test/e2e: Test should fail if we error during set-up

We have had an issue where the secret key setting wasn't working and throwing errors and we just ignored it. To help with debugging we should be responding to errors rather than just ignoring them. Signed-off-by: stevenhorsman <steven@uk.ibm.com>
confidential-containers · Nov 14, 2024 · b7f1872 · b7f1872
1 parent a1633d5
commit b7f1872
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 17 deletions.
diff --git a/src/cloud-api-adaptor/test/e2e/azure_test.go b/src/cloud-api-adaptor/test/e2e/azure_test.go
@@ -135,6 +135,9 @@ func TestKbsKeyRelease(t *testing.T) {
 	testSecret := envconf.RandomName("coco-pp-e2e-secret", 25)
 	resourcePath := "caa/workload_key/test_key.bin"
 	err := keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
+	if err != nil {
+		t.Fatalf("SetSecret failed with: %v", err)
+	}
 	DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
 }
 
@@ -146,7 +149,10 @@ func TestRemoteAttestation(t *testing.T) {
 	} else if keyBrokerService == nil {
 		t.Skip("Skipping because KBS config is missing")
 	} else {
-		kbsEndpoint, _ = keyBrokerService.GetCachedKbsEndpoint()
+		kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
+		if err != nil {
+			t.Fatalf("GetCachedKbsEndpoint failed with: %v", err)
+		}
 	}
 	DoTestRemoteAttestation(t, testEnv, assert, kbsEndpoint)
 }
@@ -156,6 +162,9 @@ func TestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T) {
 		t.Skip("Skipping kbs related test as Trustee Operator is not deployed")
 	}
 	t.Parallel()
-	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+	kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
+	if err != nil {
+		t.Fatalf("GetCachedKbsEndpoint failed with: %v", err)
+	}
 	DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, "default/kbsres1/key1", "res1val1")
 }
diff --git a/src/cloud-api-adaptor/test/e2e/docker_test.go b/src/cloud-api-adaptor/test/e2e/docker_test.go
@@ -105,13 +105,25 @@ func TestDockerKbsKeyRelease(t *testing.T) {
 	}
 	testSecret := envconf.RandomName("coco-pp-e2e-secret", 25)
 	resourcePath := "caa/workload_key/test_key.bin"
-	keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
-	keyBrokerService.EnableKbsCustomizedResourcePolicy("deny_all.rego")
-	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+	err := keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
+	if err != nil {
+		t.Fatalf("SetSecret failed with: %v", err)
+	}
+	err = keyBrokerService.EnableKbsCustomizedResourcePolicy("deny_all.rego")
+	if err != nil {
+		t.Fatalf("EnableKbsCustomizedResourcePolicy failed with: %v", err)
+	}
+	kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
+	if err != nil {
+		t.Fatalf("GetCachedKbsEndpoint failed with: %v", err)
+	}
 	assert := DockerAssert{}
 	t.Parallel()
 	DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
-	keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
+	err = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
+	if err != nil {
+		t.Fatalf("EnableKbsCustomizedResourcePolicy failed with: %v", err)
+	}
 	DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
 }
 

diff --git a/src/cloud-api-adaptor/test/e2e/libvirt_test.go b/src/cloud-api-adaptor/test/e2e/libvirt_test.go
@@ -130,10 +130,22 @@ func TestLibvirtSealedSecret(t *testing.T) {
 
 	testSecret := envconf.RandomName("coco-pp-e2e-secret", 25)
 	resourcePath := "caa/workload_key/test_key.bin"
-	_ = keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
-	_ = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
-	_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
-	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+	err := keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
+	if err != nil {
+		t.Fatalf("SetSecret failed with: %v", err)
+	}
+	err = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
+	if err != nil {
+		t.Fatalf("EnableKbsCustomizedResourcePolicy failed with: %v", err)
+	}
+	err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
+	if err != nil {
+		t.Fatalf("EnableKbsCustomizedAttestationPolicy failed with: %v", err)
+	}
+	kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
+	if err != nil {
+		t.Fatalf("GetCachedKbsEndpoint failed with: %v", err)
+	}
 	assert := LibvirtAssert{}
 	DoTestSealedSecret(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
 }
@@ -145,24 +157,45 @@ func TestLibvirtKbsKeyRelease(t *testing.T) {
 
 	testSecret := envconf.RandomName("coco-pp-e2e-secret", 25)
 	resourcePath := "caa/workload_key/test_key.bin"
-	_ = keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
-	_ = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
-	_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("deny_all.rego")
-	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+	err := keyBrokerService.SetSecret(resourcePath, []byte(testSecret))
+	if err != nil {
+		t.Fatalf("SetSecret failed with: %v", err)
+	}
+	err = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
+	if err != nil {
+		t.Fatalf("EnableKbsCustomizedResourcePolicy failed with: %v", err)
+	}
+	err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("deny_all.rego")
+	if err != nil {
+		t.Fatalf("EnableKbsCustomizedAttestationPolicy failed with: %v", err)
+	}
+	kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
+	if err != nil {
+		t.Fatalf("GetCachedKbsEndpoint failed with: %v", err)
+	}
 	assert := LibvirtAssert{}
 	t.Parallel()
 	DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
 	if isTestWithKbsIBMSE() {
 		t.Log("KBS with ibmse cases")
 		// the allow_*_.rego file is created by follow document
 		// https://github.com/confidential-containers/trustee/blob/main/deps/verifier/src/se/README.md#set-attestation-policy
-		_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_wrong_image_tag.rego")
+		err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_wrong_image_tag.rego")
+		if err != nil {
+			t.Fatalf("EnableKbsCustomizedAttestationPolicy failed with: %v", err)
+		}
 		DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
-		_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_correct_claims.rego")
+		err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_correct_claims.rego")
+		if err != nil {
+			t.Fatalf("EnableKbsCustomizedAttestationPolicy failed with: %v", err)
+		}
 		DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
 	} else {
 		t.Log("KBS normal cases")
-		_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
+		err = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
+		if err != nil {
+			t.Fatalf("EnableKbsCustomizedAttestationPolicy failed with: %v", err)
+		}
 		DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint, resourcePath, testSecret)
 	}
 }