e2e: add test for unencrypted userdata with ignition

kubernetes-sigs · Feb 9, 2024 · 829f2fa · 829f2fa
1 parent 6f56ed2
commit 829f2fa
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 0 deletions.
diff --git a/test/e2e/suites/unmanaged/helpers_test.go b/test/e2e/suites/unmanaged/helpers_test.go
@@ -21,6 +21,7 @@ package unmanaged
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 	"io"
 	"net/http"
@@ -629,6 +630,22 @@ func assertInstanceMetadataOptions(instanceID string, expected infrav1.InstanceM
 	Expect(metadataOptions.HttpPutResponseHopLimit).To(HaveValue(Equal(expected.HTTPPutResponseHopLimit)))
 }
 
+func assertUnencryptedUserDataIgnition(instanceID string, expected string) {
+	ginkgo.By(fmt.Sprintf("Finding EC2 instance with ID: %s", instanceID))
+	ec2Client := ec2.New(e2eCtx.AWSSession)
+	input := &ec2.DescribeInstanceAttributeInput{
+		Attribute:  aws.String(ec2.InstanceAttributeNameUserData),
+		InstanceId: aws.String(instanceID[strings.LastIndex(instanceID, "/")+1:]),
+	}
+
+	result, err := ec2Client.DescribeInstanceAttribute(input)
+	Expect(err).ToNot(HaveOccurred(), "expected DescribeInstanceAttribute call to succeed")
+
+	userData, err := base64.StdEncoding.DecodeString(*result.UserData.Value)
+	Expect(err).ToNot(HaveOccurred(), "expected ec2 instance user data to be base64 decodable")
+	Expect(string(userData)).To(HaveValue(MatchJSON(expected)), "expected userdata to match")
+}
+
 func terminateInstance(instanceID string) {
 	ginkgo.By(fmt.Sprintf("Terminating EC2 instance with ID: %s", instanceID))
 	ec2Client := ec2.New(e2eCtx.AWSSession)
@@ -868,3 +885,22 @@ func createPodWithEFSMount(clusterClient crclient.Client) {
 	}
 	Expect(clusterClient.Create(context.TODO(), pod)).NotTo(HaveOccurred())
 }
+
+func getRawBootstrapDataWithFormat(c crclient.Client, m clusterv1.Machine) ([]byte, string, error) {
+	if m.Spec.Bootstrap.DataSecretName == nil {
+		return nil, "", fmt.Errorf("error retrieving bootstrap data: linked Machine's bootstrap.dataSecretName is nil")
+	}
+
+	secret := &corev1.Secret{}
+	key := apimachinerytypes.NamespacedName{Namespace: m.Namespace, Name: *m.Spec.Bootstrap.DataSecretName}
+	if err := c.Get(context.TODO(), key, secret); err != nil {
+		return nil, "", fmt.Errorf("failed to retrieve bootstrap data secret for AWSMachine %s/%s: %v", m.Namespace, m.Name, err)
+	}
+
+	value, ok := secret.Data["value"]
+	if !ok {
+		return nil, "", fmt.Errorf("error retrieving bootstrap data: secret value key is missing")
+	}
+
+	return value, string(secret.Data["format"]), nil
+}
diff --git a/test/e2e/suites/unmanaged/unmanaged_functional_test.go b/test/e2e/suites/unmanaged/unmanaged_functional_test.go
@@ -1070,6 +1070,46 @@ var _ = ginkgo.Context("[unmanaged] [functional]", func() {
 			awsCluster, err := GetAWSClusterByName(ctx, namespace.Name, clusterName)
 			Expect(err).To(BeNil())
 
+			ginkgo.By("Creating a MachineDeployment bootstrapped via Ignition with StorageType UnencryptedUserData")
+			unencryptedMDName := clusterName + "-md-unencrypted-userdata"
+			unencryptedUDMachineTemplate := makeAWSMachineTemplate(namespace.Name, unencryptedMDName, e2eCtx.E2EConfig.GetVariable(shared.AwsNodeMachineType), nil)
+			unencryptedUDMachineTemplate.Spec.Template.Spec.ImageLookupBaseOS = "flatcar-stable"
+			unencryptedUDMachineTemplate.Spec.Template.Spec.Ignition = &infrav1.Ignition{
+				StorageType: infrav1.IgnitionStorageTypeOptionUnencryptedUserData,
+			}
+
+			unencryptedUDMachineDeployment := makeMachineDeployment(namespace.Name, unencryptedMDName, clusterName, nil, int32(1))
+			// Use the same bootstrap configuration from one of the existing worker machines,
+			// as that already contains an ignition bootstrap configuration.
+			unencryptedUDMachineDeployment.Spec.Template.Spec.Bootstrap.ConfigRef = md[0].Spec.Template.Spec.Bootstrap.ConfigRef
+
+			framework.CreateMachineDeployment(ctx, framework.CreateMachineDeploymentInput{
+				Creator:                 e2eCtx.Environment.BootstrapClusterProxy.GetClient(),
+				MachineDeployment:       unencryptedUDMachineDeployment,
+				BootstrapConfigTemplate: makeJoinBootstrapConfigTemplate(namespace.Name, unencryptedMDName),
+				InfraMachineTemplate:    unencryptedUDMachineTemplate,
+			})
+
+			framework.WaitForMachineDeploymentNodesToExist(ctx, framework.WaitForMachineDeploymentNodesToExistInput{
+				Lister:            e2eCtx.Environment.BootstrapClusterProxy.GetClient(),
+				Cluster:           result.Cluster,
+				MachineDeployment: unencryptedUDMachineDeployment,
+			}, e2eCtx.E2EConfig.GetIntervals("", "wait-worker-nodes")...)
+
+			unencryptedUDWorkerMachines := framework.GetMachinesByMachineDeployments(ctx, framework.GetMachinesByMachineDeploymentsInput{
+				Lister:            e2eCtx.Environment.BootstrapClusterProxy.GetClient(),
+				ClusterName:       clusterName,
+				Namespace:         namespace.Name,
+				MachineDeployment: *unencryptedUDMachineDeployment,
+			})
+			Expect(len(unencryptedUDWorkerMachines)).To(Equal(1))
+			// There is only one machine.
+			m := unencryptedUDWorkerMachines[0]
+			machineUserData, userDataFormat, err := getRawBootstrapDataWithFormat(e2eCtx.Environment.BootstrapClusterProxy.GetClient(), m)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(userDataFormat).To(Equal("ignition"))
+			assertUnencryptedUserDataIgnition(*m.Spec.ProviderID, string(machineUserData))
+
 			ginkgo.By("Validating the s3 endpoint was created")
 			vpc, err := shared.GetVPCByName(e2eCtx, clusterName+"-vpc")
 			Expect(err).NotTo(HaveOccurred())