AB2564 Add constellation verify e2e test (#875)

.github/actions/constellation_verify/action.yml

@@ -0,0 +1,32 @@
+name: Constellation verify
+description: "Verify a Constellation cluster."
+
+inputs:
+  osImage:
+    description: "The OS image used in the cluster."
+    required: true
+  cloudProvider:
+    description: "The cloud provider used in the cluster."
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Clear current measurements
+      shell: bash
+      run: |
+        yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml
+    - name: Fetch & write measurements
+      shell: bash
+      run: |
+        MEASUREMENTS=$(curl -sS https://cdn.confidential.cloud/constellation/v1/${{ inputs.osImage }}/image/csp/${{ inputs.cloudProvider }}/measurements.image.json | jq '.measurements' -r)
+        for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do
+            echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r)
+            yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key].expected = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml
+            yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key].warnOnly = false" constellation-conf.yaml
+        done
+        yq -i '.provider.${{ inputs.cloudProvider }}.measurements |= array_to_map' constellation-conf.yaml
+        cat constellation-conf.yaml
+    - name: Constellation verify
+      shell: bash
+      run: constellation verify --cluster-id $(jq -r ".clusterID" constellation-id.json)

.github/actions/e2e_test/action.yml

@@ -57,7 +57,7 @@ inputs:
     description: "The resource group to use"
     required: false
   test:
-    description: "The test to run. Can currently be one of [sonobuoy full, sonobuoy quick, autoscaling, lb, k-bench, nop]."
+    description: "The test to run. Can currently be one of [sonobuoy full, sonobuoy quick, autoscaling, lb, k-bench, verify, nop]."
     required: true
   sonobuoyTestSuiteCmd:
     description: "The sonobuoy test suite to run."
@@ -72,7 +72,7 @@ runs:
   using: "composite"
   steps:
     - name: Check input
-      if: ${{ !contains(fromJson('["sonobuoy full", "sonobuoy quick", "autoscaling", "k-bench", "lb", "nop"]'), inputs.test) }}
+      if: ${{ !contains(fromJson('["sonobuoy full", "sonobuoy quick", "autoscaling", "k-bench", "verify", "lb", "nop"]'), inputs.test) }}
       shell: bash
       run: |
         echo "Invalid input for test field: ${{ inputs.test }}"
@@ -205,3 +205,10 @@ runs:
       with:
         cloudProvider: ${{ inputs.cloudProvider }}
         kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
+
+    - name: Run constellation verify test
+      if: inputs.test == 'verify'
+      uses: ./.github/actions/constellation_verify
+      with:
+        cloudProvider: ${{ inputs.cloudProvider }}
+        osImage: ${{ inputs.osImage }}

.github/workflows/e2e-test-manual.yml

@@ -29,6 +29,7 @@ on:
           - "autoscaling"
           - "lb"
           - "k-bench"
+          - "verify"
           - "nop"
         required: true
       kubernetesVersion:

.github/workflows/e2e-test-weekly.yml

@@ -38,10 +38,17 @@ jobs:
       fail-fast: false
       max-parallel: 5
       matrix:
-        test: ["sonobuoy full", "autoscaling", "k-bench", "lb"]
+        test: ["sonobuoy full", "autoscaling", "k-bench", "lb", "verify"]
         provider: ["gcp", "azure", "aws"]
         version: ["1.23", "1.24", "1.25", "1.26"]
         exclude:
+          # Verify test runs only on latest version.
+          - test: "verify"
+            version: "1.23"
+          - test: "verify"
+            version: "1.24"
+          - test: "verify"
+            version: "1.25"
           # Autoscaling test runs only on latest version.
           - test: "autoscaling"
             version: "1.23"