chore(Issue 78): integration tests for key_access_server registry db interactions

integration/fixtures.go

@@ -1,14 +1,17 @@
 package integration
 
 import (
+	"encoding/json"
 	"log/slog"
 	"os"
 
 	"gopkg.in/yaml.v2"
 )
 
-var fixtureFilename = "fixtures.yaml"
-var fixtureData FixtureData
+var (
+	fixtureFilename = "fixtures.yaml"
+	fixtureData     FixtureData
+)
 
 type FixtureMetadata struct {
 	TableName string   `yaml:"table_name"`
@@ -48,6 +51,15 @@ type FixtureDataResourceMapping struct {
 	Terms            []string `yaml:"terms"`
 }
 
+type FixtureDataKasRegistry struct {
+	Id              string `yaml:"id"`
+	KeyAccessServer string `yaml:"key_access_server"`
+	PubKey          struct {
+		Remote string `yaml:"remote" json:"remote,omitempty"`
+		Local  string `yaml:"local" json:"local,omitempty"`
+	} `yaml:"public_key" json:"public_key"`
+}
+
 type FixtureData struct {
 	Namespaces struct {
 		Metadata FixtureMetadata                 `yaml:"metadata"`
@@ -69,6 +81,10 @@ type FixtureData struct {
 		Metadata FixtureMetadata                       `yaml:"metadata"`
 		Data     map[string]FixtureDataResourceMapping `yaml:"data"`
 	} `yaml:"resource_mappings"`
+	KasRegistries struct {
+		Metadata FixtureMetadata                   `yaml:"metadata"`
+		Data     map[string]FixtureDataKasRegistry `yaml:"data"`
+	} `yaml:"kas_registry"`
 }
 
 func loadFixtureData() {
@@ -134,6 +150,14 @@ func (f *Fixtures) GetResourceMappingKey(key string) FixtureDataResourceMapping
 	return fixtureData.ResourceMappings.Data[key]
 }
 
+func (f *Fixtures) GetKasRegistryKey(key string) FixtureDataKasRegistry {
+	if fixtureData.KasRegistries.Data[key].Id == "" {
+		slog.Error("could not find kas-registry", slog.String("id", key))
+		panic("could not find kas-registry")
+	}
+	return fixtureData.KasRegistries.Data[key]
+}
+
 func (f *Fixtures) Provision() {
 	slog.Info("📦 running migrations in schema", slog.String("schema", f.db.schema))
 	f.db.Client.RunMigrations()
@@ -148,13 +172,16 @@ func (f *Fixtures) Provision() {
 	sM := f.provisionSubjectMappings()
 	slog.Info("📦 provisioning resource mapping data")
 	rM := f.provisionResourceMappings()
+	slog.Info("📦 provisioning kas registry data")
+	kas := f.provisionKasRegistry()
 
 	slog.Info("📦 provisioned fixtures data",
 		slog.Int64("namespaces", n),
 		slog.Int64("attributes", a),
 		slog.Int64("attribute_values", aV),
 		slog.Int64("subject_mappings", sM),
 		slog.Int64("resource_mappings", rM),
+		slog.Int64("kas_registry", kas),
 	)
 }
 
@@ -231,6 +258,25 @@ func (f *Fixtures) provisionResourceMappings() int64 {
 	return f.provision(fixtureData.ResourceMappings.Metadata.TableName, fixtureData.ResourceMappings.Metadata.Columns, values)
 }
 
+func (f *Fixtures) provisionKasRegistry() int64 {
+	var values [][]string
+	for _, d := range fixtureData.KasRegistries.Data {
+		v := []string{
+			f.db.StringWrap(d.Id),
+			f.db.StringWrap(d.KeyAccessServer),
+		}
+
+		if pubKeyJson, err := json.Marshal(d.PubKey); err != nil {
+			slog.Error("⛔️ 📦 issue with KAS registry public key JSON - check fixtures.yaml for issues")
+			panic("issue with KAS registry public key JSON")
+		} else {
+			v = append(v, f.db.StringWrap(string(pubKeyJson)))
+		}
+		values = append(values, v)
+	}
+	return f.provision(fixtureData.KasRegistries.Metadata.TableName, fixtureData.KasRegistries.Metadata.Columns, values)
+}
+
 func (f *Fixtures) provision(t string, c []string, v [][]string) (rows int64) {
 	var err error
 	rows, err = f.db.ExecInsert(t, c, v...)

