From 2a374422c5e1c06d28d74efb2ee383fb458cba1d Mon Sep 17 00:00:00 2001 From: Wainer dos Santos Moschetta Date: Tue, 27 Feb 2024 11:43:58 -0300 Subject: [PATCH] tests/k8s: add function to install kbs-client Added kbs_install_cli function to build and install the kbs-client executable if not present into the system. Removed the stub from gha-run.sh; now the install kbs-client in the .github/workflows/run-kata-deploy-tests-on-aks.yaml will effectively install the executable. Signed-off-by: Wainer dos Santos Moschetta --- .../kubernetes/confidential_kbs.sh | 65 +++++++++++++++++++ tests/integration/kubernetes/gha-run.sh | 2 +- versions.yaml | 1 + 3 files changed, 67 insertions(+), 1 deletion(-) diff --git a/tests/integration/kubernetes/confidential_kbs.sh b/tests/integration/kubernetes/confidential_kbs.sh index 0e78366a47..d33c1b5865 100644 --- a/tests/integration/kubernetes/confidential_kbs.sh +++ b/tests/integration/kubernetes/confidential_kbs.sh @@ -14,6 +14,8 @@ set -o pipefail kubernetes_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # shellcheck disable=1091 source "${kubernetes_dir}/../../gha-run-k8s-common.sh" +# shellcheck disable=1091 +source "${kubernetes_dir}/../../../ci/lib.sh" # Where the kbs sources will be cloned readonly COCO_KBS_DIR="/tmp/kbs" @@ -22,6 +24,38 @@ readonly KBS_NS="coco-tenant" # The kbs service name readonly KBS_SVC_NAME="kbs" +# Build and install the kbs-client binary, unless it is already present. +# +kbs_install_cli() { + command -v kbs-client >/dev/null && return + + if ! command -v apt >/dev/null; then + >&2 echo "ERROR: running on unsupported distro" + return 1 + fi + + local pkgs="build-essential" + + sudo apt-get update -y + # shellcheck disable=2086 + sudo apt-get install -y $pkgs + + # Mininum required version to build the client (read from versions.yaml) + local rust_version + ensure_yq + rust_version=$(get_from_kata_deps "externals.coco-kbs.toolchain") + # Currently kata version from version.yaml is 1.72.0 + # which doesn't match the requirement, so let's pass + # the required version. + _ensure_rust "$rust_version" + + pushd "${COCO_KBS_DIR}/kbs" + # Compile with sample features to bypass attestation. + make CLI_FEATURES=sample_only cli + sudo make install-cli + popd +} + # Delete the kbs on Kubernetes # # Note: assume the kbs sources were cloned to $COCO_KBS_DIR @@ -194,6 +228,37 @@ kbs_k8s_svc_http_addr() { echo "http://${host}:${port}" } +# Ensure rust is installed in the host. +# +# It won't install rust if it's already present, however, if the current +# version isn't greater or equal than the mininum required then it will +# bail out with an error. +# +_ensure_rust() { + rust_version=${1:-} + + if ! command -v rustc >/dev/null; then + "${kubernetes_dir}/../../install_rust.sh" "${rust_version}" + + # shellcheck disable=1091 + source "$HOME/.cargo/env" + else + [ -z "$rust_version" ] && return + + # We don't want to mess with installation on bare-metal so + # if rust is installed then just check it's >= the required + # version. + # + local current_rust_version + current_rust_version="$(rustc --version | cut -d' ' -f2)" + if ! version_greater_than_equal "${current_rust_version}" \ + "${rust_version}"; then + >&2 echo "ERROR: installed rust $current_rust_version < $rust_version (required)" + return 1 + fi + fi +} + # Choose the appropriated ingress handler. # # To add a new handler, create a function named as _handle_ingress_NAME where diff --git a/tests/integration/kubernetes/gha-run.sh b/tests/integration/kubernetes/gha-run.sh index 0c5a259ce0..e91bf7b20c 100755 --- a/tests/integration/kubernetes/gha-run.sh +++ b/tests/integration/kubernetes/gha-run.sh @@ -191,7 +191,7 @@ function deploy_kata() { } function install_kbs_client() { - echo "TODO: install kbs-client - https://github.com/kata-containers/kata-containers/pull/9114" + kbs_install_cli } function run_tests() { diff --git a/versions.yaml b/versions.yaml index 625537641d..f46456eb0c 100644 --- a/versions.yaml +++ b/versions.yaml @@ -205,6 +205,7 @@ externals: version: "18c8ee378c6d83446ee635a702d5dee389028d8f" image: "ghcr.io/confidential-containers/staged-images/kbs" image_tag: "18c8ee378c6d83446ee635a702d5dee389028d8f" + toolchain: "1.74.0" conmon: description: "An OCI container runtime monitor"