use of tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters in project web3signer by ConsenSys.
the class AzureKeyVaultAcceptanceTest method invalidVaultParametersFailsToStartSigner.
@Test
void invalidVaultParametersFailsToStartSigner() {
final AzureKeyVaultParameters azureParams = new DefaultAzureKeyVaultParameters("nonExistentVault", CLIENT_ID, TENANT_ID, CLIENT_SECRET);
final SignerConfigurationBuilder configBuilder = new SignerConfigurationBuilder().withMode("eth2").withAzureKeyVaultParameters(azureParams).withHttpPort(// required to prevent waiting for ports file.
9000);
final Signer signer = new Signer(configBuilder.build(), null);
signer.start();
waitFor(30, () -> assertThat(signer.isRunning()).isTrue());
waitFor(30, () -> assertThat(signer.isRunning()).isFalse());
}
use of tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters in project web3signer by ConsenSys.
the class CmdLineParamsConfigFileImpl method createCmdLineParams.
@Override
public List<String> createCmdLineParams() {
final ArrayList<String> params = new ArrayList<>();
final StringBuilder yamlConfig = new StringBuilder();
yamlConfig.append(String.format(YAML_STRING_FMT, "logging", signerConfig.logLevel()));
yamlConfig.append(String.format(YAML_STRING_FMT, "http-listen-host", signerConfig.hostname()));
yamlConfig.append(String.format(YAML_NUMERIC_FMT, "http-listen-port", signerConfig.httpPort()));
if (!signerConfig.getHttpHostAllowList().isEmpty()) {
yamlConfig.append(String.format(YAML_STRING_FMT, "http-host-allowlist", createCommaSeparatedList(signerConfig.getHttpHostAllowList())));
}
yamlConfig.append(String.format(YAML_STRING_FMT, "key-store-path", signerConfig.getKeyStorePath().toString()));
if (signerConfig.isMetricsEnabled()) {
yamlConfig.append(String.format(YAML_BOOLEAN_FMT, "metrics-enabled", Boolean.TRUE));
yamlConfig.append(String.format(YAML_NUMERIC_FMT, "metrics-port", signerConfig.getMetricsPort()));
if (!signerConfig.getMetricsHostAllowList().isEmpty()) {
yamlConfig.append(String.format(YAML_STRING_FMT, "metrics-host-allowlist", createCommaSeparatedList(signerConfig.getMetricsHostAllowList())));
}
if (!signerConfig.getMetricsCategories().isEmpty()) {
yamlConfig.append(String.format(YAML_STRING_FMT, // config-file can only use longest options if more than one
"metrics-categories", // option is specified.
createCommaSeparatedList(signerConfig.getMetricsCategories())));
}
}
if (signerConfig.isSwaggerUIEnabled()) {
yamlConfig.append(String.format(YAML_BOOLEAN_FMT, "swagger-ui-enabled", Boolean.TRUE));
}
yamlConfig.append(String.format(YAML_BOOLEAN_FMT, "access-logs-enabled", Boolean.TRUE));
if (signerConfig.isHttpDynamicPortAllocation()) {
yamlConfig.append(String.format(YAML_STRING_FMT, "data-path", dataPath.toAbsolutePath().toString()));
}
yamlConfig.append(createServerTlsArgs());
// sub-command .. it can't go to config file
params.add(signerConfig.getMode());
if (signerConfig.getMode().equals("eth2")) {
yamlConfig.append(createEth2SlashingProtectionArgs());
if (signerConfig.getAzureKeyVaultParameters().isPresent()) {
final AzureKeyVaultParameters azureParams = signerConfig.getAzureKeyVaultParameters().get();
yamlConfig.append(String.format(YAML_BOOLEAN_FMT, "eth2.azure-vault-enabled", Boolean.TRUE));
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-vault-auth-mode", azureParams.getAuthenticationMode().name()));
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-vault-name", azureParams.getKeyVaultName()));
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-client-id", azureParams.getClientId()));
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-client-secret", azureParams.getClientSecret()));
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-tenant-id", azureParams.getTenantId()));
}
if (signerConfig.getKeystoresParameters().isPresent()) {
final KeystoresParameters keystoresParameters = signerConfig.getKeystoresParameters().get();
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.keystores-path", keystoresParameters.getKeystoresPath().toAbsolutePath()));
if (keystoresParameters.getKeystoresPasswordsPath() != null) {
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.keystores-passwords-path", keystoresParameters.getKeystoresPasswordsPath().toAbsolutePath()));
}
if (keystoresParameters.getKeystoresPasswordFile() != null) {
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.keystores-password-file", keystoresParameters.getKeystoresPasswordFile().toAbsolutePath()));
}
}
if (signerConfig.getSlashingExportPath().isPresent()) {
// sub-sub command
params.add("export");
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.export.to", signerConfig.getSlashingExportPath().get().toAbsolutePath().toString()));
} else if (signerConfig.getSlashingImportPath().isPresent()) {
// sub-sub command
params.add("import");
yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.import.from", signerConfig.getSlashingImportPath().get().toAbsolutePath().toString()));
}
}
// create temporary config file
try {
final Path configFile = Files.createTempFile("web3signer_config", ".yaml");
FileUtils.forceDeleteOnExit(configFile.toFile());
Files.writeString(configFile, yamlConfig.toString());
params.add(0, configFile.toAbsolutePath().toString());
params.add(0, "--config-file");
} catch (final IOException e) {
throw new UncheckedIOException(e);
}
return params;
}
use of tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters in project web3signer by ConsenSys.
