initdata: refactor key release test case

Fixes: confidential-containers#1985

Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>

src/cloud-api-adaptor/test/e2e/azure_test.go

@@ -129,7 +129,8 @@ func TestKbsKeyRelease(t *testing.T) {
 		t.Skip("Skipping kbs related test as kbs is not deployed")
 	}
 	t.Parallel()
-	DoTestKbsKeyRelease(t, testEnv, assert)
+	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+	DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 }
 
 func TestRemoteAttestation(t *testing.T) {
@@ -145,5 +146,6 @@ func TestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T) {
 		t.Skip("Skipping kbs related test as Trustee Operator is not deployed")
 	}
 	t.Parallel()
-	DoTestTrusteeOperatorKeyReleaseForSpecificKey(t, testEnv, assert)
+	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+	DoTestTrusteeOperatorKeyReleaseForSpecificKey(t, testEnv, assert, kbsEndpoint)
 }

src/cloud-api-adaptor/test/e2e/common.go

@@ -274,11 +274,7 @@ func NewBusyboxPodWithName(namespace, podName string) *corev1.Pod {
 	return NewPod(namespace, podName, "busybox", BUSYBOX_IMAGE, WithCommand([]string{"/bin/sh", "-c", "sleep 3600"}))
 }
 
-func NewBusyboxPodWithNameWithInitdata(namespace, podName string) *corev1.Pod {
-	kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
-	if err != nil {
-		log.Fatal(err)
-	}
+func NewBusyboxPodWithNameWithInitdata(namespace, podName string, kbsEndpoint string) *corev1.Pod {
 	initdata := fmt.Sprintf(testInitdata, kbsEndpoint, kbsEndpoint, kbsEndpoint)
 	b64Data := b64.StdEncoding.EncodeToString([]byte(initdata))
 	annotationData := map[string]string{

src/cloud-api-adaptor/test/e2e/common_suite.go

@@ -576,9 +576,9 @@ func DoTestPodsMTLSCommunication(t *testing.T, e env.Environment, assert CloudAs
 
 // DoTestKbsKeyRelease and DoTestKbsKeyReleaseForFailure should be run in a single test case if you're chaining opa in kbs
 // as test cases might be run in parallel
-func DoTestKbsKeyRelease(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestKbsKeyRelease(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
 	t.Log("Do test kbs key release")
-	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-key-release")
+	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-key-release", kbsEndpoint)
 	testCommands := []TestCommand{
 		{
 			Command:       []string{"wget", "-q", "-O-", "http://127.0.0.1:8006/cdh/resource/reponame/workload_key/key.bin"},
@@ -600,9 +600,9 @@ func DoTestKbsKeyRelease(t *testing.T, e env.Environment, assert CloudAssert) {
 
 // DoTestKbsKeyRelease and DoTestKbsKeyReleaseForFailure should be run in a single test case if you're chaining opa in kbs
 // as test cases might be run in parallel
-func DoTestKbsKeyReleaseForFailure(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestKbsKeyReleaseForFailure(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
 	t.Log("Do test kbs key release failure case")
-	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-failure")
+	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-failure", kbsEndpoint)
 	testCommands := []TestCommand{
 		{
 			Command:       []string{"wget", "-q", "-O-", "http://127.0.0.1:8006/cdh/resource/reponame/workload_key/key.bin"},
@@ -631,9 +631,9 @@ func DoTestKbsKeyReleaseForFailure(t *testing.T, e env.Environment, assert Cloud
 }
 
 // Test to check for specific key value from Trustee Operator Deployment
-func DoTestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
 	t.Log("Do test Trustee operator key release for specific key")
-	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "op-key-release")
+	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "op-key-release", kbsEndpoint)
 	testCommands := []TestCommand{
 		{
 			Command:       []string{"wget", "-q", "-O-", "http://127.0.0.1:8006/cdh/resource/default/kbsres1/key1"},

src/cloud-api-adaptor/test/e2e/docker_test.go

@@ -103,9 +103,10 @@ func TestDockerKbsKeyRelease(t *testing.T) {
 	}
 	keyBrokerService.SetSampleSecretKey()
 	keyBrokerService.EnableKbsCustomizedResourcePolicy("deny_all.rego")
+	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
 	assert := DockerAssert{}
 	t.Parallel()
-	DoTestKbsKeyReleaseForFailure(t, testEnv, assert)
+	DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint)
 	keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
-	DoTestKbsKeyRelease(t, testEnv, assert)
+	DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 }

src/cloud-api-adaptor/test/e2e/libvirt_test.go

@@ -111,21 +111,22 @@ func TestLibvirtKbsKeyRelease(t *testing.T) {
 	_ = keyBrokerService.SetSampleSecretKey()
 	_ = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
 	_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("deny_all.rego")
+	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
 	assert := LibvirtAssert{}
 	t.Parallel()
-	DoTestKbsKeyReleaseForFailure(t, testEnv, assert)
+	DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint)
 	if isTestWithKbsIBMSE() {
 		t.Log("KBS with ibmse cases")
 		// the allow_*_.rego file is created by follow document
 		// https://github.com/confidential-containers/trustee/blob/main/deps/verifier/src/se/README.md#set-attestation-policy
 		_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_wrong_image_tag.rego")
-		DoTestKbsKeyReleaseForFailure(t, testEnv, assert)
+		DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint)
 		_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_correct_claims.rego")
-		DoTestKbsKeyRelease(t, testEnv, assert)
+		DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 	} else {
 		t.Log("KBS normal cases")
 		_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
-		DoTestKbsKeyRelease(t, testEnv, assert)
+		DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 	}
 }
 

src/cloud-api-adaptor/test/provisioner/trustee_kbs.go

@@ -400,7 +400,7 @@ func (p *KeyBrokerService) GetCachedKbsEndpoint() (string, error) {
 	return "", fmt.Errorf("KeyBrokerService not found")
 }
 
-func (p *KeyBrokerService) GetKbsEndpoint(ctx context.Context, cfg *envconf.Config) (string, error) {	
+func (p *KeyBrokerService) GetKbsEndpoint(ctx context.Context, cfg *envconf.Config) (string, error) {
 	client, err := cfg.NewClient()
 	if err != nil {
 		return "", err

src/cloud-api-adaptor/test/tools/provisioner-cli/main.go

@@ -108,7 +108,7 @@ func main() {
 			if err != nil {
 				log.Fatal(err)
 			}
-			
+
 			log.Infof("keyBrokerService: %s", kbsEndpoint)
 
 			props = provisioner.GetProperties(context.TODO(), cfg)

src/cloud-providers/util/cloudinit/cloudconfig.go

@@ -12,7 +12,7 @@ import (
 )
 
 const (
-	DefaultAuthfileLimit   = 12288 // TODO: use a whole userdata limit mechanism instead of limiting authfile
+	DefaultAuthfileLimit = 12288 // TODO: use a whole userdata limit mechanism instead of limiting authfile
 )
 
 // https://cloudinit.readthedocs.io/en/latest/topics/format.html#cloud-config-data