AWS KMS block signing support and Rust 1.79 (#2051)

Closes #2043 Adds support for using AWS KMS to sign blocks. Updates Rust version to 1.79 as the currently used 1.75.0 is too old for the latest aws crates. ## Testing inside localstack ```bash localstack start -d awslocal kms create-key --key-usage SIGN_VERIFY --customer-master-key-spec ECC_SECG_P256K1 AWS_DEFAULT_REGION=us-east-1 AWS_ENDPOINT_URL='http://127.0.0.1:4566' AWS_ACCESS_KEY_ID=test AWS_SECRET_ACCESS_KEY=test cargo run --bin fuel-core -- run --consensus-aws-kms KEY_ARN_COMES_HERE --poa-interval-period 1s ```
FuelLabs · Aug 19, 2024 · 08f4637 · 08f4637
1 parent 2aa3463
commit 08f4637
Show file tree

Hide file tree

Showing 36 changed files with 993 additions and 174 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ env:
   AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-core
   AWS_ECR_ORG: q2z3y3a7
   CARGO_TERM_COLOR: always
-  RUST_VERSION: 1.75.0
+  RUST_VERSION: 1.79.0
   RUST_VERSION_FMT: nightly-2023-10-29
   RUST_VERSION_COV: nightly-2024-06-05
   RUSTFLAGS: -D warnings
@@ -180,9 +180,6 @@ jobs:
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
-        env:
-          RUSTFLAGS: -D warnings
-
   publish-crates-check:
     runs-on: buildjet-4vcpu-ubuntu-2204
     steps:
@@ -199,6 +196,43 @@ jobs:
           check-repo: false
           ignore-unpublished-changes: true
 
+  cargo-test-kms:
+    if: github.event.repository.fork == false
+    needs:
+      - cargo-verifications
+      - rustfmt
+      - check-changelog
+    runs-on: buildjet-4vcpu-ubuntu-2204
+    env:
+      RUSTFLAGS: -D warnings
+      FUEL_CORE_TEST_AWS_KMS_ARN: "arn:aws:kms:us-east-1:249945542445:key/mrk-e13c7118ce544f7da66294f6e87c8790"
+    timeout-minutes: 45
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Configure AWS credentials for integration testing
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::249945542445:role/github_oidc_FuelLabs_fuel-core
+          aws-region: us-east-1
+      - uses: actions/checkout@v3
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: ${{ env.RUST_VERSION }}
+      - uses: rui314/setup-mold@v1
+      - uses: buildjet/cache@v3
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            target/
+          key: cargo-test-kms-${{ hashFiles('**/Cargo.lock') }}
+      - name: Run integration tests for kms only
+        run: cargo test -p fuel-core-tests --features aws-kms -- kms
+
   publish-codecov:
     name: Publish code coverage report on GitHub pages branch
     runs-on: buildjet-4vcpu-ubuntu-2204

diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
@@ -16,7 +16,7 @@ defaults:
 env:
   # So cargo doesn't complain about unstable features
   RUSTC_BOOTSTRAP: 1
-  RUST_VERSION: 1.75.0
+  RUST_VERSION: 1.79.0
   PR_TITLE: Weekly `cargo update`
   PR_MESSAGE: |
     Automation to keep dependencies in `Cargo.lock` current.

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
+### Added
+- [2051](https://github.com/FuelLabs/fuel-core/pull/2051): Add support for AWS KMS signing for the PoA consensus module. The new key can be specified with `--consensus-aws-kms AWS_KEY_ARN`.
+
+### Changed
+
+#### Breaking
+- [2051](https://github.com/FuelLabs/fuel-core/pull/2051): Misdocumented `CONSENSUS_KEY` environ variable has been removed, use `CONSENSUS_KEY_SECRET` instead. Also raises MSRV to `1.79.0`.
+
 ## [Version 0.33.0]
 
 ### Added
@@ -21,7 +29,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - [2080](https://github.com/FuelLabs/fuel-core/pull/2080): Reject Upgrade txs with invalid wasm on txpool level.
 - [2082](https://github.com/FuelLabs/fuel-core/pull/2088): Move `TxPoolError` from `fuel-core-types` to `fuel-core-txpool`.
 - [2086](https://github.com/FuelLabs/fuel-core/pull/2086): Added support for PoA key rotation.
-- [2086](https://github.com/FuelLabs/fuel-core/pull/2086): Support overriding of the non consensus parameters in the chan config.
+- [2086](https://github.com/FuelLabs/fuel-core/pull/2086): Support overriding of the non consensus parameters in the chain config.
 
 ### Fixed