the class CmdLineParamsDefaultImpl method createCmdLineParams.
@Override
public List<String> createCmdLineParams() {
final List<String> params = new ArrayList<>();
params.add("--logging");
params.add(signerConfig.logLevel());
params.add("--http-listen-host");
params.add(signerConfig.hostname());
params.add("--http-listen-port");
params.add(String.valueOf(signerConfig.httpPort()));
if (!signerConfig.getHttpHostAllowList().isEmpty()) {
params.add("--http-host-allowlist");
params.add(createCommaSeparatedList(signerConfig.getHttpHostAllowList()));
}
params.add("--key-store-path");
params.add(signerConfig.getKeyStorePath().toString());
if (signerConfig.isMetricsEnabled()) {
params.add("--metrics-enabled");
params.add("--metrics-port");
params.add(Integer.toString(signerConfig.getMetricsPort()));
if (!signerConfig.getMetricsHostAllowList().isEmpty()) {
params.add("--metrics-host-allowlist");
params.add(createCommaSeparatedList(signerConfig.getMetricsHostAllowList()));
}
if (!signerConfig.getMetricsCategories().isEmpty()) {
params.add("--metrics-category");
params.add(createCommaSeparatedList(signerConfig.getMetricsCategories()));
}
}
if (signerConfig.isSwaggerUIEnabled()) {
params.add("--swagger-ui-enabled=true");
}
params.add("--access-logs-enabled=true");
if (signerConfig.isHttpDynamicPortAllocation()) {
params.add("--data-path");
params.add(dataPath.toAbsolutePath().toString());
}
params.addAll(createServerTlsArgs());
params.add(signerConfig.getMode());
if (signerConfig.getMode().equals("eth2")) {
params.addAll(createEth2Args());
if (signerConfig.getAzureKeyVaultParameters().isPresent()) {
final AzureKeyVaultParameters azureParams = signerConfig.getAzureKeyVaultParameters().get();
params.add("--azure-vault-enabled=true");
params.add("--azure-vault-auth-mode");
params.add(azureParams.getAuthenticationMode().name());
params.add("--azure-vault-name");
params.add(azureParams.getKeyVaultName());
params.add("--azure-client-id");
params.add(azureParams.getClientId());
params.add("--azure-client-secret");
params.add(azureParams.getClientSecret());
params.add("--azure-tenant-id");
params.add(azureParams.getTenantId());
}
if (signerConfig.getKeystoresParameters().isPresent()) {
final KeystoresParameters keystoresParameters = signerConfig.getKeystoresParameters().get();
params.add("--keystores-path");
params.add(keystoresParameters.getKeystoresPath().toAbsolutePath().toString());
if (keystoresParameters.getKeystoresPasswordsPath() != null) {
params.add("--keystores-passwords-path");
params.add(keystoresParameters.getKeystoresPasswordsPath().toAbsolutePath().toString());
}
if (keystoresParameters.getKeystoresPasswordFile() != null) {
params.add("--keystores-password-file");
params.add(keystoresParameters.getKeystoresPasswordFile().toAbsolutePath().toString());
}
}
}
return params;
}
use of tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters in project web3signer by ConsenSys.
the class AzureKeyVaultAcceptanceTest method ensureSecretsInKeyVaultAreLoadedAndReportedViaPublicKeysApi.
@Test
void ensureSecretsInKeyVaultAreLoadedAndReportedViaPublicKeysApi() {
final AzureKeyVaultParameters azureParams = new DefaultAzureKeyVaultParameters(VAULT_NAME, CLIENT_ID, TENANT_ID, CLIENT_SECRET);
final SignerConfigurationBuilder configBuilder = new SignerConfigurationBuilder().withMode("eth2").withAzureKeyVaultParameters(azureParams);
startSigner(configBuilder.build());
final Response response = signer.callApiPublicKeys(KeyType.BLS);
response.then().statusCode(200).contentType(ContentType.JSON).body("", contains(EXPECTED_KEY));
}
Aggregations