initdata: refactor key release test case

Fixes: confidential-containers#1985 Signed-off-by: Qi Feng Huo <huoqif@cn.ibm.com>
huoqifeng · Aug 15, 2024 · e7b28c8 · e7b28c8
1 parent e309edd
commit e7b28c8
Show file tree

Hide file tree

Showing 11 changed files with 29 additions and 30 deletions.
diff --git a/src/cloud-api-adaptor/cmd/cloud-api-adaptor/main.go b/src/cloud-api-adaptor/cmd/cloud-api-adaptor/main.go
@@ -24,7 +24,7 @@ import (
 )
 
 const (
-	programName           = "cloud-api-adaptor"
+	programName = "cloud-api-adaptor"
 )
 
 type daemonConfig struct {

diff --git a/src/cloud-api-adaptor/test/e2e/azure_test.go b/src/cloud-api-adaptor/test/e2e/azure_test.go
@@ -129,7 +129,8 @@ func TestKbsKeyRelease(t *testing.T) {
 		t.Skip("Skipping kbs related test as kbs is not deployed")
 	}
 	t.Parallel()
-	DoTestKbsKeyRelease(t, testEnv, assert)
+	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+	DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 }
 
 func TestRemoteAttestation(t *testing.T) {
@@ -145,5 +146,6 @@ func TestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T) {
 		t.Skip("Skipping kbs related test as Trustee Operator is not deployed")
 	}
 	t.Parallel()
-	DoTestTrusteeOperatorKeyReleaseForSpecificKey(t, testEnv, assert)
+	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
+	DoTestTrusteeOperatorKeyReleaseForSpecificKey(t, testEnv, assert, kbsEndpoint)
 }
diff --git a/src/cloud-api-adaptor/test/e2e/common.go b/src/cloud-api-adaptor/test/e2e/common.go
@@ -274,11 +274,7 @@ func NewBusyboxPodWithName(namespace, podName string) *corev1.Pod {
 	return NewPod(namespace, podName, "busybox", BUSYBOX_IMAGE, WithCommand([]string{"/bin/sh", "-c", "sleep 3600"}))
 }
 
-func NewBusyboxPodWithNameWithInitdata(namespace, podName string) *corev1.Pod {
-	kbsEndpoint, err := keyBrokerService.GetCachedKbsEndpoint()
-	if err != nil {
-		log.Fatal(err)
-	}
+func NewBusyboxPodWithNameWithInitdata(namespace, podName string, kbsEndpoint string) *corev1.Pod {
 	initdata := fmt.Sprintf(testInitdata, kbsEndpoint, kbsEndpoint, kbsEndpoint)
 	b64Data := b64.StdEncoding.EncodeToString([]byte(initdata))
 	annotationData := map[string]string{

diff --git a/src/cloud-api-adaptor/test/e2e/common_suite.go b/src/cloud-api-adaptor/test/e2e/common_suite.go
@@ -576,9 +576,9 @@ func DoTestPodsMTLSCommunication(t *testing.T, e env.Environment, assert CloudAs
 
 // DoTestKbsKeyRelease and DoTestKbsKeyReleaseForFailure should be run in a single test case if you're chaining opa in kbs
 // as test cases might be run in parallel
-func DoTestKbsKeyRelease(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestKbsKeyRelease(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
 	t.Log("Do test kbs key release")
-	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-key-release")
+	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-key-release", kbsEndpoint)
 	testCommands := []TestCommand{
 		{
 			Command:       []string{"wget", "-q", "-O-", "http://127.0.0.1:8006/cdh/resource/reponame/workload_key/key.bin"},
@@ -600,9 +600,9 @@ func DoTestKbsKeyRelease(t *testing.T, e env.Environment, assert CloudAssert) {
 
 // DoTestKbsKeyRelease and DoTestKbsKeyReleaseForFailure should be run in a single test case if you're chaining opa in kbs
 // as test cases might be run in parallel
-func DoTestKbsKeyReleaseForFailure(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestKbsKeyReleaseForFailure(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
 	t.Log("Do test kbs key release failure case")
-	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-failure")
+	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "kbs-failure", kbsEndpoint)
 	testCommands := []TestCommand{
 		{
 			Command:       []string{"wget", "-q", "-O-", "http://127.0.0.1:8006/cdh/resource/reponame/workload_key/key.bin"},
@@ -631,9 +631,9 @@ func DoTestKbsKeyReleaseForFailure(t *testing.T, e env.Environment, assert Cloud
 }
 
 // Test to check for specific key value from Trustee Operator Deployment
-func DoTestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T, e env.Environment, assert CloudAssert) {
+func DoTestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) {
 	t.Log("Do test Trustee operator key release for specific key")
-	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "op-key-release")
+	pod := NewBusyboxPodWithNameWithInitdata(E2eNamespace, "op-key-release", kbsEndpoint)
 	testCommands := []TestCommand{
 		{
 			Command:       []string{"wget", "-q", "-O-", "http://127.0.0.1:8006/cdh/resource/default/kbsres1/key1"},

