mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
ci: use structured logging for all parts of the malicious-join test (#2557)
* Use structured logging for all parts of the test * Fix malicious-join image build action --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
parent
4fe51cd5f4
commit
273a6ba853
@ -34,12 +34,13 @@ runs:
|
|||||||
[ \"/malicious-join_bin\", \
|
[ \"/malicious-join_bin\", \
|
||||||
\"--js-endpoint=join-service.kube-system:9090\", \
|
\"--js-endpoint=join-service.kube-system:9090\", \
|
||||||
\"--csp=${{ inputs.cloudProvider }}\", \
|
\"--csp=${{ inputs.cloudProvider }}\", \
|
||||||
\"--variant=default\" ]" job.yaml
|
\"--variant=default\" ]" stamped_job.yaml
|
||||||
|
|
||||||
kubectl create ns malicious-join
|
kubectl create ns malicious-join
|
||||||
kubectl apply -n malicious-join -f job.yaml
|
kubectl apply -n malicious-join -f stamped_job.yaml
|
||||||
kubectl wait -n malicious-join --for=condition=complete --timeout=10m job/malicious-join
|
kubectl wait -n malicious-join --for=condition=complete --timeout=10m job/malicious-join
|
||||||
kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq '.'
|
kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq '.'
|
||||||
ALL_TESTS_PASSED=$(kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq -r '.allPassed')
|
ALL_TESTS_PASSED=$(kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq -r '.result.allPassed')
|
||||||
if [[ "$ALL_TESTS_PASSED" != "true" ]]; then
|
if [[ "$ALL_TESTS_PASSED" != "true" ]]; then
|
||||||
kubectl logs -n malicious-join job/malicious-join
|
kubectl logs -n malicious-join job/malicious-join
|
||||||
kubectl logs -n kube-system svc/join-service
|
kubectl logs -n kube-system svc/join-service
|
||||||
|
@ -2,6 +2,7 @@ load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")
|
|||||||
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
|
||||||
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push")
|
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push")
|
||||||
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
load("@rules_pkg//:pkg.bzl", "pkg_tar")
|
||||||
|
load("//bazel/oci:containers.bzl", "container_reponame")
|
||||||
load("//bazel/sh:def.bzl", "sh_template")
|
load("//bazel/sh:def.bzl", "sh_template")
|
||||||
|
|
||||||
go_library(
|
go_library(
|
||||||
@ -15,6 +16,7 @@ go_library(
|
|||||||
"//internal/grpc/dialer",
|
"//internal/grpc/dialer",
|
||||||
"//internal/logger",
|
"//internal/logger",
|
||||||
"//joinservice/joinproto",
|
"//joinservice/joinproto",
|
||||||
|
"@org_uber_go_zap//:zap",
|
||||||
"@org_uber_go_zap//zapcore",
|
"@org_uber_go_zap//zapcore",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
@ -46,13 +48,19 @@ oci_image(
|
|||||||
visibility = ["//visibility:public"],
|
visibility = ["//visibility:public"],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
container_reponame(
|
||||||
|
name = "container_name",
|
||||||
|
container_name = "malicious-join-test",
|
||||||
|
)
|
||||||
|
|
||||||
genrule(
|
genrule(
|
||||||
name = "malicious-join-test_repotag",
|
name = "malicious-join-test_repotag",
|
||||||
srcs = [
|
srcs = [
|
||||||
|
":container_name",
|
||||||
"//bazel/settings:tag",
|
"//bazel/settings:tag",
|
||||||
],
|
],
|
||||||
outs = ["repotag.txt"],
|
outs = ["repotag.txt"],
|
||||||
cmd = "echo -n 'ghcr.io/edgelesssys/malicious-join-test:' | cat - $(location //bazel/settings:tag) > $@",
|
cmd = "cat $(location :container_name) <(echo -n :) $(location //bazel/settings:tag) > $@",
|
||||||
visibility = ["//visibility:public"],
|
visibility = ["//visibility:public"],
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -7,6 +7,6 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: malicious-join
