Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

manual e2e tests: Add option to keep embedded measurements (#698)

Browse Source
This commit is contained in:
Malte Poll 2022-12-01 15:43:40 +01:00 committed by GitHub
parent 4249050116
commit b9fd8237b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 52 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
.github/actions/constellation_create/action.yml vendored
View File

@ -23,6 +23,9 @@ inputs:
kubernetesVersion: kubernetesVersion:
description: "Kubernetes version to create the cluster from." description: "Kubernetes version to create the cluster from."
required: false required: false
keepMeasurements:
default: "false"
description: "Keep measurements embedded in the CLI."
# #
# GCP specific inputs # GCP specific inputs
# #
@ -74,15 +77,13 @@ runs:
(.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"${{ inputs.azureUserAssignedIdentity }}\" | (.provider | select(. | has(\"azure\")).azure.userAssignedIdentity) = \"${{ inputs.azureUserAssignedIdentity }}\" |
(.provider | select(. | has(\"azure\")).azure.resourceGroup) = \"${{ inputs.azureResourceGroup }}\" | (.provider | select(. | has(\"azure\")).azure.resourceGroup) = \"${{ inputs.azureResourceGroup }}\" |
(.provider | select(. | has(\"azure\")).azure.appClientID) = \"${{ inputs.azureClientID }}\" | (.provider | select(. | has(\"azure\")).azure.appClientID) = \"${{ inputs.azureClientID }}\" |
(.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\" | (.provider | select(. | has(\"azure\")).azure.clientSecretValue) = \"${{ inputs.azureClientSecret }}\"" \
(.provider | select(. | has(\"azure\")).azure.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
constellation-conf.yaml constellation-conf.yaml
yq eval -i \ yq eval -i \
"(.provider | select(. | has(\"gcp\")).gcp.project) = \"${{ inputs.gcpProject }}\" | "(.provider | select(. | has(\"gcp\")).gcp.project) = \"${{ inputs.gcpProject }}\" |
(.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" | (.provider | select(. | has(\"gcp\")).gcp.region) = \"europe-west3\" |
(.provider | select(. | has(\"gcp\")).gcp.zone) = \"europe-west3-b\" | (.provider | select(. | has(\"gcp\")).gcp.zone) = \"europe-west3-b\" |
(.provider | select(. | has(\"gcp\")).gcp.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}} |
(.provider | select(. | has(\"gcp\")).gcp.serviceAccountKeyPath) = \"serviceAccountKey.json\"" \ (.provider | select(. | has(\"gcp\")).gcp.serviceAccountKeyPath) = \"serviceAccountKey.json\"" \
constellation-conf.yaml constellation-conf.yaml
@ -90,14 +91,33 @@ runs:
"(.provider | select(. | has(\"aws\")).aws.region) = \"eu-central-1\" | "(.provider | select(. | has(\"aws\")).aws.region) = \"eu-central-1\" |
(.provider | select(. | has(\"aws\")).aws.zone) = \"eu-central-1a\" | (.provider | select(. | has(\"aws\")).aws.zone) = \"eu-central-1a\" |
(.provider | select(. | has(\"aws\")).aws.iamProfileControlPlane) = \"e2e_test_control_plane_instance_profile\" | (.provider | select(. | has(\"aws\")).aws.iamProfileControlPlane) = \"e2e_test_control_plane_instance_profile\" |
(.provider | select(. | has(\"aws\")).aws.iamProfileWorkerNodes) = \"e2e_test_worker_node_instance_profile\" | (.provider | select(. | has(\"aws\")).aws.iamProfileWorkerNodes) = \"e2e_test_worker_node_instance_profile\"" \
(.provider | select(. | has(\"aws\")).aws.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
constellation-conf.yaml constellation-conf.yaml
if [ ${{ inputs.kubernetesVersion != '' }} = true ]; then if [ ${{ inputs.kubernetesVersion != '' }} = true ]; then
yq eval -i "(.kubernetesVersion) = ${{ inputs.kubernetesVersion }}" constellation-conf.yaml yq eval -i "(.kubernetesVersion) = ${{ inputs.kubernetesVersion }}" constellation-conf.yaml
fi fi
- name: Remove embedded measurements
shell: bash
if: ${{ inputs.keepMeasurements == 'false' }}
run: |
yq eval -i \
"(.provider | select(. | has(\"aws\")).aws.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
constellation-conf.yaml
yq eval -i \
"(.provider | select(. | has(\"azure\")).azure.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
constellation-conf.yaml
yq eval -i \
"(.provider | select(. | has(\"gcp\")).gcp.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}"\
constellation-conf.yaml
yq eval -i \
"(.provider | select(. | has(\"qemu\")).qemu.measurements) = {15:{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":false}}" \
constellation-conf.yaml
- name: Set image - name: Set image
shell: bash shell: bash
env: env:

