Finalize Abacus key roles (#273)

pull/281/head
Nam Chu Hoai 3 years ago committed by GitHub
parent a34858b1be
commit 535fc17378
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 19
      rust/config/local/alfajores_config.json
  2. 19
      rust/config/local/fuji_config.json
  3. 19
      rust/config/local/kovan_config.json
  4. 19
      rust/config/local/mumbai_config.json
  5. 16
      typescript/deploy/src/agents/aws.ts
  6. 26
      typescript/deploy/src/agents/gcp.ts
  7. 56
      typescript/deploy/src/agents/index.ts
  8. 4
      typescript/deploy/src/core/CoreDeploy.ts

@ -1,23 +1,6 @@
{
"environment": "local",
"signers": {
"alfajores": {
"key": "",
"type": "hexKey"
},
"kovan": {
"key": "",
"type": "hexKey"
},
"fuji": {
"key": "",
"type": "hexKey"
},
"mumbai": {
"key": "",
"type": "hexKey"
}
},
"signers": {},
"replicas": {
"kovan": {
"address": "0x67d269191c92Caf3cD7723F116c85e6E9bf55933",

@ -1,23 +1,6 @@
{
"environment": "local",
"signers": {
"fuji": {
"key": "",
"type": "hexKey"
},
"alfajores": {
"key": "",
"type": "hexKey"
},
"kovan": {
"key": "",
"type": "hexKey"
},
"mumbai": {
"key": "",
"type": "hexKey"
}
},
"signers": {},
"replicas": {
"alfajores": {
"address": "0x0DCd1Bf9A1b36cE34237eEaFef220932846BCD82",

@ -1,23 +1,6 @@
{
"environment": "local",
"signers": {
"kovan": {
"key": "",
"type": "hexKey"
},
"alfajores": {
"key": "",
"type": "hexKey"
},
"fuji": {
"key": "",
"type": "hexKey"
},
"mumbai": {
"key": "",
"type": "hexKey"
}
},
"signers": {},
"replicas": {
"alfajores": {
"address": "0x610178dA211FEF7D417bC0e6FeD39F05609AD788",

@ -1,23 +1,6 @@
{
"environment": "local",
"signers": {
"mumbai": {
"key": "",
"type": "hexKey"
},
"alfajores": {
"key": "",
"type": "hexKey"
},
"kovan": {
"key": "",
"type": "hexKey"
},
"fuji": {
"key": "",
"type": "hexKey"
}
},
"signers": {},
"replicas": {
"alfajores": {
"address": "0x959922bE3CAee4b8Cd9a407cc3ac1C251C2007B1",

@ -1,4 +1,4 @@
import { getSecretAwsCredentials, KEY_ROLE_ENUM } from '../agents';
import { getSecretAwsCredentials } from '../agents';
import { AgentConfig } from '../../src/config/agent';
import {
CreateAliasCommand,
@ -60,19 +60,7 @@ export class AgentAwsKey extends AgentKey {
}
get identifier() {
// When testnet was deployed, we mixed up the attestation and
// signer keys, so we have to switch for this environment
// NB: The environment on GCP for testnet is "staging-community" for legacy
// reasons.
const adjustedRole =
this.environment === 'staging-community' &&
this.role === KEY_ROLE_ENUM.UpdaterAttestation
? KEY_ROLE_ENUM.UpdaterSigner
: this.environment === 'staging-community' &&
this.role === KEY_ROLE_ENUM.UpdaterSigner
? KEY_ROLE_ENUM.UpdaterAttestation
: this.role;
return `alias/${this.environment}-${this.chainName}-${adjustedRole}`;
return `alias/${this.environment}-${this.chainName}-${this.role}`;
}
get credentialsAsHelmValue() {

