chore: improve makefile

0xPolygonID · Jul 30, 2024 · 42d34c5 · 42d34c5
1 parent 067cdd3
commit 42d34c5
Show file tree

Hide file tree

Showing 5 changed files with 52 additions and 33 deletions.
diff --git a/.env-issuer.sample b/.env-issuer.sample
@@ -22,7 +22,7 @@ ISSUER_KMS_BJJ_PROVIDER=vault
 ISSUER_KMS_ETH_PROVIDER=vault
 
 # if the plugin is localstorage, you can specify the file path (default path is current directory)
-ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH=
+ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH=./localstoragekeys
 
 # If the plugin is AWS for ETH keys you need to specify the key id and secret key
 ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY=XXX

diff --git a/Dockerfile-kms-importer b/Dockerfile-kms-importer
@@ -1,9 +1,9 @@
 FROM golang:1.21 as base
 ARG VERSION
 
-ARG ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY
-ARG ISSUER_KMS_ETH_PLUGIN_AWS_SECRET_KEY
-ARG ISSUER_KMS_ETH_PLUGIN_AWS_REGION
+ARG ISSUER_KMS_ETH_PROVIDER_AWS_ACCESS_KEY
+ARG ISSUER_KMS_ETH_PROVIDER_AWS_SECRET_KEY
+ARG ISSUER_KMS_ETH_PROVIDER_AWS_REGION
 
 WORKDIR /service
 ENV GOBIN /service/bin
@@ -15,12 +15,13 @@ COPY ./internal ./internal
 COPY ./pkg ./pkg
 
 
+
 RUN go install -buildvcs=false -ldflags "-X main.build=${VERSION}" ./cmd/...
 
 FROM alpine:latest
-ARG ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY
-ARG ISSUER_KMS_ETH_PLUGIN_AWS_SECRET_KEY
-ARG ISSUER_KMS_ETH_PLUGIN_AWS_REGION
+ARG ISSUER_KMS_ETH_PROVIDER_AWS_ACCESS_KEY
+ARG ISSUER_KMS_ETH_PROVIDER_AWS_SECRET_KEY
+ARG ISSUER_KMS_ETH_PROVIDER_AWS_REGION
 
 RUN apk add --no-cache libstdc++ gcompat libgomp
 RUN apk add --update busybox>1.3.1-r0
@@ -38,20 +39,20 @@ COPY --from=base ./service/bin/* ./
 COPY --from=base ./service/cmd/kms_priv_key_importer/aws_kms_material_key_importer.sh ./aws_kms_material_key_importer.sh
 RUN chmod +x ./aws_kms_material_key_importer.sh
 
-RUN if [ -n "$ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY" ]; then \
-      aws configure set aws_access_key_id ${ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY} --profile privadoid; \
+RUN if [ -n "$ISSUER_KMS_ETH_PROVIDER_AWS_ACCESS_KEY" ]; then \
+      aws configure set aws_access_key_id ${ISSUER_KMS_ETH_PROVIDER_AWS_ACCESS_KEY} --profile privadoid; \
     else \
-      echo "ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY is not set"; \
+      echo "ISSUER_KMS_ETH_PROVIDER_AWS_ACCESS_KEY is not set"; \
     fi
-RUN if [ -n "$ISSUER_KMS_ETH_PLUGIN_AWS_SECRET_KEY" ]; then \
-      aws configure set aws_secret_access_key ${ISSUER_KMS_ETH_PLUGIN_AWS_SECRET_KEY} --profile privadoid; \
+RUN if [ -n "$ISSUER_KMS_ETH_PROVIDER_AWS_SECRET_KEY" ]; then \
+      aws configure set aws_secret_access_key ${ISSUER_KMS_ETH_PROVIDER_AWS_SECRET_KEY} --profile privadoid; \
     else \
-      echo "ISSUER_KMS_ETH_PLUGIN_AWS_SECRET_KEY is not set"; \
+      echo "ISSUER_KMS_ETH_PROVIDER_AWS_SECRET_KEY is not set"; \
     fi
-RUN if [ -n "$ISSUER_KMS_ETH_PLUGIN_AWS_REGION" ]; then \
-      aws configure set region ${ISSUER_KMS_ETH_PLUGIN_AWS_REGION} --profile privadoid; \
+RUN if [ -n "$ISSUER_KMS_ETH_PROVIDER_AWS_REGION" ]; then \
+      aws configure set region ${ISSUER_KMS_ETH_PROVIDER_AWS_REGION} --profile privadoid; \
     else \
-      echo "ISSUER_KMS_ETH_PLUGIN_AWS_REGION is not set"; \
+      echo "ISSUER_KMS_ETH_PROVIDER_AWS_REGION is not set"; \
     fi
 
