ci: set initdata in remote-attestation test

Set initdata for remote attestation. allow kbs endpoint to be specified
for manual test runs.

Signed-off-by: Magnus Kulke <[email protected]>

src/cloud-api-adaptor/test/e2e/azure_test.go

@@ -7,6 +7,7 @@ package e2e
 
 import (
 	"bytes"
+	"os"
 	"strings"
 	"testing"
 
@@ -135,10 +136,15 @@ func TestKbsKeyRelease(t *testing.T) {
 
 func TestRemoteAttestation(t *testing.T) {
 	t.Parallel()
-	if !isTestWithKbs() {
-		t.Skip("Skipping kbs related test as kbs is not deployed")
+	var kbsEndpoint string
+	if ep := os.Getenv("KBS_ENDPOINT"); ep != "" {
+		kbsEndpoint = ep
+	} else if keyBrokerService == nil {
+		t.Skip("Skipping because KBS config is missing")
+	} else {
+		kbsEndpoint, _ = keyBrokerService.GetCachedKbsEndpoint()
 	}
-	DoTestRemoteAttestation(t, testEnv, assert)
+	DoTestRemoteAttestation(t, testEnv, assert, kbsEndpoint)
 }
 
 func TestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T) {

src/cloud-api-adaptor/test/e2e/common.go

@@ -152,6 +152,20 @@ func WithCommand(command []string) PodOption {
 	}
 }
 
+type JobOption func(*batchv1.Job)
+
+func WithJobCommand(command []string) JobOption {
+	return func(j *batchv1.Job) {
+		j.Spec.Template.Spec.Containers[0].Command = command
+	}
+}
+
+func WithJobAnnotations(data map[string]string) JobOption {
+	return func(j *batchv1.Job) {
+		j.Spec.Template.ObjectMeta.Annotations = data
+	}
+}
+
 func WithEnvironmentalVariables(envVar []corev1.EnvVar) PodOption {
 	return func(p *corev1.Pod) {
 		p.Spec.Containers[0].Env = envVar
@@ -310,13 +324,12 @@ func NewSecret(namespace, name string, data map[string][]byte, secretType corev1
 }
 
 // NewJob returns a new job
-func NewJob(namespace, name string, backoffLimit int32, image string, command ...string) *batchv1.Job {
-	if len(command) == 0 {
-		command = []string{"/bin/sh", "-c", "echo 'scale=5; 4*a(1)' | bc -l"}
-	}
+func NewJob(namespace, name string, backoffLimit int32, image string, options ...JobOption) *batchv1.Job {
+	command := []string{"/bin/sh", "-c", "echo 'scale=5; 4*a(1)' | bc -l"}
+
 	runtimeClassName := "kata-remote"
 	TerminateGracePeriod := int64(0)
-	return &batchv1.Job{
+	job := batchv1.Job{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      name,
 			Namespace: namespace,
@@ -338,6 +351,12 @@ func NewJob(namespace, name string, backoffLimit int32, image string, command ..
 			BackoffLimit: &backoffLimit,
 		},
 	}
+
+	for _, option := range options {
+		option(&job)
+	}
+
+	return &job
 }
 
 // NewPVC returns a new pvc object.

src/cloud-api-adaptor/test/e2e/remote_attestation.go

@@ -1,16 +1,24 @@
 package e2e
 
 import (
+	b64 "encoding/base64"
+	"fmt"
 	"testing"
 
 	"sigs.k8s.io/e2e-framework/pkg/env"
 )
 
 // the test will retrieve a kbs token to verify a successful remote attestation
-func DoTestRemoteAttestation(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestRemoteAttestation(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
 	name := "remote-attestation"
 	image := "quay.io/curl/curl:latest"
 	// fail on non 200 code, silent, but output on failure
-	job := NewJob(E2eNamespace, name, 0, image, "curl", "-f", "-s", "-S", "-o", "/dev/null", "http://127.0.0.1:8006/aa/token?token_type=kbs")
+	cmd := []string{"curl", "-f", "-s", "-S", "-o", "/dev/null", "http://127.0.0.1:8006/aa/token?token_type=kbs"}
+	initdata := fmt.Sprintf(testInitdata, kbsEndpoint, kbsEndpoint, kbsEndpoint)
+	b64Data := b64.StdEncoding.EncodeToString([]byte(initdata))
+	annotations := map[string]string{
+		"io.katacontainers.config.runtime.cc_init_data": b64Data,
+	}
+	job := NewJob(E2eNamespace, name, 0, image, WithJobCommand(cmd), WithJobAnnotations(annotations))
 	NewTestCase(t, e, "RemoteAttestation", assert, "Received KBS token").WithJob(job).Run()
 }