diff --git a/.github/actions/e2e_malicious_join/action.yml b/.github/actions/e2e_malicious_join/action.yml index 3862cbfd26..99142c5fd9 100644 --- a/.github/actions/e2e_malicious_join/action.yml +++ b/.github/actions/e2e_malicious_join/action.yml @@ -34,12 +34,13 @@ runs: [ \"/malicious-join_bin\", \ \"--js-endpoint=join-service.kube-system:9090\", \ \"--csp=${{ inputs.cloudProvider }}\", \ - \"--variant=default\" ]" job.yaml + \"--variant=default\" ]" stamped_job.yaml + kubectl create ns malicious-join - kubectl apply -n malicious-join -f job.yaml + kubectl apply -n malicious-join -f stamped_job.yaml kubectl wait -n malicious-join --for=condition=complete --timeout=10m job/malicious-join kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq '.' - ALL_TESTS_PASSED=$(kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq -r '.allPassed') + ALL_TESTS_PASSED=$(kubectl logs -n malicious-join job/malicious-join | tail -n 1 | jq -r '.result.allPassed') if [[ "$ALL_TESTS_PASSED" != "true" ]]; then kubectl logs -n malicious-join job/malicious-join kubectl logs -n kube-system svc/join-service diff --git a/e2e/malicious-join/BUILD.bazel b/e2e/malicious-join/BUILD.bazel index 62c047033c..0075cdf454 100644 --- a/e2e/malicious-join/BUILD.bazel +++ b/e2e/malicious-join/BUILD.bazel @@ -2,6 +2,7 @@ load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun") load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push") load("@rules_pkg//:pkg.bzl", "pkg_tar") +load("//bazel/oci:containers.bzl", "container_reponame") load("//bazel/sh:def.bzl", "sh_template") go_library( @@ -15,6 +16,7 @@ go_library( "//internal/grpc/dialer", "//internal/logger", "//joinservice/joinproto", + "@org_uber_go_zap//:zap", "@org_uber_go_zap//zapcore", ], ) @@ -46,13 +48,19 @@ oci_image( visibility = ["//visibility:public"], ) +container_reponame( + name = "container_name", + container_name = "malicious-join-test", +) + genrule( name = "malicious-join-test_repotag", srcs = [ + ":container_name", "//bazel/settings:tag", ], outs = ["repotag.txt"], - cmd = "echo -n 'ghcr.io/edgelesssys/malicious-join-test:' | cat - $(location //bazel/settings:tag) > $@", + cmd = "cat $(location :container_name) <(echo -n :) $(location //bazel/settings:tag) > $@", visibility = ["//visibility:public"], ) diff --git a/e2e/malicious-join/job.yaml b/e2e/malicious-join/job.yaml index 7a67968fd6..79d1ed9e99 100644 --- a/e2e/malicious-join/job.yaml +++ b/e2e/malicious-join/job.yaml @@ -7,6 +7,6 @@ spec: spec: containers: - name: malicious-join - image: ghcr.io/edgelesssys/malicious-join-test:latest@sha256:f36fe306d50a6731ecdae3920682606967eb339fdd1a1e978b0ce39c2ab744bd + image: placeholder restartPolicy: Never backoffLimit: 0 # Do not retry diff --git a/e2e/malicious-join/job_template.sh.in b/e2e/malicious-join/job_template.sh.in index cd1fed0bd2..d065203d6d 100644 --- a/e2e/malicious-join/job_template.sh.in +++ b/e2e/malicious-join/job_template.sh.in @@ -22,5 +22,5 @@ else workdir="$1" fi -echo "Stamping job deployment with $REPO_TAG" -$yq eval '.spec.template.spec.containers[0].image |= "ghcr.io/edgelesssys/malicious-join-test:" + load_str(strenv(REPO_TAG))' "$template" > "$workdir/stamped_job.yaml" +echo "Stamping job deployment with $(cat "${REPO_TAG}")" +$yq eval ".spec.template.spec.containers[0].image = \"$(cat "${REPO_TAG}")\"" "$template" > "$workdir/stamped_job.yaml" diff --git a/e2e/malicious-join/malicious-join.go b/e2e/malicious-join/malicious-join.go index ebdbe6ba8f..a8894d0231 100644 --- a/e2e/malicious-join/malicious-join.go +++ b/e2e/malicious-join/malicious-join.go @@ -20,10 +20,14 @@ import ( "github.com/edgelesssys/constellation/v2/internal/grpc/dialer" "github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/joinservice/joinproto" + "go.uber.org/zap" "go.uber.org/zap/zapcore" ) func main() { + log := logger.New(logger.JSONLog, zapcore.DebugLevel) + defer log.Sync() + jsEndpoint := flag.String("js-endpoint", "", "Join service endpoint to use.") csp := flag.String("csp", "", "Cloud service provider to use.") attVariant := flag.String( @@ -33,10 +37,14 @@ func main() { "or one of: %s", variant.GetAvailableAttestationVariants()), ) flag.Parse() - fmt.Println(formatFlags(*attVariant, *csp, *jsEndpoint)) + log.With( + zap.String("js-endpoint", *jsEndpoint), + zap.String("csp", *csp), + zap.String("variant", *attVariant), + ).Infof("Running tests with flags") testCases := map[string]struct { - fn func(attVariant, csp, jsEndpoint string) error + fn func(attVariant, csp, jsEndpoint string, log *logger.Logger) error wantErr bool }{ "JoinFromUnattestedNode": { @@ -50,48 +58,44 @@ func main() { TestCases: make(map[string]testCaseOutput), } for name, tc := range testCases { - fmt.Printf("Running testcase %s\n", name) + log.With(zap.String("testcase", name)).Infof("Running testcase") - err := tc.fn(*attVariant, *csp, *jsEndpoint) + err := tc.fn(*attVariant, *csp, *jsEndpoint, log) switch { case err == nil && tc.wantErr: - fmt.Printf("Test case %s failed: Expected error but got none\n", name) + log.With(zap.Error(err), zap.String("testcase", name)).Errorf("Test case failed: Expected error but got none") testOutput.TestCases[name] = testCaseOutput{ Passed: false, Message: "Expected error but got none", } allPassed = false case !tc.wantErr && err != nil: - fmt.Printf("Test case %s failed: Got unexpected error: %s\n", name, err) + log.With(zap.Error(err), zap.String("testcase", name)).Errorf("Test case failed: Got unexpected error") testOutput.TestCases[name] = testCaseOutput{ Passed: false, Message: fmt.Sprintf("Got unexpected error: %s", err), } allPassed = false case tc.wantErr && err != nil: - fmt.Printf("Test case %s succeeded\n", name) + log.With(zap.String("testcase", name)).Infof("Test case succeeded") testOutput.TestCases[name] = testCaseOutput{ Passed: true, Message: fmt.Sprintf("Got expected error: %s", err), } case !tc.wantErr && err == nil: - fmt.Printf("Test case %s succeeded\n", name) + log.With(zap.String("testcase", name)).Infof("Test case succeeded") testOutput.TestCases[name] = testCaseOutput{ Passed: true, Message: "No error, as expected", } default: - panic("invalid result") + log.With(zap.String("testcase", name)).Fatalf("invalid result") } } testOutput.AllPassed = allPassed - out, err := json.Marshal(testOutput) - if err != nil { - panic(fmt.Sprintf("marshalling test output: %s", err)) - } - fmt.Println(string(out)) + log.With(zap.Any("result", testOutput)).Infof("Test completed") } type testOutput struct { @@ -104,19 +108,9 @@ type testCaseOutput struct { Message string `json:"message"` } -func formatFlags(attVariant, csp, jsEndpoint string) string { - var sb strings.Builder - sb.WriteString("Using Flags:\n") - sb.WriteString(fmt.Sprintf("\tjs-endpoint: %s\n", jsEndpoint)) - sb.WriteString(fmt.Sprintf("\tcsp: %s\n", csp)) - sb.WriteString(fmt.Sprintf("\tvariant: %s\n", attVariant)) - return sb.String() -} - // JoinFromUnattestedNode simulates a join request from a Node that uses a stub issuer // and thus cannot be attested correctly. -func JoinFromUnattestedNode(attVariant, csp, jsEndpoint string) error { - log := logger.New(logger.JSONLog, zapcore.DebugLevel) +func JoinFromUnattestedNode(attVariant, csp, jsEndpoint string, log *logger.Logger) error { joiner, err := newMaliciousJoiner(attVariant, csp, jsEndpoint, log) if err != nil { return fmt.Errorf("creating malicious joiner: %w", err)