acceptance tests for Aws Kms

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfiguration.java

@@ -218,7 +218,7 @@ public Optional<AzureKeyVaultParameters> getAzureKeyVaultParameters() {
     return azureKeyVaultParameters;
   }
 
-  public Optional<AwsParameters> getAwsSecretsManagerParameters() {
+  public Optional<AwsParameters> getAwsParameters() {
     return awsSecretsManagerParameters;
   }
 

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/SignerConfigurationBuilder.java

@@ -141,8 +141,7 @@ public SignerConfigurationBuilder withAzureKeyVaultParameters(
     return this;
   }
 
-  public SignerConfigurationBuilder withAwsSecretsManagerParameters(
-      final AwsParameters awsParameters) {
+  public SignerConfigurationBuilder withAwsParameters(final AwsParameters awsParameters) {
     this.awsParameters = awsParameters;
     return this;
   }

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsConfigFileImpl.java

@@ -12,6 +12,13 @@
  */
 package tech.pegasys.web3signer.dsl.signer.runner;
 
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_ACCESS_KEY_ID_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_AUTH_MODE_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_ENABLED_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_REGION_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_SECRET_ACCESS_KEY_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_TAG_NAMES_FILTER_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_TAG_VALUES_FILTER_OPTION;
 import static tech.pegasys.web3signer.commandline.PicoCliSecretsMangerAwsParameters.AWS_ENDPOINT_OVERRIDE_OPTION;
 import static tech.pegasys.web3signer.commandline.PicoCliSecretsMangerAwsParameters.AWS_SECRETS_ACCESS_KEY_ID_OPTION;
 import static tech.pegasys.web3signer.commandline.PicoCliSecretsMangerAwsParameters.AWS_SECRETS_AUTH_MODE_OPTION;
@@ -139,8 +146,9 @@ public List<String> createCmdLineParams() {
       }
 
       signerConfig
-          .getAwsSecretsManagerParameters()
-          .ifPresent(awsParams -> yamlConfig.append(awsBulkLoadingOptions(awsParams)));
+          .getAwsParameters()
+          .ifPresent(
+              awsParams -> yamlConfig.append(awsSecretsManagerBulkLoadingOptions(awsParams)));
 
       final CommandArgs subCommandArgs = createSubCommandArgs();
       params.addAll(subCommandArgs.params);
@@ -152,6 +160,10 @@ public List<String> createCmdLineParams() {
       yamlConfig.append(
           String.format(YAML_NUMERIC_FMT, "eth1.chain-id", signerConfig.getChainIdProvider().id()));
       yamlConfig.append(createDownstreamTlsArgs());
+
+      signerConfig
+          .getAwsParameters()
+          .ifPresent(awsParams -> yamlConfig.append(awsKmsBulkLoadingOptions(awsParams)));
     }
 
     signerConfig
@@ -441,7 +453,7 @@ private String createEth2SlashingProtectionArgs() {
     return yamlConfig.toString();
   }
 
-  private String awsBulkLoadingOptions(final AwsParameters awsParameters) {
+  private String awsSecretsManagerBulkLoadingOptions(final AwsParameters awsParameters) {
     final StringBuilder yamlConfig = new StringBuilder();
 
     yamlConfig.append(
@@ -517,6 +529,74 @@ private String awsBulkLoadingOptions(final AwsParameters awsParameters) {
     return yamlConfig.toString();
   }
 
