2023-03-24 06:51:18 -04:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
|
|
|
package cmd
|
|
|
|
|
|
|
|
import (
|
2023-10-16 09:05:29 -04:00
|
|
|
"bytes"
|
2023-03-24 06:51:18 -04:00
|
|
|
"context"
|
2023-07-27 10:14:36 -04:00
|
|
|
"fmt"
|
2023-03-24 06:51:18 -04:00
|
|
|
"testing"
|
|
|
|
|
2023-08-21 10:15:32 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
|
2023-07-07 11:02:01 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
|
2023-10-16 09:05:29 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
|
2023-08-21 10:15:32 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/config"
|
2023-10-16 09:05:29 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/constants"
|
2023-12-05 10:23:31 -05:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/constellation/kubecmd"
|
2023-10-16 09:05:29 -04:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/file"
|
2023-03-24 06:51:18 -04:00
|
|
|
updatev1alpha1 "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1"
|
2023-10-16 09:05:29 -04:00
|
|
|
"github.com/spf13/afero"
|
2023-03-24 06:51:18 -04:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
corev1 "k8s.io/api/core/v1"
|
|
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
|
|
)
|
|
|
|
|
2023-07-27 10:14:36 -04:00
|
|
|
const successOutput = targetVersions + versionsOutput + nodesUpToDateOutput + attestationConfigOutput
|
2023-03-24 06:51:18 -04:00
|
|
|
|
2023-07-27 10:14:36 -04:00
|
|
|
const inProgressOutput = targetVersions + versionsOutput + nodesInProgressOutput + attestationConfigOutput
|
|
|
|
|
|
|
|
const targetVersions = `Target versions:
|
2023-03-24 06:51:18 -04:00
|
|
|
Image: v1.1.0
|
|
|
|
Kubernetes: v1.2.3
|
2023-07-27 10:14:36 -04:00
|
|
|
`
|
|
|
|
|
|
|
|
const nodesUpToDateOutput = `Cluster status: Node version of every node is up to date
|
|
|
|
`
|
|
|
|
|
|
|
|
const nodesInProgressOutput = `Cluster status: Some node versions are out of date
|
|
|
|
Image: 1/2
|
|
|
|
Kubernetes: 1/2
|
|
|
|
`
|
|
|
|
|
|
|
|
const versionsOutput = `Service versions:
|
2023-03-24 06:51:18 -04:00
|
|
|
Cilium: v1.0.0
|
|
|
|
cert-manager: v1.0.0
|
|
|
|
constellation-operators: v1.1.0
|
|
|
|
constellation-services: v1.1.0
|
2023-07-27 10:14:36 -04:00
|
|
|
`
|
2023-07-07 11:02:01 -04:00
|
|
|
|
|
|
|
const attestationConfigOutput = `Attestation config:
|
|
|
|
measurements:
|
|
|
|
15:
|
|
|
|
expected: "0000000000000000000000000000000000000000000000000000000000000000"
|
|
|
|
warnOnly: false
|
2023-03-24 06:51:18 -04:00
|
|
|
`
|
|
|
|
|
|
|
|
// TestStatus checks that the status function produces the correct strings.
|
|
|
|
func TestStatus(t *testing.T) {
|
2023-08-21 10:15:32 -04:00
|
|
|
mustParseNodeVersion := func(nV updatev1alpha1.NodeVersion) kubecmd.NodeVersion {
|
|
|
|
nodeVersion, err := kubecmd.NewNodeVersion(nV)
|
|
|
|
require.NoError(t, err)
|
|
|
|
return nodeVersion
|
|
|
|
}
|
|
|
|
|
2023-03-24 06:51:18 -04:00
|
|
|
testCases := map[string]struct {
|
|
|
|
kubeClient stubKubeClient
|
|
|
|
expectedOutput string
|
|
|
|
wantErr bool
|
|
|
|
}{
|
|
|
|
"success": {
|
|
|
|
kubeClient: stubKubeClient{
|
2023-08-21 10:15:32 -04:00
|
|
|
status: map[string]kubecmd.NodeStatus{
|
|
|
|
"outdated": kubecmd.NewNodeStatus(corev1.Node{
|
2023-03-24 06:51:18 -04:00
|
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
|
|
Name: "node1",
|
|
|
|
Annotations: map[string]string{
|
|
|
|
