Add vTPM test

[shjala]

1. TestVtpmIsRunningOnEVE checks if the vTPM process is running on the EVE node, it does this by checking if the vTPM control socket is open and the vTPM process is listening on it.
2. TestVtpmIsStatePreservation checks if the vTPM state is preserved after a reboot, it does this by creating a key in the vTPM (through a VM running on EVE) and then rebooting the EVE node, after the reboot it checks if the key is still present in the vTPM, by getting the list of vTPM persistent keys (through the the VM running on EVE).
3. TestAzureIotTPMEndrolmentWithVTPM tests the end-to-end scenario of enrolling a TPM device in Azure IoT Hub, this test will create a TPM enrollment in Azure IoT Hub, configure the Azure IoT Edge in a VM running on EVE, and check if the services are running.

This tests lf-edge/eve#4071

• Wait for next release with Qemu : add patch to fix bios linker loader assert eve#4204
• Open a PR to set eve tag to the latest
• Rebase against latest master
• Reduce the test verbosity before merging

/cc @eriknordmark

[shjala]

I'll fix the yetus errors and squash at the end.

[shjala]

should go after #1012 and #1013

[shjala]

Running it locally with secrets available works fine and test pass, and when I run it using ./eden test tests/workflow/ -s smoke.tests.txt it fails as expected, complaining about the environment variables not being set :

--- FAIL: TestEdenScripts (0.00s)
    --- FAIL: TestEdenScripts/tpm_eden (88.65s)
        testscript.go:418:
            > test eden.aziot.test
            testProg: /home/shah/shah-dev/eden/dist/bin/eden.aziot.test
            [stdout]
            configName:  default
            configFile:  /home/shah/.eden/contexts/default.yml
            time="2024-08-16T15:34:01+03:00" level=info msg="TestAzureIotTPMEndrolment with EVE-Tools and Proxy TPM started"
            configName:  default
            configFile:  /home/shah/.eden/contexts/default.yml
            time="2024-08-16T15:34:01+03:00" level=debug msg="Will use config from /home/shah/.eden/contexts/default.yml"
            time="2024-08-16T15:34:01+03:00" level=debug msg="Try to add config from $WORK/eden-config.yml"
            configName:  default
            configFile:  /home/shah/.eden/contexts/default.yml
            time="2024-08-16T15:34:01+03:00" level=debug msg="Will use config from /home/shah/.eden/contexts/default.yml"
            time="2024-08-16T15:34:01+03:00" level=debug msg="Try to add config from $WORK/eden-config.yml"
            time="2024-08-16T15:34:01+03:00" level=debug msg="Will use config from /home/shah/.eden/contexts/default.yml"
            time="2024-08-16T15:34:01+03:00" level=debug msg="Try to add config from $WORK/eden-config.yml"
            time="2024-08-16T15:34:01+03:00" level=debug msg="new datastore created 1d1bff96-a0b6-4e22-bd37-708b1a703e43"
            time="2024-08-16T15:34:01+03:00" level=info msg="Starting download of image from https://cloud-images.ubuntu.com/releases/20.04/release/ubuntu-20.04-server-cloudimg-amd64.img"
            time="2024-08-16T15:34:01+03:00" level=info msg="Start download into eserver of ubuntu-20.04-server-cloudimg-amd64.img"
            time="2024-08-16T15:34:01+03:00" level=info msg="Downloading... Ready 0 B"
            time="2024-08-16T15:34:06+03:00" level=info msg="Downloading... Ready 214 MB"
            time="2024-08-16T15:34:11+03:00" level=info msg="Downloading... Ready 465 MB"
            time="2024-08-16T15:34:16+03:00" level=info msg="Image downloaded with size 627 MB and sha256 256c73e2d77808f834c66a5c40f4e97f91a70a6e6ce7424bc91b54b36aceadec"
            time="2024-08-16T15:34:16+03:00" level=debug msg="new image created bf00e810-311c-46cb-a971-14c8bee3fc85"
            config changed, to see config run 'eden controller edge-node get-config'
            time="2024-08-16T15:34:16+03:00" level=debug msg="VersionIncrement 5->6"
            time="2024-08-16T15:34:17+03:00" level=debug msg="config updated /home/shah/.eden/devUUID-8fd9ee4f-a9d1-465f-aa22-7f72d234963e.json"
            time="2024-08-16T15:34:17+03:00" level=debug msg="state updated /home/shah/.eden/state-33c919bb-af75-477f-afbc-8f10eadbfca1.yml"
            time="2024-08-16T15:34:17+03:00" level=info msg="deploy pod aziot-quizzical_curie with https://cloud-images.ubuntu.com/releases/20.04/release/ubuntu-20.04-server-cloudimg-amd64.img request sent"
            time="2024-08-16T15:34:47+03:00" level=debug msg="will use remote adam loader"
            time="2024-08-16T15:34:47+03:00" level=debug msg="NewRedisLoader init"
            time="2024-08-16T15:34:47+03:00" level=debug msg="XRead from INFO_EVE_8fd9ee4f-a9d1-465f-aa22-7f72d234963e"
            time="2024-08-16T15:34:47+03:00" level=debug msg="will use remote adam loader"
            time="2024-08-16T15:34:47+03:00" level=debug msg="NewRedisLoader init"
            time="2024-08-16T15:34:47+03:00" level=debug msg="XRead from METRICS_EVE_8fd9ee4f-a9d1-465f-aa22-7f72d234963e"
            time="2024-08-16T15:35:27+03:00" level=info msg="TestAzureIotTPMEndrolment finished"
            --- FAIL: TestAzureIotTPMEndrolmentWithEveTools (86.45s)
                aziot_test.go:90: AZIOT_CONNECTION_STRING environment variable is not set
            FAIL
            config changed, to see config run 'eden controller edge-node get-config'
            time="2024-08-16T15:35:27+03:00" level=debug msg="VersionIncrement 6->7"
            time="2024-08-16T15:35:28+03:00" level=debug msg="config updated /home/shah/.eden/devUUID-8fd9ee4f-a9d1-465f-aa22-7f72d234963e.json"
            time="2024-08-16T15:35:28+03:00" level=debug msg="state updated /home/shah/.eden/state-33c919bb-af75-477f-afbc-8f10eadbfca1.yml"
            time="2024-08-16T15:35:28+03:00" level=info msg="app aziot-quizzical_curie stop done"
            config changed, to see config run 'eden controller edge-node get-config'
            time="2024-08-16T15:35:28+03:00" level=debug msg="VersionIncrement 7->8"
            time="2024-08-16T15:35:29+03:00" level=debug msg="config updated /home/shah/.eden/devUUID-8fd9ee4f-a9d1-465f-aa22-7f72d234963e.json"
            time="2024-08-16T15:35:29+03:00" level=debug msg="state updated /home/shah/.eden/state-33c919bb-af75-477f-afbc-8f10eadbfca1.yml"
            time="2024-08-16T15:35:29+03:00" level=info msg="app aziot-quizzical_curie delete done"
            time="2024-08-16T15:35:29+03:00" level=info msg="Azure IOT Hub Test finished"

