diff --git a/src/cloud-api-adaptor/test/e2e/azure_test.go b/src/cloud-api-adaptor/test/e2e/azure_test.go index bd0384639..930300576 100644 --- a/src/cloud-api-adaptor/test/e2e/azure_test.go +++ b/src/cloud-api-adaptor/test/e2e/azure_test.go @@ -7,6 +7,7 @@ package e2e import ( "bytes" + "os" "strings" "testing" @@ -135,10 +136,15 @@ func TestKbsKeyRelease(t *testing.T) { func TestRemoteAttestation(t *testing.T) { t.Parallel() - if !isTestWithKbs() { - t.Skip("Skipping kbs related test as kbs is not deployed") + var kbsEndpoint string + if ep := os.Getenv("KBS_ENDPOINT"); ep != "" { + kbsEndpoint = ep + } else if keyBrokerService == nil { + t.Skip("Skipping because KBS config is missing") + } else { + kbsEndpoint, _ = keyBrokerService.GetCachedKbsEndpoint() } - DoTestRemoteAttestation(t, testEnv, assert) + DoTestRemoteAttestation(t, testEnv, assert, kbsEndpoint) } func TestTrusteeOperatorKeyReleaseForSpecificKey(t *testing.T) { diff --git a/src/cloud-api-adaptor/test/e2e/common.go b/src/cloud-api-adaptor/test/e2e/common.go index 10d61d419..d9556937a 100644 --- a/src/cloud-api-adaptor/test/e2e/common.go +++ b/src/cloud-api-adaptor/test/e2e/common.go @@ -152,6 +152,20 @@ func WithCommand(command []string) PodOption { } } +type JobOption func(*batchv1.Job) + +func WithJobCommand(command []string) JobOption { + return func(j *batchv1.Job) { + j.Spec.Template.Spec.Containers[0].Command = command + } +} + +func WithJobAnnotations(data map[string]string) JobOption { + return func(j *batchv1.Job) { + j.Spec.Template.ObjectMeta.Annotations = data + } +} + func WithEnvironmentalVariables(envVar []corev1.EnvVar) PodOption { return func(p *corev1.Pod) { p.Spec.Containers[0].Env = envVar @@ -310,13 +324,12 @@ func NewSecret(namespace, name string, data map[string][]byte, secretType corev1 } // NewJob returns a new job -func NewJob(namespace, name string, backoffLimit int32, image string, command ...string) *batchv1.Job { - if len(command) == 0 { - command = []string{"/bin/sh", "-c", "echo 'scale=5; 4*a(1)' | bc -l"} - } +func NewJob(namespace, name string, backoffLimit int32, image string, options ...JobOption) *batchv1.Job { + command := []string{"/bin/sh", "-c", "echo 'scale=5; 4*a(1)' | bc -l"} + runtimeClassName := "kata-remote" TerminateGracePeriod := int64(0) - return &batchv1.Job{ + job := batchv1.Job{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: namespace, @@ -338,6 +351,12 @@ func NewJob(namespace, name string, backoffLimit int32, image string, command .. BackoffLimit: &backoffLimit, }, } + + for _, option := range options { + option(&job) + } + + return &job } // NewPVC returns a new pvc object. diff --git a/src/cloud-api-adaptor/test/e2e/remote_attestation.go b/src/cloud-api-adaptor/test/e2e/remote_attestation.go index 89ae93e5e..ca501bc4c 100644 --- a/src/cloud-api-adaptor/test/e2e/remote_attestation.go +++ b/src/cloud-api-adaptor/test/e2e/remote_attestation.go @@ -1,16 +1,24 @@ package e2e import ( + b64 "encoding/base64" + "fmt" "testing" "sigs.k8s.io/e2e-framework/pkg/env" ) // the test will retrieve a kbs token to verify a successful remote attestation -func DoTestRemoteAttestation(t *testing.T, e env.Environment, assert CloudAssert) { +func DoTestRemoteAttestation(t *testing.T, e env.Environment, assert CloudAssert, kbsEndpoint string) { name := "remote-attestation" image := "quay.io/curl/curl:latest" // fail on non 200 code, silent, but output on failure - job := NewJob(E2eNamespace, name, 0, image, "curl", "-f", "-s", "-S", "-o", "/dev/null", "http://127.0.0.1:8006/aa/token?token_type=kbs") + cmd := []string{"curl", "-f", "-s", "-S", "-o", "/dev/null", "http://127.0.0.1:8006/aa/token?token_type=kbs"} + initdata := fmt.Sprintf(testInitdata, kbsEndpoint, kbsEndpoint, kbsEndpoint) + b64Data := b64.StdEncoding.EncodeToString([]byte(initdata)) + annotations := map[string]string{ + "io.katacontainers.config.runtime.cc_init_data": b64Data, + } + job := NewJob(E2eNamespace, name, 0, image, WithJobCommand(cmd), WithJobAnnotations(annotations)) NewTestCase(t, e, "RemoteAttestation", assert, "Received KBS token").WithJob(job).Run() }