+  private String awsKmsBulkLoadingOptions(final AwsParameters awsParameters) {
+    final StringBuilder yamlConfig = new StringBuilder();
+
+    yamlConfig.append(
+        String.format(
+            YAML_BOOLEAN_FMT,
+            "eth1." + AWS_KMS_ENABLED_OPTION.substring(2),
+            awsParameters.isEnabled()));
+
+    yamlConfig.append(
+        String.format(
+            YAML_STRING_FMT,
+            "eth1." + AWS_KMS_AUTH_MODE_OPTION.substring(2),
+            awsParameters.getAuthenticationMode().name()));
+
+    if (awsParameters.getAccessKeyId() != null) {
+      yamlConfig.append(
+          String.format(
+              YAML_STRING_FMT,
+              "eth1." + AWS_KMS_ACCESS_KEY_ID_OPTION.substring(2),
+              awsParameters.getAccessKeyId()));
+    }
+
+    if (awsParameters.getSecretAccessKey() != null) {
+      yamlConfig.append(
+          String.format(
+              YAML_STRING_FMT,
+              "eth1." + AWS_KMS_SECRET_ACCESS_KEY_OPTION.substring(2),
+              awsParameters.getSecretAccessKey()));
+    }
+
+    if (awsParameters.getRegion() != null) {
+      yamlConfig.append(
+          String.format(
+              YAML_STRING_FMT,
+              "eth1." + AWS_KMS_REGION_OPTION.substring(2),
+              awsParameters.getRegion()));
+    }
+
+    if (!awsParameters.getTagNamesFilter().isEmpty()) {
+      yamlConfig.append(
+          String.format(
+              YAML_STRING_FMT,
+              "eth1." + AWS_KMS_TAG_NAMES_FILTER_OPTION.substring(2),
+              String.join(",", awsParameters.getTagNamesFilter())));
+    }
+
+    if (!awsParameters.getTagValuesFilter().isEmpty()) {
+      yamlConfig.append(
+          String.format(
+              YAML_STRING_FMT,
+              "eth1." + AWS_KMS_TAG_VALUES_FILTER_OPTION.substring(2),
+              String.join(",", awsParameters.getTagValuesFilter())));
+    }
+
+    awsParameters
+        .getEndpointOverride()
+        .ifPresent(
+            uri ->
+                yamlConfig.append(
+                    String.format(
+                        YAML_STRING_FMT,
+                        "eth1." + AWS_ENDPOINT_OVERRIDE_OPTION.substring(2),
+                        uri)));
+
+    return yamlConfig.toString();
+  }
+
   private String formatStringList(final String key, final List<String> stringList) {
     return stringList.isEmpty()
         ? String.format("%s: []%n", key)

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsDefaultImpl.java

@@ -12,6 +12,13 @@
  */
 package tech.pegasys.web3signer.dsl.signer.runner;
 
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_ACCESS_KEY_ID_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_AUTH_MODE_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_ENABLED_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_REGION_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_SECRET_ACCESS_KEY_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_TAG_NAMES_FILTER_OPTION;
+import static tech.pegasys.web3signer.commandline.PicoCliKmsAwsParameters.AWS_KMS_TAG_VALUES_FILTER_OPTION;
 import static tech.pegasys.web3signer.commandline.PicoCliSecretsMangerAwsParameters.AWS_ENDPOINT_OVERRIDE_OPTION;
 import static tech.pegasys.web3signer.commandline.PicoCliSecretsMangerAwsParameters.AWS_SECRETS_ACCESS_KEY_ID_OPTION;
 import static tech.pegasys.web3signer.commandline.PicoCliSecretsMangerAwsParameters.AWS_SECRETS_AUTH_MODE_OPTION;
@@ -116,8 +123,8 @@ public List<String> createCmdLineParams() {
       }
 
       signerConfig
-          .getAwsSecretsManagerParameters()
-          .ifPresent(awsParams -> params.addAll(awsBulkLoadingOptions(awsParams)));
+          .getAwsParameters()
+          .ifPresent(awsParams -> params.addAll(awsSecretsManagerBulkLoadingOptions(awsParams)));
     } else if (signerConfig.getMode().equals("eth1")) {
       params.add("--downstream-http-port");
       params.add(Integer.toString(signerConfig.getDownstreamHttpPort()));
@@ -128,6 +135,9 @@ public List<String> createCmdLineParams() {
       if (signerConfig.getAzureKeyVaultParameters().isPresent()) {
         createAzureArgs(params);
       }
+      signerConfig
+          .getAwsParameters()
+          .ifPresent(awsParams -> params.addAll(awsKmsBulkLoadingOptions(awsParams)));
     }
 
     return params;
@@ -276,7 +286,8 @@ private Collection<String> createEth2Args() {
     return params;
   }
 
