config: Azure SNP tool can delete specific version from attestation API (#1863)

* client supports delete version * rename to new attestation / fetcher naming * add delete command to upload tool * test client delete * bazel update * use general client in attestation client * Update hack/configapi/cmd/delete.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * daniel feedback * unit test azure sev upload * Update hack/configapi/cmd/delete.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * add client integration test * new client cmds use apiObject --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2025-08-03 12:36:09 -04:00 · 2023-06-05 12:33:22 +02:00 · 2023-06-05 12:33:22 +02:00 · c446f36b0f
commit c446f36b0f
parent 315b6c2f01
22 changed files with 549 additions and 228 deletions
--- a/hack/configapi/cmd/BUILD.bazel
+++ b/hack/configapi/cmd/BUILD.bazel
@ -3,24 +3,33 @@ load("//bazel/go:go_test.bzl", "go_test")

 go_library(
    name = "cmd",
-    srcs = ["root.go"],
+    srcs = [
+        "delete.go",
+        "root.go",
+    ],
    importpath = "github.com/edgelesssys/constellation/v2/hack/configapi/cmd",
    visibility = ["//visibility:public"],
    deps = [
        "//internal/api/attestationconfig",
        "//internal/api/attestationconfig/client",
        "//internal/api/attestationconfig/fetcher",
+        "//internal/logger",
        "//internal/staticupload",
        "@com_github_spf13_cobra//:cobra",
+        "@org_uber_go_zap//:zap",
    ],
 )

 go_test(
    name = "cmd_test",
-    srcs = ["root_test.go"],
+    srcs = [
+        "delete_test.go",
+        "root_test.go",
+    ],
    embed = [":cmd"],
    deps = [
        "//internal/api/attestationconfig",
        "@com_github_stretchr_testify//assert",
+        "@com_github_stretchr_testify//require",
    ],
 )
--- a/hack/configapi/cmd/delete.go
+++ b/hack/configapi/cmd/delete.go
@ -0,0 +1,63 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+package cmd
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/client"
+	"github.com/edgelesssys/constellation/v2/internal/staticupload"
+	"github.com/spf13/cobra"
+)
+
+// newDeleteCmd creates the delete command.
+func newDeleteCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "delete",
+		Short: "delete a specific version from the config api",
+		RunE:  runDelete,
+	}
+	cmd.Flags().StringP("version", "v", "", "Name of the version to delete (without .json suffix)")
+	must(enforceRequiredFlags(cmd, "version"))
+	return cmd
+}
+
+type deleteCmd struct {
+	attestationClient deleteClient
+}
+
+type deleteClient interface {
+	DeleteAzureSEVSNPVersion(ctx context.Context, versionStr string) error
+}
+
+func (d deleteCmd) delete(cmd *cobra.Command) error {
+	version, err := cmd.Flags().GetString("version")
+	if err != nil {
+		return err
+	}
+	return d.attestationClient.DeleteAzureSEVSNPVersion(cmd.Context(), version)
+}
+
+func runDelete(cmd *cobra.Command, _ []string) error {
+	cfg := staticupload.Config{
+		Bucket: awsBucket,
+		Region: awsRegion,
+	}
+	repo, closefn, err := client.New(cmd.Context(), cfg, []byte(cosignPwd), []byte(privateKey), false, log())
+	if err != nil {
+		return fmt.Errorf("create attestation client: %w", err)
+	}
+	defer func() {
+		if err := closefn(cmd.Context()); err != nil {
+			cmd.Printf("close client: %s\n", err.Error())
+		}
+	}()
+	deleteCmd := deleteCmd{
+		attestationClient: repo,
+	}
+	return deleteCmd.delete(cmd)
+}
--- a/hack/configapi/cmd/delete_test.go
+++ b/hack/configapi/cmd/delete_test.go
@ -0,0 +1,38 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+package cmd
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestDeleteVersion(t *testing.T) {
+	client := &fakeAttestationClient{}
+	sut := deleteCmd{
+		attestationClient: client,
+	}
+	cmd := newDeleteCmd()
+	require.NoError(t, cmd.Flags().Set("version", "2021-01-01"))
+	assert.NoError(t, sut.delete(cmd))
+	assert.True(t, client.isCalled)
+}
+
+type fakeAttestationClient struct {
+	isCalled bool
+}
+
+func (f *fakeAttestationClient) DeleteAzureSEVSNPVersion(_ context.Context, version string) error {
+	if version == "2021-01-01" {
+		f.isCalled = true
+		return nil
+	}
+	return errors.New("version does not exist")
+}
--- a/hack/configapi/cmd/root.go
+++ b/hack/configapi/cmd/root.go
@ -16,6 +16,8 @@ import (
 	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
 	attestationconfigclient "github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/client"
 	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/fetcher"
+	"github.com/edgelesssys/constellation/v2/internal/logger"
+	"go.uber.org/zap"

 	"github.com/edgelesssys/constellation/v2/internal/staticupload"
 	"github.com/spf13/cobra"
@ -54,8 +56,8 @@ func newRootCmd() *cobra.Command {
 		RunE:    runCmd,
 	}
 	rootCmd.PersistentFlags().StringVarP(&versionFilePath, "version-file", "f", "", "File path to the version json file.")
-	must(enforceRequiredFlags(rootCmd, "version-file"))
-
+	must(enforcePersistentRequiredFlags(rootCmd, "version-file"))
+	rootCmd.AddCommand(newDeleteCmd())
 	return rootCmd
 }

@ -93,11 +95,11 @@ func runCmd(cmd *cobra.Command, _ []string) error {
 		return fmt.Errorf("comparing versions: %w", err)
 	}
 	if isNewer {
-		fmt.Printf("Input version: %+v is newer than latest API version: %+v\n", inputVersion, latestAPIVersion)
-		sut, sutClose, err := attestationconfigclient.New(ctx, cfg, []byte(cosignPwd), []byte(privateKey))
+		cmd.Printf("Input version: %+v is newer than latest API version: %+v\n", inputVersion, latestAPIVersion)
+		sut, sutClose, err := attestationconfigclient.New(ctx, cfg, []byte(cosignPwd), []byte(privateKey), false, log())
 		defer func() {
 			if err := sutClose(ctx); err != nil {
-				fmt.Printf("closing repo: %v\n", err)
+				cmd.Printf("closing repo: %v\n", err)
 			}
 		}()
 		if err != nil {
@ -143,6 +145,15 @@ func isInputNewerThanLatestAPI(input, latest attestationconfig.AzureSEVSNPVersio
 }

 func enforceRequiredFlags(cmd *cobra.Command, flags ...string) error {
+	for _, flag := range flags {
+		if err := cmd.MarkFlagRequired(flag); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func enforcePersistentRequiredFlags(cmd *cobra.Command, flags ...string) error {
 	for _, flag := range flags {
 		if err := cmd.MarkPersistentFlagRequired(flag); err != nil {
 			return err
@ -156,3 +167,7 @@ func must(err error) {
 		panic(err)
 	}
 }
+
+func log() *logger.Logger {
+	return logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfig")
+}