integration/fixtures.yaml

@@ -181,3 +181,26 @@ resource_mappings:
       attribute_value_id: 00000000-0000-0000-0000-000000000005
       terms:
         - helloworld
+
+##
+# KAS Registry (key access server registry)
+#
+##
+kas_registry:
+  metadata:
+    table_name: key_access_servers
+    columns:
+      - id
+      - key_access_server
+      - public_key
+  data:
+    key_access_server_1:
+      id: 00000000-0000-0000-0000-000000000000
+      key_access_server: kas.example.com
+      public_key:
+        remote: https://kas.example.com/public_key
+    key_access_server_2:
+      id: 00000000-0000-0000-0000-000000000001
+      key_access_server: https://local.kas.com:3000
+      public_key:
+        local: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ6ekNDQVhXZ0F3SUJBZ0lVT1J1VjNhdlU5QUU2enNCNlp4eWxsSHBpNWQ0d0NnWUlLb1pJemowRUF3SXcKUFRFTE1Ba0dBMVVFQmhNQ2RYTXhDekFKQmdOVkJBZ01BbU4wTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWAphV1JuYVhSeklGQjBlU0JNZEdRd0hoY05NalF3TVRBeU1UWTFOalUyV2hjTk1qVXdNVEF4TVRZMU5qVTJXakE5Ck1Rc3dDUVlEVlFRR0V3SjFjekVMTUFrR0ExVUVDQXdDWTNReElUQWZCZ05WQkFvTUdFbHVkR1Z5Ym1WMElGZHAKWkdkcGRITWdVSFI1SUV4MFpEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJMVjlmQ0pIRC9rYwpyWHJVSFF3QVp4ME1jMGRQdkxqc0ovb2pFdE1NbjBST2RlT3g4eWd4Z2NRVEZGQXh5Q3RCdWFkaEFkbS9pVkh0CjhnMkVNejVkTzNXalV6QlJNQjBHQTFVZERnUVdCQlFZTmt1aytKSXVSV3luK2JFOHNCaFJ3MjdPVlRBZkJnTlYKSFNNRUdEQVdnQlFZTmt1aytKSXVSV3luK2JFOHNCaFJ3MjdPVlRBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUFvRwpDQ3FHU000OUJBTUNBMGdBTUVVQ0lRQ0FCMmppWWU4QVk2TUo0QURQU1FHRTQ3K2Eza1dGTGNHc0pob1pieHRnClV3SWdjZklJdVBmaDRmYmN2OGNUaTJCbEkzazdzV1B1QW1JRlZyaUkyZDNVeDVRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==

