ci: use structured logging for all parts of the malicious-join test (#2557)

* Use structured logging for all parts of the test
* Fix malicious-join image build action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

.github/actions/e2e_malicious_join/action.yml

@@ -34,12 +34,13 @@ runs:
           [ \"/malicious-join_bin\", \
           \"--js-endpoint=join-service.kube-system:9090\", \
           \"--csp=${{ inputs.cloudProvider }}\", \
-          \"--variant=default\" ]" job.yaml
+          \"--variant=default\" ]" stamped_job.yaml
+
         kubectl create ns malicious-join
-        kubectl apply -n malicious-join -f job.yaml
+        kubectl apply -n malicious-join -f stamped_job.yaml
         kubectl wait -n malicious-join --for=condition=complete --timeout=10m job/malicious-join
         kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq '.'
-        ALL_TESTS_PASSED=$(kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq -r '.allPassed')
+        ALL_TESTS_PASSED=$(kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq -r '.result.allPassed')
         if [[ "$ALL_TESTS_PASSED" != "true" ]]; then
           kubectl logs -n malicious-join job/malicious-join
           kubectl logs -n kube-system svc/join-service

e2e/malicious-join/BUILD.bazel

@@ -2,6 +2,7 @@ load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")
 load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
 load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push")
 load("@rules_pkg//:pkg.bzl", "pkg_tar")
+load("//bazel/oci:containers.bzl", "container_reponame")
 load("//bazel/sh:def.bzl", "sh_template")
 
 go_library(
@@ -15,6 +16,7 @@ go_library(
         "//internal/grpc/dialer",
         "//internal/logger",
         "//joinservice/joinproto",
+        "@org_uber_go_zap//:zap",
         "@org_uber_go_zap//zapcore",
     ],
 )
@@ -46,13 +48,19 @@ oci_image(
     visibility = ["//visibility:public"],
 )
 
+container_reponame(
+    name = "container_name",
+    container_name = "malicious-join-test",
+)
+
 genrule(
     name = "malicious-join-test_repotag",
     srcs = [
+        ":container_name",
         "//bazel/settings:tag",
     ],
     outs = ["repotag.txt"],
-    cmd = "echo -n 'ghcr.io/edgelesssys/malicious-join-test:' | cat - $(location //bazel/settings:tag) > $@",
+    cmd = "cat $(location :container_name) <(echo -n :) $(location //bazel/settings:tag) > $@",
     visibility = ["//visibility:public"],
 )
 

e2e/malicious-join/job.yaml

@@ -7,6 +7,6 @@ spec:
     spec:
       containers:
         - name: malicious-join
-          image: ghcr.io/edgelesssys/malicious-join-test:latest@sha256:f36fe306d50a6731ecdae3920682606967eb339fdd1a1e978b0ce39c2ab744bd
+          image: placeholder
       restartPolicy: Never
   backoffLimit: 0 # Do not retry

e2e/malicious-join/job_template.sh.in

@@ -22,5 +22,5 @@ else
   workdir="$1"
 fi
 
-echo "Stamping job deployment with $REPO_TAG"
-$yq eval '.spec.template.spec.containers[0].image |= "ghcr.io/edgelesssys/malicious-join-test:" + load_str(strenv(REPO_TAG))' "$template" > "$workdir/stamped_job.yaml"
+echo "Stamping job deployment with $(cat "${REPO_TAG}")"
+$yq eval ".spec.template.spec.containers[0].image = \"$(cat "${REPO_TAG}")\"" "$template" > "$workdir/stamped_job.yaml"

e2e/malicious-join/malicious-join.go

@@ -20,10 +20,14 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/joinservice/joinproto"
+	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 )
 
 func main() {
+	log := logger.New(logger.JSONLog, zapcore.DebugLevel)
+	defer log.Sync()
+
 	jsEndpoint := flag.String("js-endpoint", "", "Join service endpoint to use.")
 	csp := flag.String("csp", "", "Cloud service provider to use.")
 	attVariant := flag.String(
@@ -33,10 +37,14 @@ func main() {
 			"or one of: %s", variant.GetAvailableAttestationVariants()),
 	)
 	flag.Parse()
-	fmt.Println(formatFlags(*attVariant, *csp, *jsEndpoint))
+	log.With(
+		zap.String("js-endpoint", *jsEndpoint),
+		zap.String("csp", *csp),
+		zap.String("variant", *attVariant),
+	).Infof("Running tests with flags")
 