|
- name: malicious-join
|
||||||
image: ghcr.io/edgelesssys/malicious-join-test:latest@sha256:f36fe306d50a6731ecdae3920682606967eb339fdd1a1e978b0ce39c2ab744bd
|
image: placeholder
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
backoffLimit: 0 # Do not retry
|
backoffLimit: 0 # Do not retry
|
||||||
|
@ -22,5 +22,5 @@ else
|
|||||||
workdir="$1"
|
workdir="$1"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Stamping job deployment with $REPO_TAG"
|
echo "Stamping job deployment with $(cat "${REPO_TAG}")"
|
||||||
$yq eval '.spec.template.spec.containers[0].image |= "ghcr.io/edgelesssys/malicious-join-test:" + load_str(strenv(REPO_TAG))' "$template" > "$workdir/stamped_job.yaml"
|
$yq eval ".spec.template.spec.containers[0].image = \"$(cat "${REPO_TAG}")\"" "$template" > "$workdir/stamped_job.yaml"
|
||||||
|
@ -20,10 +20,14 @@ import (
|
|||||||
"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
|
"github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
|
||||||
"github.com/edgelesssys/constellation/v2/internal/logger"
|
"github.com/edgelesssys/constellation/v2/internal/logger"
|
||||||
"github.com/edgelesssys/constellation/v2/joinservice/joinproto"
|
"github.com/edgelesssys/constellation/v2/joinservice/joinproto"
|
||||||
|
"go.uber.org/zap"
|
||||||
"go.uber.org/zap/zapcore"
|
"go.uber.org/zap/zapcore"
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
|
log := logger.New(logger.JSONLog, zapcore.DebugLevel)
|
||||||
|
defer log.Sync()
|
||||||
|
|
||||||
jsEndpoint := flag.String("js-endpoint", "", "Join service endpoint to use.")
|
jsEndpoint := flag.String("js-endpoint", "", "Join service endpoint to use.")
|
||||||
csp := flag.String("csp", "", "Cloud service provider to use.")
|
csp := flag.String("csp", "", "Cloud service provider to use.")
|
||||||
attVariant := flag.String(
|
attVariant := flag.String(
|
||||||
@ -33,10 +37,14 @@ func main() {
|
|||||||
"or one of: %s", variant.GetAvailableAttestationVariants()),
|
"or one of: %s", variant.GetAvailableAttestationVariants()),
|
||||||
)
|
)
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
fmt.Println(formatFlags(*attVariant, *csp, *jsEndpoint))
|
log.With(
|
||||||
|
zap.String("js-endpoint", *jsEndpoint),
|
||||||
|
zap.String("csp", *csp),
|
||||||
|
zap.String("variant", *attVariant),
|
||||||
|
).Infof("Running tests with flags")
|
||||||
|
|
||||||
testCases := map[string]struct {
|
testCases := map[string]struct {
|
||||||
fn func(attVariant, csp, jsEndpoint string) error
|
fn func(attVariant, csp, jsEndpoint string, log *logger.Logger) error
|
||||||
wantErr bool
|
wantErr bool
|
||||||
}{
|
}{
|
||||||
"JoinFromUnattestedNode": {
|
"JoinFromUnattestedNode": {
|
||||||
@ -50,48 +58,44 @@ func main() {
|
|||||||
TestCases: make(map[string]testCaseOutput),
|
TestCases: make(map[string]testCaseOutput),
|
||||||
}
|
}
|
||||||
for name, tc := range testCases {
|
for name, tc := range testCases {
|
||||||
fmt.Printf("Running testcase %s\n", name)
|
log.With(zap.String("testcase", name)).Infof("Running testcase")
|
||||||
|
|
||||||
err := tc.fn(*attVariant, *csp, *jsEndpoint)
|
err := tc.fn(*attVariant, *csp, *jsEndpoint, log)
|
||||||
|
|
||||||
switch {
|
switch {
|
||||||
case err == nil && tc.wantErr:
|
case err == nil && tc.wantErr:
|
||||||
fmt.Printf("Test case %s failed: Expected error but got none\n", name)
|
log.With(zap.Error(err), zap.String("testcase", name)).Errorf("Test case failed: Expected error but got none")
|
||||||
testOutput.TestCases[name] = testCaseOutput{
|
testOutput.TestCases[name] = testCaseOutput{
|
||||||
Passed: false,
|
Passed: false,
|
||||||
