eden
eden copied to clipboard
lf-edge
Add vTPM test
- TestVtpmIsRunningOnEVE checks if the vTPM process is running on the EVE node, it does this by checking if the vTPM control socket is open and the vTPM process is listening on it.
- TestVtpmIsStatePreservation checks if the vTPM state is preserved after a reboot, it does this by creating a key in the vTPM (through a VM running on EVE) and then rebooting the EVE node, after the reboot it checks if the key is still present in the vTPM, by getting the list of vTPM persistent keys (through the the VM running on EVE).
- TestAzureIotTPMEndrolmentWithVTPM tests the end-to-end scenario of enrolling a TPM device in Azure IoT Hub, this test will create a TPM enrollment in Azure IoT Hub, configure the Azure IoT Edge in a VM running on EVE, and check if the services are running.
This tests https://github.com/lf-edge/eve/pull/4071
- [x] Wait for next release with https://github.com/lf-edge/eve/pull/4204
- [x] Open a PR to set eve tag to the latest
- [x] Rebase against latest master
- [ ] Reduce the test verbosity before merging
/cc @eriknordmark
should go after https://github.com/lf-edge/eden/pull/1012 and https://github.com/lf-edge/eden/pull/1013
Running it locally with secrets available works fine and test pass, and when I run it using ./eden test tests/workflow/ -s smoke.tests.txt it fails as expected, complaining about the environment variables not being set :
--- FAIL: TestEdenScripts (0.00s)
--- FAIL: TestEdenScripts/tpm_eden (88.65s)
testscript.go:418:
> test eden.aziot.test
testProg: /home/shah/shah-dev/eden/dist/bin/eden.aziot.test
[stdout]
configName: default
configFile: /home/shah/.eden/contexts/default.yml
time="2024-08-16T15:34:01+03:00" level=info msg="TestAzureIotTPMEndrolment with EVE-Tools and Proxy TPM started"
configName: default
configFile: /home/shah/.eden/contexts/default.yml
time="2024-08-16T15:34:01+03:00" level=debug msg="Will use config from /home/shah/.eden/contexts/default.yml"
time="2024-08-16T15:34:01+03:00" level=debug msg="Try to add config from $WORK/eden-config.yml"
configName: default
configFile: /home/shah/.eden/contexts/default.yml
time="2024-08-16T15:34:01+03:00" level=debug msg="Will use config from /home/shah/.eden/contexts/default.yml"
time="2024-08-16T15:34:01+03:00" level=debug msg="Try to add config from $WORK/eden-config.yml"
time="2024-08-16T15:34:01+03:00" level=debug msg="Will use config from /home/shah/.eden/contexts/default.yml"
time="2024-08-16T15:34:01+03:00" level=debug msg="Try to add config from $WORK/eden-config.yml"
time="2024-08-16T15:34:01+03:00" level=debug msg="new datastore created 1d1bff96-a0b6-4e22-bd37-708b1a703e43"
time="2024-08-16T15:34:01+03:00" level=info msg="Starting download of image from https://cloud-images.ubuntu.com/releases/20.04/release/ubuntu-20.04-server-cloudimg-amd64.img"
time="2024-08-16T15:34:01+03:00" level=info msg="Start download into eserver of ubuntu-20.04-server-cloudimg-amd64.img"
time="2024-08-16T15:34:01+03:00" level=info msg="Downloading... Ready 0 B"
time="2024-08-16T15:34:06+03:00" level=info msg="Downloading... Ready 214 MB"
time="2024-08-16T15:34:11+03:00" level=info msg="Downloading... Ready 465 MB"
time="2024-08-16T15:34:16+03:00" level=info msg="Image downloaded with size 627 MB and sha256 256c73e2d77808f834c66a5c40f4e97f91a70a6e6ce7424bc91b54b36aceadec"
time="2024-08-16T15:34:16+03:00" level=debug msg="new image created bf00e810-311c-46cb-a971-14c8bee3fc85"
config changed, to see config run 'eden controller edge-node get-config'
time="2024-08-16T15:34:16+03:00" level=debug msg="VersionIncrement 5->6"
time="2024-08-16T15:34:17+03:00" level=debug msg="config updated /home/shah/.eden/devUUID-8fd9ee4f-a9d1-465f-aa22-7f72d234963e.json"
time="2024-08-16T15:34:17+03:00" level=debug msg="state updated /home/shah/.eden/state-33c919bb-af75-477f-afbc-8f10eadbfca1.yml"
time="2024-08-16T15:34:17+03:00" level=info msg="deploy pod aziot-quizzical_curie with https://cloud-images.ubuntu.com/releases/20.04/release/ubuntu-20.04-server-cloudimg-amd64.img request sent"
