Skip to content

Commit

Permalink
WIP: test/e2e: Test should fail if we error during set-up?
Browse files Browse the repository at this point in the history 
We had an issue where the secret key setting wasn't working
and we just ignored it. Should we consider erroring if things like
this happen during the test to help with debug, or is it too messy?
Is there a better way to do this than my horrible code?

Signed-off-by: stevenhorsman <[email protected]>
  • Loading branch information
@stevenhorsman
stevenhorsman committed Sep 24, 2024
1 parent 2c16530 commit c2e9679
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 11 deletions.
3 changes: 3 additions & 0 deletions src/cloud-api-adaptor/test/e2e/azure_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,9 @@ func TestKbsKeyRelease(t *testing.T) {
testSecret := envconf.RandomName("coco-pp-e2e-secret", 25)
resourcePath := "reponame/workload_key/test_key.bin"
err := keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
if err != nil {
t.Errorf("unexpected error: %v", err)
}
DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
}

Expand Down
20 changes: 16 additions & 4 deletions src/cloud-api-adaptor/test/e2e/docker_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,13 +105,25 @@ func TestDockerKbsKeyRelease(t *testing.T) {
}
testSecret := envconf.RandomName("coco-pp-e2e-secret", 25)
resourcePath := "reponame/workload_key/test_key.bin"
keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
keyBrokerService.EnableKbsCustomizedResourcePolicy("deny_all.rego")
kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
err := keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
if err != nil {
t.Errorf("unexpected error: %v", err)
}
err = keyBrokerService.EnableKbsCustomizedResourcePolicy("deny_all.rego")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
if err != nil {
t.Errorf("unexpected error: %v", err)
}
assert := DockerAssert{}
t.Parallel()
DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
err = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
}

Expand Down
35 changes: 28 additions & 7 deletions src/cloud-api-adaptor/test/e2e/libvirt_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,24 +116,45 @@ func TestLibvirtKbsKeyRelease(t *testing.T) {

testSecret := envconf.RandomName("coco-pp-e2e-secret", 25)
resourcePath := "reponame/workload_key/test_key.bin"
_ = keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
_ = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("deny_all.rego")
kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
err := keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
if err != nil {
t.Errorf("unexpected error: %v", err)
}
err = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("deny_all.rego")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
if err != nil {
t.Errorf("unexpected error: %v", err)
}
assert := LibvirtAssert{}
t.Parallel()
DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
if isTestWithKbsIBMSE() {
t.Log("KBS with ibmse cases")
// the allow_*_.rego file is created by follow document
// https://github.com/confidential-containers/trustee/blob/main/deps/verifier/src/se/README.md#set-attestation-policy
_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_wrong_image_tag.rego")
err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_wrong_image_tag.rego")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_correct_claims.rego")
err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_correct_claims.rego")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
} else {
t.Log("KBS normal cases")
_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
if err != nil {
t.Errorf("unexpected error: %v", err)
}
DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
}
}
Expand Down

0 comments on commit c2e9679

Please sign in to comment.