fix e2e test

edgelesssys · Sep 18, 2023 · c38a4fc · c38a4fc
1 parent 040fac6
commit c38a4fc
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 16 deletions.
diff --git a/internal/api/attestationconfigapi/cli/e2e/test.sh.in b/internal/api/attestationconfigapi/cli/e2e/test.sh.in
@@ -40,35 +40,54 @@ cat << EOF > "$claim_path"
 }
 EOF
 
-readonly date="2023-02-02-03-04"
+# has an older version
+readonly older_claim_path="$tmpdir/maaClaimOld.json"
+cat << EOF > "$older_claim_path"
+{
+  "x-ms-isolation-tee": {
+    "x-ms-sevsnpvm-tee-svn": 1,
+    "x-ms-sevsnpvm-snpfw-svn": 9,
+    "x-ms-sevsnpvm-microcode-svn": 115,
+    "x-ms-sevsnpvm-bootloader-svn": 4
+  }
+}
+EOF
+
+# report 3 versions with different dates to fill the reporter cache
+readonly date="2023-02-03-03-04"
 ${configapi_cli} --maa-claims-path "$claim_path" --upload-date "$date" --region "$region" --bucket "$bucket" --distribution "$distribution"
+readonly date_older="2023-02-02-03-04"
+${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --distribution "$distribution"
+readonly date_yet_older="2023-02-01-03-04"
+${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_yet_older" --region "$region" --bucket "$bucket" --distribution "$distribution"
 
+# expect that the older version was expected as new latest version
 baseurl="https://d33dzgxuwsgbpw.cloudfront.net/constellation/v1/attestation/azure-sev-snp"
-if ! curl -fsSL ${baseurl}/${date}.json > /dev/null; then
-  echo "Checking for uploaded version file constellation/v1/attestation/azure-sev-snp/${date}.json: request returned ${?}"
+if ! curl -fsSL ${baseurl}/${date_yet_older}.json > /dev/null; then
+  echo "Checking for uploaded version file constellation/v1/attestation/azure-sev-snp/${date_yet_older}.json: request returned ${?}"
   exit 1
 fi
 
-if ! curl -fsSL ${baseurl}/${date}.json.sig > /dev/null; then
-  echo "Checking for uploaded version signature file constellation/v1/attestation/azure-sev-snp/${date}.json.sig: request returned ${?}"
+if ! curl -fsSL ${baseurl}/${date_yet_older}.json.sig > /dev/null; then
+  echo "Checking for uploaded version signature file constellation/v1/attestation/azure-sev-snp/${date_yet_older}.json.sig: request returned ${?}"
   exit 1
 fi
 
 if ! curl -fsSL ${baseurl}/list > /dev/null; then
   echo "Checking for uploaded list file constellation/v1/attestation/azure-sev-snp/list: request returned ${?}"
   exit 1
 fi
-${configapi_cli} delete --version "$date" --region "$region" --bucket "$bucket" --distribution "$distribution"
+${configapi_cli} delete --version "$date_yet_older" --region "$region" --bucket "$bucket" --distribution "$distribution"
 
 # Omit -f to check for 404. We want to check that a file was deleted, therefore we expect the query to fail.
-http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null ${baseurl}/${date}.json)
+http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null ${baseurl}/${date_yet_older}.json)
 if [[ $http_code -ne 404 ]]; then
-  echo "Expected HTTP code 404 for: constellation/v1/attestation/azure-sev-snp/${date}.json, but got ${http_code}"
+  echo "Expected HTTP code 404 for: constellation/v1/attestation/azure-sev-snp/${date_yet_older}.json, but got ${http_code}"
   exit 1
 fi
 # Omit -f to check for 404. We want to check that a file was deleted, therefore we expect the query to fail.
-http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null ${baseurl}/${date}.json.sig)
+http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null ${baseurl}/${date_yet_older}.json.sig)
 if [[ $http_code -ne 404 ]]; then
-  echo "Expected HTTP code 404 for: constellation/v1/attestation/azure-sev-snp/${date}.json, but got ${http_code}"
+  echo "Expected HTTP code 404 for: constellation/v1/attestation/azure-sev-snp/${date_yet_older}.json, but got ${http_code}"
   exit 1
 fi
diff --git a/internal/api/attestationconfigapi/cli/main.go b/internal/api/attestationconfigapi/cli/main.go
@@ -133,7 +133,7 @@ func runCmd(cmd *cobra.Command, _ []string) (retErr error) {
 	if err := reporter.ReportAzureSEVSNPVersion(ctx, inputVersion, flags.uploadDate); err != nil {
 		return fmt.Errorf("reporting version: %w", err)
 	}
-	if err := reporter.UpdateLatestVersion(ctx, latestAPIVersion); err != nil {
+	if err := reporter.UpdateLatestVersion(ctx, latestAPIVersion, flags.uploadDate); err != nil {
 		return fmt.Errorf("updating latest version: %w", err)
 	}
 

