Merge pull request #6356 from ethereum-optimism/felipe/ufm-kmstool

feat(ufm): add kmstool

Merge pull request #6356 from ethereum-optimism/felipe/ufm-kmstool
feat(ufm): add kmstool
2a2cfc7f · OptimismBot · GitHub · 5eb852bb · b94df1d0 · 2a2cfc7f
Commit 2a2cfc7f authored Jul 19, 2023 by OptimismBot Committed by GitHub Jul 19, 2023
Showing with 193 additions and 18 deletions

Makefile op-ufm/Makefile +6 -0

go.mod op-ufm/go.mod +22 -4

go.sum op-ufm/go.sum +89 -10

eth.go op-ufm/pkg/metrics/clients/eth.go +0 -4

main.go op-ufm/tools/kmstool/main.go +76 -0

No files found.
--- a/op-ufm/Makefile
+++ b/op-ufm/Makefile
@@ -19,3 +19,9 @@ test:
 lint:
 	go vet ./...
 .PHONY: test
+tls:
+	kubectl get secrets op-ufm-client-tls -o yaml | yq '.data."tls.key"' | base64 --decode > tls/tls.key
+	kubectl get secrets op-ufm-client-tls -o yaml | yq '.data."tls.crt"' | base64 --decode > tls/tls.crt
+	kubectl get secrets op-ufm-client-tls -o yaml | yq '.data."ca.crt"' | base64 --decode > tls/ca.crt
+.PHONY: tls
--- a/op-ufm/go.mod
+++ b/op-ufm/go.mod
@@ -3,6 +3,7 @@ module github.com/ethereum-optimism/optimism/op-ufm
 go 1.20
 require (
+	cloud.google.com/go/kms v1.12.1
 	github.com/BurntSushi/toml v1.3.2
 	github.com/ethereum-optimism/optimism/op-service v0.10.14
 	github.com/ethereum-optimism/optimism/op-signer v0.1.1
@@ -11,9 +12,13 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.16.0
 	github.com/rs/cors v1.9.0
+	google.golang.org/genproto v0.0.0-20230706204954-ccb25ca9f130
 )
 require (
+	cloud.google.com/go/compute v1.20.1 // indirect
+	cloud.google.com/go/compute/metadata v0.2.3 // indirect
+	cloud.google.com/go/iam v1.1.0 // indirect
 	github.com/DataDog/zstd v1.5.2 // indirect
 	github.com/VictoriaMetrics/fastcache v1.10.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -32,8 +37,13 @@ require (
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/gofrs/flock v0.8.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.5-0.20220116011046-fa5810519dcb // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/holiman/bloomfilter/v2 v2.0.3 // indirect
 	github.com/holiman/uint256 v1.2.2-0.20230321075855-87b91420868c // indirect
@@ -55,10 +65,18 @@ require (
 	github.com/tklauser/numcpus v0.5.0 // indirect
 	github.com/urfave/cli v1.22.9 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	golang.org/x/crypto v0.1.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	golang.org/x/crypto v0.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230206171751-46f607a40771 // indirect
-	golang.org/x/sys v0.8.0 // indirect
+	golang.org/x/net v0.12.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/oauth2 v0.10.0 // indirect
-	google.golang.org/protobuf v1.30.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
+	golang.org/x/text v0.11.0 // indirect
+	google.golang.org/api v0.132.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect
+	google.golang.org/grpc v1.56.2 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect
 )
--- a/op-ufm/go.sum
+++ b/op-ufm/go.sum
--- a/op-ufm/pkg/metrics/clients/eth.go
+++ b/op-ufm/pkg/metrics/clients/eth.go
@@ -5,8 +5,6 @@ import (
 	"time"
 	"github.com/ethereum-optimism/optimism/op-ufm/pkg/metrics"
-	"github.com/ethereum/go-ethereum/log"
 	"github.com/ethereum/go-ethereum"
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/core"
@@ -33,9 +31,7 @@ func Dial(providerName string, url string) (*InstrumentedEthClient, error) {
 func (i *InstrumentedEthClient) TransactionByHash(ctx context.Context, hash common.Hash) (*types.Transaction, bool, error) {
 	start := time.Now()
-	log.Debug(">> TransactionByHash", "hash", hash, "provider", i.providerName)
 	tx, isPending, err := i.c.TransactionByHash(ctx, hash)
-	log.Debug("<< TransactionByHash", "tx", tx, "isPending", isPending, "err", err, "hash", hash, "provider", i.providerName)
 	if err != nil {
 		if !i.ignorableErrors(err) {
 			metrics.RecordError(i.providerName, "ethclient.TransactionByHash")

--- a/op-ufm/tools/kmstool/main.go
+++ b/op-ufm/tools/kmstool/main.go
+package main
+import (
+	"context"
+	"crypto/x509/pkix"
+	"encoding/asn1"
+	"encoding/pem"
+	"fmt"
+	"os"
+	kms "cloud.google.com/go/kms/apiv1"
+	"cloud.google.com/go/kms/apiv1/kmspb"
+	"github.com/ethereum/go-ethereum/common"
+	"github.com/ethereum/go-ethereum/crypto"
+)
+func main() {
+	println("kmstool - usage: kmstool <key>")
+	if len(os.Args) < 2 {
+		panic("missing <key>")
+	}
+	keyName := os.Args[1]
+	ctx := context.Background()
+	client, err := kms.NewKeyManagementClient(ctx)
+	if err != nil {
+		panic(fmt.Sprintf("failed to create kms client: %w", err))
+	}
+	defer client.Close()
+	addr, err := resolveAddr(ctx, client, keyName)
+	if err != nil {
+		panic(fmt.Sprintf("failed to retrieve the key: %w", err))
+	}
+	fmt.Printf("ethereum addr: %s", addr)
+	println()
+	println()
+}
+func resolveAddr(ctx context.Context, client *kms.KeyManagementClient, keyName string) (common.Address, error) {
+	resp, err := client.GetPublicKey(ctx, &kmspb.GetPublicKeyRequest{Name: keyName})
+	if err != nil {
+		return common.Address{}, fmt.Errorf("google kms public key %q lookup: %w", keyName, err)
+	}
+	block, _ := pem.Decode([]byte(resp.Pem))
+	if block == nil {
+		return common.Address{}, fmt.Errorf("google kms public key %q pem empty: %.130q", keyName, resp.Pem)
+	}
+	var info struct {
+		AlgID pkix.AlgorithmIdentifier
+		Key   asn1.BitString
+	}
+	_, err = asn1.Unmarshal(block.Bytes, &info)
+	if err != nil {
+		return common.Address{}, fmt.Errorf("google kms public key %q pem block %q: %v", keyName, block.Type, err)
+	}
+	wantAlg := asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}
+	if gotAlg := info.AlgID.Algorithm; !gotAlg.Equal(wantAlg) {
+		return common.Address{}, fmt.Errorf("google kms public key %q asn.1 algorithm %s intead of %s", keyName, gotAlg, wantAlg)
+	}
+	return pubKeyAddr(info.Key.Bytes), nil
+}
+// PubKeyAddr returns the Ethereum address for the (uncompressed) key bytes.
+func pubKeyAddr(bytes []byte) common.Address {
+	digest := crypto.Keccak256(bytes[1:])
+	var addr common.Address
+	copy(addr[:], digest[12:])
+	return addr
+}