Skip to content

Commit

Permalink
fix: include OCR secrets as part of deployment.Environment
Browse files Browse the repository at this point in the history
There are many cases where a changeset requires access to the OCR secrets and because it is not accessible via `deployment.Environment`, users are left no choice but to pass secrets as config in a changesets.
By plumbing OCR secrets in `deployment.Environment`, user will no longer need to do the workaround.

Update code to use OCR secrets from the env instead of from requests.

JIRA: https://smartcontract-it.atlassian.net/browse/DPA-1357
  • Loading branch information
graham-chainlink committed Dec 5, 2024
1 parent 1bfd6e4 commit 52d99f7
Show file tree
Hide file tree
Showing 16 changed files with 55 additions and 60 deletions.
3 changes: 1 addition & 2 deletions core/scripts/keystone/src/88_gen_ocr3_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,8 @@ func mustReadConfig(fileName string) (output ksdeploy.TopLevelConfigSource) {
func generateOCR3Config(nodeList string, configFile string, chainID int64, pubKeysPath string) ksdeploy.OCR2OracleConfig {
topLevelCfg := mustReadConfig(configFile)
cfg := topLevelCfg.OracleConfig
cfg.OCRSecrets = deployment.XXXGenerateTestOCRSecrets()
nca := downloadNodePubKeys(nodeList, chainID, pubKeysPath)
c, err := ksdeploy.GenerateOCR3Config(cfg, nca)
c, err := ksdeploy.GenerateOCR3Config(cfg, nca, deployment.XXXGenerateTestOCRSecrets())
helpers.PanicErr(err)
return c
}
3 changes: 1 addition & 2 deletions deployment/ccip/changeset/cs_active_candidate.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,6 @@ func SetCandidatePluginChangeset(
state CCIPOnChainState,
e deployment.Environment,
nodes deployment.Nodes,
ocrSecrets deployment.OCRSecrets,
homeChainSel, feedChainSel, newChainSel uint64,
tokenConfig TokenConfig,
pluginType cctypes.PluginType,
Expand All @@ -80,7 +79,7 @@ func SetCandidatePluginChangeset(
nil,
)
newDONArgs, err := internal.BuildOCR3ConfigForCCIPHome(
ocrSecrets,
e.OCRSecrets,
state.Chains[newChainSel].OffRamp,
e.Chains[newChainSel],
nodes.NonBootstraps(),
Expand Down
2 changes: 1 addition & 1 deletion deployment/ccip/changeset/cs_active_candidate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ func TestActiveCandidate(t *testing.T) {
nil,
)
ocr3ConfigMap, err := internal.BuildOCR3ConfigForCCIPHome(
deployment.XXXGenerateTestOCRSecrets(),
e.OCRSecrets,
state.Chains[tenv.FeedChainSel].OffRamp,
e.Chains[tenv.FeedChainSel],
nodes.NonBootstraps(),
Expand Down
4 changes: 2 additions & 2 deletions deployment/ccip/changeset/cs_add_chain.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (

"github.com/smartcontractkit/chainlink-ccip/chainconfig"
"github.com/smartcontractkit/chainlink-ccip/pkg/types/ccipocr3"

"github.com/smartcontractkit/chainlink/deployment/ccip/changeset/internal"
"github.com/smartcontractkit/chainlink/deployment/common/proposalutils"
"github.com/smartcontractkit/chainlink/v2/core/capabilities/ccip/types"
Expand Down Expand Up @@ -116,7 +117,6 @@ func AddDonAndSetCandidateChangeset(
state CCIPOnChainState,
e deployment.Environment,
nodes deployment.Nodes,
ocrSecrets deployment.OCRSecrets,
homeChainSel, feedChainSel, newChainSel uint64,
tokenConfig TokenConfig,
pluginType types.PluginType,
Expand All @@ -128,7 +128,7 @@ func AddDonAndSetCandidateChangeset(
nil,
)
newDONArgs, err := internal.BuildOCR3ConfigForCCIPHome(
ocrSecrets,
e.OCRSecrets,
state.Chains[newChainSel].OffRamp,
e.Chains[newChainSel],
nodes.NonBootstraps(),
Expand Down
5 changes: 2 additions & 3 deletions deployment/ccip/changeset/cs_add_chain_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,6 @@ func TestAddChainInbound(t *testing.T) {
HomeChainSel: e.HomeChainSel,
FeedChainSel: e.FeedChainSel,
ChainConfigByChain: chainConfig,
OCRSecrets: deployment.XXXGenerateTestOCRSecrets(),
})
require.NoError(t, err)

