From 3c34185e6b6215b540bdb8e2198d9162a6c9be60 Mon Sep 17 00:00:00 2001 From: Shubhendu Ram Tripathi Date: Fri, 12 May 2023 18:18:10 +0530 Subject: [PATCH] Enabled for other backend stores Signed-off-by: Shubhendu Ram Tripathi --- kestest/example_test.go | 5 ++-- kestest/gateway.go | 10 +++---- kestest/gateway_aws_test.go | 45 ++++++++++++++++++++++++++++++++ kestest/gateway_azure_test.go | 44 +++++++++++++++++++++++++++++++ kestest/gateway_fortanix_test.go | 44 +++++++++++++++++++++++++++++++ kestest/gateway_fs_test.go | 33 +++++++++++++++++++++++ kestest/gateway_gcp_test.go | 45 ++++++++++++++++++++++++++++++++ kestest/gateway_gemalto_test.go | 44 +++++++++++++++++++++++++++++++ kestest/gateway_test.go | 38 +++++++++++++++------------ kestest/gateway_vault_test.go | 43 ++++++++++++++++++++++++++++++ 10 files changed, 327 insertions(+), 24 deletions(-) create mode 100644 kestest/gateway_aws_test.go create mode 100644 kestest/gateway_azure_test.go create mode 100644 kestest/gateway_fortanix_test.go create mode 100644 kestest/gateway_fs_test.go create mode 100644 kestest/gateway_gcp_test.go create mode 100644 kestest/gateway_gemalto_test.go create mode 100644 kestest/gateway_vault_test.go diff --git a/kestest/example_test.go b/kestest/example_test.go index 299be690..71258adf 100644 --- a/kestest/example_test.go +++ b/kestest/example_test.go @@ -11,11 +11,12 @@ import ( "log" "github.com/minio/kes-go" + "github.com/minio/kes/internal/keystore/mem" "github.com/minio/kes/kestest" ) func ExampleGateway() { - server := kestest.NewGateway() + server := kestest.NewGateway(&mem.Store{}) defer server.Close() version, err := server.Client().Version(context.Background()) @@ -29,7 +30,7 @@ func ExampleGateway() { } func ExampleGateway_IssueClientCertificate() { - server := kestest.NewGateway() + server := kestest.NewGateway(&mem.Store{}) defer server.Close() server.Policy().Allow("test-policy", diff --git a/kestest/gateway.go b/kestest/gateway.go index 7081f276..034d972d 100644 --- a/kestest/gateway.go +++ b/kestest/gateway.go @@ -26,17 +26,17 @@ import ( "github.com/minio/kes/internal/api" "github.com/minio/kes/internal/auth" "github.com/minio/kes/internal/keystore" - "github.com/minio/kes/internal/keystore/mem" "github.com/minio/kes/internal/log" "github.com/minio/kes/internal/metric" + "github.com/minio/kes/kv" ) // NewGateway starts and returns a new Gateway. // The caller should call Close when finished, // to shut it down. -func NewGateway() *Gateway { +func NewGateway(store kv.Store[string, []byte]) *Gateway { g := &Gateway{} - g.start() + g.start(store) return g } @@ -92,7 +92,7 @@ func (g *Gateway) CAs() *x509.CertPool { return certpool } -func (g *Gateway) start() { +func (g *Gateway) start(kmsStore kv.Store[string, []byte]) { var ( rootCAs = g.CAs() auditLog = log.New(io.Discard, "", 0) @@ -108,7 +108,7 @@ func (g *Gateway) start() { auditLog.Add(metrics.AuditEventCounter()) errorLog.Add(metrics.ErrorEventCounter()) - store := keystore.NewCache(context.Background(), &mem.Store{}, &keystore.CacheConfig{ + store := keystore.NewCache(context.Background(), kmsStore, &keystore.CacheConfig{ Expiry: 30 * time.Second, ExpiryUnused: 5 * time.Second, }) diff --git a/kestest/gateway_aws_test.go b/kestest/gateway_aws_test.go new file mode 100644 index 00000000..8707d4e4 --- /dev/null +++ b/kestest/gateway_aws_test.go @@ -0,0 +1,45 @@ +package kestest_test + +import ( + "context" + "flag" + "os" + "testing" + + "github.com/minio/kes/edge" +) + +var awsConfigFile = flag.String("aws.config", "", "Path to a KES config file with AWS SecretsManager config") + +func TestGatewayAWS(t *testing.T) { + if *awsConfigFile == "" { + t.Skip("AWS tests disabled. Use -aws.config= to enable them") + } + + file, err := os.Open(*awsConfigFile) + if err != nil { + t.Fatal(err) + } + defer file.Close() + srvrConfig, err := edge.ReadServerConfigYAML(file) + if err != nil { + t.Fatal(err) + } + + store, err = srvrConfig.KeyStore.Connect(context.Background()) + if err != nil { + t.Fatal(err) + } + + t.Run("metrics", TestMetrics) + t.Run("apis", TestAPIs) + t.Run("createkey", TestCreateKey) + t.Run("importkey", TestImportKey) + t.Run("generatekey", TestGenerateKey) + t.Run("encryptket", TestEncryptKey) + t.Run("decryptkey", TestDecryptKey) + t.Run("decryptkeyall", TestDecryptKeyAll) + t.Run("describepolicy", TestDescribePolicy) + t.Run("getpolicy", TestGetPolicy) + t.Run("selfdescribe", TestSelfDescribe) +} diff --git a/kestest/gateway_azure_test.go b/kestest/gateway_azure_test.go new file mode 100644 index 00000000..01186a66 --- /dev/null +++ b/kestest/gateway_azure_test.go @@ -0,0 +1,44 @@ +package kestest_test + +import ( + "context" + "flag" + "os" + "testing" + + "github.com/minio/kes/edge" +) + +var azureConfigFile = flag.String("azure.config", "", "Path to a KES config file with Azure SecretsManager config") + +func TestGatewayAzure(t *testing.T) { + if *azureConfigFile == "" { + t.Skip("Azure tests disabled. Use -azure.config= to enable them") + } + file, err := os.Open(*azureConfigFile) + if err != nil { + t.Fatal(err) + } + defer file.Close() + srvrConfig, err := edge.ReadServerConfigYAML(file) + if err != nil { + t.Fatal(err) + } + + store, err = srvrConfig.KeyStore.Connect(context.Background()) + if err != nil { + t.Fatal(err) + } + + t.Run("metrics", TestMetrics) + t.Run("apis", TestAPIs) + t.Run("createkey", TestCreateKey) + t.Run("importkey", TestImportKey) + t.Run("generatekey", TestGenerateKey) + t.Run("encryptket", TestEncryptKey) + t.Run("decryptkey", TestDecryptKey) + t.Run("decryptkeyall", TestDecryptKeyAll) + t.Run("describepolicy", TestDescribePolicy) + t.Run("getpolicy", TestGetPolicy) + t.Run("selfdescribe", TestSelfDescribe) +} diff --git a/kestest/gateway_fortanix_test.go b/kestest/gateway_fortanix_test.go new file mode 100644 index 00000000..1c727a87 --- /dev/null +++ b/kestest/gateway_fortanix_test.go @@ -0,0 +1,44 @@ +package kestest_test + +import ( + "context" + "flag" + "os" + "testing" + + "github.com/minio/kes/edge" +) + +var fortanixConfigFile = flag.String("fortanix.config", "", "Path to a KES config file with Fortanix SecretsManager config") + +func TestGatewayFortanix(t *testing.T) { + if *fortanixConfigFile == "" { + t.Skip("Fortanix tests disabled. Use -fortanix.config= to enable them") + } + file, err := os.Open(*fortanixConfigFile) + if err != nil { + t.Fatal(err) + } + defer file.Close() + srvrConfig, err := edge.ReadServerConfigYAML(file) + if err != nil { + t.Fatal(err) + } + + store, err = srvrConfig.KeyStore.Connect(context.Background()) + if err != nil { + t.Fatal(err) + } + + t.Run("metrics", TestMetrics) + t.Run("apis", TestAPIs) + t.Run("createkey", TestCreateKey) + t.Run("importkey", TestImportKey) + t.Run("generatekey", TestGenerateKey) + t.Run("encryptket", TestEncryptKey) + t.Run("decryptkey", TestDecryptKey) + t.Run("decryptkeyall", TestDecryptKeyAll) + t.Run("describepolicy", TestDescribePolicy) + t.Run("getpolicy", TestGetPolicy) + t.Run("selfdescribe", TestSelfDescribe) +} diff --git a/kestest/gateway_fs_test.go b/kestest/gateway_fs_test.go new file mode 100644 index 00000000..87fc6e76 --- /dev/null +++ b/kestest/gateway_fs_test.go @@ -0,0 +1,33 @@ +package kestest_test + +import ( + "flag" + "testing" + + "github.com/minio/kes/internal/keystore/fs" +) + +var fsPath = flag.String("fs.path", "", "FS Path") + +func TestGatewayFS(t *testing.T) { + if *fsPath == "" { + t.Skip("FS tests disabled. Use -fs.path= to enable them.") + } + var err error + store, err = fs.NewStore(*fsPath) + if err != nil { + t.Fatal(err) + } + + t.Run("metrics", TestMetrics) + t.Run("apis", TestAPIs) + t.Run("createkey", TestCreateKey) + t.Run("importkey", TestImportKey) + t.Run("generatekey", TestGenerateKey) + t.Run("encryptket", TestEncryptKey) + t.Run("decryptkey", TestDecryptKey) + t.Run("decryptkeyall", TestDecryptKeyAll) + t.Run("describepolicy", TestDescribePolicy) + t.Run("getpolicy", TestGetPolicy) + t.Run("selfdescribe", TestSelfDescribe) +} diff --git a/kestest/gateway_gcp_test.go b/kestest/gateway_gcp_test.go new file mode 100644 index 00000000..8c664400 --- /dev/null +++ b/kestest/gateway_gcp_test.go @@ -0,0 +1,45 @@ +package kestest_test + +import ( + "context" + "flag" + "os" + "testing" + + "github.com/minio/kes/edge" +) + +var gcpConfigFile = flag.String("gcp.config", "", "Path to a KES config file with GCP SecretsManager config") + +func TestGatewayGCP(t *testing.T) { + if *gcpConfigFile == "" { + t.Skip("GCP tests disabled. Use -gcp.config= to enable them") + } + + file, err := os.Open(*gcpConfigFile) + if err != nil { + t.Fatal(err) + } + defer file.Close() + srvrConfig, err := edge.ReadServerConfigYAML(file) + if err != nil { + t.Fatal(err) + } + + store, err = srvrConfig.KeyStore.Connect(context.Background()) + if err != nil { + t.Fatal(err) + } + + t.Run("metrics", TestMetrics) + t.Run("apis", TestAPIs) + t.Run("createkey", TestCreateKey) + t.Run("importkey", TestImportKey) + t.Run("generatekey", TestGenerateKey) + t.Run("encryptket", TestEncryptKey) + t.Run("decryptkey", TestDecryptKey) + t.Run("decryptkeyall", TestDecryptKeyAll) + t.Run("describepolicy", TestDescribePolicy) + t.Run("getpolicy", TestGetPolicy) + t.Run("selfdescribe", TestSelfDescribe) +} diff --git a/kestest/gateway_gemalto_test.go b/kestest/gateway_gemalto_test.go new file mode 100644 index 00000000..aeb85a27 --- /dev/null +++ b/kestest/gateway_gemalto_test.go @@ -0,0 +1,44 @@ +package kestest_test + +import ( + "context" + "flag" + "os" + "testing" + + "github.com/minio/kes/edge" +) + +var gemaltoConfigFile = flag.String("gemalto.config", "", "Path to a KES config file with Gemalto SecretsManager config") + +func TestGatewayGemalto(t *testing.T) { + if *gemaltoConfigFile == "" { + t.Skip("Gemalto tests disabled. Use -gemalto.config= to enable them") + } + file, err := os.Open(*gemaltoConfigFile) + if err != nil { + t.Fatal(err) + } + defer file.Close() + srvrConfig, err := edge.ReadServerConfigYAML(file) + if err != nil { + t.Fatal(err) + } + + store, err = srvrConfig.KeyStore.Connect(context.Background()) + if err != nil { + t.Fatal(err) + } + + t.Run("metrics", TestMetrics) + t.Run("apis", TestAPIs) + t.Run("createkey", TestCreateKey) + t.Run("importkey", TestImportKey) + t.Run("generatekey", TestGenerateKey) + t.Run("encryptket", TestEncryptKey) + t.Run("decryptkey", TestDecryptKey) + t.Run("decryptkeyall", TestDecryptKeyAll) + t.Run("describepolicy", TestDescribePolicy) + t.Run("getpolicy", TestGetPolicy) + t.Run("selfdescribe", TestSelfDescribe) +} diff --git a/kestest/gateway_test.go b/kestest/gateway_test.go index 76d46257..6380ad90 100644 --- a/kestest/gateway_test.go +++ b/kestest/gateway_test.go @@ -18,9 +18,13 @@ import ( "time" "github.com/minio/kes-go" + "github.com/minio/kes/internal/keystore/mem" "github.com/minio/kes/kestest" + "github.com/minio/kes/kv" ) +var store = kv.Store[string, []byte](&mem.Store{}) + var gatewayAPIs = map[string]struct { Method string MaxBody int64 @@ -58,7 +62,7 @@ func TestMetrics(t *testing.T) { ctx, cancel := testingContext(t) defer cancel() - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() client := server.Client() @@ -88,7 +92,7 @@ func TestAPIs(t *testing.T) { ctx, cancel := testingContext(t) defer cancel() - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() client := server.Client() @@ -130,7 +134,7 @@ func TestCreateKey(t *testing.T) { ctx, cancel := testingContext(t) defer cancel() - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() client := server.Client() @@ -154,8 +158,8 @@ var importKeyTests = []struct { ShouldFail bool Err error }{ - {Name: "my-key", Key: make([]byte, 32)}, - {Name: "my-key", Key: make([]byte, 32), ShouldFail: true, Err: kes.ErrKeyExists}, + {Name: "my-key1", Key: make([]byte, 32)}, + {Name: "my-key1", Key: make([]byte, 