Open amane-c opened 1 year ago
In the case of using AWS KMS,
Delete Ethereum Account is not implemented as soft deletion, but schedule hard deletion. https://consensys.github.io/quorum-key-manager/#tag/Ethereum/paths/~1stores~1%7BstoreName%7D~1ethereum~1%7Baddress%7D/delete
Destroy Ethereum Account ignores hard deletion and only removes the entry in the database. https://consensys.github.io/quorum-key-manager/#tag/Ethereum/paths/~1stores~1%7BstoreName%7D~1ethereum~1%7Baddress%7D~1destroy/delete
We are using main(d509f52d9ab3d6476327415a6d276f4e570b50e2) version of QKM and AWS KMS configuration.
Actual result
To find ScheduleKeyDeletion
Expected result
To find DisableKey
In the following part, soft deletion("DeleteKey()") uses "ScheduleKeyDeletion". https://github.com/ConsenSys/quorum-key-manager/blob/d509f52d9ab3d6476327415a6d276f4e570b50e2/src/infra/aws/client/kms.go#L143
But, ScheduleKeyDeletion is a destructive operation, not soft deletion. "DeleteKey()" should use "DisableKey". https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html
In addition, "Destroy()" should be implemented as the current implementation of "Delete()". The following part ignores the deletion operation. https://github.com/ConsenSys/quorum-key-manager/blob/d509f52d9ab3d6476327415a6d276f4e570b50e2/src/stores/store/keys/aws/aws.go#L230
Describe the bug
In the case of using AWS KMS,
Delete Ethereum Account is not implemented as soft deletion, but schedule hard deletion. https://consensys.github.io/quorum-key-manager/#tag/Ethereum/paths/~1stores~1%7BstoreName%7D~1ethereum~1%7Baddress%7D/delete
Destroy Ethereum Account ignores hard deletion and only removes the entry in the database. https://consensys.github.io/quorum-key-manager/#tag/Ethereum/paths/~1stores~1%7BstoreName%7D~1ethereum~1%7Baddress%7D~1destroy/delete
Configuration
We are using main(d509f52d9ab3d6476327415a6d276f4e570b50e2) version of QKM and AWS KMS configuration.
Steps to reproduce
Actual result
To find ScheduleKeyDeletion
Expected result
To find DisableKey
Additional context
In the following part, soft deletion("DeleteKey()") uses "ScheduleKeyDeletion". https://github.com/ConsenSys/quorum-key-manager/blob/d509f52d9ab3d6476327415a6d276f4e570b50e2/src/infra/aws/client/kms.go#L143
But, ScheduleKeyDeletion is a destructive operation, not soft deletion. "DeleteKey()" should use "DisableKey". https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html
In addition, "Destroy()" should be implemented as the current implementation of "Delete()". The following part ignores the deletion operation. https://github.com/ConsenSys/quorum-key-manager/blob/d509f52d9ab3d6476327415a6d276f4e570b50e2/src/stores/store/keys/aws/aws.go#L230