Expand Down Expand Up @@ -174,12 +173,12 @@ func TestAddChainInbound(t *testing.T) {
//TestSendRequest(t, e.Env, state, initialDeploy[0], newChain, true)

t.Logf("Executing add don and set candidate proposal for commit plugin on chain %d", newChain)
addDonChangeset, err := AddDonAndSetCandidateChangeset(state, e.Env, nodes, deployment.XXXGenerateTestOCRSecrets(), e.HomeChainSel, e.FeedChainSel, newChain, tokenConfig, types.PluginTypeCCIPCommit)
addDonChangeset, err := AddDonAndSetCandidateChangeset(state, e.Env, nodes, e.HomeChainSel, e.FeedChainSel, newChain, tokenConfig, types.PluginTypeCCIPCommit)
require.NoError(t, err)
ProcessChangeset(t, e.Env, addDonChangeset)

t.Logf("Executing promote candidate proposal for exec plugin on chain %d", newChain)
setCandidateForExecChangeset, err := SetCandidatePluginChangeset(state, e.Env, nodes, deployment.XXXGenerateTestOCRSecrets(), e.HomeChainSel, e.FeedChainSel, newChain, tokenConfig, types.PluginTypeCCIPExec)
setCandidateForExecChangeset, err := SetCandidatePluginChangeset(state, e.Env, nodes, e.HomeChainSel, e.FeedChainSel, newChain, tokenConfig, types.PluginTypeCCIPExec)
require.NoError(t, err)
ProcessChangeset(t, e.Env, setCandidateForExecChangeset)

Expand Down
9 changes: 3 additions & 6 deletions deployment/ccip/changeset/cs_initial_add_chain.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"github.com/smartcontractkit/chainlink-common/pkg/config"
"github.com/smartcontractkit/chainlink-common/pkg/logger"
"github.com/smartcontractkit/chainlink-common/pkg/merklemulti"

"github.com/smartcontractkit/chainlink/deployment"
"github.com/smartcontractkit/chainlink/deployment/ccip/changeset/internal"
"github.com/smartcontractkit/chainlink/deployment/common/types"
Expand Down Expand Up @@ -75,7 +76,6 @@ type NewChainsConfig struct {
// Common to all chains
HomeChainSel uint64
FeedChainSel uint64
OCRSecrets deployment.OCRSecrets
// Per chain config
ChainConfigByChain map[uint64]CCIPOCRParams
}
Expand All @@ -95,9 +95,6 @@ func (c NewChainsConfig) Validate() error {
if err := deployment.IsValidChainSelector(c.FeedChainSel); err != nil {
return fmt.Errorf("invalid feed chain selector: %d - %w", c.FeedChainSel, err)
}
if c.OCRSecrets.IsEmpty() {
return fmt.Errorf("no OCR secrets provided")
}
// Validate chain config
for chain, cfg := range c.ChainConfigByChain {
if err := cfg.Validate(); err != nil {
Expand Down Expand Up @@ -165,7 +162,7 @@ func configureChain(
e deployment.Environment,
c NewChainsConfig,
) error {
if c.OCRSecrets.IsEmpty() {
if e.OCRSecrets.IsEmpty() {
return fmt.Errorf("OCR secrets are empty")
}
nodes, err := deployment.NodeInfo(e.NodeIDs, e.Offchain)
Expand Down Expand Up @@ -215,7 +212,7 @@ func configureChain(
// For each chain, we create a DON on the home chain (2 OCR instances)
if err := addDON(
e.Logger,
c.OCRSecrets,
e.OCRSecrets,
capReg,
ccipHome,
rmnHome.Address(),
Expand Down
1 change: 0 additions & 1 deletion deployment/ccip/changeset/test_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -372,7 +372,6 @@ func NewMemoryEnvironmentWithJobsAndContracts(t *testing.T, lggr logger.Logger,
Config: NewChainsConfig{
HomeChainSel: e.HomeChainSel,
FeedChainSel: e.FeedChainSel,
OCRSecrets: deployment.XXXGenerateTestOCRSecrets(),
ChainConfigByChain: chainConfigs,
},
},
Expand Down
1 change: 1 addition & 0 deletions deployment/common/changeset/test_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,7 @@ func ApplyChangesets(t *testing.T, e deployment.Environment, timelocksPerChain m
Chains: e.Chains,
NodeIDs: e.NodeIDs,
Offchain: e.Offchain,
OCRSecrets: e.OCRSecrets,
}
}
return currentEnv, nil
Expand Down
3 changes: 3 additions & 0 deletions deployment/environment.go
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ type Environment struct {
NodeIDs []string
Offchain OffchainClient
GetContext func() context.Context
OCRSecrets OCRSecrets
}

