From 4cbb5cf26c1c0fcb5b6f95c452a679484e3e2ebd Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Thu, 25 Jul 2024 16:55:31 +0100 Subject: [PATCH 1/3] tests/e2e: Various authentication related refactors - Add new expectedPodDescribe check for general purpose pod describe message checking - Remove `GetAuthenticatedImageStatus` - Use the pod describe message as a better way to check for general errors, rather than bespoke auth image approach - Remove InvalidCredentials test as it's currently just using invalid credentials on the host side, not for the guest pull, so isn't useful and this feature is tested in kata-containers for bare-metal - Refactor auth.json file and auth-json-secret creation to be common and sharable by all cloud providers Signed-off-by: stevenhorsman --- .../test/e2e/assessment_helpers.go | 42 ---------------- .../test/e2e/assessment_runner.go | 48 +++++++++++-------- .../test/e2e/common_suite.go | 43 +++-------------- .../test/e2e/ibmcloud_test.go | 15 +----- .../ibmcloud/provision_kustomize.go | 46 ++---------------- .../test/provisioner/kustomize.go | 22 +++++++++ .../provisioner/libvirt/provision_common.go | 18 +------ 7 files changed, 65 insertions(+), 169 deletions(-) diff --git a/src/cloud-api-adaptor/test/e2e/assessment_helpers.go b/src/cloud-api-adaptor/test/e2e/assessment_helpers.go index 7687fa221..84334f88b 100644 --- a/src/cloud-api-adaptor/test/e2e/assessment_helpers.go +++ b/src/cloud-api-adaptor/test/e2e/assessment_helpers.go @@ -59,7 +59,6 @@ func NewTestCase(t *testing.T, e env.Environment, testName string, assert CloudA assessMessage: assessMessage, podState: v1.PodRunning, imagePullTimer: false, - isAuth: false, deletionWithin: assert.DefaultTimeout(), } @@ -300,47 +299,6 @@ func GetSuccessfulAndErroredPods(ctx context.Context, t *testing.T, client klien return successPod, errorPod, podLogString, nil } -func GetAuthenticatedImageStatus(ctx context.Context, client klient.Client, expectedStatus string, authpod v1.Pod) error { - clientset, err := kubernetes.NewForConfig(client.RESTConfig()) - if err != nil { - return err - } - watcher, err := clientset.CoreV1().Events(authpod.ObjectMeta.Namespace).Watch(ctx, metav1.ListOptions{}) - if err != nil { - return err - } - defer watcher.Stop() - for event := range watcher.ResultChan() { - if event.Object.(*v1.Event).InvolvedObject.Name == authpod.ObjectMeta.Name { - if event.Object.(*v1.Event).Type == "Normal" && event.Object.(*v1.Event).Reason == "Started" { - return nil - } - if event.Object.(*v1.Event).Type == "Warning" && (strings.Contains(event.Object.(*v1.Event).Message, "failed to authorize") || strings.Contains(event.Object.(*v1.Event).Message, "illegal base64 data at input byte") || strings.Contains(event.Object.(*v1.Event).Message, "401 UNAUTHORIZED")) { - if expectedStatus == "Completed" { - return errors.New("Invalid Credentials: " + event.Object.(*v1.Event).Message) - } else { - return nil - } - } - - if event.Object.(*v1.Event).Type == "Warning" && strings.Contains(event.Object.(*v1.Event).Message, "not found") { - return errors.New("Invalid Image Name: " + event.Object.(*v1.Event).Message) - } - - if event.Object.(*v1.Event).Type == "Warning" && strings.Contains(event.Object.(*v1.Event).Message, "failed to pull manifest Not authorized") { - if expectedStatus == "Completed" { - return errors.New("Invalid auth-json-secret: " + event.Object.