 
diff --git a/Makefile b/Makefile
@@ -1,4 +1,5 @@
 include .env-api
+include .env-issuer
 BIN := $(shell pwd)/bin
 VERSION ?= $(shell git rev-parse --short HEAD)
 GO?=$(shell which go)
@@ -14,6 +15,8 @@ DOCKER_COMPOSE_CMD := docker compose -p issuer -f $(DOCKER_COMPOSE_FILE)
 DOCKER_COMPOSE_INFRA_CMD := docker compose -p issuer -f $(DOCKER_COMPOSE_FILE_INFRA)
 ENVIRONMENT := ${ISSUER_API_ENVIRONMENT}
 
+ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH := ${ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH}
+ISSUER_KMS_ETH_PROVIDER := ${ISSUER_KMS_ETH_PROVIDER}
 
 # Local environment overrides via godotenv
 DOTENV_CMD = $(BIN)/godotenv
@@ -159,22 +162,37 @@ add-private-key:
 	docker exec issuer-vault-1 \
 	vault write iden3/import/pbkey key_type=ethereum private_key=$(private_key)
 
-# >>> usage: make private_key=xxx import-private-key-to-kms
-# If you want to import your private key to the local storage be sure to have the
-# file ${ISSUER_KMS_PLUGIN_LOCAL_STORAGE_FILE_PATH}/kms_localstorage_keys.json, otherwise change the mapped volume.
-# If you want to import private key to vault running with docker compose  make sure ISSUER_KEY_STORE_ADDRESS=http://vault:8200  in .env-issuer
-# >>> Don't use this command if you want to import private key to aws kms, for that see cmd/kms_priv_key_importer/readme.md
+## Usage:
+## AWS: make private_key=XXX aws_access_key=YYY aws_secret_key=ZZZ aws_region=your-region import-private-key-to-kms
+## localstorage and vault: make private_key=XXX import-private-key-to-kms
 .PHONY: import-private-key-to-kms
 import-private-key-to-kms:
-	docker build -t privadoid-kms-importer -f Dockerfile-kms-importer .
-	docker run -it -v ./.env-issuer:/.env-issuer --network issuer-network \
-	-v ./localstoragekeys/kms_localstorage_keys.json:/localstoragekeys/kms_localstorage_keys.json \
-	privadoid-kms-importer ./kms_priv_key_importer --privateKey=$(private_key)
+ifeq ($(ISSUER_KMS_ETH_PROVIDER), aws)
+	docker build --build-arg ISSUER_KMS_ETH_PROVIDER_AWS_ACCESS_KEY=$(aws_access_key) \
+    		  --build-arg ISSUER_KMS_ETH_PROVIDER_AWS_SECRET_KEY=$(aws_secret_key) \
+    		  --build-arg ISSUER_KMS_ETH_PROVIDER_AWS_REGION=$(aws_region) -t privadoid-kms-importer -f ./Dockerfile-kms-importer .
+	$(eval result = $(shell docker run -it -v ./.env-issuer:/.env-issuer -v $(ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH)/kms_localstorage_keys.json:/localstoragekeys/kms_localstorage_keys.json \
+		--network issuer-network \
+		privadoid-kms-importer ./kms_priv_key_importer --privateKey=$(private_key)))
+	@echo "result: $(result)"
+	$(eval keyID = $(shell echo $(result) | grep "key created keyId=" | sed 's/.*keyId=//'))
+	@if [ -n "$(keyID)" ]; then \
+		docker run -it --rm -v ./.env-issuer:/.env-issuer --network issuer-network \
+			privadoid-kms-importer sh ./aws_kms_material_key_importer.sh $(private_key) $(keyID) privadoid; \
+	else \
+		echo "something went wrong because keyID is empty"; \
+	fi
+else
+	docker build -t privadoid-kms-importer -f ./Dockerfile-kms-importer .
+	docker run --rm -it -v ./.env-issuer:/.env-issuer -v $(ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH)/kms_localstorage_keys.json:/localstoragekeys/kms_localstorage_keys.json \
+		--network issuer-network \
+		privadoid-kms-importer ./kms_priv_key_importer --privateKey=$(private_key)
+endif
 