func NewEnvironment(
Expand All @@ -87,6 +88,7 @@ func NewEnvironment(
nodeIDs []string,
offchain OffchainClient,
ctx func() context.Context,
secrets OCRSecrets,
) *Environment {
return &Environment{
Name: name,
Expand All @@ -96,6 +98,7 @@ func NewEnvironment(
NodeIDs: nodeIDs,
Offchain: offchain,
GetContext: ctx,
OCRSecrets: secrets,
}
}

Expand Down
1 change: 1 addition & 0 deletions deployment/environment/devenv/environment.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,5 +52,6 @@ func NewEnvironment(ctx func() context.Context, lggr logger.Logger, config Envir
nodeIDs,
offChain,
ctx,
deployment.XXXGenerateTestOCRSecrets(),
), jd.don, nil
}
2 changes: 2 additions & 0 deletions deployment/environment/memory/environment.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ func NewMemoryEnvironmentFromChainsNodes(
nodeIDs, // Note these have the p2p_ prefix.
NewMemoryJobClient(nodes),
ctx,
deployment.XXXGenerateTestOCRSecrets(),
)
}

Expand All @@ -159,5 +160,6 @@ func NewMemoryEnvironment(t *testing.T, lggr logger.Logger, logLevel zapcore.Lev
nodeIDs,
NewMemoryJobClient(nodes),
func() context.Context { return tests.Context(t) },
deployment.XXXGenerateTestOCRSecrets(),
)
}
28 changes: 15 additions & 13 deletions deployment/keystone/deploy.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ type ConfigureContractsRequest struct {
RegistryChainSel uint64
Env *deployment.Environment

Dons []DonCapabilities // externally sourced based on the environment
OCR3Config *OracleConfigWithSecrets // TODO: probably should be a map of don to config; but currently we only have one wf don therefore one config
Dons []DonCapabilities // externally sourced based on the environment
OCR3Config *OracleConfig // TODO: probably should be a map of don to config; but currently we only have one wf don therefore one config

DoContractDeploy bool // if false, the contracts are assumed to be deployed and the address book is used
}
Expand Down Expand Up @@ -321,7 +321,7 @@ func ConfigureForwardContracts(env *deployment.Environment, dons []RegisteredDon
}

// ocr3 contract on the registry chain for the wf dons
func ConfigureOCR3Contract(env *deployment.Environment, chainSel uint64, dons []RegisteredDon, addrBook deployment.AddressBook, cfg *OracleConfigWithSecrets) error {
func ConfigureOCR3Contract(env *deployment.Environment, chainSel uint64, dons []RegisteredDon, addrBook deployment.AddressBook, cfg *OracleConfig) error {
registryChain, ok := env.Chains[chainSel]
if !ok {
return fmt.Errorf("chain %d not found in environment", chainSel)
Expand Down Expand Up @@ -350,10 +350,11 @@ func ConfigureOCR3Contract(env *deployment.Environment, chainSel uint64, dons []
}

