This all comes up! Some TODOs still in the yaml. A basic README explaining how I set it up.

Add some more e2e tests to make sure we exercise all the CLI commands:

- Run through the get flow, make sure the output is well structured
- Call loginfo, make sure there are no errors.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Add a helper to wrap Cobbra functions to make them easier to test.

Add a flag for signature format.

This supports pgp and minisign right now. We can add logic to try to detect these later.

Update generated files.

My swagger build introduced these, they're whitespace only but could
make larger PRs harder to review.

This switches out cobra commands to return obj, err. This should make it
easier to test them, and also keep formatting across the commands consistent.

Formatting should happen in one place, instead of having each command print directly.

Add an e2e test that uses verify.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* add endpoint for public key and return signed tree head with loginfo

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Introduce swagger UI server

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: Bob Callaway <bcallawa@redhat.com>

* Add support for ed25519/signify/minisign keys and signatures

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

also adds --log-index parameter to CLI verify command

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Change the e2e tests to generate new, random data.

This way we don't have to worry about existing entries in the logs.

Rewrite the e2e tests in go from bash.

Merge OpenAPI back into main

Add a second test to make sure duplicates are detected.

The search API allows callers to look for multiple entries in the same request; this change parallelizes the lookups to help speed up processing.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

We can't insert a blank entry, so mark request body as required.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

QueuedLeafResponse holds the actual insertion response code, so check that instead of just the base GRPC status code.

also fixes middleware ordering issue

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Move API initialization to the package init, and access to a package …

This allows us to skip sticking it onto each request context and retrieving it.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

After #77, we have one global GRPC channel for the entire process. This
change causes each GRPC call to be made on the incoming HTTP request's
context such that if an HTTP client cancels prematurely, we will handle
the GRPC cleanup appropriately.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

clean up and enhance error handling

- adds trillian API object to context
- improves request error logging pre and post validation
- use consistent request context throughout all GRPC calls
- improve validation of incoming UUID values
- disable swagger UI endpoint
- only print cacheable headers if response code is HTTP 2XX
- use GetLeavesByRange instead of deprecated GetLeavesByIndex API

Signed-off-by: Bob Callaway <bcallawa@redhat.com>