diff --git a/internal/api/attestationconfigapi/reporter.go b/internal/api/attestationconfigapi/reporter.go
@@ -22,6 +22,7 @@ import (
 )
 
 // cachedVersionsSubDir is the subdirectory in the bucket where the cached versions are stored.
+// TODO(elchead): store in a different directory so that it is not mirrored to the CDN?
 const cachedVersionsSubDir = "cached-versions"
 
 // timeFrameForCachedVersions defines the time frame for reported versions which are considered to define the latest version.
@@ -33,6 +34,7 @@ var reportVersionDir = path.Join(attestationURLPath, variant.AzureSEVSNP{}.Strin
 type Reporter struct {
 	// Client is the client to the config api.
 	*Client
+	// s3client: but no cache invalidation for upload -> new client
 }
 
 // ReportAzureSEVSNPVersion uploads the latest observed version numbers of the Azure SEVSNP. This version is used to later report the latest version numbers to the API.
@@ -45,7 +47,7 @@ func (r Reporter) ReportAzureSEVSNPVersion(ctx context.Context, version AzureSEV
 	return res.Execute(ctx, r.s3Client)
 }
 
-func (r Reporter) listReportedVersions(ctx context.Context, timeFrame time.Duration) ([]string, error) {
+func (r Reporter) listReportedVersions(ctx context.Context, timeFrame time.Duration, now time.Time) ([]string, error) {
 	list, err := r.s3Client.ListObjectsV2(ctx, &s3.ListObjectsV2Input{
 		Bucket: aws.String(r.bucketID),
 		Prefix: aws.String(reportVersionDir),
@@ -60,14 +62,14 @@ func (r Reporter) listReportedVersions(ctx context.Context, timeFrame time.Durat
 			dates = append(dates, fileName[:len(fileName)-5])
 		}
 	}
-	return filterDatesWithinTime(dates, time.Now(), timeFrame), nil
+	return filterDatesWithinTime(dates, now, timeFrame), nil
 }
 
 // UpdateLatestVersion checks the reported version values
 // and updates the latest version of the Azure SEVSNP in the API if there is an update .
-func (r Reporter) UpdateLatestVersion(ctx context.Context, latestAPIVersion AzureSEVSNPVersion) error {
+func (r Reporter) UpdateLatestVersion(ctx context.Context, latestAPIVersion AzureSEVSNPVersion, now time.Time) error {
 	// get the reported version values of the last 3 weeks
-	versionDates, err := r.listReportedVersions(ctx, timeFrameForCachedVersions)
+	versionDates, err := r.listReportedVersions(ctx, timeFrameForCachedVersions, now)
 	if err != nil {
 		return fmt.Errorf("list reported versions: %w", err)
 	}

diff --git a/internal/staticupload/staticupload.go b/internal/staticupload/staticupload.go
@@ -109,7 +109,6 @@ func New(ctx context.Context, config Config, log *logger.Logger) (*Client, Close
 	}
 	s3Client := s3.NewFromConfig(cfg)
 	uploadClient := s3manager.NewUploader(s3Client)
-
 	cdnClient := cloudfront.NewFromConfig(cfg)
 
 	client := &Client{