ci: add e2e test for self-managed infrastructure (#2472)

* add self-managed infra e2e test

* self-managed terminatio

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix upgrade test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix indentation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use -r when copying dir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add terraform variable parsing

* copy constellation conf

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary line breaks

* add missing value

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add image fetching for CSP

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix quoting

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing input to internal lb test

* normalize Azure URLs.. Of course

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix expressions

* initsecret to hex

* update hexdump cmd

* add build test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add node / pod cidr outputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* explicitly delete the state file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing license header

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* always write all outputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix list output

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove state-file and admin-conf on destroy

* dont use test payload

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] use self managed infra in manual e2e for testing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* init: always skip infrastructure phase

* patch maa in workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* default to Constellation-created infra in e2e test

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

hack/image-fetch/BUILD.bazel

@@ -0,0 +1,30 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
+load("//bazel/go:go_test.bzl", "go_test")
+
+go_library(
+    name = "image-fetch_lib",
+    srcs = ["main.go"],
+    importpath = "github.com/edgelesssys/constellation/v2/hack/image-fetch",
+    visibility = ["//visibility:private"],
+    deps = [
+        "//internal/api/attestationconfigapi",
+        "//internal/cloud/cloudprovider",
+        "//internal/config",
+        "//internal/constants",
+        "//internal/file",
+        "//internal/imagefetcher",
+        "@com_github_spf13_afero//:afero",
+    ],
+)
+
+go_binary(
+    name = "image-fetch",
+    embed = [":image-fetch_lib"],
+    visibility = ["//visibility:public"],
+)
+
+go_test(
+    name = "image-fetch_test",
+    srcs = ["main_test.go"],
+    embed = [":image-fetch_lib"],
+)

hack/image-fetch/main.go

@@ -0,0 +1,68 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+/*
+imagefetch retrieves a CSP image reference from a Constellation config in the CWD.
+This is especially useful when using self-managed infrastructure, where the image
+reference needs to be chosen by the user, which would usually happen manually.
+*/
+package main
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+
+	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi"
+	"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
+	"github.com/edgelesssys/constellation/v2/internal/config"
+	"github.com/edgelesssys/constellation/v2/internal/constants"
+	"github.com/edgelesssys/constellation/v2/internal/file"
+	"github.com/edgelesssys/constellation/v2/internal/imagefetcher"
+	"github.com/spf13/afero"
+)
+
+var (
+	caseInsensitiveCommunityGalleriesRegexp = regexp.MustCompile(`(?i)\/communitygalleries\/`)
+	caseInsensitiveImagesRegExp             = regexp.MustCompile(`(?i)\/images\/`)
+	caseInsensitiveVersionsRegExp           = regexp.MustCompile(`(?i)\/versions\/`)
+)
+
+func main() {
+	cwd := os.Getenv("BUILD_WORKING_DIRECTORY") // set by Bazel, for bazel run compatibility
+	ctx := context.Background()
+
+	fh := file.NewHandler(afero.NewOsFs())
+	attFetcher := attestationconfigapi.NewFetcher()
+	conf, err := config.New(fh, filepath.Join(cwd, constants.ConfigFilename), attFetcher, true)
+	var configValidationErr *config.ValidationError
+	if errors.As(err, &configValidationErr) {
+		fmt.Println(configValidationErr.LongMessage())
+	}
+	if err != nil {
+		panic(err)
+	}
+
+	imgFetcher := imagefetcher.New()
+	provider := conf.GetProvider()
+	attestationVariant := conf.GetAttestationConfig().GetVariant()
+	region := conf.GetRegion()
+	image, err := imgFetcher.FetchReference(ctx, provider, attestationVariant, conf.Image, region)
+	if err != nil {
+		panic(err)
+	}
+
+	if provider == cloudprovider.Azure {
+		image = caseInsensitiveCommunityGalleriesRegexp.ReplaceAllString(image, "/communityGalleries/")
+		image = caseInsensitiveImagesRegExp.ReplaceAllString(image, "/images/")
+		image = caseInsensitiveVersionsRegExp.ReplaceAllString(image, "/versions/")
+	}
+
+	fmt.Println(image)
+}

hack/image-fetch/main_test.go

@@ -0,0 +1,13 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package main
+
+import "testing"
+
+func TestNop(t *testing.T) {
+	t.Skip("This is a nop-test to catch build-time errors in this package.")
+}