"constellation.edgeless.systems/node-image": "v1.1.0",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Status: corev1.NodeStatus{
|
|
|
|
NodeInfo: corev1.NodeSystemInfo{
|
|
|
|
KubeletVersion: "v1.2.3",
|
|
|
|
},
|
|
|
|
},
|
2023-08-21 10:15:32 -04:00
|
|
|
}),
|
2023-03-24 06:51:18 -04:00
|
|
|
},
|
2023-08-21 10:15:32 -04:00
|
|
|
version: mustParseNodeVersion(updatev1alpha1.NodeVersion{
|
|
|
|
Spec: updatev1alpha1.NodeVersionSpec{
|
|
|
|
ImageVersion: "v1.1.0",
|
|
|
|
ImageReference: "v1.1.0",
|
|
|
|
KubernetesClusterVersion: "v1.2.3",
|
|
|
|
},
|
|
|
|
Status: updatev1alpha1.NodeVersionStatus{
|
|
|
|
Conditions: []metav1.Condition{
|
|
|
|
{
|
|
|
|
Message: "Node version of every node is up to date",
|
|
|
|
},
|
2023-03-24 06:51:18 -04:00
|
|
|
},
|
|
|
|
},
|
2023-08-21 10:15:32 -04:00
|
|
|
}),
|
|
|
|
attestation: &config.QEMUVTPM{
|
|
|
|
Measurements: measurements.M{
|
|
|
|
15: measurements.WithAllBytes(0, measurements.Enforce, measurements.PCRMeasurementLength),
|
|
|
|
},
|
2023-03-24 06:51:18 -04:00
|
|
|
},
|
|
|
|
},
|
|
|
|
expectedOutput: successOutput,
|
|
|
|
},
|
|
|
|
"one of two nodes not upgraded": {
|
|
|
|
kubeClient: stubKubeClient{
|
2023-08-21 10:15:32 -04:00
|
|
|
status: map[string]kubecmd.NodeStatus{
|
|
|
|
"outdated": kubecmd.NewNodeStatus(corev1.Node{
|
2023-03-24 06:51:18 -04:00
|
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
|
|
Name: "outdated",
|
|
|
|
Annotations: map[string]string{
|
|
|
|
"constellation.edgeless.systems/node-image": "v1.0.0",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Status: corev1.NodeStatus{
|
|
|
|
NodeInfo: corev1.NodeSystemInfo{
|
|
|
|
KubeletVersion: "v1.2.2",
|
|
|
|
},
|
|
|
|
},
|
2023-08-21 10:15:32 -04:00
|
|
|
}),
|
|
|
|
"uptodate": kubecmd.NewNodeStatus(corev1.Node{
|
2023-03-24 06:51:18 -04:00
|
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
|
|
Name: "uptodate",
|
|
|
|
Annotations: map[string]string{
|
|
|
|
"constellation.edgeless.systems/node-image": "v1.1.0",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Status: corev1.NodeStatus{
|
|
|
|
NodeInfo: corev1.NodeSystemInfo{
|
|
|
|
KubeletVersion: "v1.2.3",
|
|
|
|
},
|
|
|
|
},
|
2023-08-21 10:15:32 -04:00
|
|
|
}),
|
|
|
|
},
|
|
|
|
version: mustParseNodeVersion(updatev1alpha1.NodeVersion{
|
|
|
|
Spec: updatev1alpha1.NodeVersionSpec{
|
|
|
|
ImageVersion: "v1.1.0",
|
|
|
|
ImageReference: "v1.1.0",
|
|
|
|
KubernetesClusterVersion: "v1.2.3",
|
|
|
|
},
|
|
|
|
Status: updatev1alpha1.NodeVersionStatus{
|
|
|
|
Conditions: []metav1.Condition{
|
|
|
|
{
|
|
|
|
Message: "Some node versions are out of date",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}),
|
|
|
|
attestation: &config.QEMUVTPM{
|
|
|
|
Measurements: measurements.M{
|
|
|
|
15: measurements.WithAllBytes(0, measurements.Enforce, measurements.PCRMeasurementLength),
|
2023-03-24 06:51:18 -04:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2023-08-21 10:15:32 -04:00
|
|
|
expectedOutput: inProgressOutput,
|
|
|
|
},
|
|
|
|
"error getting node status": {
|
|
|
|
kubeClient: stubKubeClient{
|
|
|
|
statusErr: assert.AnError,
|
|
|
|
version: mustParseNodeVersion(updatev1alpha1.NodeVersion{
|
|
|
|
Spec: updatev1alpha1.NodeVersionSpec{
|
|
|
|
ImageVersion: "v1.1.0",
|
|
|
|
ImageReference: "v1.1.0",
|
|
|
|
KubernetesClusterVersion: "v1.2.3",
|
|
|
|
},
|
|
|
|
Status: updatev1alpha1.NodeVersionStatus{
|
|
|
|
Conditions: []metav1.Condition{