time="2024-08-16T15:34:47+03:00" level=debug msg="will use remote adam loader"
time="2024-08-16T15:34:47+03:00" level=debug msg="NewRedisLoader init"
time="2024-08-16T15:34:47+03:00" level=debug msg="XRead from INFO_EVE_8fd9ee4f-a9d1-465f-aa22-7f72d234963e"
time="2024-08-16T15:34:47+03:00" level=debug msg="will use remote adam loader"
time="2024-08-16T15:34:47+03:00" level=debug msg="NewRedisLoader init"
time="2024-08-16T15:34:47+03:00" level=debug msg="XRead from METRICS_EVE_8fd9ee4f-a9d1-465f-aa22-7f72d234963e"
time="2024-08-16T15:35:27+03:00" level=info msg="TestAzureIotTPMEndrolment finished"
--- FAIL: TestAzureIotTPMEndrolmentWithEveTools (86.45s)
aziot_test.go:90: AZIOT_CONNECTION_STRING environment variable is not set
FAIL
config changed, to see config run 'eden controller edge-node get-config'
time="2024-08-16T15:35:27+03:00" level=debug msg="VersionIncrement 6->7"
time="2024-08-16T15:35:28+03:00" level=debug msg="config updated /home/shah/.eden/devUUID-8fd9ee4f-a9d1-465f-aa22-7f72d234963e.json"
time="2024-08-16T15:35:28+03:00" level=debug msg="state updated /home/shah/.eden/state-33c919bb-af75-477f-afbc-8f10eadbfca1.yml"
time="2024-08-16T15:35:28+03:00" level=info msg="app aziot-quizzical_curie stop done"
config changed, to see config run 'eden controller edge-node get-config'
time="2024-08-16T15:35:28+03:00" level=debug msg="VersionIncrement 7->8"
time="2024-08-16T15:35:29+03:00" level=debug msg="config updated /home/shah/.eden/devUUID-8fd9ee4f-a9d1-465f-aa22-7f72d234963e.json"
time="2024-08-16T15:35:29+03:00" level=debug msg="state updated /home/shah/.eden/state-33c919bb-af75-477f-afbc-8f10eadbfca1.yml"
time="2024-08-16T15:35:29+03:00" level=info msg="app aziot-quizzical_curie delete done"
time="2024-08-16T15:35:29+03:00" level=info msg="Azure IOT Hub Test finished"
but here it time out because the app is not available ?!
this is rebased against master and #1016 , clean it up after #1017 is merged.
@shjala can you rebase on master since I just merged #1019, let's see if the test works
Also there is this PR #1008 which bumps EVE version to 13.0.0, can we bump EVE version to 13.0.0 in your PR as well?
Do I get it right, that the scripts we have are the ones running inside VMs?
yes, the scripts are copied to vm to set up the azure-iot-edge and run the services, then I check if everything is running without error.
@yash-zededa the variables are still not accessible in the test, your help is much appreciated.
time="2024-09-16T13:06:44Z" level=fatal msg="AZIOT_CONNECTION_STRING environment variable is not set"
@yash-zededa the variables are still not accessible in the test, your help is much appreciated.
time="2024-09-16T13:06:44Z" level=fatal msg="AZIOT_CONNECTION_STRING environment variable is not set"
PR's won't have access to secrets. Unless WF uses pull_request_target
@yash-zededa the variables are still not accessible in the test, your help is much appreciated.
time="2024-09-16T13:06:44Z" level=fatal msg="AZIOT_CONNECTION_STRING environment variable is not set"PR's won't have access to secrets. Unless WF uses
pull_request_target
You mean there is no way to test this is working without merging?
@yash-zededa the variables are still not accessible in the test, your help is much appreciated.
time="2024-09-16T13:06:44Z" level=fatal msg="AZIOT_CONNECTION_STRING environment variable is not set"PR's won't have access to secrets. Unless WF uses
pull_request_targetYou mean there is no way to test this is working without merging?
Unfortunately, yes, this behavior is intentional from GitHub. If you want to test pull requests with logins, the workflow needs to be updated to trigger using pull_request_target, which will give the actions access to secrets for testing.
However, this approach allows anyone to modify the workflow and potentially access the secrets, so it's safer to prevent pull requests from triggering if there are any changes to the workflow.