ci: use aws s3 client that invalidates cloudfront cache for places that modify Constellation api (#1839)

2025-06-04 12:49:54 -04:00 · 2023-06-02 11:20:01 +02:00 · 2023-06-02 11:20:01 +02:00 · e1d3afe8d4
commit e1d3afe8d4
parent 93569ff54c
29 changed files with 398 additions and 186 deletions
--- a/internal/api/attestationconfig/client/client.go
+++ b/internal/api/attestationconfig/client/client.go
@ -16,6 +16,7 @@ import (
 	"sort"
 	"time"

+	s3manager "github.com/aws/aws-sdk-go-v2/feature/s3/manager"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfig"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
@ -27,18 +28,38 @@ import (

 // Client manages (modifies) the version information for the attestation variants.
 type Client struct {
-	*staticupload.Client
-	cosignPwd []byte // used to decrypt the cosign private key
-	privKey   []byte // used to sign
+	s3Client
+	s3ClientClose func(ctx context.Context) error
+	bucketID      string
+	cosignPwd     []byte // used to decrypt the cosign private key
+	privKey       []byte // used to sign
 }

 // New returns a new Client.
-func New(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []byte) (*Client, error) {
-	client, err := staticupload.New(ctx, cfg)
+func New(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []byte) (*Client, CloseFunc, error) {
+	client, clientClose, err := staticupload.New(ctx, cfg)
 	if err != nil {
-		return nil, fmt.Errorf("failed to create s3 storage: %w", err)
+		return nil, nil, fmt.Errorf("failed to create s3 storage: %w", err)
 	}
-	return &Client{client, cosignPwd, privateKey}, nil
+	repo := &Client{
+		s3Client:      client,
+		s3ClientClose: clientClose,
+		bucketID:      cfg.Bucket,
+		cosignPwd:     cosignPwd,
+		privKey:       privateKey,
+	}
+	repoClose := func(ctx context.Context) error {
+		return repo.Close(ctx)
+	}
+	return repo, repoClose, nil
+}
+
+// Close closes the Client.
+func (a Client) Close(ctx context.Context) error {
+	if a.s3ClientClose == nil {
+		return nil
+	}
+	return a.s3ClientClose(ctx)
 }

 // UploadAzureSEVSNP uploads the latest version numbers of the Azure SEVSNP.
@ -51,7 +72,7 @@ func (a Client) UploadAzureSEVSNP(ctx context.Context, versions attestationconfi
 	fname := date.Format("2006-01-02-15-04") + ".json"

 	filePath := fmt.Sprintf("%s/%s/%s", constants.CDNAttestationConfigPrefixV1, variant.String(), fname)
-	err = put(ctx, a.Client, filePath, versionBytes)
+	err = put(ctx, a.s3Client, a.bucketID, filePath, versionBytes)
 	if err != nil {
 		return err
 	}
@ -69,7 +90,7 @@ func (a Client) createAndUploadSignature(ctx context.Context, content []byte, fi
 	if err != nil {
 		return fmt.Errorf("sign version file: %w", err)
 	}
-	err = put(ctx, a.Client, filePath+".sig", signature)
+	err = put(ctx, a.s3Client, a.bucketID, filePath+".sig", signature)
 	if err != nil {
 		return fmt.Errorf("upload signature: %w", err)
 	}
@ -79,7 +100,7 @@ func (a Client) createAndUploadSignature(ctx context.Context, content []byte, fi
 // List returns the list of versions for the given attestation type.
 func (a Client) List(ctx context.Context, attestation variant.Variant) ([]string, error) {
 	key := path.Join(constants.CDNAttestationConfigPrefixV1, attestation.String(), "list")
-	bt, err := get(ctx, a.Client, key)
+	bt, err := get(ctx, a.s3Client, a.bucketID, key)
 	if err != nil {
 		return nil, err
 	}
@ -97,13 +118,13 @@ func (a Client) DeleteList(ctx context.Context, attestation variant.Variant) err
 	if err != nil {
 		return err
 	}
-	return put(ctx, a.Client, path.Join(constants.CDNAttestationConfigPrefixV1, attestation.String(), "list"), bt)
+	return put(ctx, a.s3Client, a.bucketID, path.Join(constants.CDNAttestationConfigPrefixV1, attestation.String(), "list"), bt)
 }

 func (a Client) addVersionToList(ctx context.Context, attestation variant.Variant, fname string) error {
 	versions := []string{}
 	key := path.Join(constants.CDNAttestationConfigPrefixV1, attestation.String(), "list")
-	bt, err := get(ctx, a.Client, key)
+	bt, err := get(ctx, a.s3Client, a.bucketID, key)
 	if err == nil {
 		if err := json.Unmarshal(bt, &versions); err != nil {
 			return err
@ -118,13 +139,13 @@ func (a Client) addVersionToList(ctx context.Context, attestation variant.Varian
 	if err != nil {
 		return err
 	}
-	return put(ctx, a.Client, key, json)
+	return put(ctx, a.s3Client, a.bucketID, key, json)
 }

 // get is a convenience method.
-func get(ctx context.Context, client *staticupload.Client, path string) ([]byte, error) {
+func get(ctx context.Context, client s3Client, bucket, path string) ([]byte, error) {
 	getObjectInput := &s3.GetObjectInput{
-		Bucket: &client.BucketID,
+		Bucket: &bucket,
 		Key:    &path,
 	}
 	output, err := client.GetObject(ctx, getObjectInput)
@ -135,12 +156,24 @@ func get(ctx context.Context, client *staticupload.Client, path string) ([]byte,
 }

 // put is a convenience method.
-func put(ctx context.Context, client *staticupload.Client, path string, data []byte) error {
+func put(ctx context.Context, client s3Client, bucket, path string, data []byte) error {
 	putObjectInput := &s3.PutObjectInput{
-		Bucket: &client.BucketID,
+		Bucket: &bucket,
 		Key:    &path,
 		Body:   bytes.NewReader(data),
 	}
 	_, err := client.Upload(ctx, putObjectInput)
 	return err
 }
+
+type s3Client interface {
+	GetObject(
+		ctx context.Context, params *s3.GetObjectInput, optFns ...func(*s3.Options),
+	) (*s3.GetObjectOutput, error)
+	Upload(
+		ctx context.Context, input *s3.PutObjectInput, opts ...func(*s3manager.Uploader),
+	) (*s3manager.UploadOutput, error)
+}
+
+// CloseFunc is a function that closes the client.
+type CloseFunc func(ctx context.Context) error