but here it time out because the app is not available ?!

[shjala]

this is rebased against master and #1016 , clean it up after #1017 is merged.

[uncleDecart]

@shjala can you rebase on master since I just merged #1019, let's see if the test works

[uncleDecart]

Also there is this PR #1008 which bumps EVE version to 13.0.0, can we bump EVE version to 13.0.0 in your PR as well?

[uncleDecart]

Do I get it right, that the scripts we have are the ones running inside VMs?

[uncleDecart]

why do we need toolchain?

[uncleDecart]

Ahhhh, I was to late to comment on toolchain :DD

[uncleDecart]

Yetus complaint to rename variable :)

[uncleDecart]

wasn't there a way to read app status directly from controller?

[shjala]

yes, but in the first few seconds it return "app not found", even though it is deployed.

[shjala]

see a few lines down :

err = eveNode.AppWaitForRunningState(appName, 60*5)
	if err != nil {
		t.Fatalf("Failed to wait for app to start: %v", err)
	}

[uncleDecart]

huh, so that's a bug and a behaviour we don't want in Eden, I'll create a ticket for it then. Because it shouldn't be like that, right? :D

[shjala]

I think so, let me check again and make sure it is happening consistently or no.

[uncleDecart]

Minor yetus changes

[shjala]

will fix all/squash after the review is completed.

[shjala]

Do I get it right, that the scripts we have are the ones running inside VMs?

yes, the scripts are copied to vm to set up the azure-iot-edge and run the services, then I check if everything is running without error.

[uncleDecart]

side note: I'd abstract path to a file into a reader for AppSSHExec function, it'll be more flexible to call and if you want to run some local examples (unit tests for a function) you can create readers in code :)

Edit: I meant AppSCPCopy, SSHExec runs command AFAIK

[shjala]

you mean change AppSCPCopy to something like AppSCPCopy(strAppname, ioReader, strRemoteFile) ?
but the internal scp call needs a path.

[shjala]

@yash-zededa the variables are still not accessible in the test, your help is much appreciated.

time="2024-09-16T13:06:44Z" level=fatal msg="AZIOT_CONNECTION_STRING environment variable is not set"

[yash-zededa]

@yash-zededa the variables are still not accessible in the test, your help is much appreciated.

time="2024-09-16T13:06:44Z" level=fatal msg="AZIOT_CONNECTION_STRING environment variable is not set"

PR's won't have access to secrets. Unless WF uses pull_request_target

[shjala]

@yash-zededa the variables are still not accessible in the test, your help is much appreciated.

time="2024-09-16T13:06:44Z" level=fatal msg="AZIOT_CONNECTION_STRING environment variable is not set"

PR's won't have access to secrets. Unless WF uses pull_request_target

You mean there is no way to test this is working without merging?

[yash-zededa]

@yash-zededa the variables are still not accessible in the test, your help is much appreciated.

time="2024-09-16T13:06:44Z" level=fatal msg="AZIOT_CONNECTION_STRING environment variable is not set"

PR's won't have access to secrets. Unless WF uses pull_request_target

You mean there is no way to test this is working without merging?

Unfortunately, yes, this behavior is intentional from GitHub. If you want to test pull requests with logins, the workflow needs to be updated to trigger using pull_request_target, which will give the actions access to secrets for testing.

However, this approach allows anyone to modify the workflow and potentially access the secrets, so it's safer to prevent pull requests from triggering if there are any changes to the workflow.