initdata: refactor and fix lint errors

Fixes: #1985

Signed-off-by: Qi Feng Huo <[email protected]>

src/cloud-api-adaptor/cmd/cloud-api-adaptor/main.go

@@ -24,7 +24,7 @@ import (
 )
 
 const (
- programName  = "cloud-api-adaptor"
+ programName = "cloud-api-adaptor"
 )
 
 type daemonConfig struct {

src/cloud-api-adaptor/test/e2e/azure_test.go

@@ -129,7 +129,8 @@ func TestKbsKeyRelease(t *testing.T) {
  t.Skip("Skipping kbs related test as kbs is not deployed")
  }
  t.Parallel()
- DoTestKbsKeyRelease(t, testEnv, assert)
+ kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+ DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 }
 
 func TestRemoteAttestation(t *testing.T) {
@@ -145,5 +146,6 @@ func TestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T) {
  t.Skip("Skipping kbs related test as Trustee Operator is not deployed")
  }
  t.Parallel()
- DoTestTrusteeOperatorKeyReleaseForSpecificKey(t, testEnv, assert)
+ kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+ DoTestTrusteeOperatorKeyReleaseForSpecificKey(t, testEnv, assert, kbsEndpoint)
 }

src/cloud-api-adaptor/test/e2e/common.go

@@ -274,11 +274,7 @@ func NewBusyboxPodWithName(namespace, podName string) *corev1.Pod {
  return NewPod(namespace, podName, "busybox", BUSYBOX_IMAGE, WithCommand([]string{"/bin/sh", "-c", "sleep 3600"}))
 }
 
-func NewBusyboxPodWithNameWithInitdata(namespace, podName string) *corev1.Pod {
- kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
- if err != nil {
- log.Fatal(err)
- }
+func NewBusyboxPodWithNameWithInitdata(namespace, podName string, kbsEndpoint string) *corev1.Pod {
  initdata := fmt.Sprintf(testInitdata, kbsEndpoint, kbsEndpoint, kbsEndpoint)
  b64Data := b64.StdEncoding.EncodeToString([]byte(initdata))
  annotationData := map[string]string{

src/cloud-api-adaptor/test/e2e/common_suite.go

@@ -576,9 +576,9 @@ func DoTestPodsMTLSCommunication(t *testing.T, e env.Environment, assert CloudAs
 
 // DoTestKbsKeyRelease and DoTestKbsKeyReleaseForFailure should be run in a single test case if you're chaining opa in kbs
 // as test cases might be run in parallel
-func DoTestKbsKeyRelease(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestKbsKeyRelease(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
  t.Log("Do test kbs key release")
- pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-key-release")
+ pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-key-release", kbsEndpoint)
  testCommands := []TestCommand{
  {
  Command: []string{"wget", "-q", "-O-", "http://127.0.0.1:8006/cdh/resource/reponame/workload_key/key.bin"},
@@ -600,9 +600,9 @@ func DoTestKbsKeyRelease(t *testing.T, e env.Environment, assert CloudAssert) {
 
 // DoTestKbsKeyRelease and DoTestKbsKeyReleaseForFailure should be run in a single test case if you're chaining opa in kbs
 // as test cases might be run in parallel
-func DoTestKbsKeyReleaseForFailure(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestKbsKeyReleaseForFailure(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
  t.Log("Do test kbs key release failure case")
- pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-failure")
+ pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-failure", kbsEndpoint)
  testCommands := []TestCommand{
  {
  Command: []string{"wget", "-q", "-O-", "http://127.0.0.1:8006/cdh/resource/reponame/workload_key/key.bin"},
@@ -631,9 +631,9 @@ func DoTestKbsKeyReleaseForFailure(t *testing.T, e env.Environment, assert Cloud
 }
 
