kuttl integration test

Run an e2e test with ephemeral kind cluster.
Usage: REGISTRY=<docker-registry> make e2e-test

Signed-off-by: Leonardo Milleri <[email protected]>

Author: lmilleri

Makefile

@@ -172,6 +172,15 @@ build-installer: manifests generate kustomize ## Generate a consolidated YAML wi
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	$(KUSTOMIZE) build config/default > dist/install.yaml
 
+# Run sample attestation in a kind cluster
+# pre-requirements: k8s kuttl plugin installed
+# you can change the trustee image by defining the env variable KBS_IMAGE_NAME
+# Usage: REGISTRY=<user-registry> KBS_IMAGE_NAME=<trustee-image> make e2e-test
+.PHONY: e2e-test
+e2e-test:
+	@[ "${REGISTRY}" ] || ( echo ">> REGISTRY is not set. Usage: REGISTRY=<user-registry> make e2e-test"; exit 1 )
+	kubectl kuttl test
+
 ##@ Build Dependencies
 
 ## Location to install dependencies to

README.md

@@ -312,6 +312,18 @@ which provide a reconcile function responsible for synchronizing resources until
 
 **NOTE:** You can also run this in one step by running: `make install run`
 
+### Integration tests
+
+An attestation with the sample-attester is performed in an ephemeral kind cluster
+Pre-requirements:
+- k8s kuttl plugin installed
+
+Optional: set the env variable KBS_IMAGE_NAME to override the default trustee image
+
+  ```sh
+  REGISTRY=<docker-registry> make e2e-test
+  ```
+
 ### Modifying the API definitions
 
 If you are editing the API definitions, generate the manifests such as CRs or CRDs using:

kuttl-test.yaml

@@ -0,0 +1,6 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestSuite
+startKIND: true
+testDirs:
+- tests/e2e/
+timeout: 120

tests/e2e/sample-attester/00-assert.yaml

@@ -0,0 +1,7 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: trustee-operator-controller-manager
+  namespace: trustee-operator-system
+status:
+  readyReplicas: 1

tests/e2e/sample-attester/00-install.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: ./install-operator.sh

tests/e2e/sample-attester/01-assert.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kbs-auth-public-key
+  namespace: trustee-operator-system

tests/e2e/sample-attester/01-auth-secret.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: ./create-auth-secret.sh

tests/e2e/sample-attester/02-assert.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kbsres1
+  namespace: trustee-operator-system

tests/e2e/sample-attester/02-kbs-secret.yaml

@@ -0,0 +1,4 @@
+apiVersion: kuttl.dev/v1beta1
+kind: TestStep
+commands:
+  - command: ./create-other-secret.sh

tests/e2e/sample-attester/03-kbs-config.yaml

@@ -0,0 +1,36 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kbs-config
+  namespace: trustee-operator-system
+data:
+  kbs-config.json: |
+    {
+        "insecure_http" : true,
+        "sockets": ["0.0.0.0:8080"],
+        "auth_public_key": "/etc/auth-secret/publicKey",
+        "attestation_token_config": {
+          "attestation_token_type": "CoCo"
+        },
+        "repository_config": {
+          "type": "LocalFs",
+          "dir_path": "/opt/confidential-containers/kbs/repository"
+        },
+        "as_config": {
+          "work_dir": "/opt/confidential-containers/attestation-service",
+          "policy_engine": "opa",
+          "attestation_token_broker": "Simple",
+          "attestation_token_config": {
+            "duration_min": 5
+          },
+          "rvps_config": {
+            "store_type": "LocalJson",
+            "store_config": {
+              "file_path": "/opt/confidential-containers/rvps/reference-values/reference-values.json"
+            }
+          }
+        },
+        "policy_engine_config": {
+          "policy_path": "/opt/confidential-containers/opa/policy.rego"
+        }
+    }