From 2ace7b404baf57d406b5741d19440a5b0e35bb17 Mon Sep 17 00:00:00 2001 From: Nick Santana Date: Mon, 16 Oct 2023 15:20:11 -0700 Subject: [PATCH] Remove IAS SPID and IAS API KEY (#3615) The IAS SPID and API KEY were used to talk to an IAS server. DCAP does not use IAS so there is no need to keep these values around. --- ...lecoin-workflow-dev-setup-environment.yaml | 25 ------------------- .internal-ci/docker/entrypoints/node_hw.sh | 4 --- .../node_hw/bin/wrapper-consensus-service.sh | 2 -- .../templates/node-deployment.yaml | 2 -- .internal-ci/helm/consensus-node/values.yaml | 3 --- .internal-ci/helm/fog-ingest/README.md | 15 ----------- .../templates/fog-ingest-statefulset.yaml | 2 -- .../supervisord-fog-ingest-configmap.yaml | 2 -- .internal-ci/helm/fog-services/README.md | 15 ----------- .../fog-ledger-fogshardrangegenerator.yaml | 4 --- .../fog-view-fogshardrangegenerator.yaml | 4 --- ...pervisord-fog-ledger-router-configmap.yaml | 2 -- ...upervisord-fog-ledger-store-configmap.yaml | 2 -- .../supervisord-fog-view-store-configmap.yaml | 2 -- .../templates/ias-secret.yaml | 13 ---------- .../helm/mc-core-common-config/values.yaml | 4 --- .../helm/watcher/templates/_helpers.tpl | 11 -------- .internal-ci/util/generate_dev_values.sh | 25 ------------------- consensus/service/README.md | 11 -------- consensus/service/config/src/lib.rs | 13 ---------- .../service/src/api/client_api_service.rs | 2 -- deploy/03-node1.yaml | 12 --------- deploy/03-node2.yaml | 14 ----------- deploy/03-node3.yaml | 12 --------- deploy/03-node4.yaml | 12 --------- deploy/03-node5.yaml | 12 --------- deploy/generate-manifests | 4 --- fog/ingest/server/src/bin/main.rs | 1 - fog/ingest/server/src/config.rs | 10 -------- fog/ingest/server/src/server.rs | 4 --- fog/ingest/server/test-utils/src/lib.rs | 1 - fog/ledger/server/src/config.rs | 17 ------------- fog/ledger/server/tests/router_connection.rs | 14 ----------- fog/ledger/server/tests/router_integration.rs | 4 --- fog/ledger/server/tests/store.rs | 2 -- fog/load_testing/README.md | 2 +- fog/load_testing/src/bin/ingest.rs | 18 ------------- fog/report/cli/src/main.rs | 4 +-- fog/report/validation/test-utils/README.md | 2 +- fog/report/validation/test-utils/src/lib.rs | 2 +- fog/view/server/src/config.rs | 17 ------------- fog/view/server/test-utils/src/lib.rs | 6 ----- tools/fog-local-network/README.md | 3 --- tools/fog-local-network/local_fog.py | 21 +++------------- tools/local-network/README.md | 5 ---- tools/local-network/local_network.py | 4 --- 46 files changed, 9 insertions(+), 357 deletions(-) delete mode 100644 .internal-ci/helm/mc-core-common-config/templates/ias-secret.yaml diff --git a/.github/workflows/mobilecoin-workflow-dev-setup-environment.yaml b/.github/workflows/mobilecoin-workflow-dev-setup-environment.yaml index 73b0e9d1ea..28eabb300f 100644 --- a/.github/workflows/mobilecoin-workflow-dev-setup-environment.yaml +++ b/.github/workflows/mobilecoin-workflow-dev-setup-environment.yaml @@ -34,12 +34,6 @@ on: DEV_FOG_REPORT_SIGNING_CERT_KEY: description: "Fog Report signing cert key" required: true - DEV_IAS_KEY: - description: "IAS" - required: true - DEV_IAS_SPID: - description: "IAS" - required: true DEV_KEYS_SEED_FOG: description: "static wallet seed" required: true @@ -103,24 +97,12 @@ on: IP_INFO_TOKEN: description: "ipinfo.io token for authenticated access" required: true - MAIN_IAS_KEY: - description: "MainNet IAS" - required: true - MAIN_IAS_SPID: - description: "MainNet IAS" - required: true MAIN_TOKENS_CONFIG_V1_JSON: description: "MainNet signed tokens config json" required: true MAIN_TOKENS_CONFIG_V2_JSON: description: "MainNet signed tokens config json" required: true - TEST_IAS_KEY: - description: "TestNet IAS" - required: true - TEST_IAS_SPID: - description: "TestNet IAS" - required: true TEST_TOKENS_CONFIG_V1_JSON: description: "TestNet signed tokens config json" required: true @@ -224,15 +206,8 @@ jobs: # We're only deploying to the dev cluster here. # We want to still point at dev values for buckets and certs. - # We need "production" IAS creds to start up test/main enclaves. - name: Generate environment values file env: - DEV_IAS_KEY: ${{ secrets.DEV_IAS_KEY }} - DEV_IAS_SPID: ${{ secrets.DEV_IAS_SPID }} - MAIN_IAS_KEY: ${{ secrets.MAIN_IAS_KEY }} - MAIN_IAS_SPID: ${{ secrets.MAIN_IAS_SPID }} - TEST_IAS_KEY: ${{ secrets.TEST_IAS_KEY }} - TEST_IAS_SPID: ${{ secrets.TEST_IAS_SPID }} LEDGER_AWS_ACCESS_KEY_ID: ${{ secrets.DEV_LEDGER_AWS_ACCESS_KEY_ID }} LEDGER_AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_LEDGER_AWS_SECRET_ACCESS_KEY }} FOG_REPORT_SIGNING_CERT: ${{ secrets.DEV_FOG_REPORT_SIGNING_CERT }} diff --git a/.internal-ci/docker/entrypoints/node_hw.sh b/.internal-ci/docker/entrypoints/node_hw.sh index 99ed307cd6..0bf71dbc27 100755 --- a/.internal-ci/docker/entrypoints/node_hw.sh +++ b/.internal-ci/docker/entrypoints/node_hw.sh @@ -18,8 +18,6 @@ # MC_CLIENT_RESPONDER_ID - fully qualified name:port that fronts the client port # example client1.test.mobilecoin.com:443 # MC_MSG_SIGNER_KEY - private key for signing messages -# MC_IAS_API_KEY - Intel IAS API key -# MC_IAS_SPID - Intel IAS spid # Optional Vars consensus-service # MC_TX_SOURCE_URL - http url to retrieve archive (s3) blocks for node @@ -105,8 +103,6 @@ then is_set MC_PEER_RESPONDER_ID is_set MC_CLIENT_RESPONDER_ID is_set MC_MSG_SIGNER_KEY - is_set MC_IAS_API_KEY - is_set MC_IAS_SPID is_set MC_DEST is_set AWS_ACCESS_KEY_ID is_set AWS_SECRET_ACCESS_KEY diff --git a/.internal-ci/docker/support/node_hw/bin/wrapper-consensus-service.sh b/.internal-ci/docker/support/node_hw/bin/wrapper-consensus-service.sh index d3596fc6cb..0f91f1e1c7 100755 --- a/.internal-ci/docker/support/node_hw/bin/wrapper-consensus-service.sh +++ b/.internal-ci/docker/support/node_hw/bin/wrapper-consensus-service.sh @@ -28,8 +28,6 @@ is_set MC_BRANCH is_set MC_PEER_RESPONDER_ID is_set MC_CLIENT_RESPONDER_ID is_set MC_MSG_SIGNER_KEY -is_set MC_IAS_API_KEY -is_set MC_IAS_SPID # Default vars export MC_PEER_LISTEN_URI=${MC_PEER_LISTEN_URI:-"insecure-mcp://0.0.0.0:8443/"} diff --git a/.internal-ci/helm/consensus-node/templates/node-deployment.yaml b/.internal-ci/helm/consensus-node/templates/node-deployment.yaml index ae9d019b14..e02d7cd5ef 100644 --- a/.internal-ci/helm/consensus-node/templates/node-deployment.yaml +++ b/.internal-ci/helm/consensus-node/templates/node-deployment.yaml @@ -97,8 +97,6 @@ spec: name: {{ include "consensusNode.ledgerDistribution.secret.name" . }} - secretRef: name: {{ include "consensusNode.msgSignerKey.secret.name" . }} - - secretRef: - name: ias - configMapRef: name: {{ include "consensusNode.nodeConfig.configMap.name" . }} - secretRef: diff --git a/.internal-ci/helm/consensus-node/values.yaml b/.internal-ci/helm/consensus-node/values.yaml index 94a1ae6712..90eba0083d 100644 --- a/.internal-ci/helm/consensus-node/values.yaml +++ b/.internal-ci/helm/consensus-node/values.yaml @@ -53,9 +53,6 @@ mcCoreCommonConfig: enabled: false # clientAuth: # token: '' - # ias: - # key: '' - # spid: '' # mobileCoinNetwork: # network: '' # partner: '' diff --git a/.internal-ci/helm/fog-ingest/README.md b/.internal-ci/helm/fog-ingest/README.md index ad28658506..62307f8fba 100644 --- a/.internal-ci/helm/fog-ingest/README.md +++ b/.internal-ci/helm/fog-ingest/README.md @@ -24,21 +24,6 @@ The peer list generation happens when the chart is generated. In order to scale Configure a `values.yaml` file or pre-populate your namespace with the following ConfigMaps and Secrets. -- `ias` - - Intel spid and primary or secondary key. - - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: ias - type: Opaque - stringData: - key: - spid: - ``` - - `sentry` Sentry service alert and error monitoring diff --git a/.internal-ci/helm/fog-ingest/templates/fog-ingest-statefulset.yaml b/.internal-ci/helm/fog-ingest/templates/fog-ingest-statefulset.yaml index ecb9e6cc77..545c0d644f 100644 --- a/.internal-ci/helm/fog-ingest/templates/fog-ingest-statefulset.yaml +++ b/.internal-ci/helm/fog-ingest/templates/fog-ingest-statefulset.yaml @@ -67,8 +67,6 @@ spec: envFrom: - configMapRef: name: fog-ingest - - secretRef: - name: ias - secretRef: name: ipinfo optional: true diff --git a/.internal-ci/helm/fog-ingest/templates/supervisord-fog-ingest-configmap.yaml b/.internal-ci/helm/fog-ingest/templates/supervisord-fog-ingest-configmap.yaml index 92d9cbd92c..547fde1d77 100644 --- a/.internal-ci/helm/fog-ingest/templates/supervisord-fog-ingest-configmap.yaml +++ b/.internal-ci/helm/fog-ingest/templates/supervisord-fog-ingest-configmap.yaml @@ -14,8 +14,6 @@ data: --pubkey-expiry-window %(ENV_FOG_PUBKEY_EXPIRY_WINDOW)s --peers {{ include "fogIngest.peerURLs" . }} --local-node-id %(ENV_LOCAL_NODE_ID)s - --ias-spid %(ENV_IAS_SPID)s - --ias-api-key %(ENV_IAS_API_KEY)s --ledger-db /fog-data/ledger --watcher-db /fog-data/watcher --client-listen-uri insecure-fog-ingest://0.0.0.0:3226/ diff --git a/.internal-ci/helm/fog-services/README.md b/.internal-ci/helm/fog-services/README.md index 2d3f41f9ae..2274e7c541 100644 --- a/.internal-ci/helm/fog-services/README.md +++ b/.internal-ci/helm/fog-services/README.md @@ -26,21 +26,6 @@ Configure a `values.yaml` file or pre-populate your namespace with the following network: testnet ``` -- `ias` - - Intel spid and primary or secondary key. - - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: ias - type: Opaque - stringData: - key: - spid: - ``` - - `sentry` Sentry service alert and error monitoring diff --git a/.internal-ci/helm/fog-services/templates/fog-ledger-fogshardrangegenerator.yaml