 // Test to check for specific key value from Trustee Operator Deployment
-func DoTestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
  t.Log("Do test Trustee operator key release for specific key")
- pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "op-key-release")
+ pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "op-key-release", kbsEndpoint)
  testCommands := []TestCommand{
  {
  Command: []string{"wget", "-q", "-O-", "http://127.0.0.1:8006/cdh/resource/default/kbsres1/key1"},

src/cloud-api-adaptor/test/e2e/docker_test.go

@@ -103,9 +103,10 @@ func TestDockerKbsKeyRelease(t *testing.T) {
  }
  keyBrokerService.SetSampleSecretKey()
  keyBrokerService.EnableKbsCustomizedResourcePolicy("deny_all.rego")
+ kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
  assert := DockerAssert{}
  t.Parallel()
- DoTestKbsKeyReleaseForFailure(t, testEnv, assert)
+ DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint)
  keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
- DoTestKbsKeyRelease(t, testEnv, assert)
+ DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 }

src/cloud-api-adaptor/test/e2e/libvirt_test.go

@@ -111,21 +111,22 @@ func TestLibvirtKbsKeyRelease(t *testing.T) {
  _ = keyBrokerService.SetSampleSecretKey()
  _ = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
  _ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("deny_all.rego")
+ kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
  assert := LibvirtAssert{}
  t.Parallel()
- DoTestKbsKeyReleaseForFailure(t, testEnv, assert)
+ DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint)
  if isTestWithKbsIBMSE() {
  t.Log("KBS with ibmse cases")
  // the allow_*_.rego file is created by follow document
  // https://github.com/confidential-containers/trustee/blob/main/deps/verifier/src/se/README.md#set-attestation-policy
  _ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_wrong_image_tag.rego")
- DoTestKbsKeyReleaseForFailure(t, testEnv, assert)
+ DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint)
  _ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_correct_claims.rego")
- DoTestKbsKeyRelease(t, testEnv, assert)
+ DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
  } else {
  t.Log("KBS normal cases")
  _ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
- DoTestKbsKeyRelease(t, testEnv, assert)
+ DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
  }
 }
 

src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go

@@ -320,12 +320,12 @@ func (lio *LibvirtInstallOverlay) Edit(ctx context.Context, cfg *envconf.Config,
 
  // Mapping the internal properties to ConfigMapGenerator properties and their default values.
  mapProps := map[string][2]string{
- "network":  {"default", "LIBVIRT_NET"},
- "storage":  {"default", "LIBVIRT_POOL"},
- "pause_image":  {"", "PAUSE_IMAGE"},
- "podvm_volume":  {"", "LIBVIRT_VOL_NAME"},
- "uri":  {"qemu+ssh://[email protected]/system?no_verify=1", "LIBVIRT_URI"},
- "vxlan_port":  {"", "VXLAN_PORT"},
+ "network": {"default", "LIBVIRT_NET"},
+ "storage": {"default", "LIBVIRT_POOL"},
+ "pause_image": {"", "PAUSE_IMAGE"},
+ "podvm_volume": {"", "LIBVIRT_VOL_NAME"},
+ "uri": {"qemu+ssh://[email protected]/system?no_verify=1", "LIBVIRT_URI"},
+ "vxlan_port": {"", "VXLAN_PORT"},
  }
 
  for k, v := range mapProps {

src/cloud-api-adaptor/test/provisioner/trustee_kbs.go

@@ -400,7 +400,7 @@ func (p *KeyBrokerService) GetCachedKbsEndpoint() (string, error) {
  return "", fmt.Errorf("KeyBrokerService not found")
 }
 
-func (p *KeyBrokerService) GetKbsEndpoint(ctx context.Context, cfg *envconf.Config) (string, error) { 
+func (p *KeyBrokerService) GetKbsEndpoint(ctx context.Context, cfg *envconf.Config) (string, error) {
  client, err := cfg.NewClient()
  if err != nil {
  return "", err

src/cloud-api-adaptor/test/tools/provisioner-cli/main.go

@@ -108,7 +108,7 @@ func main() {
  if err != nil {
  log.Fatal(err)
  }
- 
+
  log.Infof("keyBrokerService: %s", kbsEndpoint)
 
  props = provisioner.GetProperties(context.TODO(), cfg)

src/cloud-providers/util/cloudinit/cloudconfig.go

@@ -12,7 +12,7 @@ import (
 )
 
 const (
- DefaultAuthfileLimit  = 12288 // TODO: use a whole userdata limit mechanism instead of limiting authfile
+ DefaultAuthfileLimit = 12288 // TODO: use a whole userdata limit mechanism instead of limiting authfile
 )
 
