Merge pull request #9 from reecerussell/add-gcp-kms

gcp: added support for using GCP KMS

.github/workflows/go.yml

@@ -24,18 +24,38 @@ jobs:
     - name: Get dependencies
       run: |
         go mod download
-        if [ -f Gopkg.toml ]; then
-            curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
-            dep ensure
-        fi
+        cd gcp
+        go mod download
+        cd -
         
-    - name: Test
-      run: go test -v ./... -race -coverprofile=coverage.txt -covermode=atomic
+    - name: Test GoJWT
+      run: |
+        go test -v ./... -race -coverprofile=coverage.gojwt.txt -covermode=atomic
       env:
         AWS_REGION: ${{secrets.AWS_REGION}}
         AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY}}
         AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_KEY}}
         KMS_KEY_ID: ${{secrets.KMS_KEY_ID}}
+
+    - name: Test GCP
+      run: |
+        cd gcp
+        echo "$GCP_DATA" > $GOOGLE_APPLICATION_CREDENTIALS
+        go test -race -coverprofile=coverage.txt -covermode=atomic
+        rm $GOOGLE_APPLICATION_CREDENTIALS
+        cd -
+      env:
+        GOOGLE_APPLICATION_CREDENTIALS: service-account.json
+        GCP_DATA: ${{secrets.GCP_DATA}}
+        CI: "true"
+
+    - name: Install gocovmerge
+      run: |
+        go get github.com/wadey/gocovmerge
+        go install github.com/wadey/gocovmerge
+
+    - name: Combine Coverage
+      run: gocovmerge coverage.gojwt.txt gcp/coverage.txt > coverage.txt
 
     - name: Codecov
       uses: codecov/[email protected]

.gitignore

@@ -0,0 +1 @@
+gcp/service-account.json

.vscode/settings.json

@@ -0,0 +1,5 @@
+{
+    "gopls": {
+        "experimentalWorkspaceModule": true,
+    }
+}

gcp/e2e_test.go

@@ -0,0 +1,31 @@
+package gcp
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// A set of keys used for testing (name=keyId).
+var keys = map[string]string{
+	"RSA-PSS-SHA256": "projects/used-for-testing-001/locations/europe-west1/keyRings/gojwt/cryptoKeys/rsa-pss-256/cryptoKeyVersions/1",
+	"RSA-PKCS1":      "projects/used-for-testing-001/locations/europe-west1/keyRings/gojwt/cryptoKeys/rsa-pkcs1-256/cryptoKeyVersions/1",
+	"EC-256":         "projects/used-for-testing-001/locations/europe-west1/keyRings/gojwt/cryptoKeys/ec-256/cryptoKeyVersions/1",
+}
+
+func TestE2ESigningAndVerifying(t *testing.T) {
+	for name, keyId := range keys {
+		t.Run(name, func(t *testing.T) {
+			kms, err := New(keyId)
+			assert.Nil(t, err)
+
+			data := []byte("Hello World")
+			sig, err := kms.Sign(data)
+			assert.Nil(t, err)
+
+			ok, err := kms.Verify(data, sig)
+			assert.Nil(t, err)
+			assert.True(t, ok)
+		})
+	}
+}

gcp/go.mod

@@ -0,0 +1,32 @@
+module github.com/reecerussell/gojwt/gcp
+
+go 1.18
+
+require (
+	cloud.google.com/go/kms v1.4.0
+	github.com/pkg/errors v0.9.1
+	github.com/stretchr/testify v1.7.0
+	google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf
+	google.golang.org/protobuf v1.27.1
+)
+
+require (
+	cloud.google.com/go v0.100.2 // indirect
+	cloud.google.com/go/compute v1.3.0 // indirect
+	cloud.google.com/go/iam v0.1.0 // indirect
+	github.com/davecgh/go-spew v1.1.0 // indirect
+	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.7 // indirect
+	github.com/googleapis/gax-go/v2 v2.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	go.opencensus.io v0.23.0 // indirect
+	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
+	golang.org/x/sys v0.0.0-20220209214540-3681064d5158 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	google.golang.org/api v0.70.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/grpc v1.44.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c // indirect
+)