 	testCases := map[string]struct {
-		fn      func(attVariant, csp, jsEndpoint string) error
+		fn      func(attVariant, csp, jsEndpoint string, log *logger.Logger) error
 		wantErr bool
 	}{
 		"JoinFromUnattestedNode": {
@@ -50,48 +58,44 @@ func main() {
 		TestCases: make(map[string]testCaseOutput),
 	}
 	for name, tc := range testCases {
-		fmt.Printf("Running testcase %s\n", name)
+		log.With(zap.String("testcase", name)).Infof("Running testcase")
 
-		err := tc.fn(*attVariant, *csp, *jsEndpoint)
+		err := tc.fn(*attVariant, *csp, *jsEndpoint, log)
 
 		switch {
 		case err == nil && tc.wantErr:
-			fmt.Printf("Test case %s failed: Expected error but got none\n", name)
+			log.With(zap.Error(err), zap.String("testcase", name)).Errorf("Test case failed: Expected error but got none")
 			testOutput.TestCases[name] = testCaseOutput{
 				Passed:  false,
 				Message: "Expected error but got none",
 			}
 			allPassed = false
 		case !tc.wantErr && err != nil:
-			fmt.Printf("Test case %s failed: Got unexpected error: %s\n", name, err)
+			log.With(zap.Error(err), zap.String("testcase", name)).Errorf("Test case failed: Got unexpected error")
 			testOutput.TestCases[name] = testCaseOutput{
 				Passed:  false,
 				Message: fmt.Sprintf("Got unexpected error: %s", err),
 			}
 			allPassed = false
 		case tc.wantErr && err != nil:
-			fmt.Printf("Test case %s succeeded\n", name)
+			log.With(zap.String("testcase", name)).Infof("Test case succeeded")
 			testOutput.TestCases[name] = testCaseOutput{
 				Passed:  true,
 				Message: fmt.Sprintf("Got expected error: %s", err),
 			}
 		case !tc.wantErr && err == nil:
-			fmt.Printf("Test case %s succeeded\n", name)
+			log.With(zap.String("testcase", name)).Infof("Test case succeeded")
 			testOutput.TestCases[name] = testCaseOutput{
 				Passed:  true,
 				Message: "No error, as expected",
 			}
 		default:
-			panic("invalid result")
+			log.With(zap.String("testcase", name)).Fatalf("invalid result")
 		}
 	}
 
 	testOutput.AllPassed = allPassed
-	out, err := json.Marshal(testOutput)
-	if err != nil {
-		panic(fmt.Sprintf("marshalling test output: %s", err))
-	}
-	fmt.Println(string(out))
+	log.With(zap.Any("result", testOutput)).Infof("Test completed")
 }
 
 type testOutput struct {
@@ -104,19 +108,9 @@ type testCaseOutput struct {
 	Message string `json:"message"`
 }
 
-func formatFlags(attVariant, csp, jsEndpoint string) string {
-	var sb strings.Builder
-	sb.WriteString("Using Flags:\n")
-	sb.WriteString(fmt.Sprintf("\tjs-endpoint: %s\n", jsEndpoint))
-	sb.WriteString(fmt.Sprintf("\tcsp: %s\n", csp))
-	sb.WriteString(fmt.Sprintf("\tvariant: %s\n", attVariant))
-	return sb.String()
-}
-
 // JoinFromUnattestedNode simulates a join request from a Node that uses a stub issuer
 // and thus cannot be attested correctly.
-func JoinFromUnattestedNode(attVariant, csp, jsEndpoint string) error {
-	log := logger.New(logger.JSONLog, zapcore.DebugLevel)
+func JoinFromUnattestedNode(attVariant, csp, jsEndpoint string, log *logger.Logger) error {
 	joiner, err := newMaliciousJoiner(attVariant, csp, jsEndpoint, log)
 	if err != nil {
 		return fmt.Errorf("creating malicious joiner: %w", err)