|
|
|
|
{
|
|
|
|
Message: "Node version of every node is up to date",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}),
|
|
|
|
attestation: &config.QEMUVTPM{
|
|
|
|
Measurements: measurements.M{
|
|
|
|
15: measurements.WithAllBytes(0, measurements.Enforce, measurements.PCRMeasurementLength),
|
|
|
|
},
|
2023-03-24 06:51:18 -04:00
|
|
|
},
|
2023-08-21 10:15:32 -04:00
|
|
|
},
|
|
|
|
expectedOutput: successOutput,
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
"error getting node version": {
|
|
|
|
kubeClient: stubKubeClient{
|
|
|
|
status: map[string]kubecmd.NodeStatus{
|
|
|
|
"outdated": kubecmd.NewNodeStatus(corev1.Node{
|
|
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
|
|
Name: "node1",
|
|
|
|
Annotations: map[string]string{
|
|
|
|
"constellation.edgeless.systems/node-image": "v1.1.0",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Status: corev1.NodeStatus{
|
|
|
|
NodeInfo: corev1.NodeSystemInfo{
|
|
|
|
KubeletVersion: "v1.2.3",
|
|
|
|
},
|
2023-03-24 06:51:18 -04:00
|
|
|
},
|
2023-08-21 10:15:32 -04:00
|
|
|
}),
|
|
|
|
},
|
|
|
|
versionErr: assert.AnError,
|
|
|
|
attestation: &config.QEMUVTPM{
|
|
|
|
Measurements: measurements.M{
|
|
|
|
15: measurements.WithAllBytes(0, measurements.Enforce, measurements.PCRMeasurementLength),
|
2023-03-24 06:51:18 -04:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2023-08-21 10:15:32 -04:00
|
|
|
expectedOutput: successOutput,
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
"error getting attestation config": {
|
|
|
|
kubeClient: stubKubeClient{
|
|
|
|
status: map[string]kubecmd.NodeStatus{
|
|
|
|
"outdated": kubecmd.NewNodeStatus(corev1.Node{
|
|
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
|
|
Name: "node1",
|
|
|
|
Annotations: map[string]string{
|
|
|
|
"constellation.edgeless.systems/node-image": "v1.1.0",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Status: corev1.NodeStatus{
|
|
|
|
NodeInfo: corev1.NodeSystemInfo{
|
|
|
|
KubeletVersion: "v1.2.3",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}),
|
|
|
|
},
|
|
|
|
version: mustParseNodeVersion(updatev1alpha1.NodeVersion{
|
|
|
|
Spec: updatev1alpha1.NodeVersionSpec{
|
|
|
|
ImageVersion: "v1.1.0",
|
|
|
|
ImageReference: "v1.1.0",
|
|
|
|
KubernetesClusterVersion: "v1.2.3",
|
|
|
|
},
|
|
|
|
Status: updatev1alpha1.NodeVersionStatus{
|
|
|
|
Conditions: []metav1.Condition{
|
|
|
|
{
|
|
|
|
Message: "Node version of every node is up to date",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}),
|
|
|
|
attestationErr: assert.AnError,
|
|
|
|
},
|
|
|
|
expectedOutput: successOutput,
|
|
|
|
wantErr: true,
|
2023-03-24 06:51:18 -04:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
require := require.New(t)
|
|
|
|
assert := assert.New(t)
|
|
|
|
|
2023-10-16 09:05:29 -04:00
|
|
|
cmd := NewStatusCmd()
|
|
|
|
var out bytes.Buffer
|
|
|
|
cmd.SetOut(&out)
|
|
|
|
var errOut bytes.Buffer
|
|
|
|
cmd.SetErr(&errOut)
|
|
|
|
|
|
|
|
fileHandler := file.NewHandler(afero.NewMemMapFs())
|
2023-11-22 02:31:37 -05:00
|
|
|
cfg, err := createConfigWithAttestationVariant(cloudprovider.Azure, "", variant.AzureSEVSNP{})
|
2023-10-16 09:05:29 -04:00
|
|
|
require.NoError(err)
|
2023-11-22 02:31:37 -05:00
|
|
|
modifyConfigForAzureToPassValidate(cfg)
|
2023-10-16 09:05:29 -04:00
|
|
|
require.NoError(fileHandler.WriteYAML(constants.ConfigFilename, cfg))
|
|
|
|
s := statusCmd{fileHandler: fileHandler}
