Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-06 05:54:28 -04:00
Code Issues Projects Releases Packages Wiki Activity

internal: refactor storage credentials (#1071)

Browse source 
* Move storage clients to separate packages

* Allow setting of client credentials for AWS S3

* Use managed identity client secret or default credentials for Azure Blob Storage

* Use credentials file to authorize GCS client

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-03-02 15:08:31 +01:00 committed by GitHub
parent 96b4b74a7a
commit 5eb73706f5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 857 additions and 1130 deletions
Download patch file Download diff file Expand all files Collapse all files

33
internal/kms/test/gcp_test.go
View file

@ -15,9 +15,9 @@ import (
"time"
"github.com/edgelesssys/constellation/v2/internal/kms/kms/gcp"
"github.com/edgelesssys/constellation/v2/internal/kms/storage"
"github.com/edgelesssys/constellation/v2/internal/kms/storage/gcs"
"github.com/edgelesssys/constellation/v2/internal/kms/storage/memfs"
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
@ -31,7 +31,7 @@ func TestGCPKMS(t *testing.T) {
}
require := require.New(t)
store := storage.NewMemMapStorage()
store := memfs.New()
ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
defer cancel()
@ -53,29 +53,22 @@ func TestGcpStorage(t *testing.T) {
if !*runGcpStorage {
t.Skip("Skipping Google Storage test")
}
if *gcpProjectID == "" || *gcpBucket == "" {
if *gcpProjectID == "" || *gcpBucket == "" || *gcpCredentialsPath == "" {
flag.Usage()
t.Fatal("Required flags not set: --gcp-project, --gcp-bucket ")
}
assert := assert.New(t)
require := require.New(t)
ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
defer cancel()
store, err := storage.NewGoogleCloudStorage(ctx, *gcpProjectID, *gcpBucket, nil)
assert.NoError(err)
testData := []byte("Constellation test data")
testName := "constellation-test"
cfg := uri.GoogleCloudStorageConfig{
CredentialsPath: *gcpCredentialsPath,
ProjectID: *gcpProjectID,
Bucket: *gcpBucket,
}
store, err := gcs.New(ctx, cfg)
require.NoError(err)
err = store.Put(ctx, testName, testData)
assert.NoError(err)
got, err := store.Get(ctx, testName)
assert.NoError(err)
assert.Equal(testData, got)
_, err = store.Get(ctx, addSuffix("does-not-exist"))
assert.ErrorIs(err, storage.ErrDEKUnset)
runStorageTest(t, store)
}