32), ShouldFail: true, Err: kes.ErrKeyExists}, {Name: "fail-key", Key: make([]byte, 0), ShouldFail: true}, {Name: "fail-key2", Key: make([]byte, 1<<20), ShouldFail: true}, @@ -165,7 +169,7 @@ func TestImportKey(t *testing.T) { ctx, cancel := testingContext(t) defer cancel() - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() client := server.Client() @@ -197,12 +201,12 @@ func TestGenerateKey(t *testing.T) { ctx, cancel := testingContext(t) defer cancel() - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() client := server.Client() - const KeyName = "my-key" + const KeyName = "my-key2" if err := client.CreateKey(ctx, KeyName); err != nil { t.Fatalf("Failed to create %q: %v", KeyName, err) } @@ -248,12 +252,12 @@ func TestEncryptKey(t *testing.T) { ctx, cancel := testingContext(t) defer cancel() - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() client := server.Client() - const KeyName = "my-key" + const KeyName = "my-key3" if err := client.CreateKey(ctx, KeyName); err != nil { t.Fatalf("Failed to create %q: %v", KeyName, err) } @@ -308,12 +312,12 @@ func TestDecryptKey(t *testing.T) { ctx, cancel := testingContext(t) defer cancel() - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() client := server.Client() - const KeyName = "my-key" + const KeyName = "my-key4" const KeyValue = "pQLPe6/f87AMSItvZzEbrxYdRUzmM81ziXF95HOFE4Y=" if err := client.ImportKey(ctx, KeyName, mustDecodeB64(KeyValue)); err != nil { t.Fatalf("Failed to create %q: %v", KeyName, err) @@ -383,12 +387,12 @@ func TestDecryptKeyAll(t *testing.T) { ctx, cancel := testingContext(t) defer cancel() - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() client := server.Client() - const KeyName = "my-key" + const KeyName = "my-key5" const KeyValue = "pQLPe6/f87AMSItvZzEbrxYdRUzmM81ziXF95HOFE4Y=" if err := client.ImportKey(ctx, KeyName, mustDecodeB64(KeyValue)); err != nil { t.Fatalf("Failed to create %q: %v", KeyName, err) @@ -445,7 +449,7 @@ func TestDescribePolicy(t *testing.T) { for i, test := range getPolicyTests { t.Run(fmt.Sprintf("Test %d", i), func(t *testing.T) { - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() server.Policy().Add(test.Name, test.Policy) @@ -474,7 +478,7 @@ func TestGetPolicy(t *testing.T) { for i, test := range getPolicyTests { t.Run(fmt.Sprintf("Test %d", i), func(t *testing.T) { - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() server.Policy().Add(test.Name, test.Policy) @@ -549,7 +553,7 @@ func TestSelfDescribe(t *testing.T) { ctx, cancel := testingContext(t) defer cancel() - server := kestest.NewGateway() + server := kestest.NewGateway(store) defer server.Close() client := server.Client() diff --git a/kestest/gateway_vault_test.go b/kestest/gateway_vault_test.go new file mode 100644 index 00000000..7cae330b --- /dev/null +++ b/kestest/gateway_vault_test.go @@ -0,0 +1,43 @@ +package kestest_test + +import ( + "context" + "flag" + "os" + "testing" + + "github.com/minio/kes/edge" +) + +var vaultConfigFile = flag.String("vault.config", "", "Path to a KES config file with Vault SecretsManager config") + +func TestGatewayVault(t *testing.T) { + if *vaultConfigFile == "" { + t.Skip("Vault tests disabled. Use -vault.config= to enable them") + } + file, err := os.Open(*vaultConfigFile) + if err != nil { + t.Fatal(err) + } + defer file.Close() + srvrConfig, err := edge.ReadServerConfigYAML(file) + if err != nil { + t.Fatal(err) + } + store, err = srvrConfig.KeyStore.Connect(context.Background()) + if err != nil { + t.Fatal(err) + } + + t.Run("metrics", TestMetrics) + t.Run("apis", TestAPIs) + t.Run("createkey", TestCreateKey) + t.Run("importkey", TestImportKey) + t.Run("generatekey", TestGenerateKey) + t.Run("encryptket", TestEncryptKey) + t.Run("decryptkey", TestDecryptKey) + t.Run("decryptkeyall", TestDecryptKeyAll) + t.Run("describepolicy", TestDescribePolicy) + t.Run("getpolicy", TestGetPolicy) + t.Run("selfdescribe", TestSelfDescribe) +}