Skip to content

Commit

Permalink
use testing flag
Browse files Browse the repository at this point in the history
  • Loading branch information
elchead committed Sep 25, 2023
1 parent da88092 commit db2d535
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 28 deletions.
10 changes: 6 additions & 4 deletions internal/api/attestationconfigapi/cli/delete.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,11 @@ func runDelete(cmd *cobra.Command, _ []string) (retErr error) {
return fmt.Errorf("getting bucket: %w", err)
}

distribution, err := cmd.Flags().GetString("distribution")
testing, err := cmd.Flags().GetBool("testing")
if err != nil {
return fmt.Errorf("getting distribution: %w", err)
return fmt.Errorf("getting testing flag: %w", err)
}
_, distribution := getEnvironment(testing)

cfg := staticupload.Config{
Bucket: bucket,
Expand Down Expand Up @@ -108,10 +109,11 @@ func runRecursiveDelete(cmd *cobra.Command, _ []string) (retErr error) {
return fmt.Errorf("getting bucket: %w", err)
}

distribution, err := cmd.Flags().GetString("distribution")
testing, err := cmd.Flags().GetBool("testing")
if err != nil {
return fmt.Errorf("getting distribution: %w", err)
return fmt.Errorf("getting testing flag: %w", err)
}
_, distribution := getEnvironment(testing)

log := logger.New(logger.PlainLog, zap.DebugLevel).Named("attestationconfigapi")
client, closeFn, err := staticupload.New(cmd.Context(), staticupload.Config{
Expand Down
15 changes: 7 additions & 8 deletions internal/api/attestationconfigapi/cli/e2e/test.sh.in
Original file line number Diff line number Diff line change
Expand Up @@ -17,19 +17,18 @@ fi

configapi_cli=$(realpath @@CONFIGAPI_CLI@@)
stat "${configapi_cli}" >> /dev/null

configapi_cli="${configapi_cli} --testing"
###### script body ######

readonly region="eu-west-1"
readonly bucket="resource-api-testing"
readonly distribution="ETZGUP1CWRC2P"

tmpdir=$(mktemp -d)
readonly tmpdir
registerExitHandler "rm -rf $tmpdir"

# empty the bucket version state
${configapi_cli} delete recursive --region "$region" --bucket "$bucket" --distribution "$distribution"
${configapi_cli} delete recursive --region "$region" --bucket "$bucket"

# the high version numbers ensure that it's newer than the current latest value
readonly current_claim_path="$tmpdir/currentMaaClaim.json"
Expand All @@ -44,7 +43,7 @@ cat << EOF > "$current_claim_path"
}
EOF
# upload a fake latest version for the fetcher
${configapi_cli} --force --maa-claims-path "$current_claim_path" --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket" --distribution "$distribution"
${configapi_cli} --force --maa-claims-path "$current_claim_path" --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket"

# the high version numbers ensure that it's newer than the current latest value
readonly claim_path="$tmpdir/maaClaim.json"
Expand Down Expand Up @@ -74,11 +73,11 @@ EOF

# report 3 versions with different dates to fill the reporter cache
readonly date_oldest="2023-02-01-03-04"
${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_oldest" --region "$region" --bucket "$bucket" --distribution "$distribution" --cache-window-size 3
${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_oldest" --region "$region" --bucket "$bucket" --cache-window-size 3
readonly date_older="2023-02-02-03-04"
${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --distribution "$distribution" --cache-window-size 3
${configapi_cli} --maa-claims-path "$older_claim_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --cache-window-size 3
readonly date="2023-02-03-03-04"
${configapi_cli} --maa-claims-path "$claim_path" --upload-date "$date" --region "$region" --bucket "$bucket" --distribution "$distribution" --cache-window-size 3
${configapi_cli} --maa-claims-path "$claim_path" --upload-date "$date" --region "$region" --bucket "$bucket" --cache-window-size 3

# expect that $date_oldest is served as latest version
baseurl="https://d33dzgxuwsgbpw.cloudfront.net/constellation/v1/attestation/azure-sev-snp"
Expand Down Expand Up @@ -124,7 +123,7 @@ if [[ $http_code -ne 404 ]]; then
exit 1
fi

${configapi_cli} delete --version "$date_oldest" --region "$region" --bucket "$bucket" --distribution "$distribution"
${configapi_cli} delete --version "$date_oldest" --region "$region" --bucket "$bucket"

# Omit -f to check for 404. We want to check that a file was deleted, therefore we expect the query to fail.
http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null ${baseurl}/${date_oldest}.json)
Expand Down
40 changes: 24 additions & 16 deletions internal/api/attestationconfigapi/cli/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ You can execute an e2e test by running: `bazel run //internal/api/attestationcon
The CLI is used in the CI pipeline. Manual actions that change the bucket's data shouldn't be necessary.
The reporter CLI caches the observed version values in a dedicated caching directory and derives the latest API version from it.
Any version update is then pushed to the API.
Notice that there is no synchronization on API operations. // TODO(elchead): what does this mean?
*/
package main

