-
Notifications
You must be signed in to change notification settings - Fork 82
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
scripts/run_tests.sh: Extract reusable functionality
The scripts/lib_tests.sh file provides functionality that can be reused in other tests running scripts as well. Signed-off-by: Costin Lupu <[email protected]>
- Loading branch information
1 parent
eac8ea2
commit 6772f6f
Showing
2 changed files
with
178 additions
and
113 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,159 @@ | ||
#!/bin/bash -x | ||
# | ||
# Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
TEST_SUITES_FAILED=0 | ||
TEST_SUITES_TOTAL=0 | ||
|
||
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
export NITRO_CLI_BLOBS="$SCRIPTDIR/../blobs" | ||
export NITRO_CLI_ARTIFACTS="$SCRIPTDIR/../build" | ||
|
||
ARCH="$(uname -m)" | ||
AWS_ACCOUNT_ID=667861386598 | ||
|
||
test_start() { | ||
TEST_SUITES_TOTAL=$((TEST_SUITES_TOTAL + 1)) | ||
} | ||
|
||
# Indicate that the test suite has failed | ||
register_test_fail() { | ||
TEST_SUITES_FAILED=$((TEST_SUITES_FAILED + 1)) | ||
} | ||
|
||
# Force the test suite to end in failure | ||
test_failed() { | ||
register_test_fail | ||
clean_up_and_exit | ||
} | ||
|
||
# Clean up and exit with the current test suite's status | ||
clean_up_and_exit() { | ||
driver_unload nitro_enclaves || register_test_fail | ||
|
||
make clean | ||
|
||
enclaves_images_clean | ||
|
||
exit $TEST_SUITES_FAILED | ||
} | ||
|
||
driver_is_not_loaded() { | ||
local driver_name="$1" | ||
[ "$(lsmod | grep -cw $driver_name)" -eq 0 ] | ||
} | ||
|
||
driver_unload() { | ||
local driver_name="$1" | ||
driver_is_not_loaded $driver_name || rmmod $driver_name | ||
} | ||
|
||
ne_driver_is_not_loaded() { | ||
driver_is_not_loaded nitro_enclaves | ||
} | ||
|
||
# Remove the Nitro Enclaves driver | ||
ne_driver_remove() { | ||
ne_driver_is_not_loaded || rmmod nitro_enclaves | ||
} | ||
|
||
# Configure and insert the Nitro Enclaves driver | ||
ne_driver_configure() { | ||
if ne_driver_is_not_loaded; then | ||
# Preallocate 2046 Mb, that should be enough for all the tests. We explicitly | ||
# pick this value to have both 1 GB and 2 MB pages if the system allows it. | ||
source build/install/etc/profile.d/nitro-cli-env.sh | ||
./build/install/etc/profile.d/nitro-cli-config -m 2046 -t 2 | ||
fi | ||
} | ||
|
||
build_and_install() { | ||
# First run the instalation test, before we change the environement | ||
pytest-3 tests/integration/test_installation.py | ||
|
||
# Clean up build artifacts | ||
make clean | ||
|
||
# Setup the environment with everything needed to run the integration tests | ||
make command-executer | ||
make nitro-tests | ||
make nitro_enclaves | ||
make nitro-cli | ||
make vsock-proxy | ||
make install | ||
} | ||
|
||
prepare_env() { | ||
# Ensure the Nitro Enclaves driver is inserted | ||
ne_driver_configure | ||
|
||
# Load vsock_loopback module for connection_test test of vsock-proxy | ||
if driver_is_not_loaded vsock_loopback; then | ||
modprobe vsock_loopback || echo "Module vsock_loopback not available." | ||
fi | ||
|
||
# Create directories for enclave process sockets and logs | ||
mkdir -p /run/nitro_enclaves | ||
mkdir -p /var/log/nitro_enclaves | ||
} | ||
|
||
IMAGES_DIR="test_images" | ||
EXAMPLES_DIR="examples/$ARCH" | ||
HELLO_ENTRYPOINT_DIR="$EXAMPLES_DIR/hello-entrypoint" | ||
HELLO_ENTRYPOINT_URI="hello-entrypoint-usage" | ||
|
||
# Build EIFS for testing | ||
enclaves_images_build() { | ||
mkdir -p "$IMAGES_DIR" | ||
|
||
# (1) Simple EIF | ||
nitro-cli build-enclave \ | ||
--docker-uri public.ecr.aws/aws-nitro-enclaves/hello:v1 \ | ||
--output-file "$IMAGES_DIR"/hello.eif | ||
|
||
# Generate signing certificate | ||
openssl ecparam -name secp384r1 -genkey -out "$IMAGES_DIR"/key.pem | ||