b/.internal-ci/helm/fog-services/templates/fog-ledger-fogshardrangegenerator.yaml index 18f2fa8fd8..093131753a 100644 --- a/.internal-ci/helm/fog-services/templates/fog-ledger-fogshardrangegenerator.yaml +++ b/.internal-ci/helm/fog-services/templates/fog-ledger-fogshardrangegenerator.yaml @@ -102,8 +102,6 @@ spec: - name: mgmt-http containerPort: 8000 envFrom: - - secretRef: - name: ias - configMapRef: # This is installed from the fog-services-config chart or Terraform name: fog-ledger @@ -349,8 +347,6 @@ spec: - name: mgmt-http containerPort: 8000 envFrom: - - secretRef: - name: ias - configMapRef: # Configmap is created by fog-services chart, or Terraform name: fog-ledger diff --git a/.internal-ci/helm/fog-services/templates/fog-view-fogshardrangegenerator.yaml b/.internal-ci/helm/fog-services/templates/fog-view-fogshardrangegenerator.yaml index 9659074850..3960dbb289 100644 --- a/.internal-ci/helm/fog-services/templates/fog-view-fogshardrangegenerator.yaml +++ b/.internal-ci/helm/fog-services/templates/fog-view-fogshardrangegenerator.yaml @@ -113,8 +113,6 @@ spec: - configMapRef: # This is pre-installed from the fog-services-config chart or Terraform name: fog-view - - secretRef: - name: ias startupProbe: grpc: port: 3225 @@ -304,8 +302,6 @@ spec: envFrom: - configMapRef: name: fog-view - - secretRef: - name: ias env: - name: RUST_BACKTRACE value: {{ $.Values.fogView.rust.backtrace | quote }} diff --git a/.internal-ci/helm/fog-services/templates/supervisord-fog-ledger-router-configmap.yaml b/.internal-ci/helm/fog-services/templates/supervisord-fog-ledger-router-configmap.yaml index 1ae8f76a89..0f445d4242 100644 --- a/.internal-ci/helm/fog-services/templates/supervisord-fog-ledger-router-configmap.yaml +++ b/.internal-ci/helm/fog-services/templates/supervisord-fog-ledger-router-configmap.yaml @@ -19,8 +19,6 @@ data: --client-auth-token-secret "%(ENV_CLIENT_AUTH_TOKEN_SECRET)s" --client-auth-token-max-lifetime 31536000 {{- end }} - --ias-spid %(ENV_IAS_SPID)s - --ias-api-key %(ENV_IAS_API_KEY)s --admin-listen-uri insecure-mca://127.0.0.1:8001/ stdout_logfile=/dev/fd/1 diff --git a/.internal-ci/helm/fog-services/templates/supervisord-fog-ledger-store-configmap.yaml b/.internal-ci/helm/fog-services/templates/supervisord-fog-ledger-store-configmap.yaml index 79672f805a..5d24a176b3 100644 --- a/.internal-ci/helm/fog-services/templates/supervisord-fog-ledger-store-configmap.yaml +++ b/.internal-ci/helm/fog-services/templates/supervisord-fog-ledger-store-configmap.yaml @@ -15,8 +15,6 @@ data: --watcher-db /fog-data/watcher --client-responder-id "%(ENV_HOSTNAME)s.{{ include "fogServices.fullname" . }}-fog-ledger-store.{{ .Release.Namespace }}.svc.cluster.local:3228" --client-listen-uri insecure-key-image-store://0.0.0.0:3228/?responder-id="%(ENV_HOSTNAME)s.{{ include "fogServices.fullname" . }}-fog-ledger-store.{{ .Release.Namespace }}.svc.cluster.local:3228" - --ias-spid %(ENV_IAS_SPID)s - --ias-api-key %(ENV_IAS_API_KEY)s --admin-listen-uri insecure-mca://127.0.0.1:8001/ stdout_logfile=/dev/fd/1 diff --git a/.internal-ci/helm/fog-services/templates/supervisord-fog-view-store-configmap.yaml b/.internal-ci/helm/fog-services/templates/supervisord-fog-view-store-configmap.yaml index b97d3c2fc6..bcda7d8712 100644 --- a/.internal-ci/helm/fog-services/templates/supervisord-fog-view-store-configmap.yaml +++ b/.internal-ci/helm/fog-services/templates/supervisord-fog-view-store-configmap.yaml @@ -13,8 +13,6 @@ data: command=/usr/bin/fog_view_server --client-listen-uri insecure-fog-view-store://0.0.0.0:3225/?responder-id=%(ENV_HOSTNAME)s.{{ include "fogServices.fullname" . }}-fog-view-store.{{ .Release.Namespace }}:3225 --client-responder-id "%(ENV_HOSTNAME)s.{{ include "fogServices.fullname" . }}-fog-view-store.{{ .Release.Namespace }}:3225" - --ias-spid %(ENV_IAS_SPID)s - --ias-api-key %(ENV_IAS_API_KEY)s --admin-listen-uri insecure-mca://127.0.0.1:8001/ stdout_logfile=/dev/fd/1 diff --git a/.internal-ci/helm/mc-core-common-config/templates/ias-secret.yaml b/.internal-ci/helm/mc-core-common-config/templates/ias-secret.yaml deleted file mode 100644 index 0763296f3f..0000000000 --- a/.internal-ci/helm/mc-core-common-config/templates/ias-secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright (c) 2018-2022 The MobileCoin Foundation -apiVersion: v1 -kind: Secret -metadata: - name: ias - labels: - {{- include "mcCoreCommonConfig.labels" . | nindent 4 }} -type: Opaque -stringData: - IAS_API_KEY: {{ .Values.ias.key | quote }} - IAS_SPID: {{ .Values.ias.spid | quote }} - MC_IAS_API_KEY: {{ .Values.ias.key | quote }} - MC_IAS_SPID: {{ .Values.ias.spid | quote }} diff --git a/.internal-ci/helm/mc-core-common-config/values.yaml b/.internal-ci/helm/mc-core-common-config/values.yaml index 562a2d14e8..c1039b97d4 100644 --- a/.internal-ci/helm/mc-core-common-config/values.yaml +++ b/.internal-ci/helm/mc-core-common-config/values.yaml @@ -2,10 +2,6 @@ clientAuth: token: '' -ias: - key: '' - spid: '' - mobileCoinNetwork: network: '' partner: '' diff --git a/.internal-ci/helm/watcher/templates/_helpers.tpl b/.internal-ci/helm/watcher/templates/_helpers.tpl index ff62dc89dc..62f22d1425 100644 --- a/.internal-ci/helm/watcher/templates/_helpers.tpl +++ b/.internal-ci/helm/watcher/templates/_helpers.tpl @@ -63,17 +63,6 @@ Create the name of the service account to use {{- end }} {{- end }} -{{/* -IAS Secret Name -*/}} -{{- define "chart.iasSecretName" -}} - {{- if .Values.ias.secret.external }} - {{- .Values.ias.secret.name }} - {{- else }} - {{- include "chart.fullname" . }}-{{ .Values.ias.secret.name }} - {{- end }} -{{- end }} - {{/* Sentry ConfigMap Name */}} diff --git a/.internal-ci/util/generate_dev_values.sh b/.internal-ci/util/generate_dev_values.sh index 6781e9a960..5248fab843 100755 --- a/.internal-ci/util/generate_dev_values.sh +++ b/.internal-ci/util/generate_dev_values.sh @@ -31,28 +31,6 @@ then tokens_signed_json=$(cat "${TOKENS_PATH}") fi -echo "Get config for network based semver tag" >&2 -network=$(get_network_tier "${1}") -case "${network}" in - test) - IAS_KEY=${TEST_IAS_KEY} - IAS_SPID=${TEST_IAS_SPID} - ;; - main) - IAS_KEY=${MAIN_IAS_KEY} - IAS_SPID=${MAIN_IAS_SPID} - ;; - dev) - IAS_KEY=${DEV_IAS_KEY} - IAS_SPID=${DEV_IAS_SPID} - ;; - *) - echo "ERROR: Unknown network ${network}" - exit 1; - ;; -esac - - cat << EOF global: node: @@ -76,9 +54,6 @@ $(echo -n "${tokens_signed_json}" | sed 's/^/ /') mcCoreCommonConfig: ipinfo: token: '${IP_INFO_TOKEN}' - ias: - key: '${IAS_KEY}' - spid: '${IAS_SPID}' clientAuth: token: '${CLIENT_AUTH_TOKEN}' sentry: diff --git a/consensus/service/README.md b/consensus/service/README.md index 2a131ce838..6a935e2060 100644 --- a/consensus/service/README.md +++ b/consensus/service/README.md @@ -47,15 +47,6 @@ Follow the steps below: '{"threshold":3,"members":[{"type":"Node","args":"node1.test.mobilecoin.com:8443"},{"type":"Node","args":"node2.test.mobilecoin.com:8443"},{"type":"Node","args":"node3.test.mobilecoin.com:8443"},{"type":"Node","args":"node5.test.mobilecoin.com:8443"}]}' ``` -1. Obtain SPID key. - - Attestation with Intel's Attestation Service (IAS) requires the nodes making the request to be linked to a developer account on their platform. When running the consensus service, you will provide both the `IAS_API_KEY` and `IAS_SPID`, which you can obtain by registering with the [Intel SGX Portal](https://api.portal.trustedservices.intel.com/EPID-attestation). - - * Choose Dev for a developer network, or Prod for the TestNet. - * Choose Linkable (name base mode). This allows other nodes in the network to blocklist nodes who are misbehaving by submitting too many attestation requests. If you choose Unlinkable, your node will be denied peer connections. - - >Note: You will provide the access qualifier when you run consensus, to indicate which Attestation endpoint to hit, via `IAS_MODE=DEV` or `IAS_MODE=PROD` - 1. Generate your ed25519 message-signing key. ``` @@ -161,8 +152,6 @@ SGX_MODE=HW IAS_MODE=DEV \ --client-responder-id my_node.my_domain.com:443 \ --peer-responder-id node1.my_domain.com:8443 \ --network /etc/mc-network.toml \ - --ias-api-key="${IAS_API_KEY}" \ - --ias-spid="${IAS_SPID}" \ --ledger-path /tmp/ledger-db-1 \ --peer-listen-uri='mcp://0.0.0.0:8443/' \ --msg-signer-key MC4CAQAwBQYDK2VwBCIEIGz4xR7wuPKjwM1EK0MKrc9ukTjiDqvKKREITPXPkNku \ diff --git a/consensus/service/config/src/lib.rs b/consensus/service/config/src/lib.rs index e01c53598d..7e43ab9c0f 100644 --- a/consensus/service/config/src/lib.rs +++ b/consensus/service/config/src/lib.rs @@ -17,7 +17,6 @@ pub use crate::{ use base64::{engine::general_purpose::STANDARD as BASE64_ENGINE, Engine}; use clap::Parser; -use mc_attest_core::ProviderId; use mc_common::{NodeID, ResponderId}; use mc_crypto_keys::{DistinguishedEncoding, Ed25519Pair, Ed25519Private}; use mc_transaction_core::BlockVersion; @@ -61,14 +60,6 @@ pub struct Config { #[clap(long = "network", env = "MC_NETWORK")] pub network_path: PathBuf, - /// Your Intel IAS API key. - #[clap(long, env = "MC_IAS_API_KEY")] - pub ias_api_key: String, - - /// The Service Provider ID (SPID) associated with your Intel IAS API Key. - #[clap(long, env = "MC_IAS_SPID")] - pub ias_spid: ProviderId, - /// The location on which to listen for peer traffic. /// /// The local node id is derived from the peer_listen_uri. @@ -210,8 +201,6 @@ mod tests { ) .unwrap(), network_path: PathBuf::from("network.toml"), - ias_api_key: "".to_string(), - ias_spid: ProviderId::from_str("22222222222222222222222222222222").unwrap(), peer_listen_uri: PeerUri::from_str("insecure-mcp://0.0.0.0:8081/").unwrap(), client_listen_uri: ClientUri::from_str("insecure-mc://0.0.0.0:3223/").unwrap(), admin_listen_uri: Some(AdminUri::from_str("insecure-mca://0.0.0.0:9090/").unwrap()), @@ -279,8 +268,6 @@ mod tests { "MC4CAQAwBQYDK2VwBCIEIC50QXQll2Y9qxztvmsUgcBBIxkmk7EQjxzQTa926bKo", ) .unwrap(), network_path: PathBuf::from("network.toml"), - ias_api_key: "".to_string(), - ias_spid: ProviderId::from_str("22222222222222222222222222222222").unwrap(), peer_listen_uri: PeerUri::from_str("mcp://0.0.0.0:8443/?tls-chain=./public/attest/test_certs/selfsigned_mobilecoin.crt&tls-key=./public/attest/test_certs/selfsigned_mobilecoin.key").unwrap(), client_listen_uri: ClientUri::from_str("insecure-mc://0.0.0.0:3223/").unwrap(), admin_listen_uri: Some(AdminUri::from_str("insecure-mca://0.0.0.0:9090/").unwrap()), diff --git a/consensus/service/src/api/client_api_service.rs b/consensus/service/src/api/client_api_service.rs index 89e726296e..42aca4c749 100644 --- a/consensus/service/src/api/client_api_service.rs +++ b/consensus/service/src/api/client_api_service.rs @@ -491,8 +491,6 @@ mod client_api_tests { "--admin-listen-uri=insecure-mca://0.0.0.0:9090/", "--sealed-block-signing-key=/tmp/key", "--ledger-path=/tmp/ledger", - "--ias-spid=22222222222222222222222222222222", - "--ias-api-key=asdf", ]) .unwrap() } diff --git a/deploy/03-node1.yaml b/deploy/03-node1.yaml index 529461f6e3..58ce9a4040 100644 --- a/deploy/03-node1.yaml +++ b/deploy/03-node1.yaml @@ -51,8 +51,6 @@ data: --admin-listen-uri=insecure-mca://127.0.0.1:8001/ --network /config/network.toml --ledger-path /ledger - --ias-spid %(ENV_PROD_IAS_SPID)s - --ias-api-key %(ENV_PROD_IAS_API_KEY)s --msg-signer-key %(ENV_NODE1_SIGNER_KEY)s --sealed-block-signing-key %(ENV_SEALED_BLOCK_SIGNING_KEY)s @@ -210,16 +208,6 @@ spec: value: "AWS_PATH=s3://mobilecoin.chain/node1.NETWORKNAME.mobilecoin.com" - name: AWS_REGION value: "us-west-1" - - name: PROD_IAS_SPID - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: spid - - name: PROD_IAS_API_KEY - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: primary-key - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: diff --git a/deploy/03-node2.yaml b/deploy/03-node2.yaml index b4c686203c..260a053e5d 100644 --- a/deploy/03-node2.yaml +++ b/deploy/03-node2.yaml @@ -51,8 +51,6 @@ data: --admin-listen-uri=insecure-mca://127.0.0.1:8001/ --network /config/network.toml --ledger-path /ledger - --ias-spid %(ENV_PROD_IAS_SPID)s - --ias-api-key %(ENV_PROD_IAS_API_KEY)s --msg-signer-key %(ENV_NODE2_SIGNER_KEY)s --sealed-block-signing-key %(ENV_SEALED_BLOCK_SIGNING_KEY)s @@ -196,8 +194,6 @@ spec: value: "debug,rustls=warn,hyper=warn,tokio_reactor=warn,mio=warn,want=warn,reqwest=warn,rusoto_core=error,rusoto_signature=error,h2=error,rocket=warn,=warn" - name: "SGX_MODE" value: "HW" - - name: "IAS_MODE" - value: "DEV" - name: LOCAL_NODE_ID value: "peer2.NETWORKNAME.mobilecoin.com:443" - name: MC_LOG_UDP_JSON @@ -210,16 +206,6 @@ spec: value: "AWS_PATH=s3://mobilecoin.chain/node2.NETWORKNAME.mobilecoin.com" - name: AWS_REGION value: "us-west-1" - - name: PROD_IAS_SPID - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: spid - - name: PROD_IAS_API_KEY - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: primary-key - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: diff --git a/deploy/03-node3.yaml b/deploy/03-node3.yaml index 1faad6bab9..6f0d52e354 100644 --- a/deploy/03-node3.yaml +++ b/deploy/03-node3.yaml @@ -51,8 +51,6 @@ data: --admin-listen-uri=insecure-mca://127.0.0.1:8001/ --network /config/network.toml --ledger-path /ledger - --ias-spid %(ENV_PROD_IAS_SPID)s - --ias-api-key %(ENV_PROD_IAS_API_KEY)s --msg-signer-key %(ENV_NODE3_SIGNER_KEY)s --sealed-block-signing-key %(ENV_SEALED_BLOCK_SIGNING_KEY)s @@ -210,16 +208,6 @@ spec: value: "AWS_PATH=s3://mobilecoin.chain/node3.NETWORKNAME.mobilecoin.com" - name: AWS_REGION value: "us-west-1" - - name: PROD_IAS_SPID - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: spid - - name: PROD_IAS_API_KEY - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: primary-key - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: diff --git a/deploy/03-node4.yaml b/deploy/03-node4.yaml index 1701c873f1..3d23755959 100644 --- a/deploy/03-node4.yaml +++ b/deploy/03-node4.yaml @@ -51,8 +51,6 @@ data: --admin-listen-uri=insecure-mca://127.0.0.1:8001/ --network /config/network.toml --ledger-path /ledger - --ias-spid %(ENV_PROD_IAS_SPID)s - --ias-api-key %(ENV_PROD_IAS_API_KEY)s --msg-signer-key %(ENV_NODE4_SIGNER_KEY)s --sealed-block-signing-key %(ENV_SEALED_BLOCK_SIGNING_KEY)s @@ -210,16 +208,6 @@ spec: value: "AWS_PATH=s3://mobilecoin.chain/node4.NETWORKNAME.mobilecoin.com" - name: AWS_REGION value: "us-west-1" - - name: PROD_IAS_SPID - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: spid - - name: