e2e: GCP export to e2e using fake-gcs-server

e2e-tests/manifests/fake-gcs-server-deployment.yaml

@@ -0,0 +1,38 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fake-gcs-server
+  labels:
+    app: fake-gcs-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fake-gcs-server
+  template:
+    metadata:
+      labels:
+        app: fake-gcs-server
+    spec:
+      containers:
+      - name: fake-gcs-server
+        image: docker.io/fsouza/fake-gcs-server:latest
+        imagePullPolicy: Always
+        args:
+        - -scheme
+        - http
+        - -port
+        - "4443"
+        - -external-url
+        - http://fake-gcs-server:4443
+        ports:
+        - containerPort: 4443
+          name: http
+        readinessProbe:
+          httpGet:
+            path: /storage/v1/b
+            port: 4443
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 5

e2e-tests/manifests/fake-gcs-server-service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: fake-gcs-server
+  name: fake-gcs-server
+spec:
+  internalTrafficPolicy: Cluster
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - protocol: TCP
+    port: 4443
+    targetPort: 4443
+    name: http
+  selector:
+    app: fake-gcs-server
+  sessionAffinity: None
+  type: ClusterIP

e2e-tests/manifests/rapidast-vapi-configmap.yaml

@@ -3,6 +3,9 @@ data:
   config.yaml: |+
     config:
       configVersion: 5
+      googleCloudStorage:
+        bucketName: "rapidast-test-bucket"
+        directory: "e2e-test-results"
 
     # `application` contains data related to the application, not to the scans.
     application:

e2e-tests/manifests/rapidast-vapi-pod.yaml

@@ -5,10 +5,25 @@ metadata:
   name: rapidast-vapi
 spec:
   initContainers:
+    # Create GCS bucket in the emulator before running RapiDAST
+  - name: create-gcs-bucket
+    image: curlimages/curl:latest
+    command:
+    - sh
+    - -c
+    - |
+      echo "Creating GCS bucket 'rapidast-test-bucket' in emulator..."
+      curl -X POST http://fake-gcs-server:4443/storage/v1/b?project=test-project \
+        -H "Content-Type: application/json" \
+        -d '{"name":"rapidast-test-bucket"}' || true
+      echo "Bucket creation completed"
     # Run rapidast as initContainer, second container prints the results
   - image: ${IMAGE} # quay.io/redhatproductsecurity/rapidast:latest
     imagePullPolicy: Always
     name: rapidast
+    env:
+    - name: STORAGE_EMULATOR_HOST
+      value: "http://fake-gcs-server:4443"
     resources:
       limits:
         cpu: 1

e2e-tests/test_integration.py

@@ -4,6 +4,8 @@
 from typing import Optional
 from typing import Union
 
+from google.auth.credentials import AnonymousCredentials
+from google.cloud import storage
 from jsonschema import Draft7Validator
 from jsonschema import validate
 
@@ -16,6 +18,11 @@
 class TestRapiDAST(TestBase):
     def test_vapi(self):
         """Test rapidast find expected number of findings in VAPI"""
+        # Deploy fake GCS server for export testing
+        self.create_from_yaml(f"{self.tempdir}/fake-gcs-server-deployment.yaml")
+        self.create_from_yaml(f"{self.tempdir}/fake-gcs-server-service.yaml")
+        assert wait_until_ready(label_selector="app=fake-gcs-server")
+
         self.create_from_yaml(f"{self.tempdir}/vapi-deployment.yaml")
         self.create_from_yaml(f"{self.tempdir}/vapi-service.yaml")
         assert wait_until_ready(label_selector="app=vapi")
@@ -261,3 +268,40 @@ def validate_json_schema(data: dict, schema_path: str) -> bool:
 
     validate(instance=data, schema=schema, format_checker=Draft7Validator.FORMAT_CHECKER)
     return True
+
+
+def verify_gcs_export_succeeded(bucket_name: str, directory: str) -> bool:
+    """
+    Verify that RapiDAST successfully exported scan results to GCS emulator
+
+    Args:
+        bucket_name: Name of the GCS bucket to check
+        directory: Directory prefix where files should be stored
+
+    Returns:
+        True if at least one file was uploaded to the bucket
+
+    Raises:
+        AssertionError: If no files were found in the expected location
+    """
+    # Connect to fake GCS server using emulator host
+    os.environ["STORAGE_EMULATOR_HOST"] = "http://fake-gcs-server:4443"
+
+    client = storage.Client(credentials=AnonymousCredentials(), project="test-project")
+
+    bucket = client.get_bucket(bucket_name)
+
+    # List all blobs in the directory
+    blobs = list(bucket.list_blobs(prefix=directory))
+
+    assert len(blobs) > 0, f"No files found in GCS bucket '{bucket_name}' under directory '{directory}'"
+
+    # Verify at least one blob is a tar.gz file
+    tar_files = [blob for blob in blobs if blob.name.endswith(".tgz") or blob.name.endswith(".tar.gz")]
+    assert len(tar_files) > 0, f"No tar.gz files found in GCS export. Found blobs: {[b.name for b in blobs]}"
+
+    print(f"GCS export verification succeeded. Found {len(blobs)} blob(s) in bucket '{bucket_name}/{directory}'")
+    for blob in blobs:
+        print(f"  - {blob.name} ({blob.size} bytes)")
+
+    return True