Cleanup AWS testing

Author: kipz

.github/workflows/test.yml

@@ -111,10 +111,24 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - name: Run docker compose
+
+      # Test GCP backend
+      - name: Run docker compose for GCP
         run: docker compose -f compose.yml up -d --build --wait --wait-timeout 60
-      - name: Run e2e tests
-        run: go test -v -tags=e2e ./tests/
+      - name: Run GCP e2e tests
+        run: TEST_BACKENDS=gcp go test -v -tags=e2e ./tests/
+      - name: Stop GCP docker compose
+        if: always()
+        run: docker compose -f compose.yml down
+
+      # Test AWS backend
+      - name: Run docker compose for AWS
+        run: docker compose -f docker-compose-aws.yml up -d --build --wait --wait-timeout 60
+      - name: Run AWS e2e tests
+        run: TEST_BACKENDS=aws go test -v -tags=e2e ./tests/
+      - name: Stop AWS docker compose
+        if: always()
+        run: docker compose -f docker-compose-aws.yml down
 
   sharding-freeze:
     name: Run freeze log tests

internal/tessera/aws_test.go

@@ -0,0 +1,147 @@
+//
+// Copyright 2025 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tessera
+
+import (
+	"context"
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewAWSDriver_AWSSDKLoads(t *testing.T) {
+	ctx := context.Background()
+
+	tests := []struct {
+		name       string
+		bucket     string
+		mysqlDSN   string
+		hostname   string
+		skipReason string
+	}{
+		{
+			name:       "configuration with connectivity check",
+			bucket:     "test-bucket",
+			mysqlDSN:   "user:pass@tcp(localhost:3306)/db",
+			hostname:   "test",
+			skipReason: "requires AWS credentials and MySQL connectivity",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			if test.skipReason != "" {
+				t.Skip(test.skipReason)
+			}
+
+			driver, err := NewAWSDriver(ctx, test.bucket, test.mysqlDSN, test.hostname)
+			require.NoError(t, err)
+			assert.NotNil(t, driver)
+		})
+	}
+}
+
+func TestNewAWSAntispam_ConfigValidation(t *testing.T) {
+	ctx := context.Background()
+
+	tests := []struct {
+		name              string
+		mysqlDSN          string
+		maxBatchSize      uint
+		pushbackThreshold uint
+		expectErr         bool
+		errContains       string
+		skipReason        string
+	}{
+		{
+			name:              "empty DSN",
+			mysqlDSN:          "",
+			maxBatchSize:      100,
+			pushbackThreshold: 10,
+			skipReason:        "requires MySQL connectivity",
+		},
+		{
+			name:              "valid configuration requires real MySQL",
+			mysqlDSN:          "user:pass@tcp(localhost:3306)/db",
+			maxBatchSize:      100,
+			pushbackThreshold: 10,
+			skipReason:        "requires MySQL connectivity",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			if test.skipReason != "" {
+				t.Skip(test.skipReason)
+			}
+
+			antispam, err := NewAWSAntispam(ctx, test.mysqlDSN, test.maxBatchSize, test.pushbackThreshold)
+
+			if test.expectErr {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), test.errContains)
+				assert.Nil(t, antispam)
+			} else {
+				require.NoError(t, err)
+				assert.NotNil(t, antispam)
+			}
+		})
+	}
+}
+
+func TestNewAWSDriver_WithRealAWSEnv(t *testing.T) {
+	// Skip if not running in AWS backend test environment
+	if os.Getenv("TEST_AWS_BACKEND") != "true" {
+		t.Skip("skipping AWS driver test; set TEST_AWS_BACKEND=true to run")
+	}
+
+	ctx := context.Background()
+
+	// These values match the docker-compose-aws.yml configuration
+	bucket := os.Getenv("AWS_BUCKET_NAME")
+	if bucket == "" {
+		bucket = "rekor-tiles"
+	}
+
+	mysqlDSN := os.Getenv("AWS_MYSQL_DSN")
+	if mysqlDSN == "" {
+		t.Skip("AWS_MYSQL_DSN not set")
+	}
+
+	driver, err := NewAWSDriver(ctx, bucket, mysqlDSN, "test-hostname")
+	require.NoError(t, err)
+	assert.NotNil(t, driver)
+}
+
+func TestNewAWSAntispam_WithRealMySQLEnv(t *testing.T) {
+	// Skip if not running in AWS backend test environment
+	if os.Getenv("TEST_AWS_BACKEND") != "true" {
+		t.Skip("skipping AWS antispam test; set TEST_AWS_BACKEND=true to run")
+	}
+
+	ctx := context.Background()
+
+	mysqlDSN := os.Getenv("AWS_MYSQL_DSN")
+	if mysqlDSN == "" {
+		t.Skip("AWS_MYSQL_DSN not set")
+	}
+
+	antispam, err := NewAWSAntispam(ctx, mysqlDSN, 100, 10)
+	require.NoError(t, err)
+	assert.NotNil(t, antispam)
+}

internal/tessera/tessera_test.go

@@ -158,6 +158,114 @@ func TestAppendOptions(t *testing.T) {
 	_ = WithAntispamOptions(ao, nil) // initializes non-persistent antispam
 }
 
+func TestNewDriver(t *testing.T) {
+	ctx := context.Background()
+
+	tests := []struct {
+		name        string
+		config      DriverConfiguration
+		expectErr   bool
+		errContains string
+		skipReason  string
+	}{
+		{
+			name: "no configuration provided",
+			config: DriverConfiguration{
+				Hostname: "test",
+			},
+			expectErr:   true,
+			errContains: "no flags provided to initialize Tessera driver",
+		},
+		{
+			name: "GCP configuration incomplete - missing Spanner",
+			config: DriverConfiguration{
+				Hostname:  "test",
+				GCPBucket: "test-bucket",
+			},
+			expectErr:   true,
+			errContains: "no flags provided to initialize Tessera driver",
+		},
+		{
+			name: "GCP configuration incomplete - missing bucket",
+			config: DriverConfiguration{
+				Hostname:     "test",
+				GCPSpannerDB: "projects/test/instances/test/databases/test",
+			},
+			expectErr:   true,
+			errContains: "no flags provided to initialize Tessera driver",
+		},
+		{
+			name: "AWS configuration incomplete - missing MySQL DSN",
+			config: DriverConfiguration{
+				Hostname:  "test",
+				AWSBucket: "test-bucket",
+			},
+			expectErr:   true,
+			errContains: "no flags provided to initialize Tessera driver",
+		},
+		{
+			name: "AWS configuration incomplete - missing bucket",
+			config: DriverConfiguration{
+				Hostname:    "test",
+				AWSMySQLDSN: "user:pass@tcp(localhost:3306)/db",
+			},
+			expectErr:   true,
+			errContains: "no flags provided to initialize Tessera driver",
+		},
+		{
+			name: "GCP configuration complete",
+			config: DriverConfiguration{
+				Hostname:     "test",
+				GCPBucket:    "test-bucket",
+				GCPSpannerDB: "projects/test/instances/test/databases/test",
+			},
+			skipReason: "requires GCP credentials and connectivity",
+		},
+		{
+			name: "AWS configuration complete",
+			config: DriverConfiguration{
+				Hostname:    "test",
+				AWSBucket:   "test-bucket",
+				AWSMySQLDSN: "user:pass@tcp(localhost:3306)/db",
+			},
+			skipReason: "requires AWS credentials and MySQL connectivity",
+		},
+		{
+			name: "AWS configuration with persistent antispam",
+			config: DriverConfiguration{
+				Hostname:            "test",
+				AWSBucket:           "test-bucket",
+				AWSMySQLDSN:         "user:pass@tcp(localhost:3306)/db",
+				PersistentAntispam:  true,
+				ASMaxBatchSize:      100,
+				ASPushbackThreshold: 10,
+			},
+			skipReason: "requires AWS credentials and MySQL connectivity",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			if test.skipReason != "" {
+				t.Skip(test.skipReason)
+			}
+
+			driver, antispam, err := NewDriver(ctx, test.config)
+
+			if test.expectErr {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), test.errContains)
+				assert.Nil(t, driver)
+				assert.Nil(t, antispam)
+			} else {
+				assert.NoError(t, err)
+				assert.NotNil(t, driver)
+				// antispam may be nil if PersistentAntispam is false
+			}
+		})
+	}
+}
+
 func hexDecodeOrDie(t *testing.T, text string) []byte {
 	decoded, err := hex.DecodeString(text)
 	if err != nil {

tests/README.md

@@ -2,7 +2,19 @@
 
 ## Running the End to End tests
 
-Start the Docker containers from the top level directory:
+The e2e tests support multiple storage backends (GCP and AWS). You can control which backends to test using the `TEST_BACKENDS` environment variable.
+
+### Backend Selection
+
+The `TEST_BACKENDS` environment variable accepts the following values:
+- `gcp` (default): Test only the GCP backend
+- `aws`: Test only the AWS backend
+- `gcp,aws`: Test both backends
+- `all`: Test all backends
+
+### Testing GCP Backend (Default)
+
+Start the GCP Docker containers:
 
 ```sh
 docker compose -f compose.yml up -d --build --wait --wait-timeout 60
@@ -11,11 +23,74 @@ docker compose -f compose.yml up -d --build --wait --wait-timeout 60
 Run the tests:
 
 ```sh
+# Explicit GCP selection
+TEST_BACKENDS=gcp go test -v -tags=e2e ./tests/
+
+# Or without specifying (defaults to GCP)
 go test -v -tags=e2e ./tests/
 ```
 
-When finished, you can clean up the Docker containers if desired:
+Clean up:
+
+```sh
+docker compose -f compose.yml down
+```
+
+### Testing AWS Backend
+
+Start the AWS Docker containers (MinIO + MySQL):
+
+```sh
+docker compose -f docker-compose-aws.yml up -d --build --wait --wait-timeout 60
+```
+
+Run the tests:
+
+```sh
+TEST_BACKENDS=aws go test -v -tags=e2e ./tests/
+```
+
+Clean up:
 
 ```sh
-docker compose down
+docker compose -f docker-compose-aws.yml down
+```
+
+### Testing Both Backends
+
+To test both GCP and AWS backends in sequence:
+
+```sh
+# Start GCP services
+docker compose -f compose.yml up -d --build --wait --wait-timeout 60
+
+# Run GCP tests
+TEST_BACKENDS=gcp go test -v -tags=e2e ./tests/
+
+# Stop GCP services
+docker compose -f compose.yml down
+
+# Start AWS services
+docker compose -f docker-compose-aws.yml up -d --build --wait --wait-timeout 60
+
+# Run AWS tests
+TEST_BACKENDS=aws go test -v -tags=e2e ./tests/
+
+# Stop AWS services
+docker compose -f docker-compose-aws.yml down
+```
+
+### Running Specific Tests
+
+To run only specific test functions:
+
+```sh
+# GCP backend only
+TEST_BACKENDS=gcp go test -v -tags=e2e ./tests/ -run TestReadWrite
+
+# AWS backend only
+TEST_BACKENDS=aws go test -v -tags=e2e ./tests/ -run TestPersistentDeduplication
+
+# Both backends
+TEST_BACKENDS=all go test -v -tags=e2e ./tests/ -run TestReadWrite
 ```