2022-10-21 06:01:28 -04:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
|
|
|
package helm
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
2022-10-31 14:25:02 -04:00
|
|
|
"fmt"
|
|
|
|
"io/fs"
|
|
|
|
"os"
|
|
|
|
"path"
|
2022-10-21 06:01:28 -04:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/deploy/helm"
|
2022-10-31 14:25:02 -04:00
|
|
|
"github.com/pkg/errors"
|
2022-10-21 06:01:28 -04:00
|
|
|
"github.com/stretchr/testify/assert"
|
2022-10-31 14:25:02 -04:00
|
|
|
"github.com/stretchr/testify/require"
|
2022-10-21 06:01:28 -04:00
|
|
|
"helm.sh/helm/v3/pkg/chart/loader"
|
2022-10-31 14:25:02 -04:00
|
|
|
"helm.sh/helm/v3/pkg/chartutil"
|
|
|
|
"helm.sh/helm/v3/pkg/engine"
|
2022-10-21 06:01:28 -04:00
|
|
|
)
|
|
|
|
|
2022-10-31 14:25:02 -04:00
|
|
|
// TestLoad checks if the serialized format that Load returns correctly preserves the dependencies of the loaded chart.
|
2022-10-21 06:01:28 -04:00
|
|
|
func TestLoad(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
2022-10-31 14:25:02 -04:00
|
|
|
require := require.New(t)
|
2022-10-21 06:01:28 -04:00
|
|
|
|
|
|
|
chartLoader := ChartLoader{}
|
2022-10-31 14:25:02 -04:00
|
|
|
release, err := chartLoader.Load(cloudprovider.GCP, true, []byte("secret"), []byte("salt"), nil, false)
|
|
|
|
require.NoError(err)
|
2022-10-21 06:01:28 -04:00
|
|
|
|
|
|
|
var helmReleases helm.Releases
|
|
|
|
err = json.Unmarshal(release, &helmReleases)
|
2022-10-31 14:25:02 -04:00
|
|
|
require.NoError(err)
|
2022-10-21 06:01:28 -04:00
|
|
|
reader := bytes.NewReader(helmReleases.ConstellationServices.Chart)
|
|
|
|
chart, err := loader.LoadArchive(reader)
|
2022-10-31 14:25:02 -04:00
|
|
|
require.NoError(err)
|
2022-10-21 06:01:28 -04:00
|
|
|
assert.NotNil(chart.Dependencies())
|
|
|
|
}
|
2022-10-31 14:25:02 -04:00
|
|
|
|
|
|
|
// TestTemplate checks if the rendered constellation-services chart produces the expected yaml files.
|
|
|
|
func TestTemplate(t *testing.T) {
|
|
|
|
testCases := map[string]struct {
|
|
|
|
csp cloudprovider.Provider
|
|
|
|
enforceIDKeyDigest bool
|
|
|
|
valuesModifier func(map[string]any) error
|
|
|
|
ccmImage string
|
2022-11-02 12:47:10 -04:00
|
|
|
cnmImage string
|
2022-10-31 14:25:02 -04:00
|
|
|
}{
|
|
|
|
"GCP": {
|
|
|
|
csp: cloudprovider.GCP,
|
|
|
|
enforceIDKeyDigest: false,
|
|
|
|
valuesModifier: prepareGCPValues,
|
|
|
|
ccmImage: "ccmImageForGCP",
|
|
|
|
},
|
|
|
|
"Azure": {
|
|
|
|
csp: cloudprovider.Azure,
|
|
|
|
enforceIDKeyDigest: true,
|
|
|
|
valuesModifier: prepareAzureValues,
|
|
|
|
ccmImage: "ccmImageForAzure",
|
2022-11-02 12:47:10 -04:00
|
|
|
cnmImage: "cnmImageForAzure",
|
2022-10-31 14:25:02 -04:00
|
|
|
},
|
|
|
|
"QEMU": {
|
|
|
|
csp: cloudprovider.QEMU,
|
|
|
|
enforceIDKeyDigest: false,
|
|
|
|
valuesModifier: prepareQEMUValues,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
require := require.New(t)
|
|
|
|
|
2022-11-03 11:42:19 -04:00
|
|
|
chartLoader := ChartLoader{joinServiceImage: "joinServiceImage", kmsImage: "kmsImage", ccmImage: tc.ccmImage, cnmImage: tc.cnmImage, autoscalerImage: "autoscalerImage"}
|
2022-10-31 14:25:02 -04:00
|
|
|
release, err := chartLoader.Load(tc.csp, true, []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), []byte("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"), []uint32{1, 11}, tc.enforceIDKeyDigest)
|
|
|
|
require.NoError(err)
|
|
|
|
|
|
|
|
var helmReleases helm.Releases
|
|
|
|
err = json.Unmarshal(release, &helmReleases)
|
|
|
|
require.NoError(err)
|
|
|
|
reader := bytes.NewReader(helmReleases.ConstellationServices.Chart)
|
|
|
|
chart, err := loader.LoadArchive(reader)
|
|
|
|
require.NoError(err)
|
|
|
|
|
|
|
|
options := chartutil.ReleaseOptions{
|
|
|
|
Name: "testRelease",
|
|
|
|
Namespace: "testNamespace",
|
|
|
|
Revision: 1,
|
|
|
|
IsInstall: true,
|
|
|
|
IsUpgrade: false,
|
|
|
|
}
|
|
|
|
caps := &chartutil.Capabilities{}
|
|
|
|
|
|
|
|
err = tc.valuesModifier(helmReleases.ConstellationServices.Values)
|
|
|
|
require.NoError(err)
|
|
|
|
|
2022-11-02 12:47:10 -04:00
|
|
|
// This step is needed to enabled/disable subcharts according to their tags/conditions.
