Search in sources :

Example 1 with AzureKeyVaultParameters

use of tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters in project web3signer by ConsenSys.

the class AzureKeyVaultAcceptanceTest method invalidVaultParametersFailsToStartSigner.

@Test
void invalidVaultParametersFailsToStartSigner() {
    final AzureKeyVaultParameters azureParams = new DefaultAzureKeyVaultParameters("nonExistentVault", CLIENT_ID, TENANT_ID, CLIENT_SECRET);
    final SignerConfigurationBuilder configBuilder = new SignerConfigurationBuilder().withMode("eth2").withAzureKeyVaultParameters(azureParams).withHttpPort(// required to prevent waiting for ports file.
    9000);
    final Signer signer = new Signer(configBuilder.build(), null);
    signer.start();
    waitFor(30, () -> assertThat(signer.isRunning()).isTrue());
    waitFor(30, () -> assertThat(signer.isRunning()).isFalse());
}
Also used : Signer(tech.pegasys.web3signer.dsl.signer.Signer) SignerConfigurationBuilder(tech.pegasys.web3signer.dsl.signer.SignerConfigurationBuilder) AzureKeyVaultParameters(tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters) DefaultAzureKeyVaultParameters(tech.pegasys.web3signer.dsl.utils.DefaultAzureKeyVaultParameters) DefaultAzureKeyVaultParameters(tech.pegasys.web3signer.dsl.utils.DefaultAzureKeyVaultParameters) Test(org.junit.jupiter.api.Test)

Example 2 with AzureKeyVaultParameters

use of tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters in project web3signer by ConsenSys.

the class CmdLineParamsConfigFileImpl method createCmdLineParams.

