Add support for AWS backend #573
Conversation
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #573 +/- ##
==========================================
- Coverage 36.09% 35.04% -1.05%
==========================================
Files 43 48 +5
Lines 2696 2785 +89
==========================================
+ Hits 973 976 +3
- Misses 1618 1704 +86
Partials 105 105 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
haydentherapper
left a comment
haydentherapper
left a comment
There was a problem hiding this comment.
Thanks for working on this! Just a few comments around testing.
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| // See the License for the specific language governing permissions and | ||
| // limitations under the License. | ||
|
|
There was a problem hiding this comment.
Can we add //go:build e2e for this and the helpers?
There was a problem hiding this comment.
Is there a benefit to having the assertions and helpers in dedicated files? I'd leave these in e2e_test unless they'll be used elsewhere.
There was a problem hiding this comment.
Actually, I wonder if it would be cleaner to have two separate e2e_test files, one for GCP and one for AWS. It'd be nice to be able to run an e2e test for one backend and not the other.
There was a problem hiding this comment.
@haydentherapper I'm happy either way, but my goal here was to ensure functional parity across the different providers. I'll improve the test selection though so that it's easy to select which provider(s) to run the tests for.
tests/e2e_test.go
Outdated
| if err != nil { | ||
| t.Skip("skipping persistent deduplication test because docker is not installed") | ||
| } | ||
| output, err := exec.Command(path, "compose", "ps", "rekor").Output() |
There was a problem hiding this comment.
Can this test be updated for both backends as well? Should just need to pass the docker compose file in.
There was a problem hiding this comment.
Also will need to update where the test is invoked -
rekor-tiles/.github/workflows/test.yml
Line 115 in eb8f925
There was a problem hiding this comment.
Can you also update the README? https://github.com/sigstore/rekor-tiles/blob/eb8f925cee2c118b98d7dcbeca54123fc700908b/tests/README.md
|
Drive-by comment: Have you considered having infra-specific binaries (e.g. For reference, this multi-binary approach is what TesseraCT does in order to avoid binary bloat from linking libs which are not actually used at runtime: https://github.com/transparency-dev/tesseract/tree/main/cmd/tesseract |
I hadn't, but it seems like a good idea to me, thanks. What do others think? @haydentherapper ? |
kipz
force-pushed
the
kipz/aws-support
branch
from
dc2e73d to
ed31616
Compare
Thanks @AlCutter, that's a great suggestion. @kipz, can you take a look at doing this? |
kipz
force-pushed
the
kipz/aws-support
branch
2 times, most recently
from
c955894 to
088ff91
Compare
Done - it's quite a big change, but hopefully heading in the right direction 😬 |
kipz
force-pushed
the
kipz/aws-support
branch
from
73ae2ba to
d99f602
Compare
|
Just wanted to say that this is on my radar to review, this will just take a moment to do so! I'm happy with the overall direction though. |
Thanks. I'll take look at those failures too :) |
kipz
force-pushed
the
kipz/aws-support
branch
2 times, most recently
from
4687e33 to
83c9fbc
Compare
This change enables users to deploy Rekor v2 on AWS infrastructure. The implementation uses AWS S3 for object storage and Aurora MySQL (or RDS MySQL) for database operations. The AWS backend includes: - S3 storage with support for S3-compatible services (e.g., MinIO) - Aurora MySQL/RDS MySQL for sequencing and deduplication - Docker Compose configuration for local development - Table-driven e2e tests supporting multiple backend configurations - Updated freeze-checkpoint tool to work with S3 All existing GCP backend functionality remains unchanged. Resolves: sigstore#572 Signed-off-by: James Carnegie <[email protected]>
Signed-off-by: James Carnegie <[email protected]>
Signed-off-by: James Carnegie <[email protected]>
Signed-off-by: James Carnegie <[email protected]>
- Add `//go:build aws || gcp` constraint to cmd/rekor-server/app/* files - Configure golangci-lint to use the `gcp` build tag by default - Update ko-local Makefile target to build each backend separately with GOFLAGS - Format import statements in main.go files Signed-off-by: James Carnegie <[email protected]>
Signed-off-by: James Carnegie <[email protected]>
kipz
force-pushed
the
kipz/aws-support
branch
from
83c9fbc to
57d50cc
Compare
3 participants
Summary
This PR adds support for AWS as a storage backend for Rekor tiles
Key changes:
rekor-server-aws- AWS-only dependenciesrekor-server-gcp- GCP-only dependenciesTesting:
For GCP backend:
docker compose up -d --build --wait TEST_BACKENDS=gcp go test -v -tags=e2e ./tests/For AWS backend:
docker compose -f docker-compose-aws.yml up -d --build --wait TEST_BACKENDS=aws go test -v -tags=e2e ./tests/For both backends:
TEST_BACKENDS=all go test -v -tags=e2e ./tests/See tests/README.md for more details.