Message: "Expected error but got none",
|
Message: "Expected error but got none",
|
||||||
}
|
}
|
||||||
allPassed = false
|
allPassed = false
|
||||||
case !tc.wantErr && err != nil:
|
case !tc.wantErr && err != nil:
|
||||||
fmt.Printf("Test case %s failed: Got unexpected error: %s\n", name, err)
|
log.With(zap.Error(err), zap.String("testcase", name)).Errorf("Test case failed: Got unexpected error")
|
||||||
testOutput.TestCases[name] = testCaseOutput{
|
testOutput.TestCases[name] = testCaseOutput{
|
||||||
Passed: false,
|
Passed: false,
|
||||||
Message: fmt.Sprintf("Got unexpected error: %s", err),
|
Message: fmt.Sprintf("Got unexpected error: %s", err),
|
||||||
}
|
}
|
||||||
allPassed = false
|
allPassed = false
|
||||||
case tc.wantErr && err != nil:
|
case tc.wantErr && err != nil:
|
||||||
fmt.Printf("Test case %s succeeded\n", name)
|
log.With(zap.String("testcase", name)).Infof("Test case succeeded")
|
||||||
testOutput.TestCases[name] = testCaseOutput{
|
testOutput.TestCases[name] = testCaseOutput{
|
||||||
Passed: true,
|
Passed: true,
|
||||||
Message: fmt.Sprintf("Got expected error: %s", err),
|
Message: fmt.Sprintf("Got expected error: %s", err),
|
||||||
}
|
}
|
||||||
case !tc.wantErr && err == nil:
|
case !tc.wantErr && err == nil:
|
||||||
fmt.Printf("Test case %s succeeded\n", name)
|
log.With(zap.String("testcase", name)).Infof("Test case succeeded")
|
||||||
testOutput.TestCases[name] = testCaseOutput{
|
testOutput.TestCases[name] = testCaseOutput{
|
||||||
Passed: true,
|
Passed: true,
|
||||||
Message: "No error, as expected",
|
Message: "No error, as expected",
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
panic("invalid result")
|
log.With(zap.String("testcase", name)).Fatalf("invalid result")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
testOutput.AllPassed = allPassed
|
testOutput.AllPassed = allPassed
|
||||||
out, err := json.Marshal(testOutput)
|
log.With(zap.Any("result", testOutput)).Infof("Test completed")
|
||||||
if err != nil {
|
|
||||||
panic(fmt.Sprintf("marshalling test output: %s", err))
|
|
||||||
}
|
|
||||||
fmt.Println(string(out))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
type testOutput struct {
|
type testOutput struct {
|
||||||
@ -104,19 +108,9 @@ type testCaseOutput struct {
|
|||||||
Message string `json:"message"`
|
Message string `json:"message"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func formatFlags(attVariant, csp, jsEndpoint string) string {
|
|
||||||
var sb strings.Builder
|
|
||||||
sb.WriteString("Using Flags:\n")
|
|
||||||
sb.WriteString(fmt.Sprintf("\tjs-endpoint: %s\n", jsEndpoint))
|
|
||||||
sb.WriteString(fmt.Sprintf("\tcsp: %s\n", csp))
|
|
||||||
sb.WriteString(fmt.Sprintf("\tvariant: %s\n", attVariant))
|
|
||||||
return sb.String()
|
|
||||||
}
|
|
||||||
|
|
||||||
// JoinFromUnattestedNode simulates a join request from a Node that uses a stub issuer
|
// JoinFromUnattestedNode simulates a join request from a Node that uses a stub issuer
|
||||||
// and thus cannot be attested correctly.
|
// and thus cannot be attested correctly.
|
||||||
func JoinFromUnattestedNode(attVariant, csp, jsEndpoint string) error {
|
func JoinFromUnattestedNode(attVariant, csp, jsEndpoint string, log *logger.Logger) error {
|
||||||
log := logger.New(logger.JSONLog, zapcore.DebugLevel)
|
|
||||||
joiner, err := newMaliciousJoiner(attVariant, csp, jsEndpoint, log)
|
joiner, err := newMaliciousJoiner(attVariant, csp, jsEndpoint, log)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("creating malicious joiner: %w", err)
|
return fmt.Errorf("creating malicious joiner: %w", err)
|
||||||
|
Loading…
Reference in New Issue
Block a user