integration/kas_registry_test.go

@@ -0,0 +1,245 @@
+package integration
+
+import (
+	"context"
+	"log/slog"
+	"testing"
+
+	"github.com/opentdf/opentdf-v2-poc/sdk/common"
+	kasr "github.com/opentdf/opentdf-v2-poc/sdk/kasregistry"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+)
+
+var nonExistentKasRegistryId = "78909865-8888-9999-9999-000000654321"
+
+type KasRegistrySuite struct {
+	suite.Suite
+	schema string
+	f      Fixtures
+	db     DBInterface
+	ctx    context.Context
+}
+
+func (s *KasRegistrySuite) SetupSuite() {
+	slog.Info("setting up db.KasRegistry test suite")
+	s.ctx = context.Background()
+	s.schema = "test_opentdf_kas_registry"
+	s.db = NewDBInterface(s.schema)
+	s.f = NewFixture(s.db)
+	s.f.Provision()
+}
+
+func (s *KasRegistrySuite) TearDownSuite() {
+	slog.Info("tearing down db.KasRegistry test suite")
+	s.f.TearDown()
+}
+
+func getKasRegistryFixtures() []FixtureDataKasRegistry {
+	return []FixtureDataKasRegistry{
+		fixtures.GetKasRegistryKey("key_access_server_1"),
+		fixtures.GetKasRegistryKey("key_access_server_2"),
+	}
+}
+
+func (s *KasRegistrySuite) Test_ListKeyAccessServers() {
+	fixtures := getKasRegistryFixtures()
+	list, err := s.db.Client.ListKeyAccessServers(s.ctx)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), list)
+	for _, fixture := range fixtures {
+		for _, item := range list {
+			if item.Id == fixture.Id {
+				assert.Equal(s.T(), fixture.Id, item.Id)
+				if item.PublicKey.GetRemote() != "" {
+					assert.Equal(s.T(), fixture.PubKey.Remote, item.PublicKey.GetRemote())
+				} else {
+					assert.Equal(s.T(), fixture.PubKey.Local, item.PublicKey.GetLocal())
+				}
+				assert.Equal(s.T(), fixture.KeyAccessServer, item.KeyAccessServer)
+			}
+		}
+	}
+}
+
+func (s *KasRegistrySuite) Test_GetKeyAccessServer() {
+	remoteFixture := fixtures.GetKasRegistryKey("key_access_server_1")
+	localFixture := fixtures.GetKasRegistryKey("key_access_server_2")
+
+	remote, err := s.db.Client.GetKeyAccessServer(s.ctx, remoteFixture.Id)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), remote)
+	assert.Equal(s.T(), remoteFixture.Id, remote.Id)
+	assert.Equal(s.T(), remoteFixture.KeyAccessServer, remote.KeyAccessServer)
+	assert.Equal(s.T(), remoteFixture.PubKey.Remote, remote.PublicKey.GetRemote())
+
+	local, err := s.db.Client.GetKeyAccessServer(s.ctx, localFixture.Id)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), local)
+	assert.Equal(s.T(), localFixture.Id, local.Id)
+	assert.Equal(s.T(), localFixture.KeyAccessServer, local.KeyAccessServer)
+	assert.Equal(s.T(), localFixture.PubKey.Local, local.PublicKey.GetLocal())
+}
+
+func (s *KasRegistrySuite) Test_GetKeyAccessServerWithNonExistentIdFails() {
+	resp, err := s.db.Client.GetKeyAccessServer(s.ctx, nonExistentKasRegistryId)
+	assert.NotNil(s.T(), err)
+	assert.Nil(s.T(), resp)
+}
+
+func (s *KasRegistrySuite) Test_CreateKeyAccessServer_Remote() {
+	metadata := &common.MetadataMutable{
+		Labels: map[string]string{
+			"name": "this is the test name of my key access server",
+		},
+		Description: "test create key access server description",
+	}
+
+	pubKey := &kasr.PublicKey{
+		PublicKey: &kasr.PublicKey_Remote{
+			Remote: "https://remote.com/key",
+		},
+	}
+
+	kasRegistry := &kasr.KeyAccessServerCreateUpdate{
+		KeyAccessServer:      "test create key access server",
+		PublicKey: pubKey,
+		Metadata:  metadata,
+	}
+	createdKasRegistry, err := s.db.Client.CreateKeyAccessServer(s.ctx, kasRegistry)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), createdKasRegistry)
+	assert.Equal(s.T(), kasRegistry.KeyAccessServer, createdKasRegistry.KeyAccessServer)
+	assert.Equal(s.T(), kasRegistry.PublicKey.GetRemote(), createdKasRegistry.PublicKey.GetRemote())
+	assert.Equal(s.T(), createdKasRegistry.PublicKey.GetLocal(), "")
+	assert.Equal(s.T(), kasRegistry.Metadata.Description, createdKasRegistry.Metadata.Description)
+	assert.EqualValues(s.T(), kasRegistry.Metadata.Labels, createdKasRegistry.Metadata.Labels)
+	assert.NotEqual(s.T(), "", createdKasRegistry.Id)
+}
+
+func (s *KasRegistrySuite) Test_CreateKeyAccessServer_Local() {
+	metadata := &common.MetadataMutable{
+		Labels: map[string]string{
