diff --git a/.github/workflows/e2e_openssl.yml b/.github/workflows/e2e_openssl.yml index 24e50c4aa8..4fe27b67f2 100644 --- a/.github/workflows/e2e_openssl.yml +++ b/.github/workflows/e2e_openssl.yml @@ -55,7 +55,7 @@ jobs: - name: Build, deploy, contrast generate, contrast set, contrast verify run: | just coordinator initializer openssl - just deploy openssl contrast.cli + just generate openssl contrast.cli - name: Setup Summary run: | cat ./workspace/just.namespace | tee -a "${GITHUB_STEP_SUMMARY}" diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go index 4fb6d4d1b5..53e7c40fae 100644 --- a/e2e/openssl/openssl_test.go +++ b/e2e/openssl/openssl_test.go @@ -17,8 +17,10 @@ import ( "github.com/edgelesssys/contrast/cli/cmd" "github.com/edgelesssys/contrast/e2e/internal/kubeclient" + "github.com/edgelesssys/contrast/internal/kubeapi" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) // namespace the tests are executed in. @@ -36,6 +38,34 @@ func TestOpenSSL(t *testing.T) { namespace := os.Getenv(namespaceEnv) require.NotEmpty(t, namespace, "environment variable %q must be set", namespaceEnv) + resources, err := filepath.Glob("./workspace/deployment/*.yml") + require.NoError(t, err) + + // TODO(burgerdev): policy hash should come from contrast generate output. + coordinatorPolicyHashBytes, err := os.ReadFile("workspace/coordinator-policy.sha256") + require.NoError(t, err) + coordinatorPolicyHash := string(coordinatorPolicyHashBytes) + require.NotEmpty(t, coordinatorPolicyHash, "expected apply to fill coordinator policy hash") + + require.True(t, t.Run("apply", func(t *testing.T) { + require := require.New(t) + + var objects []*unstructured.Unstructured + for _, file := range resources { + yaml, err := os.ReadFile(file) + require.NoError(err) + fileObjects, err := kubeapi.UnmarshalUnstructuredK8SResource(yaml) + require.NoError(err) + objects = append(objects, fileObjects...) + } + + ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute) + defer cancel() + + c := kubeclient.NewForTest(t) + require.NoError(c.Apply(ctx, objects...)) + }), "Kubernetes resources need to be applied for subsequent tests") + require.True(t, t.Run("set", func(t *testing.T) { require := require.New(t) @@ -48,11 +78,8 @@ func TestOpenSSL(t *testing.T) { require.NoError(err) defer cancelPortForward() - resources, err := filepath.Glob("./workspace/deployment/*.yml") - require.NoError(err) - args := []string{ - "--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking + "--coordinator-policy-hash", coordinatorPolicyHash, "--coordinator", coordinator, "--workspace-dir", "./workspace", } @@ -88,7 +115,7 @@ func TestOpenSSL(t *testing.T) { verify := cmd.NewVerifyCmd() verify.SetArgs([]string{ "--workspace-dir", workspaceDir, - "--coordinator-policy-hash=", // TODO(burgerdev): enable policy checking + "--coordinator-policy-hash", coordinatorPolicyHash, "--coordinator", coordinator, }) verify.SetOut(io.Discard) diff --git a/internal/kubeapi/kubeapi.go b/internal/kubeapi/kubeapi.go index f70bcbeb8d..1baf0df28d 100644 --- a/internal/kubeapi/kubeapi.go +++ b/internal/kubeapi/kubeapi.go @@ -30,7 +30,7 @@ type ( // UnmarshalK8SResources unmarshals a Kubernetes resource into a list of objects that can be // type casted to a Kubernetes resource. func UnmarshalK8SResources(data []byte) ([]any, error) { - objs, err := unmarshalUnstructuredK8SResource(data) + objs, err := UnmarshalUnstructuredK8SResource(data) if err != nil { return nil, err } @@ -77,7 +77,8 @@ func UnmarshalK8SResources(data []byte) ([]any, error) { return result, nil } -func unmarshalUnstructuredK8SResource(data []byte) ([]*unstructured.Unstructured, error) { +// UnmarshalUnstructuredK8SResource parses the input YAML into unstructured Kubernetes resources. +func UnmarshalUnstructuredK8SResource(data []byte) ([]*unstructured.Unstructured, error) { documentsData, err := splitYAML(data) if err != nil { return nil, fmt.Errorf("splitting YAML into multiple documents: %w", err)