Expand Down Expand Up @@ -75,7 +74,7 @@ func newRootCmd() *cobra.Command {
rootCmd.Flags().IntP("cache-window-size", "s", versionWindowSize, "Number of versions to be considered for the latest version.")
rootCmd.PersistentFlags().StringP("region", "r", awsRegion, "region of the targeted bucket.")
rootCmd.PersistentFlags().StringP("bucket", "b", awsBucket, "bucket targeted by all operations.")
rootCmd.PersistentFlags().StringP("distribution", "i", distributionID, "cloudflare distribution used.")
rootCmd.PersistentFlags().Bool("testing", false, "upload to S3 test bucket.")
must(rootCmd.MarkFlagRequired("maa-claims-path"))
rootCmd.AddCommand(newDeleteCmd())
return rootCmd
Expand Down Expand Up @@ -130,8 +129,7 @@ func runCmd(cmd *cobra.Command, _ []string) (retErr error) {
return fmt.Errorf("creating client: %w", err)
}

url := "https://d33dzgxuwsgbpw.cloudfront.net"
latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(url, constants.CosignPublicKeyDev).FetchAzureSEVSNPVersionLatest(ctx)
latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(flags.url, constants.CosignPublicKeyDev).FetchAzureSEVSNPVersionLatest(ctx)
if err != nil {
if errors.Is(err, attestationconfigapi.ErrNoVersionsFound) {
log.Infof("No versions found in API, but assuming that we are uploading the first version.")
Expand All @@ -150,69 +148,79 @@ func runCmd(cmd *cobra.Command, _ []string) (retErr error) {
return nil
}

type cliFlags struct {
type config struct {
maaFilePath string
uploadDate time.Time
region string
bucket string
distribution string
url string
force bool
cacheWindowSize int
}

func parseCliFlags(cmd *cobra.Command) (cliFlags, error) {
func parseCliFlags(cmd *cobra.Command) (config, error) {
maaFilePath, err := cmd.Flags().GetString("maa-claims-path")
if err != nil {
return cliFlags{}, fmt.Errorf("getting maa claims path: %w", err)
return config{}, fmt.Errorf("getting maa claims path: %w", err)
}

dateStr, err := cmd.Flags().GetString("upload-date")
if err != nil {
return cliFlags{}, fmt.Errorf("getting upload date: %w", err)
return config{}, fmt.Errorf("getting upload date: %w", err)
}
uploadDate := time.Now()
if dateStr != "" {
uploadDate, err = time.Parse(attestationconfigapi.VersionFormat, dateStr)
if err != nil {
return cliFlags{}, fmt.Errorf("parsing date: %w", err)
return config{}, fmt.Errorf("parsing date: %w", err)
}
}

region, err := cmd.Flags().GetString("region")
if err != nil {
return cliFlags{}, fmt.Errorf("getting region: %w", err)
return config{}, fmt.Errorf("getting region: %w", err)
}

bucket, err := cmd.Flags().GetString("bucket")
if err != nil {
return cliFlags{}, fmt.Errorf("getting bucket: %w", err)
return config{}, fmt.Errorf("getting bucket: %w", err)
}

distribution, err := cmd.Flags().GetString("distribution")
testing, err := cmd.Flags().GetBool("testing")
if err != nil {
return cliFlags{}, fmt.Errorf("getting distribution: %w", err)
return config{}, fmt.Errorf("getting testing flag: %w", err)
}
url, distribution := getEnvironment(testing)

force, err := cmd.Flags().GetBool("force")
if err != nil {
return cliFlags{}, fmt.Errorf("getting force: %w", err)
return config{}, fmt.Errorf("getting force: %w", err)
}

cacheWindowSize, err := cmd.Flags().GetInt("cache-window-size")
if err != nil {
return cliFlags{}, fmt.Errorf("getting cache window size: %w", err)
return config{}, fmt.Errorf("getting cache window size: %w", err)
}
return cliFlags{
return config{
maaFilePath: maaFilePath,
uploadDate: uploadDate,
region: region,
bucket: bucket,
url: url,
distribution: distribution,
force: force,
cacheWindowSize: cacheWindowSize,
}, nil
}

func getEnvironment(testing bool) (url string, distributionID string) {
if testing {
return "https://d33dzgxuwsgbpw.cloudfront.net", "ETZGUP1CWRC2P"
}
return constants.CDNRepositoryURL, constants.CDNDefaultDistributionID
}

// maaTokenTCBClaims describes the TCB information in a MAA token.
type maaTokenTCBClaims struct {
IsolationTEE struct {
Expand Down

0 comments on commit db2d535

Please sign in to comment.