Skip to content

Commit

Permalink
Add test for controller certificate change
Browse files Browse the repository at this point in the history
The test does the following:
1. deploy first app with userdata to EVE
2. create new signing certificate for controller
3. update controller's certificate and resign old config
4. deploy second app with userdata
5. reboot EVE
6. deploy third app with userdata
7. make sure all apps are running correclty

Signed-off-by: Paul Gaiduk <[email protected]>
  • Loading branch information
europaul committed Jan 18, 2024
1 parent 94cac32 commit abb1ae6
Show file tree
Hide file tree
Showing 2 changed files with 87 additions and 4 deletions.
81 changes: 81 additions & 0 deletions tests/eclient/testdata/ctrl_cert_change.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# Test of controller certificate change
# This test validates the re-encryption of an application's user data
# following a change in the controller's certificate, accompanied by an edge node reboot.
# The test involves deploying three applications to make sure the config is (re)applied to all of them.

{{$port := "2223"}}

{{$userdata := "variable=value"}}
{{define "eclient_image"}}docker://{{EdenConfig "eden.eclient.image"}}:{{EdenConfig "eden.eclient.tag"}}{{end}}

[!exec:bash] stop
[!exec:sleep] stop
[!exec:chmod] stop

exec chmod 600 {{EdenConfig "eden.tests"}}/eclient/image/cert/id_rsa

eden network create 10.11.12.0/24 -n n1
eden pod deploy -n eclient1 --memory=512MB --networks=n1 {{template "eclient_image"}} -p {{$port}}:22 --metadata={{$userdata}}

test eden.app.test -test.v -timewait 20m RUNNING eclient1

# generate new controller certificate
eden utils gen-signing-cert -o /tmp/signing-new.pem

# upload new certificate to controller, resign old config and reapply it
eden adam change-signing-cert --cert-file /tmp/signing-new.pem

# wait for changes to be applied
test eden.lim.test -test.v -timewait 15m -test.run TestLog -out content 'content:Rebuilding.intended.global.config,.reasons:.reconnecting.app'

eden pod deploy -n eclient2 --memory=512MB --networks=n1 {{template "eclient_image"}} --metadata={{$userdata}}

test eden.app.test -test.v -timewait 20m RUNNING eclient2

# check EVE got the new signing certificate
exec -t 2m bash check_sign_cert.sh

# send reboot command and wait in background
test eden.reboot.test -test.v -timewait=20m -reboot=1 -count=1 &

# wait for HALTED state which indicates that we are rebooting
test eden.app.test -test.v -timewait 5m HALTED eclient1
test eden.app.test -test.v -timewait 5m HALTED eclient2

# wait for RUNNING state after reboot
test eden.app.test -test.v -timewait 10m -check-new RUNNING eclient1
test eden.app.test -test.v -timewait 10m -check-new RUNNING eclient2

eden pod deploy -n eclient3 --memory=512MB --networks=n1 {{template "eclient_image"}} --metadata={{$userdata}}

# check all apps are RUNNING

test eden.app.test -test.v -timewait 20m RUNNING eclient1
test eden.app.test -test.v -timewait 20m RUNNING eclient2
test eden.app.test -test.v -timewait 20m RUNNING eclient3

# cleanup
eden pod delete eclient1
eden pod delete eclient2
eden pod delete eclient3
eden network delete n1

test eden.app.test -test.v -timewait 10m - eclient1
test eden.app.test -test.v -timewait 10m - eclient2
test eden.app.test -test.v -timewait 10m - eclient3
test eden.network.test -test.v -timewait 10m - n1

-- eden-config.yml --
{{/* Test's config. file */}}
test:
controller: adam://{{EdenConfig "adam.ip"}}:{{EdenConfig "adam.port"}}
eve:
{{EdenConfig "eve.name"}}:
onboard-cert: {{EdenConfigPath "eve.cert"}}
serial: "{{EdenConfig "eve.serial"}}"
model: {{EdenConfig "eve.devmodel"}}

-- check_sign_cert.sh --
EDEN={{EdenConfig "eden.root"}}/{{EdenConfig "eden.bin-dist"}}/{{EdenConfig "eden.eden-bin"}}
$EDEN eve ssh cat /persist/certs/server-signing-cert.pem > /tmp/server-signing-cert.pem
diff -Z /tmp/signing-new.pem /tmp/server-signing-cert.pem
10 changes: 6 additions & 4 deletions tests/workflow/smoke.tests.txt
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Number of tests
{{$tests := 22}}
{{$tests := 23}}
# EDEN_TEST_SETUP env. var. -- "y"(default) performs the EDEN setup steps
{{$setup := "y"}}
{{$setup_env := EdenGetEnv "EDEN_TEST_SETUP"}}
Expand Down Expand Up @@ -70,12 +70,14 @@ eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/metad
eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/userdata
/bin/echo Eden app log test (19/{{$tests}})
eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/app_logs
/bin/echo Eden change controller certificate test (20/{{$tests}})
eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/ctrl_cert_change

/bin/echo Eden Shutdown test (20/{{$tests}})
/bin/echo Eden Shutdown test (21/{{$tests}})
eden.escript.test -testdata ../eclient/testdata/ -test.run TestEdenScripts/shutdown_test

/bin/echo EVE reset (21/{{$tests}})
/bin/echo EVE reset (22/{{$tests}})
eden.escript.test -test.run TestEdenScripts/eden_reset

/bin/echo EVE security tests (22/{{$tests}})
/bin/echo EVE security tests (23/{{$tests}})
eden.escript.test -test.run TestEdenScripts/sec_eden

0 comments on commit abb1ae6

Please sign in to comment.