|
|
|
|
|
|
|
|
err = s.status(
|
|
|
|
cmd,
|
2023-07-27 10:14:36 -04:00
|
|
|
stubGetVersions(versionsOutput),
|
2023-08-21 10:15:32 -04:00
|
|
|
tc.kubeClient,
|
2023-10-16 09:05:29 -04:00
|
|
|
stubAttestationFetcher{},
|
2023-07-27 10:14:36 -04:00
|
|
|
)
|
2023-03-24 06:51:18 -04:00
|
|
|
if tc.wantErr {
|
|
|
|
assert.Error(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
require.NoError(err)
|
2023-10-16 09:05:29 -04:00
|
|
|
assert.Equal(tc.expectedOutput, out.String())
|
2023-03-24 06:51:18 -04:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-22 02:31:37 -05:00
|
|
|
func modifyConfigForAzureToPassValidate(c *config.Config) {
|
|
|
|
c.RemoveProviderAndAttestationExcept(cloudprovider.Azure)
|
|
|
|
c.Image = constants.BinaryVersion().String()
|
|
|
|
c.Provider.Azure.SubscriptionID = "11111111-1111-1111-1111-111111111111"
|
|
|
|
c.Provider.Azure.TenantID = "11111111-1111-1111-1111-111111111111"
|
|
|
|
c.Provider.Azure.Location = "westus"
|
|
|
|
c.Provider.Azure.ResourceGroup = "test"
|
|
|
|
c.Provider.Azure.UserAssignedIdentity = "/subscriptions/11111111-1111-1111-1111-111111111111/resourcegroups/constellation-identity/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-identity"
|
|
|
|
c.Attestation.AzureSEVSNP.Measurements = measurements.M{
|
|
|
|
0: measurements.WithAllBytes(0x00, measurements.Enforce, measurements.PCRMeasurementLength),
|
|
|
|
}
|
|
|
|
c.NodeGroups = map[string]config.NodeGroup{
|
|
|
|
constants.ControlPlaneDefault: {
|
|
|
|
Role: "control-plane",
|
|
|
|
Zone: "",
|
|
|
|
InstanceType: "Standard_DC4as_v5",
|
|
|
|
StateDiskSizeGB: 30,
|
|
|
|
StateDiskType: "StandardSSD_LRS",
|
|
|
|
InitialCount: 3,
|
|
|
|
},
|
|
|
|
constants.WorkerDefault: {
|
|
|
|
Role: "worker",
|
|
|
|
Zone: "",
|
|
|
|
InstanceType: "Standard_DC4as_v5",
|
|
|
|
StateDiskSizeGB: 30,
|
|
|
|
StateDiskType: "StandardSSD_LRS",
|
|
|
|
InitialCount: 3,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-03-24 06:51:18 -04:00
|
|
|
type stubKubeClient struct {
|
2023-08-21 10:15:32 -04:00
|
|
|
status map[string]kubecmd.NodeStatus
|
|
|
|
statusErr error
|
|
|
|
version kubecmd.NodeVersion
|
|
|
|
versionErr error
|
|
|
|
attestation config.AttestationCfg
|
|
|
|
attestationErr error
|
2023-03-24 06:51:18 -04:00
|
|
|
}
|
|
|
|
|
2023-08-21 10:15:32 -04:00
|
|
|
func (s stubKubeClient) ClusterStatus(_ context.Context) (map[string]kubecmd.NodeStatus, error) {
|
|
|
|
return s.status, s.statusErr
|
2023-03-24 06:51:18 -04:00
|
|
|
}
|
|
|
|
|
2023-08-21 10:15:32 -04:00
|
|
|
func (s stubKubeClient) GetConstellationVersion(_ context.Context) (kubecmd.NodeVersion, error) {
|
|
|
|
return s.version, s.versionErr
|
2023-03-24 06:51:18 -04:00
|
|
|
}
|
|
|
|
|
2023-08-21 10:15:32 -04:00
|
|
|
func (s stubKubeClient) GetClusterAttestationConfig(_ context.Context, _ variant.Variant) (config.AttestationCfg, error) {
|
|
|
|
return s.attestation, s.attestationErr
|
2023-03-24 06:51:18 -04:00
|
|
|
}
|
2023-07-27 10:14:36 -04:00
|
|
|
|
|
|
|
func stubGetVersions(output string) func() (fmt.Stringer, error) {
|
|
|
|
return func() (fmt.Stringer, error) {
|
|
|
|
return stubServiceVersions{output}, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type stubServiceVersions struct {
|
|
|
|
output string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s stubServiceVersions) String() string {
|
|
|
|
return s.output
|
|
|
|
}
|