recursive delete e2e

edgelesssys · Sep 22, 2023 · 159387b · 159387b
1 parent 7a2c1f2
commit 159387b
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 5 deletions.
diff --git a/internal/api/attestationconfigapi/cli/BUILD.bazel b/internal/api/attestationconfigapi/cli/BUILD.bazel
@@ -21,6 +21,9 @@ go_library(
         "//internal/constants",
         "//internal/logger",
         "//internal/staticupload",
+        "@com_github_aws_aws_sdk_go//aws",
+        "@com_github_aws_aws_sdk_go//aws/session",
+        "@com_github_aws_aws_sdk_go//service/s3",
         "@com_github_spf13_cobra//:cobra",
         "@org_uber_go_zap//:zap",
     ],

diff --git a/internal/api/attestationconfigapi/cli/delete.go b/internal/api/attestationconfigapi/cli/delete.go
@@ -9,7 +9,11 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"os"
 
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/staticupload"
@@ -27,6 +31,13 @@ func newDeleteCmd() *cobra.Command {
 	}
 	cmd.Flags().StringP("version", "v", "", "Name of the version to delete (without .json suffix)")
 	must(cmd.MarkFlagRequired("version"))
+
+	recursivelyCmd := &cobra.Command{
+		Use:   "recursive",
+		Short: "delete all objects from the API path",
+		RunE:  runRecursiveDelete,
+	}
+	cmd.AddCommand(recursivelyCmd)
 	return cmd
 }
 
@@ -85,3 +96,57 @@ func runDelete(cmd *cobra.Command, _ []string) (retErr error) {
 	}
 	return deleteCmd.delete(cmd)
 }
+
+func runRecursiveDelete(cmd *cobra.Command, _ []string) (retErr error) {
+	region, err := cmd.Flags().GetString("region")
+	if err != nil {
+		return fmt.Errorf("getting region: %w", err)
+	}
+
+	bucket, err := cmd.Flags().GetString("bucket")
+	if err != nil {
+		return fmt.Errorf("getting bucket: %w", err)
+	}
+
+	sess, err := session.NewSession(&aws.Config{
+		Region: aws.String(region),
+	})
+	if err != nil {
+		return
+	}
+
+	// Create an S3 client.
+	svc := s3.New(sess)
+
+	path := "constellation/v1/attestation/azure-sev-snp"
+	// List all objects in the path.
+	resp, err := svc.ListObjectsV2(&s3.ListObjectsV2Input{
+		Bucket: aws.String(bucket),
+		Prefix: aws.String(path),
+	})
+	if err != nil {
+		fmt.Println("Error listing objects:", err)
+		os.Exit(1)
+	}
+
+	// Delete all objects in the path.
+	var keys []*s3.ObjectIdentifier
+	for _, obj := range resp.Contents {
+		keys = append(keys, &s3.ObjectIdentifier{
+			Key: obj.Key,
+		})
+	}
+	if len(keys) > 0 {
+		_, err = svc.DeleteObjects(&s3.DeleteObjectsInput{
+			Bucket: aws.String(bucket),
+			Delete: &s3.Delete{
+				Objects: keys,
+				Quiet:   aws.Bool(true),
+			},
+		})
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/internal/api/attestationconfigapi/cli/e2e/test.sh.in b/internal/api/attestationconfigapi/cli/e2e/test.sh.in
@@ -28,6 +28,24 @@ tmpdir=$(mktemp -d)
 readonly tmpdir
 registerExitHandler "rm -rf $tmpdir"
 
+# empty the bucket version state
+${configapi_cli} delete recursive --region "$region" --bucket "$bucket" --distribution "$distribution"
+
+# the high version numbers ensure that it's newer than the current latest value
+readonly current_claim_path="$tmpdir/currentMaaClaim.json"
+cat << EOF > "$current_claim_path"
+{
+  "x-ms-isolation-tee": {
+    "x-ms-sevsnpvm-tee-svn": 1,
+    "x-ms-sevsnpvm-snpfw-svn": 1,
+    "x-ms-sevsnpvm-microcode-svn": 1,
+    "x-ms-sevsnpvm-bootloader-svn": 1
+  }
+}
+EOF
+# upload a fake latest version for the fetcher
+${configapi_cli} --force --maa-claims-path "$current_claim_path" --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket" --distribution "$distribution"
+
 # the high version numbers ensure that it's newer than the current latest value
 readonly claim_path="$tmpdir/maaClaim.json"
 cat << EOF > "$claim_path"
@@ -70,11 +88,11 @@ if ! curl -fsSL ${baseurl}/${date_oldest}.json > version.json; then
 fi
 # check that version values are equal to expected
 if ! cmp -s <(echo -n '{"bootloader":255,"tee":255,"snp":255,"microcode":254}') version.json; then
-    echo "The version content:"
-    cat version.json
-    echo " is not equal to the expected version content:"
-    echo '{"bootloader":255,"tee":255,"snp":255,"microcode":254}'
-    exit 1
+  echo "The version content:"
+  cat version.json
+  echo " is not equal to the expected version content:"
+  echo '{"bootloader":255,"tee":255,"snp":255,"microcode":254}'
+  exit 1
 fi
 if ! curl -fsSL ${baseurl}/${date_oldest}.json.sig > /dev/null; then
   echo "Checking for uploaded version signature file constellation/v1/attestation/azure-sev-snp/${date_oldest}.json.sig: request returned ${?}"

diff --git a/internal/api/attestationconfigapi/client.go b/internal/api/attestationconfigapi/client.go
@@ -7,13 +7,15 @@ package attestationconfigapi
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"time"
 
 	apiclient "github.com/edgelesssys/constellation/v2/internal/api/client"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
 	"github.com/edgelesssys/constellation/v2/internal/sigstore"
+
 	"github.com/edgelesssys/constellation/v2/internal/staticupload"
 )
 
@@ -75,6 +77,10 @@ func (a Client) List(ctx context.Context, attestation variant.Variant) ([]string
 	if attestation.Equal(variant.AzureSEVSNP{}) {
 		versions, err := apiclient.Fetch(ctx, a.s3Client, AzureSEVSNPVersionList{})
 		if err != nil {
+			var notFoundErr *apiclient.NotFoundError
+			if errors.As(err, &notFoundErr) {
+				return nil, nil
+			}
 			return nil, err
 		}
 		return versions, nil