PROD_IAS_API_KEY - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: primary-key - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: diff --git a/deploy/03-node5.yaml b/deploy/03-node5.yaml index c5e498b59c..d18065d368 100644 --- a/deploy/03-node5.yaml +++ b/deploy/03-node5.yaml @@ -51,8 +51,6 @@ data: --admin-listen-uri=insecure-mca://127.0.0.1:8001/ --network /config/network.toml --ledger-path /ledger - --ias-spid %(ENV_PROD_IAS_SPID)s - --ias-api-key %(ENV_PROD_IAS_API_KEY)s --msg-signer-key %(ENV_NODE5_SIGNER_KEY)s --sealed-block-signing-key %(ENV_SEALED_BLOCK_SIGNING_KEY)s @@ -210,16 +208,6 @@ spec: value: "AWS_PATH=s3://mobilecoin.chain/node5.NETWORKNAME.mobilecoin.com" - name: AWS_REGION value: "us-west-1" - - name: PROD_IAS_SPID - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: spid - - name: PROD_IAS_API_KEY - valueFrom: - secretKeyRef: - name: prod-ias-keys - key: primary-key - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: diff --git a/deploy/generate-manifests b/deploy/generate-manifests index 6f392bc3ad..1829f15a1a 100755 --- a/deploy/generate-manifests +++ b/deploy/generate-manifests @@ -20,10 +20,6 @@ while (( "$#" )); do usage exit 0 ;; - -k|--ias-api-key) - IAS_KEY="${2}" - shift 2 - ;; -n|--namespace) NAMESPACE="${2}" shift 2 diff --git a/fog/ingest/server/src/bin/main.rs b/fog/ingest/server/src/bin/main.rs index 645bc5021f..36afb99166 100644 --- a/fog/ingest/server/src/bin/main.rs +++ b/fog/ingest/server/src/bin/main.rs @@ -67,7 +67,6 @@ fn main() { let server_config = IngestServerConfig { max_transactions: config.max_transactions, omap_capacity: config.user_capacity, - ias_spid: config.ias_spid, local_node_id: config.local_node_id.clone(), client_listen_uri: config.client_listen_uri.clone(), peer_listen_uri: config.peer_listen_uri.clone(), diff --git a/fog/ingest/server/src/config.rs b/fog/ingest/server/src/config.rs index 537166a86d..0627e94d32 100644 --- a/fog/ingest/server/src/config.rs +++ b/fog/ingest/server/src/config.rs @@ -4,7 +4,6 @@ //! Configuration parameters for the Fog Ingest Node use clap::Parser; -use mc_attest_core::ProviderId; use mc_common::ResponderId; use mc_fog_sql_recovery_db::SqlRecoveryDbConnectionConfig; use mc_fog_uri::{FogIngestUri, IngestPeerUri}; @@ -17,14 +16,6 @@ use std::{path::PathBuf, time::Duration}; #[derive(Clone, Serialize, Parser)] #[clap(version)] pub struct IngestConfig { - /// The IAS SPID to use when getting a quote - #[clap(long, env = "MC_IAS_SPID")] - pub ias_spid: ProviderId, - - /// PEM-formatted keypair to send with an Attestation Request. - #[clap(long, env = "MC_IAS_API_KEY")] - pub ias_api_key: String, - /// Path to watcher db (lmdb) - includes block timestamps #[clap(long, env = "MC_WATCHER_DB")] pub watcher_db: PathBuf, @@ -116,7 +107,6 @@ mod tests { ["/usr/bin/fog_ingest_server", "--ledger-db", "/fog-data/ledger", "--watcher-db", "/fog-data/watcher", - "--ias-spid", "00000000000000000000000000000000", "--ias-api-key", "00000000000000000000000000000000", "--client-listen-uri", "insecure-fog-ingest://0.0.0.0:3226/", "--peer-listen-uri", "insecure-igp://0.0.0.0:8090/", "--local-node-id", "fogingest2.buildtest.svc.cluster.local:443", diff --git a/fog/ingest/server/src/server.rs b/fog/ingest/server/src/server.rs index 217fbe13b4..ded562315d 100644 --- a/fog/ingest/server/src/server.rs +++ b/fog/ingest/server/src/server.rs @@ -13,7 +13,6 @@ use crate::{ }; use futures::executor::block_on; use mc_attest_api::attest_grpc::create_attested_api; -use mc_attest_core::ProviderId; use mc_common::{ logger::{log, Logger}, ResponderId, @@ -50,9 +49,6 @@ pub struct IngestServerConfig { /// FIXME: The unit here should probably just be bytes pub omap_capacity: u64, - /// The IAS SPID to use when getting a quote - pub ias_spid: ProviderId, - /// Local Ingest Node ID pub local_node_id: ResponderId, diff --git a/fog/ingest/server/test-utils/src/lib.rs b/fog/ingest/server/test-utils/src/lib.rs index 7fe6d90f2a..821810c7b1 100644 --- a/fog/ingest/server/test-utils/src/lib.rs +++ b/fog/ingest/server/test-utils/src/lib.rs @@ -213,7 +213,6 @@ impl IngestServerTestHelper { .collect(); let config = IngestServerConfig { - ias_spid: Default::default(), local_node_id, peer_listen_uri: peer_listen_uri.clone(), peers, diff --git a/fog/ledger/server/src/config.rs b/fog/ledger/server/src/config.rs index 78ad2dc2ec..e1bb2d36d2 100644 --- a/fog/ledger/server/src/config.rs +++ b/fog/ledger/server/src/config.rs @@ -6,7 +6,6 @@ use crate::sharding_strategy::EpochShardingStrategy; use clap::Parser; -use mc_attest_core::ProviderId; use mc_common::ResponderId; use mc_fog_uri::{FogLedgerUri, KeyImageStoreUri}; use mc_util_parse::parse_duration_in_seconds; @@ -29,14 +28,6 @@ pub struct LedgerRouterConfig { #[clap(long, env = "MC_CLIENT_RESPONDER_ID")] pub client_responder_id: ResponderId, - /// PEM-formatted keypair to send with an Attestation Request. - #[clap(long, env = "MC_IAS_API_KEY")] - pub ias_api_key: String, - - /// The IAS SPID to use when getting a quote - #[clap(long, env = "MC_IAS_SPID")] - pub ias_spid: ProviderId, - /// gRPC listening URI for client requests. #[clap(long, env = "MC_CLIENT_LISTEN_URI")] pub client_listen_uri: FogLedgerUri, @@ -115,14 +106,6 @@ pub struct LedgerStoreConfig { #[clap(long, value_parser(clap::value_parser!