config: Azure SNP tool can delete specific version from attestation API (#1863)

* client supports delete version * rename to new attestation / fetcher naming * add delete command to upload tool * test client delete * bazel update * use general client in attestation client * Update hack/configapi/cmd/delete.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * daniel feedback * unit test azure sev upload * Update hack/configapi/cmd/delete.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * add client integration test * new client cmds use apiObject --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2025-07-23 23:40:44 -04:00 · 2023-06-05 12:33:22 +02:00 · 2023-06-05 12:33:22 +02:00 · c446f36b0f
commit c446f36b0f
parent 315b6c2f01
22 changed files with 549 additions and 228 deletions
--- a/internal/api/attestationconfig/client/test/integration_test.go
+++ b/internal/api/attestationconfig/client/test/integration_test.go
@ -0,0 +1,84 @@
+//go:build integration
+
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+package test
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"io"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
+	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig/client"
+	"github.com/edgelesssys/constellation/v2/internal/logger"
+	"github.com/edgelesssys/constellation/v2/internal/staticupload"
+	"github.com/stretchr/testify/require"
+	"go.uber.org/zap"
+)
+
+const (
+	awsBucket   = "cdn-constellation-backend"
+	awsRegion   = "eu-central-1"
+	envAwsKeyID = "AWS_ACCESS_KEY_ID"
+	envAwsKey   = "AWS_ACCESS_KEY"
+)
+
+var cfg staticupload.Config
+
+var (
+	cosignPwd      = flag.String("cosign-pwd", "", "Password to decrypt the cosign private key. Required for signing.")
+	privateKeyPath = flag.String("private-key", "", "Path to the private key used for signing. Required for signing.")
+	privateKey     []byte
+)
+
+func TestMain(m *testing.M) {
+	flag.Parse()
+	if *cosignPwd == "" || *privateKeyPath == "" {
+		flag.Usage()
+		fmt.Println("Required flags not set: --cosign-pwd, --private-key. Skipping tests.")
+		os.Exit(1)
+	}
+	if _, present := os.LookupEnv(envAwsKey); !present {
+		fmt.Printf("%s not set. Skipping tests.\n", envAwsKey)
+		os.Exit(1)
+	}
+	if _, present := os.LookupEnv(envAwsKeyID); !present {
+		fmt.Printf("%s not set. Skipping tests.\n", envAwsKeyID)
+		os.Exit(1)
+	}
+	cfg = staticupload.Config{
+		Bucket: awsBucket,
+		Region: awsRegion,
+	}
+	file, _ := os.Open(*privateKeyPath)
+	var err error
+	privateKey, err = io.ReadAll(file)
+	if err != nil {
+		panic(err)
+	}
+	os.Exit(m.Run())
+}
+
+var versionValues = attestationconfig.AzureSEVSNPVersion{
+	Bootloader: 2,
+	TEE:        0,
+	SNP:        6,
+	Microcode:  93,
+}
+
+func TestUploadAzureSEVSNPVersions(t *testing.T) {
+	ctx := context.Background()
+	client, clientClose, err := client.New(ctx, cfg, []byte(*cosignPwd), privateKey, false, logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfig"))
+	require.NoError(t, err)
+	defer func() { _ = clientClose(ctx) }()
+	d := time.Date(2021, 1, 1, 1, 1, 1, 1, time.UTC)
+	require.NoError(t, client.UploadAzureSEVSNP(ctx, versionValues, d))
+}