Dzejkop/tag_keys_and_dev_deployment_workflow (#36)

* Auto update dev deployment * Add extra metadata/tags to KMS keys
worldcoin · May 15, 2024 · 29de92e · 29de92e
1 parent 988dc5a
commit 29de92e
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 6 deletions.
diff --git a/.github/workflows/update-deployment.yml b/.github/workflows/update-deployment.yml
@@ -0,0 +1,25 @@
+name: Update dev deployment
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  update-deployment:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: 8BitJonny/[email protected]
+        id: PR
+      - name: Repository Dispatch
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.GIT_HUB_TOKEN }}
+          repository: worldcoin/signup-sequencer-deploy
+          event-type: update-dev
+          client-payload: |
+            {
+              "ref": "${{ github.sha }}",
+              "issuer":  "${{ steps.PR.outputs.pr_url }}"
+            }
diff --git a/src/keys.rs b/src/keys.rs
@@ -9,7 +9,10 @@ pub use universal_signer::UniversalSigner;
 #[async_trait::async_trait]
 pub trait KeysSource: Send + Sync + 'static {
     /// Returns a key id and signer
-    async fn new_signer(&self) -> eyre::Result<(String, UniversalSigner)>;
+    async fn new_signer(
+        &self,
+        meta_name: &str,
+    ) -> eyre::Result<(String, UniversalSigner)>;
 
     /// Loads the key using the provided id
     async fn load_signer(&self, id: String) -> eyre::Result<UniversalSigner>;

diff --git a/src/keys/kms_keys.rs b/src/keys/kms_keys.rs
@@ -1,5 +1,6 @@
 use aws_config::BehaviorVersion;
-use aws_sdk_kms::types::{KeySpec, KeyUsageType};
+use aws_sdk_kms::types::{KeySpec, KeyUsageType, Tag};
+use ethers::signers::Signer;
 use eyre::{Context, ContextCompat};
 
 use super::{KeysSource, UniversalSigner};
@@ -23,12 +24,22 @@ impl KmsKeys {
 
 #[async_trait::async_trait]
 impl KeysSource for KmsKeys {
-    async fn new_signer(&self) -> eyre::Result<(String, UniversalSigner)> {
+    async fn new_signer(
+        &self,
+        meta_name: &str,
+    ) -> eyre::Result<(String, UniversalSigner)> {
         let kms_key = self
             .kms_client
             .create_key()
             .key_spec(KeySpec::EccSecgP256K1)
             .key_usage(KeyUsageType::SignVerify)
+            .tags(
+                Tag::builder()
+                    .tag_key("CreatedBy")
+                    .tag_value("tx-sitter")
+                    .build()?,
+            )
+            .description(format!("Key of relayer {meta_name}"))
             .send()
             .await
             .context("AWS Error")?;
@@ -43,6 +54,31 @@ impl KeysSource for KmsKeys {
         )
         .await?;
 
+        let address = signer.address();
+
+        self.kms_client
+            .update_alias()
+            .target_key_id(key_id.clone())
+            .alias_name(format!("{meta_name}-{:?}", address));
+
+        self.kms_client
+            .tag_resource()
+            .key_id(key_id.clone())
+            .tags(
+                Tag::builder()
+                    .tag_key("RelayerName")
+                    .tag_value(meta_name)
+                    .build()?,
+            )
+            .tags(
+                Tag::builder()
+                    .tag_key("RelayerAddress")
+                    .tag_value(format!("{:?}", address))
+                    .build()?,
+            )
+            .send()
+            .await?;
+
         Ok((key_id, UniversalSigner::Aws(signer)))
     }
 

diff --git a/src/keys/local_keys.rs b/src/keys/local_keys.rs
@@ -19,7 +19,10 @@ impl LocalKeys {
 
 #[async_trait::async_trait]
 impl KeysSource for LocalKeys {
-    async fn new_signer(&self) -> eyre::Result<(String, UniversalSigner)> {
+    async fn new_signer(
+        &self,
+        _meta_name: &str,
+    ) -> eyre::Result<(String, UniversalSigner)> {
         let signing_key = SigningKey::random(&mut self.rng.clone());
 
         let key_id = signing_key.to_bytes().to_vec();
@@ -56,7 +59,7 @@ mod tests {
     async fn local_roundtrip() -> eyre::Result<()> {
         let keys_source = LocalKeys::new(&LocalKeysConfig::default());
 
-        let (id, signer) = keys_source.new_signer().await?;
+        let (id, signer) = keys_source.new_signer("meta name").await?;
 
         let address = signer.address();
 

diff --git a/src/server/routes/relayer.rs b/src/server/routes/relayer.rs
@@ -61,7 +61,7 @@ pub async fn create_relayer(
     State(app): State<Arc<App>>,
     Json(req): Json<CreateRelayerRequest>,
 ) -> Result<Json<CreateRelayerResponse>, ApiError> {
-    let (key_id, signer) = app.keys_source.new_signer().await?;
+    let (key_id, signer) = app.keys_source.new_signer(&req.name).await?;
 
     let address = signer.address();