_, err := configureOCR3contract(configureOCR3Request{
cfg: cfg,
chain: registryChain,
contract: contract,
nodes: don.Nodes,
cfg: cfg,
chain: registryChain,
contract: contract,
nodes: don.Nodes,
ocrSecrets: env.OCRSecrets,
})
if err != nil {
return fmt.Errorf("failed to configure OCR3 contract for don %s: %w", don.Name, err)
Expand All @@ -369,7 +370,7 @@ type ConfigureOCR3Resp struct {
type ConfigureOCR3Config struct {
ChainSel uint64
NodeIDs []string
OCR3Config *OracleConfigWithSecrets
OCR3Config *OracleConfig
DryRun bool
}

Expand Down Expand Up @@ -403,11 +404,12 @@ func ConfigureOCR3ContractFromJD(env *deployment.Environment, cfg ConfigureOCR3C
return nil, err
}
r, err := configureOCR3contract(configureOCR3Request{
cfg: cfg.OCR3Config,
chain: registryChain,
contract: contract,
nodes: nodes,
dryRun: cfg.DryRun,
cfg: cfg.OCR3Config,
chain: registryChain,
contract: contract,
nodes: nodes,
dryRun: cfg.DryRun,
ocrSecrets: env.OCRSecrets,
})
if err != nil {
return nil, err
Expand Down
15 changes: 5 additions & 10 deletions deployment/keystone/deploy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,11 +106,8 @@ func TestDeploy(t *testing.T) {
maps.Copy(allNodes, assetNodes)
env := memory.NewMemoryEnvironmentFromChainsNodes(func() context.Context { return ctx }, lggr, allChains, allNodes)

var ocr3Config = keystone.OracleConfigWithSecrets{
OracleConfig: keystone.OracleConfig{
MaxFaultyOracles: len(wfNodes) / 3,
},
OCRSecrets: deployment.XXXGenerateTestOCRSecrets(),
var ocr3Config = keystone.OracleConfig{
MaxFaultyOracles: len(wfNodes) / 3,
}

// explicitly deploy the contracts
Expand Down Expand Up @@ -291,6 +288,7 @@ func TestDeployCLO(t *testing.T) {
Offchain: clo.NewJobClient(lggr, clo.JobClientConfig{Nops: allNops}),
Chains: allChains,
Logger: lggr,
OCRSecrets: deployment.XXXGenerateTestOCRSecrets(),
}
// assume that all the nodes in the provided input nops are part of the don
for _, nop := range allNops {
Expand All @@ -303,11 +301,8 @@ func TestDeployCLO(t *testing.T) {
registryChainSel, err := chainsel.SelectorFromChainId(11155111)
require.NoError(t, err)

var ocr3Config = keystone.OracleConfigWithSecrets{
OracleConfig: keystone.OracleConfig{
MaxFaultyOracles: len(wfNops) / 3,
},
OCRSecrets: deployment.XXXGenerateTestOCRSecrets(),
var ocr3Config = keystone.OracleConfig{
MaxFaultyOracles: len(wfNops) / 3,
}

ctx := tests.Context(t)
Expand Down
28 changes: 13 additions & 15 deletions deployment/keystone/ocr3config.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,9 @@ import (
)

type TopLevelConfigSource struct {
OracleConfig OracleConfigWithSecrets
}
type OracleConfigWithSecrets struct {
OracleConfig
deployment.OCRSecrets `json:"-" toml:"-"` // don't spill secrets
OracleConfig OracleConfig
}

type OracleConfig struct {
MaxQueryLengthBytes uint32
MaxObservationLengthBytes uint32
Expand Down Expand Up @@ -107,10 +104,10 @@ func (c OCR2OracleConfig) MarshalJSON() ([]byte, error) {
return json.Marshal(alias)
}