@ -1,13 +1,13 @@
import { Wallet } from 'ethers';
import { rm, writeFile } from 'fs/promises';
import { KEY_ROLES } from '../agents';
import { KEY_ROLES, KEY_ROLE_ENUM } from '../agents';
import { execCmd, include, strip0x } from '../utils/utils';
import { AgentKey } from './agent';
import { fetchGCPSecret } from '../utils/gcloud';
function isAttestationKey(role: string) {
return role.endsWith('attestation');
function isValidatorKey(role: string) {
return role === KEY_ROLE_ENUM.Validator;
}
// This is the type for how the keys are persisted in GCP
@ -27,7 +27,7 @@ interface KeyAsAddress {
}
function identifier(environment: string, role: string, chainName: string) {
return isAttestationKey(role)
return isValidatorKey(role)
? `optics-key-${environment}-${chainName}-${role}`
: `optics-key-${environment}-${role}`;
}
@ -63,7 +63,7 @@ export class AgentGCPKey extends AgentKey {
serializeAsAddress() {
this.requireFetched();
return {
role: isAttestationKey(this.role)
role: isValidatorKey(this.role)
? `${this.chainName}-${this.role}`
: this.role,
// @ts-ignore
@ -71,8 +71,8 @@ export class AgentGCPKey extends AgentKey {
};
}
get isAttestationKey() {
return isAttestationKey(this.role);
get isValidatorKey() {
return isValidatorKey(this.role);
}
get identifier() {
@ -87,7 +87,7 @@ export class AgentGCPKey extends AgentKey {
// The identifier for this key within a set of keys for an enrivonment
get memoryKeyIdentifier() {
return isAttestationKey(this.role)
return isValidatorKey(this.role)
? `${this.chainName}-${this.role}`
: this.role;
}
@ -140,7 +140,7 @@ export class AgentGCPKey extends AgentKey {
const fileName = `${identifier}.txt`;
let labels = `environment=${this.environment},role=${this.role}`;
if (this.isAttestationKey) labels += `,chain=${this.chainName}`;
if (this.isValidatorKey) labels += `,chain=${this.chainName}`;
await writeFile(
fileName,
@ -149,7 +149,7 @@ export class AgentGCPKey extends AgentKey {
environment: this.environment,
privateKey: wallet.privateKey,
address,
...include(this.isAttestationKey, { chainName: this.chainName }),
...include(this.isValidatorKey, { chainName: this.chainName }),
}),
);
@ -178,7 +178,7 @@ export async function deleteAgentGCPKeys(
) {
await Promise.all(
KEY_ROLES.map(async (role) => {
if (isAttestationKey(role)) {
if (isValidatorKey(role)) {
await Promise.all(
chainNames.map((chainName) => {
const key = new AgentGCPKey(environment, role, chainName);
@ -198,7 +198,7 @@ export async function deleteAgentGCPKeys(
// The identifier for a key within a memory representation
export function memoryKeyIdentifier(role: string, chainName: string) {
return isAttestationKey(role) ? `${chainName}-${role}` : role;
return isValidatorKey(role) ? `${chainName}-${role}` : role;
}
export async function createAgentGCPKeys(
@ -207,7 +207,7 @@ export async function createAgentGCPKeys(
) {
const keys: AgentGCPKey[] = await Promise.all(
KEY_ROLES.flatMap((role) => {
if (isAttestationKey(role)) {
if (isValidatorKey(role)) {
return chainNames.map(async (chainName) =>
AgentGCPKey.create(environment, role, chainName),
);

