feat(ec2): merge udpates and add tests

Author: ctrlc03

packages/actions/src/helpers/ec2.ts

@@ -149,6 +149,23 @@ const instancesTypes = {
     }
 }
 
+// 1. create ssh key in ec2 tab -> save the name 
+// 2. IAM role: access to ssh key ("iam:GetSSHPublicKey",)
+// 3. IAM role: ec2 access
+// 4. ec2 give role for s3 access
+// 5. have an api (express) running on the vm 
+// 6. have a script that runs on the vm that does the verification
+// 7. JWT Authorization: Bearer <token>
+// each circuit document needs to have the instance id of the vm 
+/*
+{
+    bucket: "x",
+    action: "verify/checkStatus",
+    "zKeyIndex": 0,
+    "zKeyStoragePath": /circuit/..,
+}
+*/
+
 /**
  * Creates a new EC2 instance 
  * @param ec2 <EC2Client> the EC2 client to talk to AWS
@@ -164,7 +181,9 @@ export const createEC2Instance = async (ec2: EC2Client): Promise<P0tionEC2Instan
         "sudo apt install awscli -y",
         "touch /tmp/test.txt",
         "echo 'hello world' > /tmp/test.txt",
-        "aws s3 cp /tmp/test.txt s3://p0tion-test-bucket/test.txt"
+        "aws s3 cp /tmp/test.txt s3://p0tion-test-bucket/test.txt",
+        "npm install -g p0tion-api",
+        "p0tion-api ",
     ]
 
     // create the params 
@@ -190,7 +209,7 @@ export const createEC2Instance = async (ec2: EC2Client): Promise<P0tionEC2Instan
         throw new Error("Could not create a new EC2 instance")
     }
 
-    const instance: P0tionEC2Instance = {
+    const instance: P0tionEC2Instance = {        
         InstanceId: response.Instances![0].InstanceId!,
         ImageId: response.Instances![0].ImageId!,
         InstanceType: response.Instances![0].InstanceType!,
@@ -207,7 +226,7 @@ export const createEC2Instance = async (ec2: EC2Client): Promise<P0tionEC2Instan
  * @param instanceId <string> the id of the instance to check
  * @returns <Promise<bool>> the status of the instance
  */
-export const checkEC2Status = async (ec2Client: EC2Client, instanceId: string) => {
+export const checkEC2Status = async (ec2Client: EC2Client, instanceId: string): Promise<boolean> => {
     const command = new DescribeInstanceStatusCommand({
         InstanceIds: [instanceId]
     })
@@ -216,8 +235,28 @@ export const checkEC2Status = async (ec2Client: EC2Client, instanceId: string) =
     if (response.$metadata.httpStatusCode !== 200) {
         throw new Error("Could not get the status of the EC2 instance")
     }
+    
     return response.InstanceStatuses![0].InstanceState!.Name === "running"
+}
 
+/**
+ * Get the IP of an EC2 instance
+ * @notice the IP will change at every restart
+ * @param ec2Client <EC2Client> the EC2 client to talk to AWS
+ * @param instanceId <string> the id of the instance to get the IP of
+ * @returns <Promise<string>> the IP of the instance
+ */
+export const getEC2Ip = async (ec2Client: EC2Client, instanceId: string) => {
+    const command = new DescribeInstancesCommand({
+        InstanceIds: [instanceId]
+    })
+
+    const response = await ec2Client.send(command)
+    if (response.$metadata.httpStatusCode !== 200) {
+        throw new Error("Could not get the IP of the EC2 instance")
+    }
+
+    return response.Reservations![0].Instances![0].PublicIpAddress
 }
 
 /**
@@ -274,24 +313,3 @@ export const terminateEC2Instance = async (ec2: EC2Client, instanceId: string) =
         throw new Error("Could not terminate the EC2 instance")
     }
 }
-
-/**
- * Get the EC2 public ip
- * @notice At each restart, the EC2 instance gets a new IP
- * @param ec2 <EC2Client> the EC2 client to talk to AWS
- * @param instanceId <string> the id of the instance to get the IP of
- * @returns <Promise<string>> the IP of the instance
- */
-export const getEC2Ip = async (ec2: EC2Client, instanceId: string): Promise<string> => {
-    const command = new DescribeInstancesCommand({
-        InstanceIds: [instanceId]
-    })
-
-    const response = await ec2.send(command)
-
-    if (response.$metadata.httpStatusCode !== 200) {
-        throw new Error("Could not get the EC2 instance")
-    }
-
-    return response.Reservations![0].Instances![0].PublicIpAddress
-}

