diff --git a/e2e/internal/kubeclient/kubeclient.go b/e2e/internal/kubeclient/kubeclient.go index dbc8f83c0..e20c9514e 100644 --- a/e2e/internal/kubeclient/kubeclient.go +++ b/e2e/internal/kubeclient/kubeclient.go @@ -33,6 +33,9 @@ type Kubeclient struct { // Below fields are only populated by Setup(). + // verifyDir holds the results of calling nunki verify + verifyDir string + namespace string } diff --git a/e2e/internal/kubeclient/setup.go b/e2e/internal/kubeclient/setup.go index 534bac4fb..c834e66bf 100644 --- a/e2e/internal/kubeclient/setup.go +++ b/e2e/internal/kubeclient/setup.go @@ -19,17 +19,62 @@ import ( // If any setup step fails, Setup returns an error but does not clean up any resources. Call // Teardown for that. func (k *Kubeclient) Setup() error { + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) + defer cancel() + // TODO(burgerdev): this needs to be generated by Setup as soon as we moved apply logic here. k.namespace = os.Getenv("K8S_NAMESPACE") if k.namespace == "" { return fmt.Errorf("environment variable K8S_NAMESPACE must be set") } - return nil + + output, err := os.MkdirTemp("", "nunki-verify.*") + if err != nil { + return fmt.Errorf("could not create temp dir: %w", err) + } + k.verifyDir = output + + coordinator, cancelPortforward, err := k.PortForwardPod(ctx, "port-forwarder-coordinator", "1313") + if err != nil { + return fmt.Errorf("could not forward coordinator port: %w", err) + } + defer cancelPortforward() + + verify := cmd.NewVerifyCmd() + verify.SetArgs([]string{ + "--output", output, + "--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking + "--coordinator", coordinator, + }) + verify.SetOut(io.Discard) + errBuf := &bytes.Buffer{} + verify.SetErr(errBuf) + + if err := verify.Execute(); err != nil { + log.Fatalf("could not verify coordinator: %v\nnunki verify logs:\n%s", err, errBuf) + } + + var errs []error + for _, expected := range []string{"manifest.0.json", "coordinator-root.pem", "mesh-root.pem"} { + _, err := os.Stat(path.Join(output, expected)) + if err != nil { + errs = append(errs, fmt.Errorf("expected verify output to contain file %q", expected)) + } + // TODO(burgerdev): check the content of output files once generate and set are included here. + } + return errors.Join(errs...) } // Teardown the end-to-end test environment for Nunki. // // The function attempts to clean up all resources, even if some steps fail. func (k *Kubeclient) Teardown() error { - return nil + var errs []error + if k.verifyDir != "" { + errs = append(errs, os.RemoveAll(k.verifyDir)) + } + + // TODO: tear down Kubernetes resources here once we moved apply logic to Setup() + + return errors.Join(errs...) }