4
.github/actions/e2e_test/action.yml vendored
View File

@ -26,6 +26,9 @@ inputs:
kubernetesVersion: kubernetesVersion:
description: "Kubernetes version to create the cluster from." description: "Kubernetes version to create the cluster from."
required: false required: false
keepMeasurements:
default: "false"
description: "Keep measurements embedded in the CLI."
gcpProject: gcpProject:
description: "The GCP project to deploy Constellation in." description: "The GCP project to deploy Constellation in."
required: false required: false
@ -149,6 +152,7 @@ runs:
osImage: ${{ inputs.osImage }} osImage: ${{ inputs.osImage }}
isDebugImage: ${{ inputs.isDebugImage }} isDebugImage: ${{ inputs.isDebugImage }}
kubernetesVersion: ${{ inputs.kubernetesVersion }} kubernetesVersion: ${{ inputs.kubernetesVersion }}
keepMeasurements: ${{ inputs.keepMeasurements }}
azureSubscription: ${{ inputs.azureSubscription }} azureSubscription: ${{ inputs.azureSubscription }}
azureTenant: ${{ inputs.azureTenant }} azureTenant: ${{ inputs.azureTenant }}
azureClientID: ${{ inputs.azureClientID }} azureClientID: ${{ inputs.azureClientID }}

24
.github/docs/release.md vendored
View File

@ -71,22 +71,24 @@ This checklist will prepare `v1.3.0` from `v1.2.0`. Adjust your version numbers
gh workflow run build-os-image.yml --ref release/v$minor -F debug=false -F imageVersion=v$ver gh workflow run build-os-image.yml --ref release/v$minor -F debug=false -F imageVersion=v$ver
``` ```
11. Run manual E2E tests using [Linux](/.github/workflows/e2e-test-manual.yml) and [macOS](/.github/workflows/e2e-test-manual-macos.yml) to confirm functionality and stability. 11. [Generate measurements](/.github/workflows/generate-measurements.yml) for the images.
```sh
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=azure -F machineType=Standard_DC4as_v5 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=azure -F machineType=Standard_DC4as_v5 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=gcp -F machineType=n2d-standard-4 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=gcp -F machineType=n2d-standard-4 -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false
```
12. [Generate measurements](/.github/workflows/generate-measurements.yml) for the images.
```sh ```sh
gh workflow run generate-measurements.yml --ref release/v$minor -F osImage=v$ver -F isDebugImage=false -F signMeasurements=true gh workflow run generate-measurements.yml --ref release/v$minor -F osImage=v$ver -F isDebugImage=false -F signMeasurements=true
``` ```
13. Update expected measurements in [`measurements.go`](/internal/attestation/measurements/measurements.go) using the generated measurements from step 12 and **push your changes**. 12. Update expected measurements in [`measurements.go`](/internal/attestation/measurements/measurements.go) using the generated measurements from step 12 and **push your changes**.
13. Run manual E2E tests using [Linux](/.github/workflows/e2e-test-manual.yml) and [macOS](/.github/workflows/e2e-test-manual-macos.yml) to confirm functionality and stability.
```sh
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=aws -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=aws -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=azure -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=azure -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
gh workflow run e2e-test-manual.yml --ref release/v$minor -F cloudProvider=gcp -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
gh workflow run e2e-test-manual-macos.yml --ref release/v$minor -F cloudProvider=gcp -F test="sonobuoy full" -F osImage=v$ver -F isDebugImage=false -F keepMeasurements=true
```
14. Create a new tag on this release branch. 14. Create a new tag on this release branch.

6
.github/workflows/e2e-test-manual-macos.yml vendored
View File

@ -33,6 +33,11 @@ on:
description: "Kubernetes version to create the cluster from." description: "Kubernetes version to create the cluster from."
default: "1.24" default: "1.24"
required: true required: true
keepMeasurements:
description: "Keep measurements embedded in the CLI."
type: boolean
default: false
required: false
osImage: osImage:
description: "Full name of OS image (CSP independent image version UID)." description: "Full name of OS image (CSP independent image version UID)."
type: string type: string
@ -139,6 +144,7 @@ jobs:
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
test: ${{ github.event.inputs.test }} test: ${{ github.event.inputs.test }}
kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }} kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}
keepMeasurements: ${{ github.event.inputs.keepMeasurements }}
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }} azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }} azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }} azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}

6
.github/workflows/e2e-test-manual.yml vendored
View File

@ -34,6 +34,11 @@ on:
description: "Kubernetes version to create the cluster from." description: "Kubernetes version to create the cluster from."
default: "1.24" default: "1.24"
required: true required: true
keepMeasurements:
description: "Keep measurements embedded in the CLI."
type: boolean
default: false
required: false
osImage: osImage:
description: "Full name of OS image (CSP independent image version UID)." description: "Full name of OS image (CSP independent image version UID)."
type: string type: string
@ -135,6 +140,7 @@ jobs:
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
test: ${{ github.event.inputs.test }} test: ${{ github.event.inputs.test }}
kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }} kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}
keepMeasurements: ${{ github.event.inputs.keepMeasurements }}
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }} azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }} azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }} azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}