Uploaded image for project: 'Zero Trust Workload Identity Manager'
  1. Zero Trust Workload Identity Manager
  2. SPIRE-457

[ZTWIM] Add E2E tests for SpireAgent attestation (node + workload attestation)

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False
    • Green
    • 3
    • OAPE Sprint 285
    • 1
    • QE Confirmed

      Background : The ZTWIM operator deploys SpireServer, SpireAgent, SpiffeCSIDriver, and SpireOIDCDiscoveryProvider. The Installation phase only checks that the SpireAgent DaemonSet is Available.

      It does not verify that:

      1. Agents attest to the SPIRE Server (node attestation via K8s PSAT)
      2. Workloads receive SVIDs (workload attestation)

      Gap
      No E2E tests validate that attestation configuration leads to successful node and workload attestation in-cluster.

       

      Add E2E tests that verify:

      1. Node attestation – SPIRE Agents attest to the server with k8s_psat (e.g. via spire-server agent list).
      2. Workload attestation – A test pod with CSI volume and spiffe-helper receives an SVID and has svid.pem, svid_key.pem, and bundle.pem in /certs/.

       

              rh-ee-sayadas SAYAK DAS
              rh-ee-sayadas SAYAK DAS
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: