From e6e99decde6936f5498fb2bf846e6c0428cd1161 Mon Sep 17 00:00:00 2001
From: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Date: Fri, 9 Feb 2024 18:19:43 +0100
Subject: [PATCH] e2e: add openssl e2e test

Co-authored-by: Markus Rudy <mr@edgeless.systems>
---
 .vscode/settings.json       |  1 +
 e2e/openssl/openssl_test.go | 61 +++++++++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 e2e/openssl/openssl_test.go

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 1dd5f0d908..eab270177d 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -5,6 +5,7 @@
     "gopls": {
         "formatting.gofumpt": true,
     },
+    "go.buildTags": "e2e",
     "go.lintTool": "golangci-lint",
     "go.lintFlags": [
         "--fast",
diff --git a/e2e/openssl/openssl_test.go b/e2e/openssl/openssl_test.go
new file mode 100644
index 0000000000..1ebb52588f
--- /dev/null
+++ b/e2e/openssl/openssl_test.go
@@ -0,0 +1,61 @@
+//go:build e2e
+// +build e2e
+
+package openssl
+
+import (
+	"context"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/edgelesssys/nunki/e2e/internal/kubeclient"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// namespace the tests are executed in.
+const namespaceEnv = "K8S_NAMESPACE"
+
+/*
+This tests an OpenSSL deployment on Nunki.
+
+It does so by:
+  - Templating the container image into the deployment YAML.
+  - Exec'ing into the OpenSSL frontend, opening an OpenSSL server and talking mTLS to the OpenSSL backend, asserting that the connection is successful.
+  - Exec'ing into the OpenSSL client, talking TLS to the OpenSSL frontend, asserting that the connection is successful.
+*/
+func TestOpenssl(t *testing.T) {
+	require := require.New(t)
+	assert := assert.New(t)
+
+	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
+	defer cancel()
+
+	c := kubeclient.NewForTest(t)
+
+	namespace := os.Getenv(namespaceEnv)
+	require.NotEmpty(namespace, "environment variable %q must be set", namespaceEnv)
+
+	frontendPods, err := c.PodsFromDeployment(context.Background(), namespace, "openssl-frontend")
+	require.NoError(err)
+	require.Len(frontendPods, 1, "pod not found: %s/%s", namespace, "openssl-frontend")
+
+	// Call the backend server from the frontend
+	stdout, stderr, err := c.Exec(ctx, namespace, frontendPods[0].Name,
+		[]string{"/bin/bash", "-c", `printf "GET / HTTP/1.0\nHost: openssl-backend\n" | openssl s_client -connect openssl-backend:443 -verify_return_error -CAfile /tls-config/MeshCACert.pem -cert /tls-config/certChain.pem -key /tls-config/key.pem`},
+	)
+	t.Log(stdout)
+	require.NoError(err, "stderr: %q", stderr)
+
+	// Call the frontend server from the client
+	clientPods, err := c.PodsFromDeployment(context.Background(), namespace, "openssl-client")
+	require.NoError(err)
+	require.Len(clientPods, 1)
+
+	stdout, stderr, err = c.Exec(ctx, namespace, clientPods[0].Name,
+		[]string{"/bin/bash", "-c", "echo \"THIS IS A TEST MESSAGE\" | openssl s_client -connect openssl-frontend:443 -verify_return_error -CAfile /tls-config/RootCACert.pem"},
+	)
+	require.NoError(err, "stdout: %s, stderr: %s", stdout, stderr)
+	assert.Contains(stdout, "Verification: OK")
+}