openssl req -new -key "$IMAGES_DIR"/key.pem -sha384 -nodes \ | ||
-subj "/CN=AWS/C=US/ST=WA/L=Seattle/O=Amazon/OU=AWS" -out "$IMAGES_DIR"/csr.pem | ||
openssl x509 -req -days 20 -in "$IMAGES_DIR"/csr.pem -out "$IMAGES_DIR"/cert.pem \ | ||
-sha384 -signkey "$IMAGES_DIR"/key.pem | ||
|
||
# (2) Signed EIF | ||
nitro-cli build-enclave \ | ||
--docker-uri public.ecr.aws/aws-nitro-enclaves/hello:v1 \ | ||
--output-file "$IMAGES_DIR"/hello-signed.eif \ | ||
--private-key "$IMAGES_DIR"/key.pem \ | ||
--signing-certificate "$IMAGES_DIR"/cert.pem | ||
|
||
# (3) Build enclave image using Docker ENTRYPOINT instruction | ||
mkdir -p "$HELLO_ENTRYPOINT_DIR" | ||
cp -r "$EXAMPLES_DIR"/hello/* "$HELLO_ENTRYPOINT_DIR" | ||
|
||
sed -i 's/CMD/ENTRYPOINT/g' "$HELLO_ENTRYPOINT_DIR/Dockerfile" | ||
|
||
nitro-cli build-enclave \ | ||
--docker-dir "$HELLO_ENTRYPOINT_DIR" \ | ||
--docker-uri $HELLO_ENTRYPOINT_URI \ | ||
--output-file "$IMAGES_DIR"/$HELLO_ENTRYPOINT_URI.eif | ||
} | ||
|
||
enclaves_images_clean() { | ||
rm -rf "$IMAGES_DIR" | ||
|
||
# Cleanup pulled images during testing | ||
docker rmi public.ecr.aws/aws-nitro-enclaves/hello:v1 2> /dev/null || true | ||
docker rmi hello-world:latest 2> /dev/null || true | ||
|
||
rm -rf "$HELLO_ENTRYPOINT_DIR" | ||
docker rmi $HELLO_ENTRYPOINT_URI:latest 2> /dev/null || true | ||
} | ||
|
||
run_integration_tests() { | ||
# Ensure the Nitro Enclaves driver is inserted for the remaining integration tests. | ||
ne_driver_configure | ||
|
||
# Run integration tests except the installation test | ||
pytest-3 tests/integration/ --ignore tests/integration/test_installation.py | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,137 +1,43 @@ | ||
#!/bin/bash -x | ||
# | ||
# Copyright 2020-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
# Copyright 2020-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
# Script used for running all the tests we have on a EC2 instance that has | ||
# --enclave-options set to true | ||
# | ||
TEST_SUITES_FAILED=0 | ||
TEST_SUITES_TOTAL=0 | ||
|
||
SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
export NITRO_CLI_BLOBS="${SCRIPTDIR}/blobs" | ||
export NITRO_CLI_ARTIFACTS="${SCRIPTDIR}/build" | ||
ARCH="$(uname -m)" | ||
|
||
AWS_ACCOUNT_ID=667861386598 | ||
source "$SCRIPTDIR/lib_tests.sh" | ||
|
||
# Indicate that the test suite has failed | ||
function register_test_fail() { | ||
TEST_SUITES_FAILED=$((TEST_SUITES_FAILED + 1)) | ||
} | ||
trap test_failed ERR | ||
|
||
# Clean up and exit with the current test suite's status | ||
function clean_up_and_exit() { | ||
[ "$(lsmod | grep -cw nitro_enclaves)" -eq 0 ] || rmmod nitro_enclaves || register_test_fail | ||
make clean | ||
rm -rf test_images | ||
# Build and install NE CLI | ||
build_and_install | ||
|
||
# Cleanup pulled images during testing | ||
docker rmi public.ecr.aws/aws-nitro-enclaves/hello:v1 2> /dev/null || true | ||
docker rmi hello-world:latest 2> /dev/null || true | ||
|
||
rm -rf examples/"${ARCH}"/hello-entrypoint | ||
docker rmi hello-entrypoint-usage:latest 2> /dev/null || true | ||
|
||
exit $TEST_SUITES_FAILED | ||
} | ||
|
||
# Force the test suite to end in failure | ||
function test_failed() { | ||
register_test_fail | ||
clean_up_and_exit | ||
} | ||
|
||
# Remove the Nitro Enclaves driver | ||
function remove_ne_driver() { | ||
[ "$(lsmod | grep -cw nitro_enclaves)" -eq 0 ] || rmmod nitro_enclaves || test_failed | ||
} | ||
|
||
# Configure and insert the Nitro Enclaves driver | ||
function configure_ne_driver() { | ||
if [ "$(lsmod | grep -cw nitro_enclaves)" -eq 0 ] | ||
then | ||
# Preallocate 2046 Mb, that should be enough for all the tests. We explicitly | ||
# pick this value to have both 1 GB and 2 MB pages if the system allows it. | ||
source build/install/etc/profile.d/nitro-cli-env.sh || test_failed | ||
