chore: add a new cognito tenant (#18635)

## Description This enables a new aws tenant for devnet for zklogin ## Test plan ``` # this runs a localnet from epoch 0 cargo build --bin sui RUST_LOG=info target/debug/sui start --force-regenesis --with-faucet # in different tab, this composes an auth url. this creates a deterministic way of getting JWT token with a deterministic nonce and ephemeral key with max epoch 10. Terminate this command. target/debug/sui keytool zk-login-sign-and-execute-tx --max-epoch 10 --network localnet --fixed Visit URL (AWS - Ambrus): https://ambrus.auth.us-east-1.amazoncognito.com/login?response_type=token&client_id=t1eouauaitlirg57nove8kvj8&redirect_uri=https://api.ambrus.studio/callback&nonce=hTPpgF7XAKbW37rEUS6pEVZqmoI # once you obtain the JWT token from redirect URL after id_token=xxxx (do not include the access_token), paste it to the following command (no need to change other params, this assumes you are using the fixed ephemeral key, the max epoch fixed at 10) target/debug/sui keytool zk-login-enter-token --parsed-token eyJraWQiOiJWSEFcL3ZZMWQyaDdYMzNEcFo2WkJEUmZuQ1NcL09JZ2lWN3RvQ2R4eUVVRFk9IiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoiZktkZ21iXzNOMW1KTGlWNFByRG9IUSIsInN1YiI6Ijc0YjhmNGI4LTYwNTEtNzAwNC0wOGUxLTNkNTQxOTE1MzExOCIsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX3FQc1p4WXFkOCIsImNvZ25pdG86dXNlcm5hbWUiOiJnaGZqc2tkIiwibm9uY2UiOiJoVFBwZ0Y3WEFLYlczN3JFVVM2cEVWWnFtb0kiLCJhdWQiOiJ0MWVvdWF1YWl0bGlyZzU3bm92ZThrdmo4IiwiZXZlbnRfaWQiOiI4NmFkNGZhOC1kN2U0LTQ1ZGUtOTI5My1mMWE0YjAzYzkxNTciLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTcyMDc5MTMzNiwiZXhwIjoxNzIwNzk0OTM2LCJpYXQiOjE3MjA3OTEzMzYsImp0aSI6ImEzM2U1OWM3LTA5ODAtNDk5ZC04YzQzLWEzZDY4NzM0YzI4MCIsImVtYWlsIjoibHVjaWVuQGFtYnJ1cy5zdHVkaW8ifQ.WmcTipaovAmGh9_095RbMZmiQom-rAeboxfWvQz9y5ym-wwMSCL63uwihrLtE1JVzOS_8Qk1dkTm_AoRSd4zIGxSCOUA3bHC3ekqOS5_McIfHfp6V0dLK67KmofKB7HzPFFY8tRh20jpVwcxVBpeuTojs3KFUJUIBFwwxe-pMz8--r62yzplv067sHL9UtoJ86KInQtJCceyk-EepuHisx7dFdspcyue2GpSvTCLYnkyjIJE5T6RUhldfAQOK0d6WNiBMq8MQgbsz8dOhpSWmZk-wa7uftMVZ0IG22MHqaqdaZxCwmmKbMTb3ACMG0dooVkAiclz8hxmP5IUHD4RcQ --max-epoch 10 --jwt-randomness 100681567828351849884072155819400689117 --kp-bigint 84029355920633174015103288781128426107680789454168570548782290541079926444544 --ephemeral-key-identifier 0xcc2196ee1fa156836daf9bb021d88d648a0023fa387e695d3701667a634a331f --network localnet ``` --- ## Release notes Check each box that your changes affect. If none of the boxes relate to your changes, release notes aren't required. For each box you select, include information after the relevant heading that describes the impact of your changes that a user might notice and any actions they must take to implement updates. - [ ] Protocol: - [ ] Nodes (Validators and Full nodes): - [ ] Indexer: - [ ] JSON-RPC: - [ ] GraphQL: - [ ] CLI: - [ ] Rust SDK:
MystenLabs · Jul 15, 2024 · 5c3ab8c · 5c3ab8c
1 parent bbbd374
commit 5c3ab8c
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/crates/sui-config/src/node.rs b/crates/sui-config/src/node.rs
@@ -234,6 +234,7 @@ pub fn default_zklogin_oauth_providers() -> BTreeMap<Chain, BTreeSet<String>> {
         "KarrierOne".to_string(),
         "Credenza3".to_string(),
         "AwsTenant-region:us-east-1-tenant_id:us-east-1_LPSLCkC3A".to_string(),
+        "AwsTenant-region:us-east-1-tenant_id:us-east-1_qPsZxYqd8".to_string(),
     ]);
     let providers = BTreeSet::from([
         "Google".to_string(),