@Override
public List<String> createCmdLineParams() {
    final ArrayList<String> params = new ArrayList<>();
    final StringBuilder yamlConfig = new StringBuilder();
    yamlConfig.append(String.format(YAML_STRING_FMT, "logging", signerConfig.logLevel()));
    yamlConfig.append(String.format(YAML_STRING_FMT, "http-listen-host", signerConfig.hostname()));
    yamlConfig.append(String.format(YAML_NUMERIC_FMT, "http-listen-port", signerConfig.httpPort()));
    if (!signerConfig.getHttpHostAllowList().isEmpty()) {
        yamlConfig.append(String.format(YAML_STRING_FMT, "http-host-allowlist", createCommaSeparatedList(signerConfig.getHttpHostAllowList())));
    }
    yamlConfig.append(String.format(YAML_STRING_FMT, "key-store-path", signerConfig.getKeyStorePath().toString()));
    if (signerConfig.isMetricsEnabled()) {
        yamlConfig.append(String.format(YAML_BOOLEAN_FMT, "metrics-enabled", Boolean.TRUE));
        yamlConfig.append(String.format(YAML_NUMERIC_FMT, "metrics-port", signerConfig.getMetricsPort()));
        if (!signerConfig.getMetricsHostAllowList().isEmpty()) {
            yamlConfig.append(String.format(YAML_STRING_FMT, "metrics-host-allowlist", createCommaSeparatedList(signerConfig.getMetricsHostAllowList())));
        }
        if (!signerConfig.getMetricsCategories().isEmpty()) {
            yamlConfig.append(String.format(YAML_STRING_FMT, // config-file can only use longest options if more than one
            "metrics-categories", // option is specified.
            createCommaSeparatedList(signerConfig.getMetricsCategories())));
        }
    }
    if (signerConfig.isSwaggerUIEnabled()) {
        yamlConfig.append(String.format(YAML_BOOLEAN_FMT, "swagger-ui-enabled", Boolean.TRUE));
    }
    yamlConfig.append(String.format(YAML_BOOLEAN_FMT, "access-logs-enabled", Boolean.TRUE));
    if (signerConfig.isHttpDynamicPortAllocation()) {
        yamlConfig.append(String.format(YAML_STRING_FMT, "data-path", dataPath.toAbsolutePath().toString()));
    }
    yamlConfig.append(createServerTlsArgs());
    // sub-command .. it can't go to config file
    params.add(signerConfig.getMode());
    if (signerConfig.getMode().equals("eth2")) {
        yamlConfig.append(createEth2SlashingProtectionArgs());
        if (signerConfig.getAzureKeyVaultParameters().isPresent()) {
            final AzureKeyVaultParameters azureParams = signerConfig.getAzureKeyVaultParameters().get();
            yamlConfig.append(String.format(YAML_BOOLEAN_FMT, "eth2.azure-vault-enabled", Boolean.TRUE));
            yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-vault-auth-mode", azureParams.getAuthenticationMode().name()));
            yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-vault-name", azureParams.getKeyVaultName()));
            yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-client-id", azureParams.getClientId()));
            yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-client-secret", azureParams.getClientSecret()));
            yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.azure-tenant-id", azureParams.getTenantId()));
        }
        if (signerConfig.getKeystoresParameters().isPresent()) {
            final KeystoresParameters keystoresParameters = signerConfig.getKeystoresParameters().get();
            yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.keystores-path", keystoresParameters.getKeystoresPath().toAbsolutePath()));
            if (keystoresParameters.getKeystoresPasswordsPath() != null) {
                yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.keystores-passwords-path", keystoresParameters.getKeystoresPasswordsPath().toAbsolutePath()));
            }
            if (keystoresParameters.getKeystoresPasswordFile() != null) {
                yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.keystores-password-file", keystoresParameters.getKeystoresPasswordFile().toAbsolutePath()));
            }
        }
        if (signerConfig.getSlashingExportPath().isPresent()) {
            // sub-sub command
            params.add("export");
            yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.export.to", signerConfig.getSlashingExportPath().get().toAbsolutePath().toString()));
        } else if (signerConfig.getSlashingImportPath().isPresent()) {
            // sub-sub command
            params.add("import");
            yamlConfig.append(String.format(YAML_STRING_FMT, "eth2.import.from", signerConfig.getSlashingImportPath().get().toAbsolutePath().toString()));
        }
    }
    // create temporary config file
    try {
        final Path configFile = Files.createTempFile("web3signer_config", ".yaml");
        FileUtils.forceDeleteOnExit(configFile.toFile());
        Files.writeString(configFile, yamlConfig.toString());
        params.add(0, configFile.toAbsolutePath().toString());
        params.add(0, "--config-file");
    } catch (final IOException e) {
        throw new UncheckedIOException(e);
    }
    return params;
}
Also used : Path(java.nio.file.Path) ArrayList(java.util.ArrayList) AzureKeyVaultParameters(tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters) UncheckedIOException(java.io.UncheckedIOException) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) KeystoresParameters(tech.pegasys.web3signer.signing.config.KeystoresParameters)

Example 3 with AzureKeyVaultParameters

use of tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters in project web3signer by ConsenSys.

the class CmdLineParamsDefaultImpl method createCmdLineParams.

@Override
public List<String> createCmdLineParams() {
    final List<String> params = new ArrayList<>();
    params.add("--logging");
    params.add(signerConfig.logLevel());
    params.add("--http-listen-host");
    params.add(signerConfig.hostname());
    params.add("--http-listen-port");
    params.add(String.valueOf(signerConfig.httpPort()));
    if (!signerConfig.getHttpHostAllowList().isEmpty()) {
        params.add("--http-host-allowlist");
        params.add(createCommaSeparatedList(signerConfig.getHttpHostAllowList()));
    }
    params.add("--key-store-path");
    params.add(signerConfig.getKeyStorePath().toString());
    if (signerConfig.isMetricsEnabled()) {
        params.add("--metrics-enabled");
        params.add("--metrics-port");
        params.add(Integer.toString(signerConfig.getMetricsPort()));
        if (!signerConfig.getMetricsHostAllowList().isEmpty()) {
            params.add("--metrics-host-allowlist");
            params.add(createCommaSeparatedList(signerConfig.getMetricsHostAllowList()));
        }
        if (!signerConfig.getMetricsCategories().isEmpty()) {
            params.add("--metrics-category");
            params.add(createCommaSeparatedList(signerConfig.getMetricsCategories()));
        }
    }
    if (signerConfig.isSwaggerUIEnabled()) {
        params.add("--swagger-ui-enabled=true");
    }
    params.add("--access-logs-enabled=true");
    if (signerConfig.isHttpDynamicPortAllocation()) {
        params.add("--data-path");
        params.add(dataPath.toAbsolutePath().toString());
    }
    params.addAll(createServerTlsArgs());
    params.add(signerConfig.getMode());
    if (signerConfig.getMode().equals("eth2")) {
        params.addAll(createEth2Args());
        if (signerConfig.getAzureKeyVaultParameters().isPresent()) {
            final AzureKeyVaultParameters azureParams = signerConfig.getAzureKeyVaultParameters().get();
            params.add("--azure-vault-enabled=true");
            params.add("--azure-vault-auth-mode");
            params.add(azureParams.getAuthenticationMode().name());
            params.add("--azure-vault-name");
            params.add(azureParams.getKeyVaultName());
            params.add("--azure-client-id");
            params.add(azureParams.getClientId());
            params.add("--azure-client-secret");
            params.add(azureParams.getClientSecret());
            params.add("--azure-tenant-id");
            params.add(azureParams.getTenantId());
        }
        if (signerConfig.getKeystoresParameters().isPresent()) {
            final KeystoresParameters keystoresParameters = signerConfig.getKeystoresParameters().get();
            params.add("--keystores-path");
            params.add(keystoresParameters.getKeystoresPath().toAbsolutePath().toString());
            if (keystoresParameters.getKeystoresPasswordsPath() != null) {
                params.add("--keystores-passwords-path");
                params.add(keystoresParameters.getKeystoresPasswordsPath().toAbsolutePath().toString());
            }
            if (keystoresParameters.getKeystoresPasswordFile() != null) {
                params.add("--keystores-password-file");
                params.add(keystoresParameters.getKeystoresPasswordFile().toAbsolutePath().toString());
            }
        }
    }
    return params;
}
Also used : ArrayList(java.util.ArrayList) AzureKeyVaultParameters(tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters) KeystoresParameters(tech.pegasys.web3signer.signing.config.KeystoresParameters)

Example 4 with AzureKeyVaultParameters

use of tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters in project web3signer by ConsenSys.

the class AzureKeyVaultAcceptanceTest method ensureSecretsInKeyVaultAreLoadedAndReportedViaPublicKeysApi.

@Test
void ensureSecretsInKeyVaultAreLoadedAndReportedViaPublicKeysApi() {
    final AzureKeyVaultParameters azureParams = new DefaultAzureKeyVaultParameters(VAULT_NAME, CLIENT_ID, TENANT_ID, CLIENT_SECRET);
    final SignerConfigurationBuilder configBuilder = new SignerConfigurationBuilder().withMode("eth2").withAzureKeyVaultParameters(azureParams);
    startSigner(configBuilder.build());
    final Response response = signer.callApiPublicKeys(KeyType.BLS);
    response.then().statusCode(200).contentType(ContentType.JSON).body("", contains(EXPECTED_KEY));
}
Also used : Response(io.restassured.response.Response) SignerConfigurationBuilder(tech.pegasys.web3signer.dsl.signer.SignerConfigurationBuilder) AzureKeyVaultParameters(tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters) DefaultAzureKeyVaultParameters(tech.pegasys.web3signer.dsl.utils.DefaultAzureKeyVaultParameters) DefaultAzureKeyVaultParameters(tech.pegasys.web3signer.dsl.utils.DefaultAzureKeyVaultParameters) Test(org.junit.jupiter.api.Test)

Aggregations

AzureKeyVaultParameters (tech.pegasys.web3signer.signing.config.AzureKeyVaultParameters)4 ArrayList (java.util.ArrayList)2 Test (org.junit.jupiter.api.Test)2 SignerConfigurationBuilder (tech.pegasys.web3signer.dsl.signer.SignerConfigurationBuilder)2 DefaultAzureKeyVaultParameters (tech.pegasys.web3signer.dsl.utils.DefaultAzureKeyVaultParameters)2 KeystoresParameters (tech.pegasys.web3signer.signing.config.KeystoresParameters)2 Response (io.restassured.response.Response)1 IOException (java.io.IOException)1 UncheckedIOException (java.io.UncheckedIOException)1 Path (java.nio.file.Path)1 Signer (tech.pegasys.web3signer.dsl.signer.Signer)1