./build/install/etc/profile.d/nitro-cli-config -m 2046 -t 2 || test_failed | ||
fi | ||
} | ||
|
||
# First run the instalation test, before we change the environement | ||
pytest-3 tests/integration/test_installation.py || test_failed | ||
|
||
# Clean up build artefacts | ||
make clean | ||
|
||
# Setup the environement with everything needed to run the integration tests | ||
make command-executer || test_failed | ||
make nitro-tests || test_failed | ||
make nitro_enclaves || test_failed | ||
make nitro-cli || test_failed | ||
make vsock-proxy || test_failed | ||
make install || test_failed | ||
|
||
# Ensure the Nitro Enclaves driver is inserted at the beginning. | ||
configure_ne_driver | ||
|
||
# Create directories for enclave process sockets and logs | ||
mkdir -p /run/nitro_enclaves || test_failed | ||
mkdir -p /var/log/nitro_enclaves || test_failed | ||
# Prepare environment | ||
prepare_env | ||
|
||
# Build EIFS for testing | ||
mkdir -p test_images || test_failed | ||
export HOME="/root" | ||
|
||
# Simple EIF | ||
nitro-cli build-enclave --docker-uri public.ecr.aws/aws-nitro-enclaves/hello:v1 \ | ||
--output-file test_images/hello.eif || test_failed | ||
|
||
# Generate signing certificate | ||
openssl ecparam -name secp384r1 -genkey -out test_images/key.pem || test_failed | ||
openssl req -new -key test_images/key.pem -sha384 -nodes \ | ||
-subj "/CN=AWS/C=US/ST=WA/L=Seattle/O=Amazon/OU=AWS" -out test_images/csr.pem || test_failed | ||
openssl x509 -req -days 20 -in test_images/csr.pem -out test_images/cert.pem \ | ||
-sha384 -signkey test_images/key.pem || test_failed | ||
# Signed EIF | ||
nitro-cli build-enclave --docker-uri public.ecr.aws/aws-nitro-enclaves/hello:v1 \ | ||
--output-file test_images/hello-signed.eif \ | ||
--private-key test_images/key.pem --signing-certificate test_images/cert.pem || test_failed | ||
|
||
|
||
# Build enclave image using Docker ENTRYPOINT instruction | ||
mkdir -p examples/"${ARCH}"/hello-entrypoint || test_failed | ||
cp -r examples/"${ARCH}"/hello/* examples/"${ARCH}"/hello-entrypoint || test_failed | ||
|
||
sed -i 's/CMD/ENTRYPOINT/g' examples/"${ARCH}"/hello-entrypoint/Dockerfile || test_failed | ||
|
||
nitro-cli build-enclave --docker-dir examples/"${ARCH}"/hello-entrypoint --docker-uri hello-entrypoint-usage \ | ||
--output-file test_images/hello-entrypoint-usage.eif || test_failed | ||
|
||
# Load vsock_loopback module for connection_test test of vsock-proxy | ||
if [ "$(lsmod | grep -cw vsock_loopback)" -eq 0 ]; then | ||
modprobe vsock_loopback || echo "Module vsock_loopback not available." | ||
fi | ||
enclaves_images_build | ||
|
||
# Run all unit tests | ||
while IFS= read -r test_line | ||
do | ||
TEST_SUITES_TOTAL=$((TEST_SUITES_TOTAL + 1)) | ||
test_module="$(echo ${test_line} | cut -d' ' -f2)" | ||
test_exec_name="$(basename $(echo ${test_line} | cut -d' ' -f1))" | ||
while IFS= read -r test_line; do | ||
test_start | ||
test_module="$(echo $test_line | cut -d' ' -f2)" | ||
test_exec_name="$(basename $(echo $test_line | cut -d' ' -f1))" | ||
|
||
configure_ne_driver | ||
ne_driver_configure | ||
|
||
timeout 7m \ | ||
./build/nitro_cli/"${ARCH}"-unknown-linux-musl/release/deps/"${test_exec_name}" \ | ||
--test-threads=1 --nocapture || test_failed | ||
./build/nitro_cli/$ARCH-unknown-linux-musl/release/deps/$test_exec_name \ | ||
--test-threads=1 --nocapture | ||
done < <(grep -v '^ *#' < build/test_executables.txt) | ||
|
||
# Ensure the Nitro Enclaves driver is inserted for the remaining integration tests. | ||
configure_ne_driver | ||
|
||
# Run integration tests except the instalation test | ||
pytest-3 tests/integration/ --ignore tests/integration/test_installation.py || test_failed | ||
# Run integration tests | ||
run_integration_tests | ||
|
||
# Clean-up | ||
clean_up_and_exit | ||
|