@ -8,23 +8,17 @@ import { fetchAgentGCPKeys } from './gcp';
import { AgentAwsKey } from './aws';
export enum KEY_ROLE_ENUM {
UpdaterAttestation = 'validator-attestation',
UpdaterSigner = 'validator-signer',
CheckpointerSigner = 'checkpointer-signer',
RelayerSigner = 'relayer-signer',
WatcherAttestation = 'watcher-attestation',
WatcherSigner = 'watcher-signer',
Validator = 'validator',
Checkpointer = 'checkpointer',
Relayer = 'relayer',
Deployer = 'deployer',
Bank = 'bank',
}
export const KEY_ROLES = [
'validator-attestation',
'validator-signer',
'checkpointer-signer',
'relayer-signer',
'watcher-attestation',
'watcher-signer',
'validator',
'checkpointer',
'relayer',
'deployer',
'bank',
];
@ -67,12 +61,8 @@ async function helmValuesForChain(
}),
validator: {
enabled: true,
transactionSigners: chains.map((chain) => ({
name: chain.name,
...credentials(KEY_ROLE_ENUM.UpdaterSigner),
})),
attestationSigner: {
...credentials(KEY_ROLE_ENUM.UpdaterAttestation),
...credentials(KEY_ROLE_ENUM.Validator),
},
reorg_period: chain.confirmations,
...include(!!agentConfig.validator?.interval, {
@ -86,17 +76,17 @@ async function helmValuesForChain(
enabled: true,
transactionSigners: chains.map((chain) => ({
name: chain.name,
...credentials(KEY_ROLE_ENUM.RelayerSigner),
...credentials(KEY_ROLE_ENUM.Relayer),
})),
...include(!!agentConfig.validator?.interval, {
pollingInterval: agentConfig.validator?.interval || '',
}),
},
processor: {
checkpointer: {
enabled: true,
transactionSigners: chains.map((chain) => ({
name: chain.name,
...credentials(KEY_ROLE_ENUM.CheckpointerSigner),
...credentials(KEY_ROLE_ENUM.Checkpointer),
})),
indexonly: agentConfig.processor?.indexOnly || [],
s3BucketName: agentConfig.processor?.s3Bucket || '',
@ -118,7 +108,6 @@ export async function getAgentEnvVars(
chains,
);
const envVars: string[] = [];
const chain = chains.find((_) => _.name === homeChainName)!;
const rpcEndpoints = await getSecretRpcEndpoints(agentConfig, chains);
envVars.push(`OPT_BASE_HOME_CONNECTION_URL=${rpcEndpoints[homeChainName]}`);
valueDict.optics.replicaChains.forEach((replicaChain: any) => {
@ -143,7 +132,9 @@ export async function getAgentEnvVars(
agentConfig.environment,
homeChainName,
);
// Signer keys
// Only checkpointer and relayer need to sign txs
if (role === KEY_ROLE_ENUM.Checkpointer || role === KEY_ROLE_ENUM.Relayer) {
chains.forEach((network) => {
envVars.push(
`OPT_BASE_SIGNERS_${network.name.toUpperCase()}_KEY=${strip0x(
@ -151,30 +142,29 @@ export async function getAgentEnvVars(
)}`,
);
});
// Updater attestation key
if (role.startsWith('validator')) {
} else if (role === KEY_ROLE_ENUM.Validator) {
envVars.push(
`OPT_BASE_VALIDATOR_KEY=${strip0x(
gcpKeys[homeChainName + '-' + KEY_ROLE_ENUM.UpdaterAttestation]
.privateKey,
gcpKeys[homeChainName + '-' + KEY_ROLE_ENUM.Validator].privateKey,
)}`,
`OPT_BASE_VALIDATOR_TYPE=hexKey`,
);
// Throw an error if the chain config did not specify the reorg period
if (valueDict.optics.validator.confirmations === undefined) {
if (valueDict.optics.validator.reorg_period === undefined) {
throw new Error(
`Panic: Chain config for ${homeChainName} did not specify a reorg period`,
);
}
envVars.push(
`OPT_VALIDATOR_REORGPERIOD=${chain.confirmations! - 1}`,
`OPT_VALIDATOR_REORGPERIOD=${
valueDict.optics.validator.reorg_period! - 1
}`,
`OPT_VALIDATOR_INTERVAL=${valueDict.optics.validator.pollingInterval}`,
);
}
if (role.startsWith('relayer')) {
if (role === KEY_ROLE_ENUM.Relayer) {
envVars.push(
`OPT_RELAYER_INTERVAL=${valueDict.optics.relayer.pollingInterval}`,
);
@ -191,7 +181,8 @@ export async function getAgentEnvVars(
envVars.push(`AWS_ACCESS_KEY_ID=${awsKeys.accessKeyId}`);
envVars.push(`AWS_SECRET_ACCESS_KEY=${awsKeys.secretAccessKey}`);
// Signers
// Only checkpointer and relayer need to sign txs
if (role === KEY_ROLE_ENUM.Checkpointer || role === KEY_ROLE_ENUM.Relayer) {
Object.keys(chains).forEach((network) => {
const key = new AgentAwsKey(agentConfig, role, network);
envVars.push(`OPT_BASE_SIGNERS_${network.toUpperCase()}_TYPE=aws`);
@ -206,9 +197,10 @@ export async function getAgentEnvVars(
}`,
);
});
}
// Validator attestation key
if (role.startsWith('validator')) {
if (role === KEY_ROLE_ENUM.Validator) {
const key = new AgentAwsKey(agentConfig, role, homeChainName);
envVars.push(`OPT_BASE_VALIDATOR_TYPE=aws`);
envVars.push(

@ -77,9 +77,7 @@ export class CoreDeploy extends CommonDeploy<CoreInstance, CoreConfig> {
const rustConfig: RustConfig = {
environment,
signers: {
[this.name(domain)]: { key: '', type: 'hexKey' },
},
signers: {},
replicas: {},
home: outbox,
tracing: {

Loading…
Cancel
Save