Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(common,cli): kms deployer gets keyId from environment #2760

Merged
merged 20 commits into from
Apr 29, 2024

Conversation

yonadaaa
Copy link
Contributor

We can declare the KMS Key ID AWS_KMS_KEY_ID instead of passing it into to mud deploy. This means the flag to enable KMS signing can just be a boolean.

Copy link

changeset-bot bot commented Apr 29, 2024

🦋 Changeset detected

Latest commit: 507f66a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 24 packages
Name Type
@latticexyz/cli Patch
mock-game-contracts Patch
@latticexyz/abi-ts Patch
@latticexyz/block-logs-stream Patch
@latticexyz/common Patch
@latticexyz/config Patch
create-mud Patch
@latticexyz/dev-tools Patch
@latticexyz/faucet Patch
@latticexyz/gas-report Patch
@latticexyz/protocol-parser Patch
@latticexyz/query Patch
@latticexyz/react Patch
@latticexyz/recs Patch
@latticexyz/schema-type Patch
@latticexyz/services Patch
solhint-config-mud Patch
solhint-plugin-mud Patch
@latticexyz/store-indexer Patch
@latticexyz/store-sync Patch
@latticexyz/store Patch
@latticexyz/utils Patch
@latticexyz/world-modules Patch
@latticexyz/world Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

awsKmsKeyId: {
type: "string",
desc: "Optional AWS KMS key ID. If set, the World is deployed using a KMS signer instead of local private key.",
aws: {
Copy link
Member

@holic holic Apr 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since we call everything else "kms" I wonder if this flag should be --kms
(I know this deviates from forge)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agreed, I also like the specificity of KMS

@yonadaaa yonadaaa marked this pull request as ready for review April 29, 2024 12:52
@yonadaaa yonadaaa requested a review from alvrs as a code owner April 29, 2024 12:52
@@ -19,9 +19,9 @@ export type KmsAccount = LocalAccount<"aws-kms"> & {
* @returns A Local Account.
*/
export async function kmsKeyToAccount({
keyId,
keyId = process.env.AWS_KMS_KEY_ID || "",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Defaulting in the account was inspired by this Foundry library https://github.com/foundry-rs/foundry/blob/master/crates/wallets/src/wallet.rs#L95-L97

Copy link
Member

@holic holic Apr 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why an empty string? is it bad if this is undefined? we already specify this as an optional param

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did this because keyId is optional for the SDK but our getKeyId function returns a string. Gonna try something else

holic
holic previously approved these changes Apr 29, 2024
Copy link
Member

@holic holic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a couple small things around messaging but otherwise lgtm!

packages/cli/src/runDeploy.ts Outdated Show resolved Hide resolved
.changeset/quick-lions-rest.md Outdated Show resolved Hide resolved
.changeset/quick-lions-rest.md Outdated Show resolved Hide resolved
@@ -25,7 +25,7 @@ export async function getAddressFromKms({
keyId,
client,
}: {
keyId: SignCommandInput["KeyId"];
keyId: GetPublicKeyCommandInput["KeyId"];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ooc what does this type resolve to?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's string | undefined (same as SignCommandInput actually). I don't know why they make it optional! https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/GetPublicKeyCommandInput/

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh, should we just make it a regular string and require it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can, i figured we can pipe it through the same way they do. I copied that approach from the ethers signer https://github.com/rumblefishdev/eth-signer-kms/blob/master/src/kms.ts#L16

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also this change is totally orthogonal to the point of this PR, it's just a small consistency refactor I noticed and threw in

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought we had it as string before, not sure when it changed

Co-authored-by: Kevin Ingersoll <[email protected]>
yonadaaa and others added 2 commits April 29, 2024 20:32
Co-authored-by: Kevin Ingersoll <[email protected]>
@yonadaaa yonadaaa requested a review from holic April 29, 2024 19:33
@yonadaaa yonadaaa merged commit e03830e into main Apr 29, 2024
12 checks passed
@yonadaaa yonadaaa deleted the yonadaaa/kms-bool-flag branch April 29, 2024 22:24
dhvanipa pushed a commit to tenetxyz/mud that referenced this pull request May 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants