AWS KMS block signing support and Rust 1.79 #2051
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MitchTurner
reviewed
Aug 2, 2024
Dentosal
changed the title
| let signature_der = reply | ||
| .signature | ||
| .ok_or_else(|| anyhow!("no signature returned from AWS KMS"))? | ||
| .into_inner(); |
There was a problem hiding this comment.
Will this also raise up errors from the SDK? If not, we should surface those for logging - it will make debugging permission or config issues much easier.
There was a problem hiding this comment.
We do capture the SDK errors. In this specific case though, there's no error avaible from the SDK. I'm not even sure if this branch can occur; the AWS SDK bindings are poorly documented. It is quite likely that this field can never be None, as any error would be captured by the .send()? above.
MitchTurner
previously approved these changes
Aug 19, 2024
xgreenx
previously approved these changes
Aug 19, 2024
|
On my PR that is based on this one : #2102 the CI is failing in the new job added in this PR. I think it's because I'm making the PR from a fork. Don't know if you think it's a problem or not but I prefer to, at least, mention it. |
xgreenx
approved these changes
Aug 19, 2024
MitchTurner
approved these changes
Aug 19, 2024
Merged
xgreenx
added a commit
that referenced
this pull request
Aug 20, 2024
## Version v0.34.0 ### Added - [2051](#2051): Add support for AWS KMS signing for the PoA consensus module. The new key can be specified with `--consensus-aws-kms AWS_KEY_ARN`. - [2092](#2092): Allow iterating by keys in rocksdb, and other storages. - [2096](#2096): GraphQL endpoint to fetch blob byte code by its blob ID. ### Changed - [2106](#2106): Remove deadline clock in POA and replace with tokio time functions. #### Breaking - [2051](#2051): Misdocumented `CONSENSUS_KEY` environ variable has been removed, use `CONSENSUS_KEY_SECRET` instead. Also raises MSRV to `1.79.0`. ### Fixed - [2106](#2106): Handle the case when nodes with overriding start on the fresh network. - [2105](#2105): Fixed the rollback functionality to work with empty gas price database. ## What's Changed * doc: refine the transaction example in the README by @mmyyrroonn in #2072 * AWS KMS block signing support and Rust 1.79 by @Dentosal in #2051 * feat(iterators): allow key-only iteration by @rymnc in #2092 * feat: graphql endpoint to fetch the blob byte code by its blob ID by @netrome in #2096 * Small improvements for tests to make them more stable by @xgreenx in #2103 * Fixed the rollback functionality to work with empty gas price database by @xgreenx in #2105 * Bump wasmtime version by @Dentosal in #2089 * Handle the case when nodes with overriding start on the fresh network by @xgreenx in #2106 * Remove deadline clock in POA and replace with tokio time functions. by @AurelienFT in #2109 ## New Contributors * @mmyyrroonn made their first contribution in #2072 **Full Changelog**: v0.33.0...v0.34.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #2043
Adds support for using AWS KMS to sign blocks. Updates Rust version to 1.79 as the currently used 1.75.0 is too old for the latest aws crates.
Testing inside localstack
localstack start -d awslocal kms create-key --key-usage SIGN_VERIFY --customer-master-key-spec ECC_SECG_P256K1 AWS_DEFAULT_REGION=us-east-1 AWS_ENDPOINT_URL='http://127.0.0.1:4566' AWS_ACCESS_KEY_ID=test AWS_SECRET_ACCESS_KEY=test cargo run --bin fuel-core -- run --consensus-aws-kms KEY_ARN_COMES_HERE --poa-interval-period 1sChecklist
Before requesting review
After merging, notify other teams
[Add or remove entries as needed]