e2e: apply k8s resources from Go

Author: burgerdev

.github/workflows/e2e_openssl.yml

@@ -55,7 +55,7 @@ jobs:
       - name: Build, deploy, contrast generate, contrast set, contrast verify
         run: |
           just coordinator initializer openssl
-          just deploy openssl contrast.cli
+          just generate openssl contrast.cli
       - name: Setup Summary
         run: |
           cat ./workspace/just.namespace | tee -a "${GITHUB_STEP_SUMMARY}"

e2e/openssl/openssl_test.go

@@ -17,8 +17,10 @@ import (
 
 	"github.com/edgelesssys/contrast/cli/cmd"
 	"github.com/edgelesssys/contrast/e2e/internal/kubeclient"
+	"github.com/edgelesssys/contrast/internal/kubeapi"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
 // namespace the tests are executed in.
@@ -36,6 +38,34 @@ func TestOpenSSL(t *testing.T) {
 	namespace := os.Getenv(namespaceEnv)
 	require.NotEmpty(t, namespace, "environment variable %q must be set", namespaceEnv)
 
+	resources, err := filepath.Glob("./workspace/deployment/*.yml")
+	require.NoError(t, err)
+
+	// TODO(burgerdev): policy hash should come from contrast generate output.
+	coordinatorPolicyHashBytes, err := os.ReadFile("workspace/coordinator-policy.sha256")
+	require.NoError(t, err)
+	coordinatorPolicyHash := string(coordinatorPolicyHashBytes)
+	require.NotEmpty(t, coordinatorPolicyHash, "expected apply to fill coordinator policy hash")
+
+	require.True(t, t.Run("apply", func(t *testing.T) {
+		require := require.New(t)
+
+		var objects []*unstructured.Unstructured
+		for _, file := range resources {
+			yaml, err := os.ReadFile(file)
+			require.NoError(err)
+			fileObjects, err := kubeapi.UnmarshalUnstructuredK8SResource(yaml)
+			require.NoError(err)
+			objects = append(objects, fileObjects...)
+		}
+
+		ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+		defer cancel()
+
+		c := kubeclient.NewForTest(t)
+		require.NoError(c.Apply(ctx, objects...))
+	}), "Kubernetes resources need to be applied for subsequent tests")
+
 	require.True(t, t.Run("set", func(t *testing.T) {
 		require := require.New(t)
 
@@ -48,11 +78,8 @@ func TestOpenSSL(t *testing.T) {
 		require.NoError(err)
 		defer cancelPortForward()
 
-		resources, err := filepath.Glob("./workspace/deployment/*.yml")
-		require.NoError(err)
-
 		args := []string{
-			"--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking
+			"--coordinator-policy-hash", coordinatorPolicyHash,
 			"--coordinator", coordinator,
 			"--workspace-dir", "./workspace",
 		}
@@ -88,7 +115,7 @@ func TestOpenSSL(t *testing.T) {
 		verify := cmd.NewVerifyCmd()
 		verify.SetArgs([]string{
 			"--workspace-dir", workspaceDir,
-			"--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking
+			"--coordinator-policy-hash", coordinatorPolicyHash,
 			"--coordinator", coordinator,
 		})
 		verify.SetOut(io.Discard)

internal/kubeapi/kubeapi.go

@@ -30,7 +30,7 @@ type (
 // UnmarshalK8SResources unmarshals a Kubernetes resource into a list of objects that can be
 // type casted to a Kubernetes resource.
 func UnmarshalK8SResources(data []byte) ([]any, error) {
-	objs, err := unmarshalUnstructuredK8SResource(data)
+	objs, err := UnmarshalUnstructuredK8SResource(data)
 	if err != nil {
 		return nil, err
 	}
@@ -77,7 +77,8 @@ func UnmarshalK8SResources(data []byte) ([]any, error) {
 	return result, nil
 }
 
-func unmarshalUnstructuredK8SResource(data []byte) ([]*unstructured.Unstructured, error) {
+// UnmarshalUnstructuredK8SResource parses the input YAML into unstructured Kubernetes resources.
+func UnmarshalUnstructuredK8SResource(data []byte) ([]*unstructured.Unstructured, error) {
 	documentsData, err := splitYAML(data)
 	if err != nil {
 		return nil, fmt.Errorf("splitting YAML into multiple documents: %w", err)