|
|
|
|
err = chartutil.ProcessDependencies(chart, helmReleases.ConstellationServices.Values)
|
|
|
|
require.NoError(err)
|
|
|
|
|
2022-10-31 14:25:02 -04:00
|
|
|
valuesToRender, err := chartutil.ToRenderValues(chart, helmReleases.ConstellationServices.Values, options, caps)
|
|
|
|
require.NoError(err)
|
2022-11-02 12:47:10 -04:00
|
|
|
|
2022-10-31 14:25:02 -04:00
|
|
|
result, err := engine.Render(chart, valuesToRender)
|
|
|
|
require.NoError(err)
|
|
|
|
for k, v := range result {
|
|
|
|
currentFile := path.Join("testdata", tc.csp.String(), k)
|
|
|
|
content, err := os.ReadFile(currentFile)
|
|
|
|
|
|
|
|
// If a file does not exist, we expect the render for that path to be empty.
|
|
|
|
if errors.Is(err, fs.ErrNotExist) {
|
|
|
|
assert.YAMLEq("", v, fmt.Sprintf("current file: %s", currentFile))
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
assert.NoError(err)
|
|
|
|
assert.YAMLEq(string(content), v, fmt.Sprintf("current file: %s", currentFile))
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func prepareGCPValues(values map[string]any) error {
|
|
|
|
joinVals, ok := values["join-service"].(map[string]any)
|
|
|
|
if !ok {
|
|
|
|
return errors.New("missing 'join-service' key")
|
|
|
|
}
|
|
|
|
joinVals["measurements"] = "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}"
|
|
|
|
joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
|
|
|
|
|
|
|
|
ccmVals, ok := values["ccm"].(map[string]any)
|
|
|
|
if !ok {
|
|
|
|
return errors.New("missing 'ccm' key")
|
|
|
|
}
|
2022-11-02 08:06:07 -04:00
|
|
|
ccmVals["GCP"].(map[string]any)["subnetworkPodCIDR"] = "192.0.2.0/24"
|
2022-10-31 14:25:02 -04:00
|
|
|
ccmVals["GCP"].(map[string]any)["projectID"] = "42424242424242"
|
|
|
|
ccmVals["GCP"].(map[string]any)["uid"] = "242424242424"
|
|
|
|
ccmVals["GCP"].(map[string]any)["secretData"] = "baaaaaad"
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func prepareAzureValues(values map[string]any) error {
|
|
|
|
joinVals, ok := values["join-service"].(map[string]any)
|
|
|
|
if !ok {
|
|
|
|
return errors.New("missing 'join-service' key")
|
|
|
|
}
|
|
|
|
joinVals["idkeydigest"] = "baaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaadbaaaaaad"
|
|
|
|
joinVals["measurements"] = "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}"
|
|
|
|
joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
|
|
|
|
|
|
|
|
ccmVals, ok := values["ccm"].(map[string]any)
|
|
|
|
if !ok {
|
|
|
|
return errors.New("missing 'ccm' key")
|
|
|
|
}
|
2022-11-02 08:06:07 -04:00
|
|
|
ccmVals["Azure"].(map[string]any)["subnetworkPodCIDR"] = "192.0.2.0/24"
|
2022-10-31 14:25:02 -04:00
|
|
|
ccmVals["Azure"].(map[string]any)["azureConfig"] = "baaaaaad"
|
|
|
|
|
2022-11-03 11:42:19 -04:00
|
|
|
autoscalerVals, ok := values["autoscaler"].(map[string]any)
|
|
|
|
if !ok {
|
|
|
|
return errors.New("missing 'autoscaler' key")
|
|
|
|
}
|
|
|
|
autoscalerVals["Azure"] = map[string]any{
|
|
|
|
"clientID": "AppClientID",
|
|
|
|
"clientSecret": "ClientSecretValue",
|
|
|
|
"resourceGroup": "resourceGroup",
|
|
|
|
"subscriptionID": "subscriptionID",
|
|
|
|
"tenantID": "TenantID",
|
|
|
|
}
|
2022-10-31 14:25:02 -04:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func prepareQEMUValues(values map[string]any) error {
|
|
|
|
joinVals, ok := values["join-service"].(map[string]any)
|
|
|
|
if !ok {
|
|
|
|
return errors.New("missing 'join-service' key")
|
|
|
|
}
|
|
|
|
joinVals["measurements"] = "{'1':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA','15':'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='}"
|
|
|
|
joinVals["measurementSalt"] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|