Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setup integration tests #619

Merged
merged 5 commits into from
Jan 17, 2025

Conversation

fitzthum
Copy link
Member

Creates a framework for writing Trustee integration tests in Rust.

Put your tests in integration-tests/tests/integration.rs (or a similar file) and they will run when you do cargo test at the top level.

I've added two simple integration tests. They aren't anything beyond what we already have in other tests, but they add a structure that should help us to create a lot more. Before I get too carried away, please take a look at the setup.

Note that running the KBS in the background was trickier than expected. I think I found a pretty good way to do it in the end.

Without this we can't create a token configuration from outside the
crate.

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
@fitzthum fitzthum requested a review from a team as a code owner December 10, 2024 20:23
@Xynnn007
Copy link
Member

Looks great! One question before getting into the code:

why not we directly have an tests directory under kbs to have these integration tests, like what we do in image-rs

A quick glance is that way we need to add kbs_client to kbs's [dev-dependencies] section in Cargo.toml.

This way, we could avoid another sub crate.

@fitzthum
Copy link
Member Author

fitzthum commented Dec 11, 2024

why not we directly have an tests directory under kbs to have these integration tests, like what we do in image-rs

I think this would work. I see the integration tests as having a broader scope than just the KBS, so I made a new package, but if that adds overhead I could move it. Generally I think that since the repo merge, we've had some stuff in individual packages that should really be in the top of the repo (like configs and docs, perhaps).

@fitzthum fitzthum force-pushed the setup-integration-tests branch from 1adf56a to b311ab0 Compare December 11, 2024 19:15
Copy link
Member

@Xynnn007 Xynnn007 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would make sense to have a separate crate if we want to add more tests. One question is that we are having some e2e test

  • docker-compose ci
  • e2e test here
  • this PR

Do we need to delete some duplicated ones?

integration-tests/tests/integration.rs Outdated Show resolved Hide resolved
integration-tests/Cargo.toml Outdated Show resolved Hide resolved
allow = false
";

#[allow(dead_code)]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need this lint macro?

Copy link
Member Author

@fitzthum fitzthum Dec 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Custom and DenyAll variants are never instantiated. I could move the dead code thing just to those variants but then I'd have to use it twice.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we comment them out if they just have informational value?

Copy link
Member Author

@fitzthum fitzthum Jan 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. I had to comment out some other stuff too since we have the set_policy function.

integration-tests/tests/integration.rs Outdated Show resolved Hide resolved
@fitzthum fitzthum force-pushed the setup-integration-tests branch from b311ab0 to 5d3767a Compare December 12, 2024 19:55
@fitzthum
Copy link
Member Author

@Xynnn007

Do we need to delete some duplicated ones?

Since these integration tests use the crate directly, they don't test the binaries or the docker-compose configuration or the k8s configuration. I think it's fine to keep some simple tests around that make sure that those interfaces still work. We should do a little bit of cleanup and organization with our existing tests, but I think that's for another PR.

@fitzthum fitzthum force-pushed the setup-integration-tests branch 3 times, most recently from 669f8e6 to 75dee21 Compare December 20, 2024 22:45
The existing serve function returns a future that must be awaited on for
the server to run. This causes the caller to block and does not allow
the server to be halted unless the process is terminated.

This is not ideal when using the server as a crate (or in a test).

Instead, add a function that returns a server which can then be awaited
on or run in the background.

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
@fitzthum fitzthum force-pushed the setup-integration-tests branch 3 times, most recently from fb4069f to ce92336 Compare December 20, 2024 23:19
@@ -28,10 +28,11 @@
package policy

import future.keywords.every
import future.keywords.if
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's going on here? was if not in the original simple-default-policy and should have been (so you added it)?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Our CI does a formatting check of the default policy using the OPA package. We don't pin the version of the package so sometimes it wants new things. Recently it has started complaining about not having if before blocks.

The versioning of OPA is a little squirrely but it hasn't been too big of an issue so far.

allow = false
";

#[allow(dead_code)]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we comment them out if they just have informational value?

@@ -81,7 +81,7 @@ uninstall:
rm -rf $(INSTALL_DESTDIR)/kbs $(INSTALL_DESTDIR)/kbs-client $(INSTALL_DESTDIR)/issuer-kbs $(INSTALL_DESTDIR)/resource-kbs

check:
cargo test -p kbs -p kbs-client
cargo test -p kbs -p kbs-client -p integration-tests
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change will get hit here in our regular workflows, right? (If so, that's what we want, I think.)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah. I considered adding another workflow for the integration tests, but I think it's best to keep it together. Note that this is just for checking the code itself, the actual tests will get run via the existing call to cargo test

Copy link
Member

@portersrc portersrc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

To support integration tests written in rust, let's add a new package
(which will only be used internally) called integration-tests.

Inside the package, we have a tests repo where we can put tests.

The package imports other trustee packages using a local path,
so it should always have the most recent version of things.

Now integration tests will run simply by doing cargo test at the top of
the repo.

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
Let the make check target (which maybe should be renamed?) also run the
integration tests.

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
The OPA linter seems to have updated and now complains if we don't use
an if before our blocks.

This is unrelated to the rest of this PR.

Signed-off-by: Tobin Feldman-Fitzthum <[email protected]>
@fitzthum fitzthum force-pushed the setup-integration-tests branch from ce92336 to 8c544b6 Compare January 8, 2025 22:24
@fitzthum
Copy link
Member Author

fitzthum commented Jan 8, 2025

@Xynnn007 PTAL

Copy link
Member

@Xynnn007 Xynnn007 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could do some code structure optimization later but it now looks good to me.

Sorry for the notifiaction mail has been drowned in my mailbox.

@mkulke mkulke added the test_e2e Authorize TEE e2e test run label Jan 17, 2025
@mkulke mkulke merged commit 4a619a1 into confidential-containers:main Jan 17, 2025
37 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
test_e2e Authorize TEE e2e test run
Projects
Status: We have a requirement
Development

Successfully merging this pull request may close these issues.

4 participants