Skip to content

Add AWS storage backend support #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 21, 2025
Merged

Add AWS storage backend support #204

merged 2 commits into from
Mar 21, 2025

Conversation

roger2hk
Copy link
Contributor

Towards #109.

Here are some logs to show that the server can serve the get-roots and add-chain endpoints.

[ec2-user@ip static-ct]$ go run ./cmd/aws   --http_endpoint=localhost:6962   --roots_pem_file=./internal/testdata/fake-ca.cert   --origin=test-static-ct   --bucket=<REDACTED>-test-static-ct   --db_name=tesseract   --db_host=tesseract.cluster-<REDACTED>.us-east-1.rds.amazonaws.com   --db_port=3306   --db_user=tesseract   --db_password=tesseract   --dedup_path=test-static-ct
SDK 2025/03/20 17:08:20 WARN Response has no supported checksum. Not validating response payload.
I0320 17:08:20.185837   14738 aws.go:589] New tree: 0, e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
I0320 17:08:20.197186   14738 main.go:106] **** CT HTTP Server Starting ****
SDK 2025/03/20 17:08:21 WARN Response has no supported checksum. Not validating response payload.

[ec2-user@ip ~]$ curl -s localhost:6962/test-static-ct/ct/v1/get-roots | jq .
{
  "certificates": [
    "MIICHDCCAcGgAwIBAgIEBAbK/jAKBggqhkjOPQQDAjBxMQswCQYDVQQGEwJHQjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xDzANBgNVBAoTBkdvb2dsZTEMMAoGA1UECxMDRW5nMSEwHwYDVQQDExhGYWtlQ2VydGlmaWNhdGVBdXRob3JpdHkwHhcNMTYxMjA3MTUxMzM2WhcNMjYxMjA1MTUxMzM2WjBxMQswCQYDVQQGEwJHQjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xDzANBgNVBAoTBkdvb2dsZTEMMAoGA1UECxMDRW5nMSEwHwYDVQQDExhGYWtlQ2VydGlmaWNhdGVBdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATy0wfvft/PzvT0Clu8nj/LHP0MRtyF+8H207K6HVHxmGxIqBVGRWPK39bJrM9gO8dO3bjSFqugCSQdCWYeTeuho0cwRTANBgNVHQ4EBgQEAQIDBDAPBgNVHSMECDAGgAQBAgMEMBIGA1UdEwEB/wQIMAYBAf8CAQowDwYDVR0PAQH/BAUDAwf/gDAKBggqhkjOPQQDAgNJADBGAiEApihJOUNvgORDph47qolewiVgKuE5vVVDrk1cqabvrGUCIQDJxQjGWZO0hnCla1QrW/wMiGuwIwcrxwwn3octloDVVg=="
  ]
}

[ec2-user@ip static-ct]$ go run github.com/google/certificate-transparency-go/client/ctclient@master upload --cert_chain=/tmp/httpschain/chain.pem --skip_https_verify --log_uri=http://localhost:6962/test-static-ct/
W0320 17:33:21.947573   16182 root.go:93] Skipping HTTPS connection verification
Uploaded chain of 1 certs to V1 log at http://localhost:6962/test-static-ct, timestamp: 1742492001949 (2025-03-20 17:33:21.949 +0000 UTC)
LogID: 1338de5de5246680e3d603795daf7eec61d9222028e9621b2eb3a4fb540a3c39
LeafHash: a3fa1d3dea3898490d837b0f9efe10dd328be3da7260446e07e7ed53cd6e74d9
Extensions: 0000050000000000
Signature: Signature: Hash=SHA256 Sign=ECDSA Value=736967

@roger2hk roger2hk added the enhancement New feature or request label Mar 20, 2025
@roger2hk roger2hk requested a review from phbnf March 20, 2025 17:36
phbnf
phbnf approved these changes Mar 21, 2025
View reviewed changes
go.mod
@@ -35,11 +40,26 @@ require (
cloud.google.com/go/iam v1.4.1 // indirect
cloud.google.com/go/longrunning v0.6.5 // indirect
cloud.google.com/go/monitoring v1.24.0 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you know why this is added?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

➜  static-ct git:(aws) go mod graph | grep filippo.io/edwards25519 
github.com/transparency-dev/static-ct filippo.io/edwards25519@v1.1.0
github.com/go-sql-driver/mysql@v1.9.0 filippo.io/edwards25519@v1.1.0
github.com/transparency-dev/trillian-tessera@v0.1.2-0.20250320160837-ae724376e1ac filippo.io/edwards25519@v1.1.0

➜  static-ct git:(aws) go mod why filippo.io/edwards25519
# filippo.io/edwards25519
github.com/transparency-dev/static-ct/cmd/aws
github.com/go-sql-driver/mysql
filippo.io/edwards25519

@roger2hk roger2hk merged commit 60e8a1b into transparency-dev:main Mar 21, 2025
7 checks passed
@roger2hk roger2hk deleted the aws branch March 21, 2025 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phbnf phbnf phbnf approved these changes

Assignees

@phbnf phbnf

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@roger2hk @phbnf