//go:build integration
/*
Copyright (c) Edgeless Systems GmbH
SPDX-License-Identifier: AGPL-3.0-only
*/
package test
import (
"context"
"flag"
"testing"
"time"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/s3/types"
"github.com/edgelesssys/constellation/v2/internal/kms/kms/aws"
"github.com/edgelesssys/constellation/v2/internal/kms/storage/awss3"
"github.com/edgelesssys/constellation/v2/internal/kms/storage/memfs"
"github.com/edgelesssys/constellation/v2/internal/kms/uri"
"github.com/stretchr/testify/require"
)
func TestAwsStorage(t *testing.T) {
if !*runAwsStorage {
t.Skip("Skipping AWS storage test")
}
if *awsAccessKey == "" || *awsAccessKeyID == "" || *awsBucket == "" || *awsRegion == "" {
flag.Usage()
t.Fatal("Required flags not set: --aws-access-key, --aws-access-key-id, --aws-bucket, --aws-region")
}
require := require.New(t)
ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
defer cancel()
// create bucket
cfg := uri.AWSS3Config{
Bucket: *awsBucket,
AccessKeyID: *awsAccessKeyID,
AccessKey: *awsAccessKey,
Region: *awsRegion,
}
store, err := awss3.New(ctx, cfg)
require.NoError(err)
runStorageTest(t, store)
cleanUpBucket(ctx, require, *awsBucket, *awsRegion)
}
func cleanUpBucket(ctx context.Context, require *require.Assertions, bucketID, awsRegion string) {
cfg, err := config.LoadDefaultConfig(ctx, config.WithRegion(awsRegion))
require.NoError(err)
client := s3.NewFromConfig(cfg)
// List all objects of the bucket
listObjectsInput := &s3.ListObjectsV2Input{
Bucket: &bucketID,
}
output, err := client.ListObjectsV2(ctx, listObjectsInput)
require.NoError(err)
var objects []string
var i int32
for i = 0; i < output.KeyCount; i++ {
objects = append(objects, *output.Contents[i].Key)
}
// Delete all objects of the bucket
require.NoError(cleanUpObjects(ctx, client, bucketID, objects))
// Delete the bucket
deleteBucketInput := &s3.DeleteBucketInput{
Bucket: &bucketID,
}
_, err = client.DeleteBucket(ctx, deleteBucketInput)
require.NoError(err)
}
func cleanUpObjects(ctx context.Context, client *s3.Client, bucketID string, objectsToDelete []string) error {
var objectsIdentifier []types.ObjectIdentifier
for _, object := range objectsToDelete {
objectsIdentifier = append(objectsIdentifier, types.ObjectIdentifier{Key: func(s string) *string { return &s }(object)})
}
deleteObjectsInput := &s3.DeleteObjectsInput{
Bucket: &bucketID,
Delete: &types.Delete{Objects: objectsIdentifier},
}
_, err := client.DeleteObjects(ctx, deleteObjectsInput)
return err
}
func TestAwsKms(t *testing.T) {
if !*runAwsKms {
t.Skip("Skipping AWS KMS test")
}
if *kekID == "" || *awsAccessKeyID == "" || *awsAccessKey == "" || *awsRegion == "" {
flag.Usage()
t.Fatal("Required flags not set: --aws-access-key-id, --aws-access-key, --aws-region, --kek-id")
}
require := require.New(t)
store := memfs.New()
ctx, cancel := context.WithTimeout(context.Background(), time.Second*30)
defer cancel()
cfg := uri.AWSConfig{
KeyName: *kekID,
Region: *awsRegion,
AccessKeyID: *awsAccessKeyID,
AccessKey: *awsAccessKey,
}
kmsClient, err := aws.New(ctx, store, cfg)
require.NoError(err)
runKMSTest(t, kmsClient)
}