 .PHONY: print-vault-token
 print-vault-token:
 	$(eval TOKEN = $(shell docker logs issuer-vault-1 2>&1 | grep " .hvs" | awk  '{print $$2}' | tail -1 ))
-	@echo $(TOKEN)
+	echo $(TOKEN)
 
 .PHONY: add-vault-token
 add-vault-token:

diff --git a/cmd/kms_priv_key_importer/main.go b/cmd/kms_priv_key_importer/main.go
@@ -26,9 +26,9 @@ import (
 )
 
 const (
-	issuerKMSETHPlugin                  = "ISSUER_KMS_ETH_PLUGIN"
+	issuerKMSETHPlugin                  = "ISSUER_KMS_ETH_PROVIDER"
 	issuerPublishKeyPath                = "ISSUER_PUBLISH_KEY_PATH"
-	issuerKmsPluginLocalStorageFilePath = "ISSUER_KMS_PLUGIN_LOCAL_STORAGE_FILE_PATH"
+	issuerKmsPluginLocalStorageFilePath = "ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH"
 	issuerKeyStoreToken                 = "ISSUER_KEY_STORE_TOKEN"
 	issuerKeyStoreAddress               = "ISSUER_KEY_STORE_ADDRESS"
 	issuerKeyStorePluginIden3MountPath  = "ISSUER_KEY_STORE_PLUGIN_IDEN3_MOUNT_PATH"
@@ -79,7 +79,7 @@ func main() {
 	issuerKmsPluginLocalStorageFilePath := os.Getenv(issuerKmsPluginLocalStorageFilePath)
 
 	if issuerKMSEthPluginVar != config.LocalStorage && issuerKMSEthPluginVar != config.Vault && issuerKMSEthPluginVar != config.AWS {
-		log.Error(ctx, "issuer kms eth plugin is not set or is not local storage or vault or aws", "plugin: ", issuerKMSEthPluginVar)
+		log.Error(ctx, "issuer kms eth provider is not set or is not localstorage or vault or aws", "plugin: ", issuerKMSEthPluginVar)
 		return
 	}
 

diff --git a/cmd/kms_priv_key_importer/readme.md b/cmd/kms_priv_key_importer/readme.md
@@ -12,7 +12,7 @@ ISSUER_KMS_ETH_PROVIDER=aws
 
 # if the plugin is localstorage, you can specify the file path (default path is current directory)
 # Important!!!: this path must be the same as the one used by the issuer node (defined in .env-issuer file)
-ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH=
+ISSUER_KMS_PROVIDER_LOCAL_STORAGE_FILE_PATH=./localstoragekeys
 
 # If the plugin is AWS for ETH keys you need to specify the key id and secret key
 ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY=XXX
@@ -81,9 +81,9 @@ if you get `Key material successfully imported!!!` message, then your private ke
 In the root project folder run:
 
 ```shell
-docker build --build-arg ISSUER_KMS_ETH_PLUGIN_AWS_ACCESS_KEY=XXXX \
-  --build-arg ISSUER_KMS_ETH_PLUGIN_AWS_SECRET_KEY=YYYY \
-  --build-arg ISSUER_KMS_ETH_PLUGIN_AWS_REGION=eu-west-1 -t privadoid-kms-importer -f ./Dockerfile-kms-importer .
+docker build --build-arg ISSUER_KMS_ETH_PROVIDER_AWS_ACCESS_KEY=XXXX \
+  --build-arg ISSUER_KMS_ETH_PROVIDER_AWS_SECRET_KEY=YYYY \
+  --build-arg ISSUER_KMS_ETH_PROVIDER_AWS_REGION=ZZZZ -t privadoid-kms-importer -f ./Dockerfile-kms-importer .
 ```
 
 after the docker image is created run the following command (make sure you have the .env-issuer with your env vars):