(*v1.Event).Message) - } else { - return nil - } - } - - } - } - - return errors.New("PodVM Start Error") -} - // SkipTestOnCI skips the test if running on CI func SkipTestOnCI(t *testing.T) { ci := os.Getenv("CI") diff --git a/src/cloud-api-adaptor/test/e2e/assessment_runner.go b/src/cloud-api-adaptor/test/e2e/assessment_runner.go index df6861f44..a1d28322b 100644 --- a/src/cloud-api-adaptor/test/e2e/assessment_runner.go +++ b/src/cloud-api-adaptor/test/e2e/assessment_runner.go @@ -44,7 +44,6 @@ type ExtraPod struct { pod *v1.Pod imagePullTimer bool expectedPodLogString string - isAuth bool testInstanceTypes InstanceValidatorFunctions podState v1.PodPhase testCommands []TestCommand @@ -71,10 +70,10 @@ type TestCase struct { service *v1.Service testCommands []TestCommand expectedPodLogString string + expectedPodDescribe string podState v1.PodPhase imagePullTimer bool - isAuth bool - AuthImageStatus string + noAuthJson bool deletionWithin time.Duration testInstanceTypes InstanceValidatorFunctions isNydusSnapshotter bool @@ -146,6 +145,11 @@ func (tc *TestCase) WithExpectedPodLogString(expectedPodLogString string) *TestC return tc } +func (tc *TestCase) WithExpectedPodDescribe(expectedPodDescribe string) *TestCase { + tc.expectedPodDescribe = expectedPodDescribe + return tc +} + func (tc *TestCase) WithCustomPodState(customPodState v1.PodPhase) *TestCase { tc.podState = customPodState return tc @@ -156,13 +160,8 @@ func (tc *TestCase) WithPodWatcher() *TestCase { return tc } -func (tc *TestCase) WithAuthenticatedImage() *TestCase { - tc.isAuth = true - return tc -} - -func (tc *TestCase) WithAuthImageStatus(status string) *TestCase { - tc.AuthImageStatus = status +func (tc *TestCase) WithNoAuthJson() *TestCase { + tc.noAuthJson = true return tc } @@ -236,7 +235,7 @@ func (tc *TestCase) Run() { } } - if tc.AuthImageStatus == "WithoutCredentials" { + if tc.noAuthJson { clientSet, err := kubernetes.NewForConfig(client.RESTConfig()) if err != nil { t.Fatal(err) @@ -367,12 +366,27 @@ func (tc *TestCase) Run() { t.Logf("Log output of peer pod:%s", LogString) } - if tc.isAuth { - if err := GetAuthenticatedImageStatus(ctx, client, tc.AuthImageStatus, *tc.pod); err != nil { + if tc.expectedPodDescribe != "" { + if err := client.Resources(tc.pod.Namespace).List(ctx, &podlist); err != nil { t.Fatal(err) } - - t.Logf("PodVM has successfully reached %v state with authenticated Image - %v", tc.AuthImageStatus, os.Getenv("AUTHENTICATED_REGISTRY_IMAGE")) + for _, podItem := range podlist.Items { + if podItem.ObjectMeta.Name == tc.pod.Name { + podEvent, err := PodEventExtractor(ctx, client, *tc.pod) + if err != nil { + t.Fatal(err) + } + t.Logf("podEvent: %+v\n", podEvent) + if strings.Contains(podEvent.EventDescription, tc.expectedPodDescribe) { + t.Logf("Output Log from Pod: %s", podEvent) + } else { + t.Errorf("Job Created pod with Invalid log") + } + break + } else { + t.Fatal("Pod Not Found...") + } + } } if tc.testInstanceTypes.testSuccessfn != nil && tc.testInstanceTypes.testFailurefn != nil { @@ -508,10 +522,6 @@ func (tc *TestCase) Run() { } t.Logf("Log output of peer pod:%s", LogString) } - if extraPod.isAuth { - // TBD - t.Fatal("Error: isAuth hasn't been implemented in extraPods. Please implement assess function for isAuth") - } if extraPod.testInstanceTypes.testSuccessfn != nil && extraPod.testInstanceTypes.testFailurefn != nil { // TBD t.Fatal("Error: testInstanceTypes hasn't been implemented in extraPods. Please implement assess for function testInstanceTypes.") diff --git a/src/cloud-api-adaptor/test/e2e/common_suite.go b/src/cloud-api-adaptor/test/e2e/common_suite.go index e55a863ac..c575c8103 100644 --- a/src/cloud-api-adaptor/test/e2e/common_suite.go +++ b/src/cloud-api-adaptor/test/e2e/common_suite.go @@ -5,7 +5,6 @@ package e2e import ( "bytes" - "encoding/json" "fmt" "math/rand" "os" @@ -241,52 +240,22 @@ func DoTestCreatePeerPodWithPVCAndCSIWrapper(t *testing.T, e env.Environment, as NewTestCase(t, e, "PeerPodWithPVCAndCSIWrapper", assert, "PVC is created and mounted as expected").WithPod(pod).WithPVC(myPVC).WithTestCommands(testCommands).Run() } -func DoTestCreatePeerPodWithAuthenticatedImagewithValidCredentials(t *testing.T, e env.Environment, assert CloudAssert) { +func DoTestCreatePeerPodWithAuthenticatedImageWithValidCredentials(t *testing.T, e env.Environment, assert CloudAssert) { randseed := rand.New(rand.NewSource(time.Now().UnixNano())) - podName := "authenticated-image-valid-" + strconv.Itoa(int(randseed.Uint32())) + "-pod" - expectedAuthStatus := "Completed" + podName := "authenticated-image-with-creds-" + strconv.Itoa(int(randseed.Uint32())) + "-pod" imageName := os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") pod := NewPod(E2eNamespace, podName, podName, imageName, WithRestartPolicy(v1.RestartPolicyNever)) - NewTestCase(t, e, "ValidAuthImagePeerPod", assert, "Peer pod with Authenticated Image with Valid Credentials(Default service account) has been created").WithPod(pod).WithAuthenticatedImage().WithAuthImageStatus(expectedAuthStatus).WithCustomPodState(v1.PodPending).Run() -} - -func DoTestCreatePeerPodWithAuthenticatedImageWithInvalidCredentials(t *testing.T, e env.Environment, assert CloudAssert) { - registryName := "quay.io" - if os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") != "" { - registryName = strings.Split(os.Getenv("AUTHENTICATED_REGISTRY_IMAGE"), "/")[0] - } - randseed := rand.New(rand.NewSource(time.Now().UnixNano())) - podName := "authenticated-image-invalid-" + strconv.Itoa(int(randseed.Uint32())) + "-pod" - secretName := "auth-json-secret-invalid" - data := map[string]interface{}{ - "auths": map[string]interface{}{ - registryName: map[string]interface{}{ - "auth": "aW52YWxpZHVzZXJuYW1lOmludmFsaWRwYXNzd29yZAo=", - }, - }, - } - jsondata, err := json.MarshalIndent(data, "", " ") - if err != nil { - t.Fatal(err) - } - if err != nil { - t.Fatal(err) - } - expectedAuthStatus := "ImagePullBackOff" - secretData := map[string][]byte{v1.DockerConfigJsonKey: jsondata} - secret := NewSecret(E2eNamespace, secretName, secretData, v1.SecretTypeDockerConfigJson) - imageName := os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") - pod := NewPod(E2eNamespace, podName, podName, imageName, WithRestartPolicy(v1.RestartPolicyNever), WithImagePullSecrets(secretName)) - NewTestCase(t, e, "InvalidAuthImagePeerPod", assert, "Peer pod with Authenticated Image with Invalid Credentials has been created").WithSecret(secret).WithPod(pod).WithAuthenticatedImage().WithAuthImageStatus(expectedAuthStatus).WithCustomPodState(v1.PodPending).Run() + NewTestCase(t, e, "ValidAuthImagePeerPod", assert, "Peer pod with Authenticated Image with Valid Credentials(Default service account) has been created").WithPod(pod).WithCustomPodState(v1.PodRunning).Run() } +// Check that without creds the image can't be pulled to ensure we don't have a false positive in our auth test func DoTestCreatePeerPodWithAuthenticatedImageWithoutCredentials(t *testing.T, e env.Environment, assert CloudAssert) { randseed := rand.New(rand.NewSource(time.Now().UnixNano())) podName := "authenticated-image-without-creds-" + strconv.Itoa(int(randseed.Uint32())) + "-pod" - expectedAuthStatus := "WithoutCredentials" imageName := os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") pod := NewPod(E2eNamespace, podName, podName, imageName, WithRestartPolicy(v1.RestartPolicyNever)) - NewTestCase(t, e, "InvalidAuthImagePeerPod", assert, "Peer pod with Authenticated Image without Credentials has been created").WithPod(pod).WithAuthenticatedImage().WithAuthImageStatus(expectedAuthStatus).WithCustomPodState(v1.PodPending).Run() + expectedErrorString := "401 UNAUTHORIZED" + NewTestCase(t, e, "InvalidAuthImagePeerPod", assert, "Peer pod with Authenticated Image without Credentials has been created").WithPod(pod).WithNoAuthJson().WithExpectedPodDescribe(expectedErrorString).WithCustomPodState(v1.PodPending).Run() } func DoTestPodVMwithNoAnnotations(t *testing.T, e env.Environment, assert CloudAssert, expectedType string) { diff --git a/src/cloud-api-adaptor/test/e2e/ibmcloud_test.go b/src/cloud-api-adaptor/test/e2e/ibmcloud_test.go index 3d71fecbd..2b450dfa5 100644 --- a/src/cloud-api-adaptor/test/e2e/ibmcloud_test.go +++ b/src/cloud-api-adaptor/test/e2e/ibmcloud_test.go @@ -143,23 +143,12 @@ func TestCreatePeerPodWithPVC(t *testing.T) { } } -func TestCreatePeerPodWithAuthenticatedImagewithValidCredentials(t *testing.T) { +func TestCreatePeerPodWithAuthenticatedImageWithValidCredentials(t *testing.T) { assert := IBMCloudAssert{ VPC: pv.IBMCloudProps.VPC, } if os.Getenv("REGISTRY_CREDENTIAL_ENCODED") != "" && os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") != "" { - DoTestCreatePeerPodWithAuthenticatedImagewithValidCredentials(t, testEnv, assert) - } else { - t.Skip("Registry Credentials not exported") - } -} - -func TestCreatePeerPodWithAuthenticatedImageWithInvalidCredentials(t *testing.T) { - assert := IBMCloudAssert{ - VPC: pv.IBMCloudProps.VPC, - } - if os.Getenv("REGISTRY_CREDENTIAL_ENCODED") != "" && os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") != "" { - DoTestCreatePeerPodWithAuthenticatedImageWithInvalidCredentials(t, testEnv, assert) + DoTestCreatePeerPodWithAuthenticatedImageWithValidCredentials(t, testEnv, assert) } else { t.Skip("Registry Credentials not exported") } diff --git a/src/cloud-api-adaptor/test/provisioner/ibmcloud/provision_kustomize.go b/src/cloud-api-adaptor/test/provisioner/ibmcloud/provision_kustomize.go index d7ae15359..126a76a36 100644 --- a/src/cloud-api-adaptor/test/provisioner/ibmcloud/provision_kustomize.go +++ b/src/cloud-api-adaptor/test/provisioner/ibmcloud/provision_kustomize.go @@ -8,14 +8,11 @@ import ( "encoding/json" "io" "net/http" - "os" "path/filepath" "strings" pv "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/test/provisioner" log "github.com/sirupsen/logrus" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" "sigs.k8s.io/e2e-framework/pkg/envconf" ) @@ -167,46 +164,11 @@ func (lio *IBMCloudInstallOverlay) Edit(ctx context.Context, cfg *envconf.Config } } } - if os.Getenv("REGISTRY_CREDENTIAL_ENCODED") != "" { - registryName := "quay.io" - client, err := cfg.NewClient() - if err != nil { - return err - } - clientSet, err := kubernetes.NewForConfig(client.RESTConfig()) - if err != nil { - return err - } - _, err = clientSet.CoreV1().Secrets("confidential-containers-system").Get(ctx, "auth-json-secret", metav1.GetOptions{}) - if err == nil { - log.Info("Deleting pre-existing auth-json-secret...") - err = clientSet.CoreV1().Secrets("confidential-containers-system").Delete(ctx, "auth-json-secret", metav1.DeleteOptions{}) - if err != nil { - return err - } - } - if os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") != "" { - registryName = strings.Split(os.Getenv("AUTHENTICATED_REGISTRY_IMAGE"), "/")[0] - } - log.Info("Setting up auth.json") - data := map[string]interface{}{ - "auths": map[string]interface{}{ - registryName: map[string]interface{}{ - "auth": os.Getenv("REGISTRY_CREDENTIAL_ENCODED"), - }, - }, - } - jsondata, err := json.MarshalIndent(data, "", " ") - if err != nil { - return err - } - if err := os.WriteFile(filepath.Join(lio.Overlay.ConfigDir, "auth.json"), jsondata, 0644); err != nil { - return err - } - if err = lio.Overlay.SetKustomizeSecretGeneratorFile("auth-json-secret", "auth.json"); err != nil { - return err - } + + if err = lio.Overlay.SetAuthJsonSecretIfApplicable(); err != nil { + return err } + if err = lio.Overlay.YamlReload(); err != nil { return err } diff --git a/src/cloud-api-adaptor/test/provisioner/kustomize.go b/src/cloud-api-adaptor/test/provisioner/kustomize.go index 3fd46b012..84412365d 100644 --- a/src/cloud-api-adaptor/test/provisioner/kustomize.go +++ b/src/cloud-api-adaptor/test/provisioner/kustomize.go @@ -5,6 +5,7 @@ import ( "context" "fmt" "os" + "path/filepath" "strings" "golang.org/x/exp/slices" @@ -429,3 +430,24 @@ func setSecretGeneratorLiteral(k *ktypes.Kustomization, secretName string, key s return nil } + +func (kh *KustomizeOverlay) SetAuthJsonSecretIfApplicable() error { + if cred := os.Getenv("REGISTRY_CREDENTIAL_ENCODED"); cred != "" { + registryName := strings.Split(os.Getenv("AUTHENTICATED_REGISTRY_IMAGE"), "/")[0] + template := `{ + "auths": { + "%s": { + "auth": "%s" + } + } + }` + authJSON := fmt.Sprintf(template, registryName, cred) + if err := os.WriteFile(filepath.Join(kh.ConfigDir, "auth.json"), []byte(authJSON), 0644); err != nil { + return err + } + if err := kh.SetKustomizeSecretGeneratorFile("auth-json-secret", "auth.json"); err != nil { + return err + } + } + return nil +} diff --git a/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go b/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go index f53b9e024..226ec2c3c 100644 --- a/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go +++ b/src/cloud-api-adaptor/test/provisioner/libvirt/provision_common.go @@ -19,14 +19,6 @@ import ( "sigs.k8s.io/e2e-framework/pkg/envconf" ) -const authJSONTemplate string = `{ - "auths": { - "quay.io": { - "auth": "%s" - } - } -}` - // LibvirtProvisioner implements the CloudProvisioner interface for Libvirt. type LibvirtProvisioner struct { conn *libvirt.Connect // Libvirt connection @@ -345,14 +337,8 @@ func (lio *LibvirtInstallOverlay) Edit(ctx context.Context, cfg *envconf.Config, } } - if cred := os.Getenv("REGISTRY_CREDENTIAL_ENCODED"); cred != "" { - authJSON := fmt.Sprintf(authJSONTemplate, cred) - if err := os.WriteFile(filepath.Join(lio.Overlay.ConfigDir, "auth.json"), []byte(authJSON), 0644); err != nil { - return err - } - if err = lio.Overlay.SetKustomizeSecretGeneratorFile("auth-json-secret", "auth.json"); err != nil { - return err - } + if err = lio.Overlay.SetAuthJsonSecretIfApplicable(); err != nil { + return err } if err = lio.Overlay.YamlReload(); err != nil { From 519c1d397ec6cbb47277cfd0cf8647212b51cfcb Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Mon, 12 Aug 2024 18:02:01 +0100 Subject: [PATCH 2/3] tests/e2e: Add auth registry libvirt tests Run the authenticated regsitry tests for libvirt cloud provider Signed-off-by: stevenhorsman --- .../test/e2e/libvirt_test.