e2e: serialize OpenSSL test

edgelesssys · Mar 8, 2024 · d62b742 · d62b742
1 parent 75dff31
commit d62b742
Showing 1 changed file with 34 additions and 34 deletions.
diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go
@@ -23,40 +23,8 @@ import (
 // namespace the tests are executed in.
 const namespaceEnv = "K8S_NAMESPACE"
 
-// TestBackend verifies that the certificates minted by the coordinator are accepted by OpenSSL in server and client mode.
-//
-// The test expects deployments/openssl to be available in the cluster (manifest set and workloads ready).
-func TestFrontend2Backend(t *testing.T) {
-	require := require.New(t)
-
-	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
-	defer cancel()
-
-	c := kubeclient.NewForTest(t)
-
-	namespace := os.Getenv(namespaceEnv)
-	require.NotEmpty(namespace, "environment variable %q must be set", namespaceEnv)
-
-	frontendPods, err := c.PodsFromDeployment(ctx, namespace, "openssl-frontend")
-	require.NoError(err)
-	require.Len(frontendPods, 1, "pod not found: %s/%s", namespace, "openssl-frontend")
-
-	require.NoError(c.WaitForPod(ctx, namespace, frontendPods[0].Name))
-
-	// Call the backend server from the frontend. If this command produces no TLS error, we verified that
-	// - the certificate in the frontend pod can be used as a client certificate
-	// - the certificate in the backend pod can be used as a server certificate
-	// - the backend's CA configuration accepted the frontend certificate
-	// - the frontend's CA configuration accepted the backend certificate
-	stdout, stderr, err := c.Exec(ctx, namespace, frontendPods[0].Name,
-		[]string{"/bin/bash", "-c", `printf "GET / HTTP/1.0\nHost: openssl-backend\n" | openssl s_client -connect openssl-backend:443 -verify_return_error -CAfile /tls-config/MeshCACert.pem -cert /tls-config/certChain.pem -key /tls-config/key.pem`},
-	)
-	t.Log(stdout)
-	require.NoError(err, "stderr: %q", stderr)
-}
-
-// TestFrontend verifies the certificate used by the OpenSSL frontend comes from the coordinator.
-func TestFrontend(t *testing.T) {
+// TestOpenSSL runs e2e tests on the example OpenSSL deployment.
+func TestOpenSSL(t *testing.T) {
 	c := kubeclient.NewForTest(t)
 
 	namespace := os.Getenv(namespaceEnv)
@@ -120,4 +88,36 @@ func TestFrontend(t *testing.T) {
 			conn.Close()
 		})
 	}
+
+	// TODO(burgerdev): this test should be run with its own kubectl apply/contrast set preface.
+	t.Run("certificates can be used by OpenSSL", func(t *testing.T) {
+		// This test verifies that the certificates minted by the coordinator are accepted by OpenSSL in server and client mode.
+		require := require.New(t)
+
+		ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+		defer cancel()
+
+		c := kubeclient.NewForTest(t)
+
+		const opensslFrontend = "openssl-frontend"
+		const opensslBackend = "openssl-backend"
+
+		require.NoError(c.WaitForDeployment(ctx, namespace, opensslFrontend))
+		require.NoError(c.WaitForDeployment(ctx, namespace, opensslBackend))
+
+		frontendPods, err := c.PodsFromDeployment(ctx, namespace, opensslFrontend)
+		require.NoError(err)
+		require.Len(frontendPods, 1, "pod not found: %s/%s", namespace, opensslFrontend)
+
+		// Call the backend server from the frontend. If this command produces no TLS error, we verified that
+		// - the certificate in the frontend pod can be used as a client certificate
+		// - the certificate in the backend pod can be used as a server certificate
+		// - the backend's CA configuration accepted the frontend certificate
+		// - the frontend's CA configuration accepted the backend certificate
+		stdout, stderr, err := c.Exec(ctx, namespace, frontendPods[0].Name,
+			[]string{"/bin/bash", "-c", `printf "GET / HTTP/1.0\nHost: openssl-backend\n" | openssl s_client -connect openssl-backend:443 -verify_return_error -CAfile /tls-config/MeshCACert.pem -cert /tls-config/certChain.pem -key /tls-config/key.pem`},
+		)
+		t.Log(stdout)
+		require.NoError(err, "stderr: %q", stderr)
+	})
 }