diff --git a/node-installer/node-installer_test.go b/node-installer/node-installer_test.go index 49e8901f70..76ce5dda2c 100644 --- a/node-installer/node-installer_test.go +++ b/node-installer/node-installer_test.go @@ -18,11 +18,19 @@ import ( var ( //go:embed testdata/expected-aks-clh-snp.toml expectedConfAKSCLHSNP []byte - //go:embed testdata/expected-bare-metal-qemu-tdx.toml expectedConfBareMetalQEMUTDX []byte //go:embed testdata/expected-bare-metal-qemu-snp.toml expectedConfBareMetalQEMUSNP []byte + + //go:embed testdata/input-bare-metal-qemu-tdx.toml.tmpl + inputConfTmplBareMetalQEMUTDX []byte + //go:embed testdata/expected-bare-metal-qemu-tdx.toml.tmpl + expectedConfTmplBareMetalQEMUTDX []byte + //go:embed testdata/input-bare-metal-qemu-snp.toml.tmpl + inputConfTmplBareMetalQEMUSNP []byte + //go:embed testdata/expected-bare-metal-qemu-snp.toml.tmpl + expectedConfTmplBareMetalQEMUSNP []byte ) func TestPatchContainerdConfig(t *testing.T) { @@ -74,3 +82,59 @@ func TestPatchContainerdConfig(t *testing.T) { }) } } + +func TestPatchContainerdConfigTemplate(t *testing.T) { + testCases := map[string]struct { + platform platforms.Platform + input []byte + expected []byte + }{ + "BareMetalQEMUTDX": { + platform: platforms.K3sQEMUTDX, + input: inputConfTmplBareMetalQEMUTDX, + expected: expectedConfTmplBareMetalQEMUTDX, + }, + "BareMetalQEMUSNP": { + platform: platforms.K3sQEMUSNP, + input: inputConfTmplBareMetalQEMUSNP, + expected: expectedConfTmplBareMetalQEMUSNP, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + assert := assert.New(t) + require := require.New(t) + + tmpDir, err := os.MkdirTemp("", "patch-containerd-config-test") + require.NoError(err) + t.Cleanup(func() { _ = os.RemoveAll(tmpDir) }) + + // Unlike patchContainerdConfig, patchContainerdConfigTemplate + // requires the file to exist already. Create one. + configTemplatePath := filepath.Join(tmpDir, "config.toml.tmpl") + err = os.WriteFile(configTemplatePath, tc.input, os.ModePerm) + require.NoError(err) + + // Testing patching a config template. + + err = patchContainerdConfigTemplate("my-runtime", "/opt/edgeless/my-runtime", + configTemplatePath, tc.platform) + require.NoError(err) + + configData, err := os.ReadFile(configTemplatePath) + require.NoError(err) + assert.Equal(string(tc.expected), string(configData)) + + // Test that patching the same template twice doesn't change it. + + err = patchContainerdConfigTemplate("my-runtime", "/opt/edgeless/my-runtime", + configTemplatePath, tc.platform) + require.NoError(err) + + configData, err = os.ReadFile(configTemplatePath) + require.NoError(err) + assert.Equal(string(tc.expected), string(configData)) + }) + } +} diff --git a/node-installer/testdata/expected-bare-metal-qemu-snp.toml.tmpl b/node-installer/testdata/expected-bare-metal-qemu-snp.toml.tmpl new file mode 100644 index 0000000000..349d39770e --- /dev/null +++ b/node-installer/testdata/expected-bare-metal-qemu-snp.toml.tmpl @@ -0,0 +1,10 @@ +{{ template "base" . }} + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.my-runtime] +runtime_type = 'io.containerd.contrast-cc.v2' +runtime_path = '/opt/edgeless/my-runtime/bin/containerd-shim-contrast-cc-v2' +pod_annotations = ['io.katacontainers.*'] +privileged_without_host_devices = true + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.my-runtime.options] +ConfigPath = '/opt/edgeless/my-runtime/etc/configuration-qemu-snp.toml' diff --git a/node-installer/testdata/expected-bare-metal-qemu-tdx.toml.tmpl b/node-installer/testdata/expected-bare-metal-qemu-tdx.toml.tmpl new file mode 100644 index 0000000000..182cc742e3 --- /dev/null +++ b/node-installer/testdata/expected-bare-metal-qemu-tdx.toml.tmpl @@ -0,0 +1,10 @@ +{{ template "base" . }} + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.my-runtime] +runtime_type = 'io.containerd.contrast-cc.v2' +runtime_path = '/opt/edgeless/my-runtime/bin/containerd-shim-contrast-cc-v2' +pod_annotations = ['io.katacontainers.*'] +privileged_without_host_devices = true + +[plugins.'io.containerd.grpc.v1.cri'.containerd.runtimes.my-runtime.options] +ConfigPath = '/opt/edgeless/my-runtime/etc/configuration-qemu-tdx.toml' diff --git a/node-installer/testdata/input-bare-metal-qemu-snp.toml.tmpl b/node-installer/testdata/input-bare-metal-qemu-snp.toml.tmpl new file mode 100644 index 0000000000..99435df5ec --- /dev/null +++ b/node-installer/testdata/input-bare-metal-qemu-snp.toml.tmpl @@ -0,0 +1 @@ +{{ template "base" . }} diff --git a/node-installer/testdata/input-bare-metal-qemu-tdx.toml.tmpl b/node-installer/testdata/input-bare-metal-qemu-tdx.toml.tmpl new file mode 100644 index 0000000000..99435df5ec --- /dev/null +++ b/node-installer/testdata/input-bare-metal-qemu-tdx.toml.tmpl @@ -0,0 +1 @@ +{{ template "base" . }} diff --git a/packages/by-name/contrast-node-installer/package.nix b/packages/by-name/contrast-node-installer/package.nix index 257ed47bcd..b2d29ddc70 100644 --- a/packages/by-name/contrast-node-installer/package.nix +++ b/packages/by-name/contrast-node-installer/package.nix @@ -24,6 +24,7 @@ buildGoModule { (path.append root "go.mod") (path.append root "go.sum") (fileset.fileFilter (file: hasSuffix ".toml" file.name) root) + (fileset.fileFilter (file: hasSuffix ".toml.tmpl" file.name) root) (fileset.fileFilter (file: hasSuffix ".go" file.name) root) ]; };