Add integration tests

.github/workflows/go.yml

@@ -63,12 +63,46 @@ jobs:
       id: go
     - name: Check out code
       uses: actions/checkout@v3
+    - uses: actions/cache@v3
+      id: assets-cache
+      name: Assets Cache
+      with:
+        path: |
+          ./web-app/build/
+        key: ${{ runner.os }}-assets-${{ github.run_id }}
     - name: Build and Lint
       env:
         GO111MODULE: on
       run: |
          go build ./...
          go vet ./...
+  # integration-tests:
+  #   name: Integration tests
+  #   needs:
+  #     - ui-assets
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #   - name: Set up Go
+  #     uses: actions/setup-go@v3
+  #     with:
+  #       go-version: 1.20.2
+  #       check-latest: true
+  #     id: go
+  #   - name: Check out code
+  #     uses: actions/checkout@v3
+  #   - uses: actions/cache@v3
+  #     id: assets-cache
+  #     name: Assets Cache
+  #     with:
+  #       path: |
+  #         ./web-app/build/
+  #       key: ${{ runner.os }}-assets-${{ github.run_id }}
+  #   - name: Run Integration Tests
+  #     env:
+  #       GO111MODULE: on
+  #     run: |
+  #        make integration-tests
+
   lint:
     name: Lint
     runs-on: ubuntu-latest
@@ -105,7 +139,7 @@ jobs:
       env:
         GO111MODULE: on
       run: |
-         go test ./...
+         go test $(go list ./... | grep -v integration)
   
   vulncheck:
     name: Vulncheck

Makefile

@@ -23,4 +23,7 @@ swagger-gen:
 
 assets:
 	@(if [ -f "${NVM_DIR}/nvm.sh" ]; then \. "${NVM_DIR}/nvm.sh" && nvm install && nvm use && npm install -g yarn ; fi &&\
-	  cd web-app; yarn install --prefer-offline; make build-static; cd ..)
+	  cd web-app; yarn install --prefer-offline; make build-static; cd ..)
+
+integration-tests:
+	./integration-tests.sh

go.mod

@@ -30,6 +30,7 @@ require (
 	github.com/prometheus/common v0.39.0
 	github.com/secure-io/sio-go v0.3.1
 	github.com/spf13/pflag v1.0.5
+	github.com/stretchr/testify v1.8.2
 	github.com/tinylib/msgp v1.1.8
 	github.com/xdg-go/pbkdf2 v1.0.0
 	golang.org/x/crypto v0.7.0
@@ -58,6 +59,7 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
@@ -114,6 +116,7 @@ require (
 	github.com/philhofer/fwd v1.1.2 // indirect
 	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.3.0 // indirect
 	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect

go.sum

@@ -393,6 +393,7 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
@@ -450,8 +451,9 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0=

integration-tests.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+go build ./cmd/kes/...
+
+./kes identity new --key=admin.key --cert=admin.crt admin --force
+./kes identity new --key=client.key --cert=client.crt client --force
+./kes identity new --key private.key --cert public.crt --ip "127.0.0.1" localhost --force
+
+export KES_UNSEAL_KEY=$(cat /dev/urandom | head -c 32 | base64)
+
+echo "version: v1" > ./init.yml
+echo "address: 0.0.0.0:7373" >> ./init.yml
+echo "tls:" >> ./init.yml
+echo "  key: private.key" >> ./init.yml
+echo "  cert: public.crt" >> ./init.yml
+echo "  client:" >> ./init.yml
+echo "    verify_cert: false" >> ./init.yml
+echo "system:" >> ./init.yml
+echo "  admin:" >> ./init.yml
+echo "    identity: $(./kes identity of admin.crt)" >> ./init.yml
+echo "unseal:" >> ./init.yml
+echo "  environment:" >> ./init.yml
+echo "    name: KES_UNSEAL_KEY" >> ./init.yml
+echo "enclave:" >> ./init.yml
+echo "  default:" >> ./init.yml
+echo "    admin:" >> ./init.yml
+echo "      identity: $(./kes identity of client.crt)" >> ./init.yml
+echo "    policy:" >> ./init.yml
+echo "      minio:" >> ./init.yml
+echo "        allow:" >> ./init.yml
+echo "        - /v1/api" >> ./init.yml
+echo "        - /v1/metrics" >> ./init.yml
+echo "        - /v1/key/list/*" >> ./init.yml
+echo "        - /v1/key/create/*" >> ./init.yml
+echo "        - /v1/key/import/*" >> ./init.yml
+echo "        - /v1/key/delete/*" >> ./init.yml
+echo "        - /v1/key/generate/*" >> ./init.yml
+echo "        - /v1/key/decrypt/*" >> ./init.yml
+echo "        - /v1/policy/list/*" >> ./init.yml
+echo "        - /v1/policy/assign/*" >> ./init.yml
+echo "        - /v1/policy/write/*" >> ./init.yml
+echo "        - /v1/policy/describe/*" >> ./init.yml
+echo "        - /v1/policy/read/*" >> ./init.yml
+echo "        - /v1/policy/delete/*" >> ./init.yml
+echo "        - /v1/identity/list/*" >> ./init.yml
+echo "        - /v1/identity/describe/*" >> ./init.yml
+echo "        - /v1/identity/delete/*" >> ./init.yml
+
+./kes init --config init.yml ./data --force
+./kes server ./data --auth=off &
+KES_PID=$!
+./kes ui &
+KES_UI_PID=$!
+
+go test ./restapi/integration/...
+
+rm kes admin.key admin.crt client.key client.crt private.key public.crt init.yml
+
+kill -9 $KES_PID
+kill -9 $KES_UI_PID