packages/actions/src/index.ts

@@ -134,3 +134,11 @@ export {
     ContributionDocumentReferenceAndData,
     FirebaseServices
 } from "./types/index"
+export {
+    createEC2Instance,
+    terminateEC2Instance,
+    stopEC2Instance,
+    startEC2Instance,
+    checkEC2Status,
+    getEC2Ip
+} from "./helpers/ec2"

packages/actions/test/unit/ec2.test.ts

@@ -39,7 +39,7 @@ describe("EC2", () => {
     it("getEC2Ip should return an ip", async () => {
         const ip = await getEC2Ip(ec2, instance.InstanceId!)
         expect(ip).to.not.be.undefined
-        previousIp = ip
+        previousIp = ip!
     })
 
     it("stopEC2Instance should stop an instance", async () => {

packages/backend/src/functions/circuit.ts

@@ -29,15 +29,17 @@ import {
     ParticipantContributionStep,
     CeremonyState,
     Contribution,
-    blake512FromPath
+    blake512FromPath,
 } from "@p0tion/actions"
 import { FinalizeCircuitData, VerifyContributionData } from "../types/index"
 import { LogLevel } from "../types/enums"
 import { COMMON_ERRORS, logAndThrowError, printLog, SPECIFIC_ERRORS } from "../lib/errors"
 import {
+    createEC2Client,
     createTemporaryLocalPath,
     deleteObject,
     downloadArtifactFromS3Bucket,
+    getAWSVariables,
     getCeremonyCircuits,
     getCircuitDocumentByPosition,
     getCurrentServerTimestampInMillis,
@@ -431,6 +433,27 @@ export const verifycontribution = functionsV2.https.onCall(
                 `${prefix}_${isFinalizing ? finalContributionIndex : lastZkeyIndex}.zkey`
             )
 
+            // get variables for aws
+            const awsVariables = getAWSVariables()
+
+            // get ec2 client
+            const ec2Client = createEC2Client()
+
+            // start vm 
+            // const response = await createEc2Instance()
+
+            
+            // check status
+
+            // get ip 
+
+            // call api 
+
+            // wait 
+
+            // call api for result 
+
+
             // Prepare temporary file paths.
             // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
             const verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(

packages/backend/src/lib/utils.ts

@@ -8,6 +8,7 @@ import {
 } from "firebase-admin/firestore"
 import admin from "firebase-admin"
 import dotenv from "dotenv"
+import { EC2Client } from "@aws-sdk/client-ec2"
 import { DeleteObjectCommand, GetObjectCommand, PutObjectCommand } from "@aws-sdk/client-s3"
 import { getSignedUrl } from "@aws-sdk/s3-request-presigner"
 import { createWriteStream } from "node:fs"
@@ -357,3 +358,45 @@ export const getGitHubVariables = (): any => {
         minimumPublicRepos: Number(process.env.GITHUB_MINIMUM_PUBLIC_REPOS)
     }
 }
+
+/**
+ * Fetch the variables related to EC2 verification
+ * @returns <any> - the AWS EC2 variables.
+ */
+export const getAWSVariables = (): any => {
+    if (
+        !process.env.AWS_ACCESS_KEY_ID || 
+        !process.env.AWS_SECRET_ACCESS_KEY || 
+        !process.env.AWS_ROLE_ARN ||
+        !process.env.AWS_AMI_ID ||
+        !process.env.AWS_KEY_NAME 
+    ) 
+        logAndThrowError(COMMON_ERRORS.CM_WRONG_CONFIGURATION)
+
+    return {
+        accessKeyId: process.env.AWS_ACCESS_KEY_ID!,
+        secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,
+        region: process.env.AWS_REGION || "us-east-1",
+        roleArn: process.env.AWS_ROLE_ARN!,
+        amiId: process.env.AWS_AMI_ID!,
+        keyName: process.env.AWS_KEY_NAME!
+    }
+}
+
+/**
+ * Create an EC2 client object
+ * @returns <Promise<EC2Client>> an EC2 client
+ */
+export const createEC2Client = async (): Promise<EC2Client> => {
+    const { accessKeyId, secretAccessKey, region } = getAWSVariables()
+
+    const ec2: EC2Client = new EC2Client({
+        credentials: {
+            accessKeyId: accessKeyId,
+            secretAccessKey: secretAccessKey
+        },
+        region: region
+    })
+
+    return ec2 
+}