Azure secp bulk loading (#850)

CHANGELOG.md

@@ -1,13 +1,18 @@
 # Changelog
 
 ## Next release
+
+### Breaking Changes
+- Eth2 Azure command line option --azure-secrets-tags is now deprecated and is replaced with --azure-tags. The --azure-secrets-tags option will be removed in a future release.
+
 ### Features Added
 - Azure bulk mode support for loading multiline (`\n` delimited, up to 200) keys per secret.
 - Hashicorp connection properties can now override http protocol to HTTP/1.1 from the default of HTTP/2. [#817](https://github.com/ConsenSys/web3signer/pull/817)
 - Add --key-config-path as preferred alias to --key-store-path [#826](https://github.com/Consensys/web3signer/pull/826)
 - Add eth_signTransaction RPC method under the eth1 subcommand [#822](https://github.com/ConsenSys/web3signer/pull/822)
 - Add eth_sendTransaction RPC method under the eth1 subcommand [#835](https://github.com/Consensys/web3signer/pull/835)
 - Add EIP-1559 support for eth1 public transactions for eth_sendTransaction and eth_signTransaction [#836](https://github.com/Consensys/web3signer/pull/836)
+- Add Azure bulk loading for secp256k1 keys in eth1 mode [#850](https://github.com/Consensys/web3signer/pull/850)
 
 ### Bugs fixed
 - Support long name aliases in environment variables and YAML configuration [#825](https://github.com/Consensys/web3signer/pull/825)

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsConfigFileImpl.java

@@ -115,33 +115,6 @@ public List<String> createCmdLineParams() {
     if (signerConfig.getMode().equals("eth2")) {
       yamlConfig.append(createEth2SlashingProtectionArgs());
 
-      if (signerConfig.getAzureKeyVaultParameters().isPresent()) {
-        final AzureKeyVaultParameters azureParams = signerConfig.getAzureKeyVaultParameters().get();
-        yamlConfig.append(
-            String.format(YAML_BOOLEAN_FMT, "eth2.azure-vault-enabled", Boolean.TRUE));
-        yamlConfig.append(
-            String.format(
-                YAML_STRING_FMT,
-                "eth2.azure-vault-auth-mode",
-                azureParams.getAuthenticationMode().name()));
-        yamlConfig.append(
-            String.format(YAML_STRING_FMT, "eth2.azure-vault-name", azureParams.getKeyVaultName()));
-        yamlConfig.append(
-            String.format(YAML_STRING_FMT, "eth2.azure-client-id", azureParams.getClientId()));
-        yamlConfig.append(
-            String.format(
-                YAML_STRING_FMT, "eth2.azure-client-secret", azureParams.getClientSecret()));
-        yamlConfig.append(
-            String.format(YAML_STRING_FMT, "eth2.azure-tenant-id", azureParams.getTenantId()));
-
-        azureParams
-            .getTags()
-            .forEach(
-                (tagName, tagValue) ->
-                    yamlConfig.append(
-                        String.format(
-                            YAML_STRING_FMT, "eth2.azure-secrets-tags", tagName + "=" + tagValue)));
-      }
       if (signerConfig.getKeystoresParameters().isPresent()) {
         final KeystoresParameters keystoresParameters = signerConfig.getKeystoresParameters().get();
         yamlConfig.append(
@@ -181,6 +154,12 @@ public List<String> createCmdLineParams() {
       yamlConfig.append(createDownstreamTlsArgs());
     }
 
+    signerConfig
+        .getAzureKeyVaultParameters()
+        .ifPresent(
+            azureParams ->
+                yamlConfig.append(azureBulkLoadingOptions(signerConfig.getMode(), azureParams)));
+
     // create temporary config file
     try {
       final Path configFile = Files.createTempFile("web3signer_config", ".yaml");
@@ -196,6 +175,35 @@ public List<String> createCmdLineParams() {
     return params;
   }
 