func GenerateOCR3Config(cfg OracleConfigWithSecrets, nca []NodeKeys) (OCR2OracleConfig, error) {
func GenerateOCR3Config(cfg OracleConfig, nca []NodeKeys, secrets deployment.OCRSecrets) (OCR2OracleConfig, error) {
onchainPubKeys := [][]byte{}
allPubKeys := map[string]any{}
if cfg.OCRSecrets.IsEmpty() {
if secrets.IsEmpty() {
return OCR2OracleConfig{}, errors.New("OCRSecrets is required")
}
for _, n := range nca {
Expand Down Expand Up @@ -192,8 +189,8 @@ func GenerateOCR3Config(cfg OracleConfigWithSecrets, nca []NodeKeys) (OCR2Oracle
}

signers, transmitters, f, onchainConfig, offchainConfigVersion, offchainConfig, err := ocr3confighelper.ContractSetConfigArgsDeterministic(
cfg.EphemeralSk,
cfg.SharedSecret,
secrets.EphemeralSk,
secrets.SharedSecret,
time.Duration(cfg.DeltaProgressMillis)*time.Millisecond,
time.Duration(cfg.DeltaResendMillis)*time.Millisecond,
time.Duration(cfg.DeltaInitialMillis)*time.Millisecond,
Expand Down Expand Up @@ -240,16 +237,17 @@ func GenerateOCR3Config(cfg OracleConfigWithSecrets, nca []NodeKeys) (OCR2Oracle
}

type configureOCR3Request struct {
cfg *OracleConfigWithSecrets
chain deployment.Chain
contract *kocr3.OCR3Capability
nodes []deployment.Node
dryRun bool
cfg *OracleConfig
chain deployment.Chain
contract *kocr3.OCR3Capability
nodes []deployment.Node
dryRun bool
ocrSecrets deployment.OCRSecrets
}

func (r configureOCR3Request) generateOCR3Config() (OCR2OracleConfig, error) {
nks := makeNodeKeysSlice(r.nodes, r.chain.Selector)
return GenerateOCR3Config(*r.cfg, nks)
return GenerateOCR3Config(*r.cfg, nks, r.ocrSecrets)
}

type configureOCR3Response struct {
Expand Down
9 changes: 5 additions & 4 deletions deployment/keystone/ocr3config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,14 @@ import (

"github.com/ethereum/go-ethereum/common"
chain_selectors "github.com/smartcontractkit/chain-selectors"
"github.com/smartcontractkit/chainlink/deployment"
"github.com/smartcontractkit/chainlink/deployment/common/view"
"github.com/smartcontractkit/chainlink/v2/core/services/keystore/keys/p2pkey"
types2 "github.com/smartcontractkit/libocr/offchainreporting2/types"
"github.com/smartcontractkit/libocr/offchainreporting2plus/types"
types3 "github.com/smartcontractkit/libocr/offchainreporting2plus/types"
"github.com/test-go/testify/require"

"github.com/smartcontractkit/chainlink/deployment"
"github.com/smartcontractkit/chainlink/deployment/common/view"
"github.com/smartcontractkit/chainlink/v2/core/services/keystore/keys/p2pkey"
)

var wantOCR3Config = `{
Expand Down Expand Up @@ -85,7 +86,7 @@ func Test_configureOCR3Request_generateOCR3Config(t *testing.T) {
require.NoError(t, err)

r := configureOCR3Request{
cfg: &OracleConfigWithSecrets{OracleConfig: cfg, OCRSecrets: deployment.XXXGenerateTestOCRSecrets()},
cfg: &cfg,
nodes: nodes,
chain: deployment.Chain{
Selector: chain_selectors.ETHEREUM_TESTNET_SEPOLIA.Selector,
Expand Down
1 change: 0 additions & 1 deletion integration-tests/testsetups/ccip/test_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -244,7 +244,6 @@ func NewLocalDevEnvironment(
Config: changeset.NewChainsConfig{
HomeChainSel: homeChainSel,
FeedChainSel: feedSel,
OCRSecrets: deployment.XXXGenerateTestOCRSecrets(),
ChainConfigByChain: chainConfigs,
},
},
Expand Down

0 comments on commit 52d99f7

Please sign in to comment.