 // https://cloudinit.readthedocs.io/en/latest/topics/format.html#cloud-config-data

src/cloud-providers/util/cloudinit/cloudconfig_test.go

@@ -136,95 +136,3 @@ func TestUserDataWithDaemonAndAuth(t *testing.T) {
  }
 
 }
-
-// Test userData with a daemon.json file, an auth.json file
-// The test should verify that the config has the daemon.json, auth.json
-// files in the write_files section.
-func TestUserDataWithDaemonAndAuth(t *testing.T) {
- testDaemonConfigJson := `{
- "pod-network": {
- "podip": "10.244.0.19/24",
- "pod-hw-addr": "0e:8f:62:f3:81:ad",
- "interface": "eth0",
- "worker-node-ip": "10.224.0.4/16",
- "tunnel-type": "vxlan",
- "routes": [
- {
- "Dst": "",
- "GW": "10.244.0.1",
- "Dev": "eth0"
- }
- ],
- "mtu": 1500,
- "index": 1,
- "vxlan-port": 8472,
- "vxlan-id": 555001,
- "dedicated": false
- },
- "pod-namespace": "default",
- "pod-name": "nginx-866fdb5bfb-b98nw",
- "tls-server-key": "-----BEGIN PRIVATE KEY-----\n....\n-----END PRIVATE KEY-----\n",
- "tls-server-cert": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----\n",
- "tls-client-ca": "-----BEGIN CERTIFICATE-----\n....\n-----END CERTIFICATE-----\n",
- "aa-kbc-params": "cc_kbc::http://192.168.100.2:8080"
- }`
-
- // Create a variable to hold sample base64 encoded string which is the auth.json
- // file
- testAuthJson := `{
- "auths": {
- "myregistry.io": {
- "auth": "dXNlcjpwYXNzd29yZAo"
- }
- }
- }`
-
- testResourcesJson := AuthJSONToResourcesJSON(string(testAuthJson))
-
- // Create a CloudConfig struct
- cloudConfig := &CloudConfig{
- WriteFiles: []WriteFile{
- {Path: forwarderConfigPath, Content: string(testDaemonConfigJson)},
- {Path: authJSONPath, Content: testResourcesJson},
- },
- }
-
- // Generate userData from cloudConfig
- userData, err := cloudConfig.Generate()
- if err != nil {
- t.Fatalf("Expect no error, got %v", err)
- }
-
- // Pretty print the userData
- fmt.Printf("userData: %s\n", userData)
-
- // Verify that the userData has the daemon.json, auth.json and kbc-params files
- // in the write_files section
- if !strings.Contains(userData, forwarderConfigPath) {
- t.Fatalf("Expect %q, got %q", forwarderConfigPath, userData)
- }
-
- if !strings.Contains(userData, authJSONPath) {
- t.Fatalf("Expect %q, got %q", authJSONPath, userData)
- }
-
- var output CloudConfig
-
- if err := yaml.Unmarshal([]byte(userData), &output); err != nil {
- t.Fatalf("Expect no error, got %v", err)
- }
-
- // Pretty print the userData output
- fmt.Printf("userData: %s\n", output)
-
- // Verify that the output yaml has the testDaemonConfigJson, testb64AuthJson
- // in the write_files section
- if !strings.Contains(output.WriteFiles[0].Content, testDaemonConfigJson) {
- t.Fatalf("Expect %q, got %q", testDaemonConfigJson, output.WriteFiles[0].Content)
- }
-
- if !strings.Contains(output.WriteFiles[1].Content, testResourcesJson) {
- t.Fatalf("Expect %q, got %q", testResourcesJson, output.WriteFiles[1].Content)
- }
-
-}