+  private String azureBulkLoadingOptions(
+      final String mode, final AzureKeyVaultParameters azureParams) {
+    final StringBuilder yamlConfig = new StringBuilder();
+    yamlConfig.append(String.format(YAML_BOOLEAN_FMT, mode + ".azure-vault-enabled", Boolean.TRUE));
+    yamlConfig.append(
+        String.format(
+            YAML_STRING_FMT,
+            mode + ".azure-vault-auth-mode",
+            azureParams.getAuthenticationMode().name()));
+    yamlConfig.append(
+        String.format(YAML_STRING_FMT, mode + ".azure-vault-name", azureParams.getKeyVaultName()));
+    yamlConfig.append(
+        String.format(YAML_STRING_FMT, mode + ".azure-client-id", azureParams.getClientId()));
+    yamlConfig.append(
+        String.format(
+            YAML_STRING_FMT, mode + ".azure-client-secret", azureParams.getClientSecret()));
+    yamlConfig.append(
+        String.format(YAML_STRING_FMT, mode + ".azure-tenant-id", azureParams.getTenantId()));
+
+    azureParams
+        .getTags()
+        .forEach(
+            (tagName, tagValue) ->
+                yamlConfig.append(
+                    String.format(
+                        YAML_STRING_FMT, mode + ".azure-tags", tagName + "=" + tagValue)));
+    return yamlConfig.toString();
+  }
+
   private CommandArgs createSubCommandArgs() {
     final List<String> params = new ArrayList<>();
     final StringBuilder yamlConfig = new StringBuilder();

acceptance-tests/src/test/java/tech/pegasys/web3signer/dsl/signer/runner/CmdLineParamsDefaultImpl.java

@@ -99,26 +99,7 @@ public List<String> createCmdLineParams() {
       params.addAll(createEth2Args());
 
       if (signerConfig.getAzureKeyVaultParameters().isPresent()) {
-        final AzureKeyVaultParameters azureParams = signerConfig.getAzureKeyVaultParameters().get();
-        params.add("--azure-vault-enabled=true");
-        params.add("--azure-vault-auth-mode");
-        params.add(azureParams.getAuthenticationMode().name());
-        params.add("--azure-vault-name");
-        params.add(azureParams.getKeyVaultName());
-        params.add("--azure-client-id");
-        params.add(azureParams.getClientId());
-        params.add("--azure-client-secret");
-        params.add(azureParams.getClientSecret());
-        params.add("--azure-tenant-id");
-        params.add(azureParams.getTenantId());
-
-        azureParams
-            .getTags()
-            .forEach(
-                (tagName, tagValue) -> {
-                  params.add("--azure-secrets-tags");
-                  params.add(tagName + "=" + tagValue);
-                });
+        createAzureArgs(params);
       }
       if (signerConfig.getKeystoresParameters().isPresent()) {
         final KeystoresParameters keystoresParameters = signerConfig.getKeystoresParameters().get();
@@ -143,6 +124,10 @@ public List<String> createCmdLineParams() {
       params.add("--chain-id");
       params.add(Long.toString(signerConfig.getChainIdProvider().id()));
       params.addAll(createDownstreamTlsArgs());
+
+      if (signerConfig.getAzureKeyVaultParameters().isPresent()) {
+        createAzureArgs(params);
+      }
     }
 
     return params;
@@ -331,6 +316,29 @@ private Collection<String> awsBulkLoadingOptions(
     return params;
   }
 
+  private void createAzureArgs(final List<String> params) {
+    final AzureKeyVaultParameters azureParams = signerConfig.getAzureKeyVaultParameters().get();
+    params.add("--azure-vault-enabled=true");
+    params.add("--azure-vault-auth-mode");
+    params.add(azureParams.getAuthenticationMode().name());
+    params.add("--azure-vault-name");
+    params.add(azureParams.getKeyVaultName());
+    params.add("--azure-client-id");
+    params.add(azureParams.getClientId());
+    params.add("--azure-client-secret");
+    params.add(azureParams.getClientSecret());
+    params.add("--azure-tenant-id");
+    params.add(azureParams.getTenantId());
+
+    azureParams
+        .getTags()
+        .forEach(
+            (tagName, tagValue) -> {
+              params.add("--azure-tags");
+              params.add(tagName + "=" + tagValue);
+            });
+  }
+
   private List<String> createSubCommandArgs() {
     final List<String> params = new ArrayList<>();