+			"name": "local KAS",
+		},
+		Description: "this KAS has a locally provided key",
+	}
+
+	pubKey := &kasr.PublicKey{
+		PublicKey: &kasr.PublicKey_Local{
+			Local: "some_local_public_key_in_base64",
+		},
+	}
+
+	kasRegistry := &kasr.KeyAccessServerCreateUpdate{
+		KeyAccessServer:      "testing creation with local key",
+		PublicKey: pubKey,
+		Metadata:  metadata,
+	}
+	createdKasRegistry, err := s.db.Client.CreateKeyAccessServer(s.ctx, kasRegistry)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), createdKasRegistry)
+	assert.Equal(s.T(), kasRegistry.KeyAccessServer, createdKasRegistry.KeyAccessServer)
+	assert.Equal(s.T(), kasRegistry.PublicKey.GetLocal(), createdKasRegistry.PublicKey.GetLocal())
+	assert.Equal(s.T(), createdKasRegistry.PublicKey.GetRemote(), "")
+	assert.Equal(s.T(), kasRegistry.Metadata.Description, createdKasRegistry.Metadata.Description)
+	assert.EqualValues(s.T(), kasRegistry.Metadata.Labels, createdKasRegistry.Metadata.Labels)
+	assert.NotEqual(s.T(), "", createdKasRegistry.Id)
+}
+
+func (s *KasRegistrySuite) Test_UpdateKeyAccessServer() {
+	// create a test KAS
+	pubKey := &kasr.PublicKey{
+		PublicKey: &kasr.PublicKey_Remote{
+			Remote: "https://remote.com/key",
+		},
+	}
+	testKas := &kasr.KeyAccessServerCreateUpdate{
+		KeyAccessServer:      "testing update with remote key",
+		PublicKey: pubKey,
+	}
+	createdKas, err := s.db.Client.CreateKeyAccessServer(s.ctx, testKas)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), createdKas)
+
+	// update it with new values and metadata
+	updatedMetadata := &common.MetadataMutable{
+		Labels: map[string]string{
+			"name": "updated name",
+		},
+		Description: "updated description",
+	}
+	updatedKas := &kasr.KeyAccessServerCreateUpdate{
+		KeyAccessServer:      "updated name",
+		PublicKey: pubKey,
+		Metadata:  updatedMetadata,
+	}
+	updated, err := s.db.Client.UpdateKeyAccessServer(s.ctx, createdKas.Id, updatedKas)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), updated)
+
+	// get after update to validate changes were successful
+	got, err := s.db.Client.GetKeyAccessServer(s.ctx, createdKas.Id)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), got)
+	assert.Equal(s.T(), createdKas.Id, got.Id)
+	assert.Equal(s.T(), updatedKas.KeyAccessServer, got.KeyAccessServer)
+	assert.Equal(s.T(), updatedKas.PublicKey.GetRemote(), got.PublicKey.GetRemote())
+	assert.Equal(s.T(), updatedMetadata.Description, got.Metadata.Description)
+	assert.EqualValues(s.T(), updatedMetadata.Labels, got.Metadata.Labels)
+}
+
+func (s *KasRegistrySuite) Test_UpdateKeyAccessServerWithNonExistentIdFails() {
+	pubKey := &kasr.PublicKey{
+		PublicKey: &kasr.PublicKey_Local{
+			Local: "this_is_a_local_key",
+		},
+	}
+	updatedKas := &kasr.KeyAccessServerCreateUpdate{
+		KeyAccessServer:      "some name",
+		PublicKey: pubKey,
+	}
+	resp, err := s.db.Client.UpdateKeyAccessServer(s.ctx, nonExistentKasRegistryId, updatedKas)
+	assert.NotNil(s.T(), err)
+	assert.Nil(s.T(), resp)
+}
+
+func (s *KasRegistrySuite) Test_DeleteKeyAccessServer() {
+	// create a test KAS
+	pubKey := &kasr.PublicKey{
+		PublicKey: &kasr.PublicKey_Remote{
+			Remote: "https://remote.com/key",
+		},
+	}
+	testKas := &kasr.KeyAccessServerCreateUpdate{
+		KeyAccessServer:      "test delete",
+		PublicKey: pubKey,
+	}
+	createdKas, err := s.db.Client.CreateKeyAccessServer(s.ctx, testKas)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), createdKas)
+
+	// delete it
+	deleted, err := s.db.Client.DeleteKeyAccessServer(s.ctx, createdKas.Id)
+	assert.Nil(s.T(), err)
+	assert.NotNil(s.T(), deleted)
+
+	// get after delete to validate it's gone
+	resp, err := s.db.Client.GetKeyAccessServer(s.ctx, createdKas.Id)
+	assert.NotNil(s.T(), err)
+	assert.Nil(s.T(), resp)
+}
+
+func (s *KasRegistrySuite) Test_DeleteKeyAccessServerWithNonExistentIdFails() {
+	resp, err := s.db.Client.DeleteKeyAccessServer(s.ctx, nonExistentKasRegistryId)
+	assert.NotNil(s.T(), err)
+	assert.Nil(s.T(), resp)
+}
+
+func TestKasRegistrySuite(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping db.KasRegistry integration tests")
+	}
+	suite.Run(t, new(KasRegistrySuite))
+}