddInitializer(opensslClient, Initializer())
+	if err != nil {
+		return nil, err
+	}
+
+	opensslFrontend := Deployment("openssl-frontend", ns).
+		WithSpec(DeploymentSpec().
+			WithReplicas(1).
+			WithSelector(LabelSelector().
+				WithMatchLabels(map[string]string{"app.kubernetes.io/name": "openssl-frontend"}),
+			).
+			WithTemplate(PodTemplateSpec().
+				WithLabels(map[string]string{"app.kubernetes.io/name": "openssl-frontend"}).
+				WithSpec(PodSpec().
+					WithContainers(
+						Container().
+							WithName("openssl-frontend").
+							WithImage("ghcr.io/edgelesssys/contrast/openssl:latest").
+							WithCommand("/bin/sh", "-c", "echo Workload started\nopenssl s_server -www -port 443 -cert /tls-config/certChain.pem -key /tls-config/key.pem -cert_chain /tls-config/certChain.pem &\nwhile true; do \n  echo \"THIS IS A TEST MESSAGE\" | openssl s_client -connect openssl-backend:443 -verify_return_error -CAfile /tls-config/MeshCACert.pem -cert /tls-config/certChain.pem -key /tls-config/key.pem\n  sleep 10\ndone\n").
+							WithResources(ResourceRequirements().
+								WithMemoryLimitAndRequest(50),
+							),
+					),
+				),
+			),
+		)
+	opensslFrontend, err = AddInitializer(opensslFrontend, Initializer())
+	if err != nil {
+		return nil, err
+	}
+
+	resources := []any{
+		namespace,
+		coordinator,
+		coordinatorService,
+		coordinatorForwarder,
+		opensslBackend,
+		opensslClient,
+		opensslFrontend,
+	}
+
+	return resources, nil
+}