diff --git a/crates/sui-swarm-config/tests/snapshots/snapshot_tests__network_config_snapshot_matches.snap b/crates/sui-swarm-config/tests/snapshots/snapshot_tests__network_config_snapshot_matches.snap
@@ -1,6 +1,5 @@
 ---
 source: crates/sui-swarm-config/tests/snapshot_tests.rs
-assertion_line: 151
 expression: network_config
 ---
 validator_configs:
@@ -109,6 +108,7 @@ validator_configs:
       Unknown:
         - Apple
         - "AwsTenant-region:us-east-1-tenant_id:us-east-1_LPSLCkC3A"
+        - "AwsTenant-region:us-east-1-tenant_id:us-east-1_qPsZxYqd8"
         - Credenza3
         - Facebook
         - Google
@@ -245,6 +245,7 @@ validator_configs:
       Unknown:
         - Apple
         - "AwsTenant-region:us-east-1-tenant_id:us-east-1_LPSLCkC3A"
+        - "AwsTenant-region:us-east-1-tenant_id:us-east-1_qPsZxYqd8"
         - Credenza3
         - Facebook
         - Google
@@ -381,6 +382,7 @@ validator_configs:
       Unknown:
         - Apple
         - "AwsTenant-region:us-east-1-tenant_id:us-east-1_LPSLCkC3A"
+        - "AwsTenant-region:us-east-1-tenant_id:us-east-1_qPsZxYqd8"
         - Credenza3
         - Facebook
         - Google
@@ -517,6 +519,7 @@ validator_configs:
       Unknown:
         - Apple
         - "AwsTenant-region:us-east-1-tenant_id:us-east-1_LPSLCkC3A"
+        - "AwsTenant-region:us-east-1-tenant_id:us-east-1_qPsZxYqd8"
         - Credenza3
         - Facebook
         - Google
@@ -653,6 +656,7 @@ validator_configs:
       Unknown:
         - Apple
         - "AwsTenant-region:us-east-1-tenant_id:us-east-1_LPSLCkC3A"
+        - "AwsTenant-region:us-east-1-tenant_id:us-east-1_qPsZxYqd8"
         - Credenza3
         - Facebook
         - Google
@@ -789,6 +793,7 @@ validator_configs:
       Unknown:
         - Apple
         - "AwsTenant-region:us-east-1-tenant_id:us-east-1_LPSLCkC3A"
+        - "AwsTenant-region:us-east-1-tenant_id:us-east-1_qPsZxYqd8"
         - Credenza3
         - Facebook
         - Google
@@ -925,6 +930,7 @@ validator_configs:
       Unknown:
         - Apple
         - "AwsTenant-region:us-east-1-tenant_id:us-east-1_LPSLCkC3A"
+        - "AwsTenant-region:us-east-1-tenant_id:us-east-1_qPsZxYqd8"
         - Credenza3
         - Facebook
         - Google

diff --git a/crates/sui/src/keytool.rs b/crates/sui/src/keytool.rs
@@ -1106,6 +1106,14 @@ impl KeyToolCommand {
                     "https://example.com/callback",
                     &jwt_randomness,
                 )?;
+                let url_13 = get_oidc_url(
+                    OIDCProvider::AwsTenant(("us-east-1".to_string(), "ambrus".to_string())),
+                    &eph_pk_bytes,
+                    max_epoch,
+                    "t1eouauaitlirg57nove8kvj8",
+                    "https://api.ambrus.studio/callback",
+                    &jwt_randomness,
+                )?;
                 println!("Visit URL (Google): {url}");
                 println!("Visit URL (Twitch): {url_2}");
                 println!("Visit URL (Facebook): {url_3}");
@@ -1119,6 +1127,7 @@ impl KeyToolCommand {
                 println!("Visit URL (Microsoft): {url_10}");
                 println!("Visit URL (KarrierOne): {url_11}");
                 println!("Visit URL (Credenza3): {url_12}");
+                println!("Visit URL (AWS - Ambrus): {url_13}");
 
                 println!("Finish login and paste the entire URL here (e.g. https://sui.io/#id_token=...):");