-  private Collection<String> awsBulkLoadingOptions(final AwsParameters awsParameters) {
+  private Collection<String> awsSecretsManagerBulkLoadingOptions(
+      final AwsParameters awsParameters) {
     final List<String> params = new ArrayList<>();
 
     params.add(AWS_SECRETS_ENABLED_OPTION + "=" + awsParameters.isEnabled());
@@ -325,6 +336,50 @@ private Collection<String> awsBulkLoadingOptions(final AwsParameters awsParamete
     return params;
   }
 
+  private Collection<String> awsKmsBulkLoadingOptions(final AwsParameters awsParameters) {
+    final List<String> params = new ArrayList<>();
+
+    params.add(AWS_KMS_ENABLED_OPTION + "=" + awsParameters.isEnabled());
+
+    params.add(AWS_KMS_AUTH_MODE_OPTION);
+    params.add(awsParameters.getAuthenticationMode().name());
+
+    if (awsParameters.getAccessKeyId() != null) {
+      params.add(AWS_KMS_ACCESS_KEY_ID_OPTION);
+      params.add(awsParameters.getAccessKeyId());
+    }
+
+    if (awsParameters.getSecretAccessKey() != null) {
+      params.add(AWS_KMS_SECRET_ACCESS_KEY_OPTION);
+      params.add(awsParameters.getSecretAccessKey());
+    }
+
+    if (awsParameters.getRegion() != null) {
+      params.add(AWS_KMS_REGION_OPTION);
+      params.add(awsParameters.getRegion());
+    }
+
+    awsParameters
+        .getEndpointOverride()
+        .ifPresent(
+            uri -> {
+              params.add(AWS_ENDPOINT_OVERRIDE_OPTION);
+              params.add(uri.toString());
+            });
+
+    if (!awsParameters.getTagNamesFilter().isEmpty()) {
+      params.add(AWS_KMS_TAG_NAMES_FILTER_OPTION);
+      params.add(String.join(",", awsParameters.getTagNamesFilter()));
+    }
+
+    if (!awsParameters.getTagValuesFilter().isEmpty()) {
+      params.add(AWS_KMS_TAG_VALUES_FILTER_OPTION);
+      params.add(String.join(",", awsParameters.getTagValuesFilter()));
+    }
+
+    return params;
+  }
+
   private void createAzureArgs(final List<String> params) {
     final AzureKeyVaultParameters azureParams = signerConfig.getAzureKeyVaultParameters().get();
     params.add("--azure-vault-enabled=true");

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/Web3SignerRunner.java

@@ -48,13 +48,13 @@ public abstract class Web3SignerRunner {
   private static final String METRICS_PORT_KEY = "metrics-port";
 
   public static Web3SignerRunner createRunner(final SignerConfiguration signerConfig) {
-    if (Boolean.getBoolean("acctests.runWeb3SignerAsProcess")) {
-      LOG.info("Web3Signer running as a process.");
-      return new Web3SignerProcessRunner(signerConfig);
-    } else {
-      LOG.info("Web3Signer running in a thread.");
-      return new Web3SignerThreadRunner(signerConfig);
-    }
+    //    if (Boolean.getBoolean("acctests.runWeb3SignerAsProcess")) {
+    //      LOG.info("Web3Signer running as a process.");
+    //      return new Web3SignerProcessRunner(signerConfig);
+    //    } else {
+    LOG.info("Web3Signer running in a thread.");
+    return new Web3SignerThreadRunner(signerConfig);
+    //    }
   }
 
   protected Web3SignerRunner(final SignerConfiguration signerConfig) {