ci: use structured logging for all parts of the malicious-join test (#2557)

* Use structured logging for all parts of the test
* Fix malicious-join image build action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-11-07 09:02:19 +01:00 committed by GitHub
parent 4fe51cd5f4
commit 273a6ba853
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 35 additions and 32 deletions

View File

@ -34,12 +34,13 @@ runs:
[ \"/malicious-join_bin\", \ [ \"/malicious-join_bin\", \
\"--js-endpoint=join-service.kube-system:9090\", \ \"--js-endpoint=join-service.kube-system:9090\", \
\"--csp=${{ inputs.cloudProvider }}\", \ \"--csp=${{ inputs.cloudProvider }}\", \
\"--variant=default\" ]" job.yaml \"--variant=default\" ]" stamped_job.yaml
kubectl create ns malicious-join kubectl create ns malicious-join
kubectl apply -n malicious-join -f job.yaml kubectl apply -n malicious-join -f stamped_job.yaml
kubectl wait -n malicious-join --for=condition=complete --timeout=10m job/malicious-join kubectl wait -n malicious-join --for=condition=complete --timeout=10m job/malicious-join
kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq '.' kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq '.'
ALL_TESTS_PASSED=$(kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq -r '.allPassed') ALL_TESTS_PASSED=$(kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq -r '.result.allPassed')
if [[ "$ALL_TESTS_PASSED" != "true" ]]; then if [[ "$ALL_TESTS_PASSED" != "true" ]]; then
kubectl logs -n malicious-join job/malicious-join kubectl logs -n malicious-join job/malicious-join
kubectl logs -n kube-system svc/join-service kubectl logs -n kube-system svc/join-service

View File

@ -2,6 +2,7 @@ load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun")
load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push")
load("@rules_pkg//:pkg.bzl", "pkg_tar") load("@rules_pkg//:pkg.bzl", "pkg_tar")
load("//bazel/oci:containers.bzl", "container_reponame")
load("//bazel/sh:def.bzl", "sh_template") load("//bazel/sh:def.bzl", "sh_template")
go_library( go_library(
@ -15,6 +16,7 @@ go_library(
"//internal/grpc/dialer", "//internal/grpc/dialer",
"//internal/logger", "//internal/logger",
"//joinservice/joinproto", "//joinservice/joinproto",
"@org_uber_go_zap//:zap",
"@org_uber_go_zap//zapcore", "@org_uber_go_zap//zapcore",
], ],
) )
@ -46,13 +48,19 @@ oci_image(
visibility = ["//visibility:public"], visibility = ["//visibility:public"],
) )
container_reponame(
name = "container_name",
container_name = "malicious-join-test",
)
genrule( genrule(
name = "malicious-join-test_repotag", name = "malicious-join-test_repotag",
srcs = [ srcs = [
":container_name",
"//bazel/settings:tag", "//bazel/settings:tag",
], ],
outs = ["repotag.txt"], outs = ["repotag.txt"],
cmd = "echo -n 'ghcr.io/edgelesssys/malicious-join-test:' | cat - $(location //bazel/settings:tag) > $@", cmd = "cat $(location :container_name) <(echo -n :) $(location //bazel/settings:tag) > $@",
visibility = ["//visibility:public"], visibility = ["//visibility:public"],
) )

View File

@ -7,6 +7,6 @@ spec:
spec: spec:
containers: containers:
- name: malicious-join - name: malicious-join
image: ghcr.io/edgelesssys/malicious-join-test:latest@sha256:f36fe306d50a6731ecdae3920682606967eb339fdd1a1e978b0ce39c2ab744bd image: placeholder
restartPolicy: Never restartPolicy: Never
backoffLimit: 0 # Do not retry backoffLimit: 0 # Do not retry

View File

@ -22,5 +22,5 @@ else
workdir="$1" workdir="$1"
fi fi
echo "Stamping job deployment with $REPO_TAG" echo "Stamping job deployment with $(cat "${REPO_TAG}")"
$yq eval '.spec.template.spec.containers[0].image |= "ghcr.io/edgelesssys/malicious-join-test:" + load_str(strenv(REPO_TAG))' "$template" > "$workdir/stamped_job.yaml" $yq eval ".spec.template.spec.containers[0].image = \"$(cat "${REPO_TAG}")\"" "$template" > "$workdir/stamped_job.yaml"

View File

@ -20,10 +20,14 @@ import (
"github.com/edgelesssys/constellation/v2/internal/grpc/dialer" "github.com/edgelesssys/constellation/v2/internal/grpc/dialer"
"github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/joinservice/joinproto" "github.com/edgelesssys/constellation/v2/joinservice/joinproto"
"go.uber.org/zap"
"go.uber.org/zap/zapcore" "go.uber.org/zap/zapcore"
) )
func main() { func main() {
log := logger.New(logger.JSONLog, zapcore.DebugLevel)
defer log.Sync()
jsEndpoint := flag.String("js-endpoint", "", "Join service endpoint to use.") jsEndpoint := flag.String("js-endpoint", "", "Join service endpoint to use.")
csp := flag.String("csp", "", "Cloud service provider to use.") csp := flag.String("csp", "", "Cloud service provider to use.")
attVariant := flag.String( attVariant := flag.String(
@ -33,10 +37,14 @@ func main() {
"or one of: %s", variant.GetAvailableAttestationVariants()), "or one of: %s", variant.GetAvailableAttestationVariants()),
) )
flag.Parse() flag.Parse()
fmt.Println(formatFlags(*attVariant, *csp, *jsEndpoint)) log.With(
zap.String("js-endpoint", *jsEndpoint),
zap.String("csp", *csp),
zap.String("variant", *attVariant),
).Infof("Running tests with flags")
testCases := map[string]struct { testCases := map[string]struct {
fn func(attVariant, csp, jsEndpoint string) error fn func(attVariant, csp, jsEndpoint string, log *logger.Logger) error
wantErr bool wantErr bool
}{ }{
"JoinFromUnattestedNode": { "JoinFromUnattestedNode": {
@ -50,48 +58,44 @@ func main() {
TestCases: make(map[string]testCaseOutput), TestCases: make(map[string]testCaseOutput),
} }
for name, tc := range testCases { for name, tc := range testCases {
fmt.Printf("Running testcase %s\n", name) log.With(zap.String("testcase", name)).Infof("Running testcase")
err := tc.fn(*attVariant, *csp, *jsEndpoint) err := tc.fn(*attVariant, *csp, *jsEndpoint, log)
switch { switch {
case err == nil && tc.wantErr: case err == nil && tc.wantErr:
fmt.Printf("Test case %s failed: Expected error but got none\n", name) log.With(zap.Error(err), zap.String("testcase", name)).Errorf("Test case failed: Expected error but got none")
testOutput.TestCases[name] = testCaseOutput{ testOutput.TestCases[name] = testCaseOutput{
Passed: false, Passed: false,
Message: "Expected error but got none", Message: "Expected error but got none",
} }
allPassed = false allPassed = false
case !tc.wantErr && err != nil: case !tc.wantErr && err != nil:
fmt.Printf("Test case %s failed: Got unexpected error: %s\n", name, err) log.With(zap.Error(err), zap.String("testcase", name)).Errorf("Test case failed: Got unexpected error")
testOutput.TestCases[name] = testCaseOutput{ testOutput.TestCases[name] = testCaseOutput{
Passed: false, Passed: false,
Message: fmt.Sprintf("Got unexpected error: %s", err), Message: fmt.Sprintf("Got unexpected error: %s", err),
} }
allPassed = false allPassed = false
case tc.wantErr && err != nil: case tc.wantErr && err != nil:
fmt.Printf("Test case %s succeeded\n", name) log.With(zap.String("testcase", name)).Infof("Test case succeeded")
testOutput.TestCases[name] = testCaseOutput{ testOutput.TestCases[name] = testCaseOutput{
Passed: true, Passed: true,
Message: fmt.Sprintf("Got expected error: %s", err), Message: fmt.Sprintf("Got expected error: %s", err),
} }
case !tc.wantErr && err == nil: case !tc.wantErr && err == nil:
fmt.Printf("Test case %s succeeded\n", name) log.With(zap.String("testcase", name)).Infof("Test case succeeded")
testOutput.TestCases[name] = testCaseOutput{ testOutput.TestCases[name] = testCaseOutput{
Passed: true, Passed: true,
Message: "No error, as expected", Message: "No error, as expected",
} }
default: default:
panic("invalid result") log.With(zap.String("testcase", name)).Fatalf("invalid result")
} }
} }
testOutput.AllPassed = allPassed testOutput.AllPassed = allPassed
out, err := json.Marshal(testOutput) log.With(zap.Any("result", testOutput)).Infof("Test completed")
if err != nil {
panic(fmt.Sprintf("marshalling test output: %s", err))
}
fmt.Println(string(out))
} }
type testOutput struct { type testOutput struct {
@ -104,19 +108,9 @@ type testCaseOutput struct {
Message string `json:"message"` Message string `json:"message"`
} }
func formatFlags(attVariant, csp, jsEndpoint string) string {
var sb strings.Builder
sb.WriteString("Using Flags:\n")
sb.WriteString(fmt.Sprintf("\tjs-endpoint: %s\n", jsEndpoint))
sb.WriteString(fmt.Sprintf("\tcsp: %s\n", csp))
sb.WriteString(fmt.Sprintf("\tvariant: %s\n", attVariant))
return sb.String()
}
// JoinFromUnattestedNode simulates a join request from a Node that uses a stub issuer // JoinFromUnattestedNode simulates a join request from a Node that uses a stub issuer
// and thus cannot be attested correctly. // and thus cannot be attested correctly.
func JoinFromUnattestedNode(attVariant, csp, jsEndpoint string) error { func JoinFromUnattestedNode(attVariant, csp, jsEndpoint string, log *logger.Logger) error {
log := logger.New(logger.JSONLog, zapcore.DebugLevel)
joiner, err := newMaliciousJoiner(attVariant, csp, jsEndpoint, log) joiner, err := newMaliciousJoiner(attVariant, csp, jsEndpoint, log)
if err != nil { if err != nil {
return fmt.Errorf("creating malicious joiner: %w", err) return fmt.Errorf("creating malicious joiner: %w", err)