diff --git a/src/cloud-api-adaptor/test/e2e/docker_test.go b/src/cloud-api-adaptor/test/e2e/docker_test.go
@@ -103,9 +103,10 @@ func TestDockerKbsKeyRelease(t *testing.T) {
 	}
 	keyBrokerService.SetSampleSecretKey()
 	keyBrokerService.EnableKbsCustomizedResourcePolicy("deny_all.rego")
+	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
 	assert := DockerAssert{}
 	t.Parallel()
-	DoTestKbsKeyReleaseForFailure(t, testEnv, assert)
+	DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint)
 	keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
-	DoTestKbsKeyRelease(t, testEnv, assert)
+	DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 }
diff --git a/src/cloud-api-adaptor/test/e2e/libvirt_test.go b/src/cloud-api-adaptor/test/e2e/libvirt_test.go
@@ -111,21 +111,22 @@ func TestLibvirtKbsKeyRelease(t *testing.T) {
 	_ = keyBrokerService.SetSampleSecretKey()
 	_ = keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego")
 	_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("deny_all.rego")
+	kbsEndpoint, _ := keyBrokerService.GetCachedKbsEndpoint()
 	assert := LibvirtAssert{}
 	t.Parallel()
-	DoTestKbsKeyReleaseForFailure(t, testEnv, assert)
+	DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint)
 	if isTestWithKbsIBMSE() {
 		t.Log("KBS with ibmse cases")
 		// the allow_*_.rego file is created by follow document
 		// https://github.com/confidential-containers/trustee/blob/main/deps/verifier/src/se/README.md#set-attestation-policy
 		_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_wrong_image_tag.rego")
-		DoTestKbsKeyReleaseForFailure(t, testEnv, assert)
+		DoTestKbsKeyReleaseForFailure(t, testEnv, assert, kbsEndpoint)
 		_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_with_correct_claims.rego")
-		DoTestKbsKeyRelease(t, testEnv, assert)
+		DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 	} else {
 		t.Log("KBS normal cases")
 		_ = keyBrokerService.EnableKbsCustomizedAttestationPolicy("allow_all.rego")
-		DoTestKbsKeyRelease(t, testEnv, assert)
+		DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint)
 	}
 }
 

diff --git a/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go b/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go
@@ -320,12 +320,12 @@ func (lio *LibvirtInstallOverlay) Edit(ctx context.Context, cfg *envconf.Config,
 
 	// Mapping the internal properties to ConfigMapGenerator properties and their default values.
 	mapProps := map[string][2]string{
-		"network":       {"default", "LIBVIRT_NET"},
-		"storage":       {"default", "LIBVIRT_POOL"},
-		"pause_image":   {"", "PAUSE_IMAGE"},
-		"podvm_volume":  {"", "LIBVIRT_VOL_NAME"},
-		"uri":           {"qemu+ssh://root@192.168.122.1/system?no_verify=1", "LIBVIRT_URI"},
-		"vxlan_port":    {"", "VXLAN_PORT"},
+		"network":      {"default", "LIBVIRT_NET"},
+		"storage":      {"default", "LIBVIRT_POOL"},
+		"pause_image":  {"", "PAUSE_IMAGE"},
+		"podvm_volume": {"", "LIBVIRT_VOL_NAME"},
+		"uri":          {"qemu+ssh://root@192.168.122.1/system?no_verify=1", "LIBVIRT_URI"},
+		"vxlan_port":   {"", "VXLAN_PORT"},
 	}
 
 	for k, v := range mapProps {

diff --git a/src/cloud-api-adaptor/test/provisioner/trustee_kbs.go b/src/cloud-api-adaptor/test/provisioner/trustee_kbs.go
@@ -400,7 +400,7 @@ func (p *KeyBrokerService) GetCachedKbsEndpoint() (string, error) {
 	return "", fmt.Errorf("KeyBrokerService not found")
 }
 
-func (p *KeyBrokerService) GetKbsEndpoint(ctx context.Context, cfg *envconf.Config) (string, error) {	
+func (p *KeyBrokerService) GetKbsEndpoint(ctx context.Context, cfg *envconf.Config) (string, error) {
 	client, err := cfg.NewClient()
 	if err != nil {
 		return "", err

diff --git a/src/cloud-api-adaptor/test/tools/provisioner-cli/main.go b/src/cloud-api-adaptor/test/tools/provisioner-cli/main.go
@@ -108,7 +108,7 @@ func main() {
 			if err != nil {
 				log.Fatal(err)
 			}
-			
+
 			log.Infof("keyBrokerService: %s", kbsEndpoint)
 
 			props = provisioner.GetProperties(context.TODO(), cfg)

diff --git a/src/cloud-providers/util/cloudinit/cloudconfig.go b/src/cloud-providers/util/cloudinit/cloudconfig.go
@@ -12,7 +12,7 @@ import (
 )
 
 const (
-	DefaultAuthfileLimit   = 12288 // TODO: use a whole userdata limit mechanism instead of limiting authfile
+	DefaultAuthfileLimit = 12288 // TODO: use a whole userdata limit mechanism instead of limiting authfile
 )
 
 // https://cloudinit.readthedocs.io/en/latest/topics/format.html#cloud-config-data

diff --git a/src/cloud-providers/util/cloudinit/cloudconfig_test.go b/src/cloud-providers/util/cloudinit/cloudconfig_test.go
@@ -136,4 +136,3 @@ func TestUserDataWithDaemonAndAuth(t *testing.T) {
 	}
 
 }
-
-Original file line number
+Diff line change
@@ Expand Up / @@ -24,7 +24,7 @@ import ( @@
     )
     const (
-    	programName           = "cloud-api-adaptor"
+    	programName = "cloud-api-adaptor"
     )
     type daemonConfig struct {
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
Expand Up		@@ -136,4 +136,3 @@ func TestUserDataWithDaemonAndAuth(t *testing.T) {
		}

		}