restapi/integration/api_test.go

@@ -0,0 +1,68 @@
+// This file is part of MinIO KES
+// Copyright (c) 2023 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+)
+
+type APITestSuite struct {
+	suite.Suite
+	assert *assert.Assertions
+	token  string
+}
+
+func (suite *APITestSuite) SetupSuite() {
+	suite.assert = assert.New(suite.T())
+}
+
+func (suite *APITestSuite) SetupTest() {
+}
+
+func (suite *APITestSuite) TearDownSuite() {
+}
+
+func (suite *APITestSuite) TearDownTest() {
+}
+
+func (suite *APITestSuite) TestAPI() {
+	var err error
+	suite.token, err = login()
+	suite.assert.NoError(err)
+	suite.getAPIs()
+	suite.getMetrics()
+}
+
+func (suite *APITestSuite) getAPIs() {
+	res, err := makeRequest(nil, "GET", "http://localhost:9393/api/v1/encryption/apis", suite.token)
+	suite.assert.NoError(err)
+	suite.assert.Equal(http.StatusOK, res.StatusCode)
+}
+
+func (suite *APITestSuite) getMetrics() {
+	res, err := makeRequest(nil, "GET", "http://localhost:9393/api/v1/encryption/metrics", suite.token)
+	suite.assert.NoError(err)
+	suite.assert.Equal(http.StatusOK, res.StatusCode)
+}
+
+func TestAPI(t *testing.T) {
+	suite.Run(t, new(APITestSuite))
+}

restapi/integration/keys_test.go

@@ -0,0 +1,80 @@
+// This file is part of MinIO KES
+// Copyright (c) 2023 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+)
+
+type KeysTestSuite struct {
+	suite.Suite
+	assert  *assert.Assertions
+	testKey string
+	token   string
+}
+
+func (suite *KeysTestSuite) SetupSuite() {
+	suite.assert = assert.New(suite.T())
+	suite.testKey = "test-key"
+}
+
+func (suite *KeysTestSuite) SetupTest() {
+}
+
+func (suite *KeysTestSuite) TearDownSuite() {
+}
+
+func (suite *KeysTestSuite) TearDownTest() {
+}
+
+func (suite *KeysTestSuite) TestKeys() {
+	var err error
+	suite.token, err = login()
+	suite.assert.NoError(err)
+	suite.createKey()
+	suite.listKeys()
+	suite.deleteKey()
+}
+
+func (suite *KeysTestSuite) createKey() {
+	data := map[string]interface{}{"key": suite.testKey}
+	res, err := makeRequest(data, "POST", "http://localhost:9393/api/v1/encryption/keys", suite.token)
+	suite.assert.NoError(err)
+	suite.assert.Equal(http.StatusCreated, res.StatusCode)
+}
+
+func (suite *KeysTestSuite) listKeys() {
+	res, err := makeRequest(nil, "GET", "http://localhost:9393/api/v1/encryption/keys", suite.token)
+	suite.assert.NoError(err)
+	suite.assert.Equal(http.StatusOK, res.StatusCode)
+}
+
+func (suite *KeysTestSuite) deleteKey() {
+	url := fmt.Sprintf("http://localhost:9393/api/v1/encryption/keys/%s", suite.testKey)
+	res, err := makeRequest(nil, "DELETE", url, suite.token)
+	suite.assert.NoError(err)
+	suite.assert.Equal(http.StatusOK, res.StatusCode)
+}
+
+func TestKeys(t *testing.T) {
+	suite.Run(t, new(KeysTestSuite))
+}