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/cloud-api-adaptor/test/e2e/libvirt_test.go b/src/cloud-api-adaptor/test/e2e/libvirt_test.go index 0cdeaea53..8e79f4d6f 100644 --- a/src/cloud-api-adaptor/test/e2e/libvirt_test.go +++ b/src/cloud-api-adaptor/test/e2e/libvirt_test.go @@ -6,6 +6,7 @@ package e2e import ( + "os" "testing" _ "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/test/provisioner/libvirt" @@ -142,3 +143,21 @@ func TestLibvirtPermissivePolicyAllowsExec(t *testing.T) { assert := LibvirtAssert{} DoTestPermissivePolicyAllowsExec(t, testEnv, assert) } + +func TestLibvirtCreatePeerPodWithAuthenticatedImageWithoutCredentials(t *testing.T) { + assert := LibvirtAssert{} + if os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") != "" { + DoTestCreatePeerPodWithAuthenticatedImageWithoutCredentials(t, testEnv, assert) + } else { + t.Skip("Authenticated Image Name not exported") + } +} + +func TestLibvirtCreatePeerPodWithAuthenticatedImageWithValidCredentials(t *testing.T) { + assert := LibvirtAssert{} + if os.Getenv("REGISTRY_CREDENTIAL_ENCODED") != "" && os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") != "" { + DoTestCreatePeerPodWithAuthenticatedImageWithValidCredentials(t, testEnv, assert) + } else { + t.Skip("Registry Credentials, or authenticated image name not exported") + } +} From 58a91861fc0617e79d5abed1158f084a1abb6dae Mon Sep 17 00:00:00 2001 From: stevenhorsman Date: Thu, 25 Jul 2024 16:51:13 +0100 Subject: [PATCH 3/3] tests/e2e: Add auth registry docker tests Run the authenticated regsitry tests for docker cloud provider Signed-off-by: stevenhorsman --- src/cloud-api-adaptor/test/e2e/docker_test.go | 19 +++++++++++++++++++ .../provisioner/docker/provision_common.go | 4 ++++ 2 files changed, 23 insertions(+) diff --git a/src/cloud-api-adaptor/test/e2e/docker_test.go b/src/cloud-api-adaptor/test/e2e/docker_test.go index 8ae45f643..e777b805f 100644 --- a/src/cloud-api-adaptor/test/e2e/docker_test.go +++ b/src/cloud-api-adaptor/test/e2e/docker_test.go @@ -6,6 +6,7 @@ package e2e import ( + "os" "testing" _ "github.com/confidential-containers/cloud-api-adaptor/src/cloud-api-adaptor/test/provisioner/docker" @@ -110,3 +111,21 @@ func TestDockerKbsKeyRelease(t *testing.T) { keyBrokerService.EnableKbsCustomizedResourcePolicy("allow_all.rego") DoTestKbsKeyRelease(t, testEnv, assert, kbsEndpoint) } + +func TestDockerCreatePeerPodWithAuthenticatedImageWithoutCredentials(t *testing.T) { + assert := DockerAssert{} + if os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") != "" { + DoTestCreatePeerPodWithAuthenticatedImageWithoutCredentials(t, testEnv, assert) + } else { + t.Skip("Authenticated Image Name not exported") + } +} + +func TestDockerCreatePeerPodWithAuthenticatedImageWithValidCredentials(t *testing.T) { + assert := DockerAssert{} + if os.Getenv("REGISTRY_CREDENTIAL_ENCODED") != "" && os.Getenv("AUTHENTICATED_REGISTRY_IMAGE") != "" { + DoTestCreatePeerPodWithAuthenticatedImageWithValidCredentials(t, testEnv, assert) + } else { + t.Skip("Registry Credentials, or authenticated image name not exported") + } +} diff --git a/src/cloud-api-adaptor/test/provisioner/docker/provision_common.go b/src/cloud-api-adaptor/test/provisioner/docker/provision_common.go index 9438d0f67..064f25120 100644 --- a/src/cloud-api-adaptor/test/provisioner/docker/provision_common.go +++ b/src/cloud-api-adaptor/test/provisioner/docker/provision_common.go @@ -257,6 +257,10 @@ func (lio *DockerInstallOverlay) Edit(ctx context.Context, cfg *envconf.Config, } } + if err := lio.Overlay.SetAuthJsonSecretIfApplicable(); err != nil { + return err + } + if err := lio.Overlay.YamlReload(); err != nil { return err }