[Merged by Bors] - Implement standard keystore API #2736
Conversation
michaelsproul
force-pushed
the
std-keymanager-api
branch
3 times, most recently
from
33d8645 to
3a1b030
Compare
|
I've added a draft implementation of the auth scheme described here: ethereum/beacon-APIs#151 (comment) There's a lot of discussion around the standard, so I'm going to step back from the impl until the dust settles a bit |
michaelsproul
force-pushed
the
std-keymanager-api
branch
from
79b6835 to
44e2df8
Compare
michaelsproul
force-pushed
the
std-keymanager-api
branch
from
19a9540 to
7bf70d5
Compare
|
This is almost ready for review! There's one FIXME remaining about returning the correct error status for the import/delete of web3signer validators. Other than that I'll be working on getting the API spec into the new repo: https://github.com/ethereum/keymanager-APIs, although I think we could merge something to We are currently divergent on the |
michaelsproul
force-pushed
the
std-keymanager-api
branch
from
fe46936 to
21037cf
Compare
michaelsproul
added
ready-for-review
|
This is finally ready for review! 🎉 CI should pass now that a Windows-specific issue has been addressed in 21037cf. |
|
I'm starting to review this! There's a conflict, FYI 🙂 |
michaelsproul
added
waiting-on-author
michaelsproul
added
ready-for-review
| } | ||
|
|
||
| #[derive(Debug, Clone, Copy, PartialEq, Eq, Deserialize, Serialize)] | ||
| #[serde(rename_all = "kebab-case")] |
There was a problem hiding this comment.
| #[serde(rename_all = "kebab-case")] |
I'm not sure, but it seems like we don't need this.
There was a problem hiding this comment.
Ah, this was just intended to lowercase the variants, so I've switched to rename_all = "lowercase" in 294d44b
| .find(|def| def.voting_public_key == pubkey) | ||
| { | ||
| if !def.signing_definition.is_local_keystore() { | ||
| return Err("cannot import duplicate of existing remote signer validator".into()); |
There was a problem hiding this comment.
I notice that an enabled = false validator might not appear in /list but they'll trigger this duplicate warning here. I don't see this as a significant issue and I assume there's going to be some edge-cases when meshing the standard API with our validator management.
There was a problem hiding this comment.
Yeah good point. I'm OK with the current behaviour, but yeah, might make sense to re-assess in future.
| let mut definitions_map = HashMap::new(); | ||
| for def in self.definitions.as_slice() { | ||
| for def in self.definitions.as_slice().iter().filter(|def| def.enabled) { |
There was a problem hiding this comment.
Hmm, it's interesting that we didn't previously filter enabled = false 🤔 I think it's definitely the right thing to do.
paulhauner
added
waiting-on-author
michaelsproul
added
ready-for-review
|
Thanks for the review @paulhauner! Will be great to get this out into a release I think I've addressed the review comments so this should be good to go 🤞 |
paulhauner
added
ready-for-merge
|
bors r+ |
## Issue Addressed Implements the standard key manager API from https://ethereum.github.io/keymanager-APIs/, formerly ethereum/beacon-APIs#151 Related to #2557 ## Proposed Changes - [x] Add all of the new endpoints from the standard API: GET, POST and DELETE. - [x] Add a `validators.enabled` column to the slashing protection database to support atomic disable + export. - [x] Add tests for all the common sequential accesses of the API - [x] Add tests for interactions with remote signer validators - [x] Add end-to-end tests for migration of validators from one VC to another - [x] Implement the authentication scheme from the standard (token bearer auth) ## Additional Info The `enabled` column in the validators SQL database is necessary to prevent a race condition when exporting slashing protection data. Without the slashing protection database having a way of knowing that a key has been disabled, a concurrent request to sign a message could insert a new record into the database. The `delete_concurrent_with_signing` test exercises this code path, and was indeed failing before the `enabled` column was added. The validator client authentication has been modified from basic auth to bearer auth, with basic auth preserved for backwards compatibility.
|
Pull request successfully merged into unstable. Build succeeded: |
bors
bot
changed the title
Issue Addressed
Implements the standard key manager API from https://ethereum.github.io/keymanager-APIs/, formerly ethereum/beacon-APIs#151
Related to #2557
Proposed Changes
validators.enabledcolumn to the slashing protection database to support atomic disable + export.Additional Info
The
enabledcolumn in the validators SQL database is necessary to prevent a race condition when exporting slashing protection data. Without the slashing protection database having a way of knowing that a key has been disabled, a concurrent request to sign a message could insert a new record into the database. Thedelete_concurrent_with_signingtest exercises this code path, and was indeed failing before theenabledcolumn was added.The validator client authentication has been modified from basic auth to bearer auth, with basic auth preserved for backwards compatibility.