Skip to content

kbs: Bail if the jwk sets cannot be downloaded #492

kbs: Bail if the jwk sets cannot be downloaded

kbs: Bail if the jwk sets cannot be downloaded #492

Workflow file for this run

name: KBS e2e (Docker Compose and Sample TEE)
on:
pull_request:
branches:
- main
env:
TEST_SECRET_CONTENT: shhhhh
TEST_SECRET_PATH: test-org/test-repo/test-secret
jobs:
e2e-test:
runs-on: ubuntu-latest
env:
RUSTC_VERSION: 1.76.0
steps:
- name: Checkout KBS
uses: actions/checkout@v4
- name: Install Rust ${{ env.RUSTC_VERSION }} (for client)
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ env.RUSTC_VERSION }}
components: rustfmt, clippy
- name: Build client
run: |
cargo build --manifest-path tools/kbs-client/Cargo.toml --no-default-features --features sample_only --release
- name: Setup Keys
run: |
openssl genpkey -algorithm ed25519 > kbs/config/private.key
openssl pkey -in kbs/config/private.key -pubout -out kbs/config/public.pub
- name: Build KBS Cluster
run: docker compose build
- name: Start KBS cluster
run: docker compose up -d
- name: Set Resource
working-directory: target/release/
run: |
echo "$TEST_SECRET_CONTENT" > test-secret
./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource --path "$TEST_SECRET_PATH" --resource-file test-secret
- name: Get Resource (negative)
working-directory: target/release/
run: |
! ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH"
- name: Update policy
working-directory: target/release/
run: ./kbs-client --url http://127.0.0.1:8080 config --auth-private-key ../../kbs/config/private.key set-resource-policy --policy-file "$policy_path"
env:
policy_path: ../../kbs/test/data/policy_2.rego
- name: Get Resource
working-directory: target/release/
run: ./kbs-client --url http://127.0.0.1:8080 get-resource --path "$TEST_SECRET_PATH"