(PathBuf)), env = "MC_WATCHER_DB")] pub watcher_db: PathBuf, - /// IAS Api Key. - #[clap(long, env = "MC_IAS_API_KEY")] - pub ias_api_key: String, - - /// IAS Service Provider ID. - #[clap(long, env = "MC_IAS_SPID")] - pub ias_spid: ProviderId, - /// Optional admin listening URI. #[clap(long, env = "MC_ADMIN_LISTEN_URI")] pub admin_listen_uri: Option, diff --git a/fog/ledger/server/tests/router_connection.rs b/fog/ledger/server/tests/router_connection.rs index 31225ce6f7..57a3c09623 100644 --- a/fog/ledger/server/tests/router_connection.rs +++ b/fog/ledger/server/tests/router_connection.rs @@ -129,8 +129,6 @@ fn fog_ledger_merkle_proofs_test(logger: Logger) { .responder_id() .expect("Couldn't get responder ID for router"), shard_uris: vec![], - ias_spid: Default::default(), - ias_api_key: Default::default(), client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), query_retries: 3, @@ -350,8 +348,6 @@ fn fog_ledger_key_images_test(logger: Logger) { client_listen_uri: store_uri.clone(), ledger_db: db_full_path.to_path_buf(), watcher_db: watcher_dir.clone(), - ias_api_key: Default::default(), - ias_spid: Default::default(), admin_listen_uri: Some(store_admin_uri), client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), @@ -395,8 +391,6 @@ fn fog_ledger_key_images_test(logger: Logger) { client_responder_id: client_listen_uri .responder_id() .expect("Couldn't get responder ID for router"), - ias_spid: Default::default(), - ias_api_key: Default::default(), client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), query_retries: 3, @@ -584,8 +578,6 @@ fn fog_ledger_blocks_api_test(logger: Logger) { .responder_id() .expect("Couldn't get responder ID for router"), shard_uris: vec![], - ias_spid: Default::default(), - ias_api_key: Default::default(), client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), query_retries: 3, @@ -746,8 +738,6 @@ fn fog_ledger_untrusted_tx_out_api_test(logger: Logger) { .responder_id() .expect("Couldn't get responder ID for router"), shard_uris: vec![], - ias_spid: Default::default(), - ias_api_key: Default::default(), client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), query_retries: 3, @@ -910,8 +900,6 @@ fn fog_router_unary_key_image_test(logger: Logger) { client_listen_uri: store_uri.clone(), ledger_db: db_full_path.to_path_buf(), watcher_db: watcher_dir.clone(), - ias_api_key: Default::default(), - ias_spid: Default::default(), admin_listen_uri: Some(store_admin_uri), client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), @@ -955,8 +943,6 @@ fn fog_router_unary_key_image_test(logger: Logger) { .responder_id() .expect("Couldn't get responder ID for router"), shard_uris: vec![store_uri], - ias_spid: Default::default(), - ias_api_key: Default::default(), client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), query_retries: 3, diff --git a/fog/ledger/server/tests/router_integration.rs b/fog/ledger/server/tests/router_integration.rs index 0b6a764bcb..8c167bd201 100644 --- a/fog/ledger/server/tests/router_integration.rs +++ b/fog/ledger/server/tests/router_integration.rs @@ -60,8 +60,6 @@ fn create_store_config( client_listen_uri: store_uri.clone(), ledger_db: Default::default(), watcher_db: Default::default(), - ias_api_key: Default::default(), - ias_spid: Default::default(), admin_listen_uri: None, client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), @@ -216,8 +214,6 @@ fn create_router( .expect("Couldn't get responder ID for router"), client_listen_uri: uri, admin_listen_uri: admin_uri, - ias_spid: Default::default(), - ias_api_key: Default::default(), client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), query_retries: 3, diff --git a/fog/ledger/server/tests/store.rs b/fog/ledger/server/tests/store.rs index 994094b918..0da84b485f 100644 --- a/fog/ledger/server/tests/store.rs +++ b/fog/ledger/server/tests/store.rs @@ -115,8 +115,6 @@ impl TestingContext { client_listen_uri: test_uri, ledger_db: ledger_path, watcher_db: PathBuf::from(db_tmp.path()), - ias_api_key: Default::default(), - ias_spid: Default::default(), admin_listen_uri: Default::default(), client_auth_token_secret: None, client_auth_token_max_lifetime: Default::default(), diff --git a/fog/load_testing/README.md b/fog/load_testing/README.md index 35a329101b..52bab73c49 100644 --- a/fog/load_testing/README.md +++ b/fog/load_testing/README.md @@ -27,7 +27,7 @@ root@77969a5da3fc:/tmp/mobilenode/target/release# ./fog_ingest_server_load_test 2020-08-16 08:30:07.815587831 UTC INFO Creating recovery db /tmp/recovery_db.HgV5XmjCve0T, mc.module: fog_lmdb_recovery_db, mc.src: src/fog/lmdb_recovery_db/src/lib.rs:33 2020-08-16 08:30:07.832225092 UTC INFO Opening recovery db /tmp/recovery_db.HgV5XmjCve0T, mc.module: fog_lmdb_recovery_db, mc.src: src/fog/lmdb_recovery_db/src/lib.rs:39 2020-08-16 08:30:07.832368206 UTC INFO Recovery db is currently at version: MetadataVersion { database_format_version: 20200806, created_by_crate_version: "0.3.0", _s: LmdbRecoveryDbMetadataStoreSettings }, mc.module: fog_lmdb_recovery_db, mc.src: src/fog/lmdb_recovery_db/src/lib.rs:194 -2020-08-16 08:30:07.863032605 UTC INFO Spawning ingest server: "/tmp/mobilenode/target/release/fog_ingest_server" "--recovery-db=/tmp/recovery_db.HgV5XmjCve0T" "--ledger-db=/tmp/ledger_db.0khQEsULMVlT" "--watcher-db=/tmp/wallet_db.NRnhISypeCZi" "--client-listen-uri=insecure-fog://0.0.0.0:3054/" "--ias-spid" "00000000000000000000000000000000" "--ias-api-key" "00000000000000000000000000000000" "--local-node-id" "127.0.0.1:3054" "--sealed-key" "/root/.test_sealed_key" "--admin-listen-uri=insecure-mca://127.0.0.1:8003/" "--user-capacity" "1048576", mc.module: fog_ingest_server_load_test, mc.src: src/fog/load_testing/src/bin/ingest.rs:198 +2020-08-16 08:30:07.863032605 UTC INFO Spawning ingest server: "/tmp/mobilenode/target/release/fog_ingest_server" "--recovery-db=/tmp/recovery_db.HgV5XmjCve0T" "--ledger-db=/tmp/ledger_db.0khQEsULMVlT" "--watcher-db=/tmp/wallet_db.NRnhISypeCZi" "--client-listen-uri=insecure-fog://0.0.0.0:3054/" "--local-node-id" "127.0.0.1:3054" "--sealed-key" "/root/.test_sealed_key" "--admin-listen-uri=insecure-mca://127.0.0.1:8003/" "--user-capacity" "1048576", mc.module: fog_ingest_server_load_test, mc.src: src/fog/load_testing/src/bin/ingest.rs:198 2020-08-16 08:30:07.863179322 UTC WARN Creating insecure gRPC connection to 127.0.0.1:8003, mc.module: mc_util_grpc::grpcio_extensions, mc.src: public/util/grpc/src/grpcio_extensions.rs:45 2020-08-16 08:30:07.863571772 UTC INFO Waiting for ingest server to become available, mc.module: fog_ingest_server_load_test, mc.src: src/fog/load_testing/src/bin/ingest.rs:214 2020-08-16 08:30:07.869422381 UTC INFO fog_ingest_server started: { "GIT_COMMIT": "57d5c5ea-modified", "PROFILE": "release", "DEBUG": "true", "OPT_LEVEL": "3", "DEBUG_ASSERTIONS": "false", "TARGET_ARCH": "x86_64", "TARGET_OS": "linux", "TARGET_FEATURE": "adx,aes,avx,avx2,bmi1,bmi2,cmpxchg16b,f16c,fma,fxsr,lzcnt,mmx,movbe,pclmulqdq,popcnt,rdrand,rdseed,sse,sse2,sse3,sse4.1,sse4.2,ssse3,xsave,xsavec,xsaveopt,xsaves", "RUSTFLAGS": "?", "SGX_MODE": "SW", "IAS_MODE": "DEV" }, mc.app: fog_ingest_server, mc.module: mc_common::logger::loggers, mc.src: public/common/src/logger/loggers/mod.rs:218 diff --git a/fog/load_testing/src/bin/ingest.rs b/fog/load_testing/src/bin/ingest.rs index b9d84a3470..37bcd96161 100644 --- a/fog/load_testing/src/bin/ingest.rs +++ b/fog/load_testing/src/bin/ingest.rs @@ -156,10 +156,6 @@ impl Drop for AutoKillChild { struct TestConfig { // path to ingest server binary to launch pub ingest_server_binary: PathBuf, - // ias-spid to use - pub ias_spid: Option, - // ias-api-key to use - pub ias_api_key: Option, // how many txos to put in a block pub chunk_size: usize, // how many blocks to do (repetitions of the timing test) @@ -241,14 +237,6 @@ fn load_test(config: &TestConfig, test_params: TestParams, logger: Logger) -> Te .args(["--watcher-db", watcher_db_path.path().to_str().unwrap()]) .args(["--client-listen-uri", client_listen_uri.as_ref()]) .args(["--peer-listen-uri", peer_listen_uri.as_ref()]) - .args([ - "--ias-spid", - &config.ias_spid.clone().unwrap_or("0".repeat(32)), - ]) - .args([ - "--ias-api-key", - &config.ias_api_key.clone().unwrap_or("0".repeat(32)), - ]) .args(["--local-node-id", &local_node_id.to_string()]) .args(["--peers", peer_listen_uri.as_ref()]) .args(["--state-file", state_file_path.to_str().unwrap()]) @@ -426,10 +414,6 @@ fn load_test(config: &TestConfig, test_params: TestParams, logger: Logger) -> Te struct LoadTestOptions { #[clap(long, env = "MC_USER_CAPACITY")] user_capacity: Option>, - #[clap(long, env = "MC_IAS_SPID")] - ias_spid: Option, - #[clap(long, env = "MC_IAS_API_KEY")] - ias_api_key: Option, #[clap(long, env = "MC_CHUNK_SIZE", default_value = "250")] chunk_size: usize, #[clap(long, env = "MC_REPETITONS", default_value = "100")] @@ -446,8 +430,6 @@ fn main() { let config = TestConfig { ingest_server_binary: get_bin_path("fog_ingest_server"), - ias_spid: opt.ias_spid.clone(), - ias_api_key: opt.ias_api_key.clone(), chunk_size: opt.chunk_size, repetitions: opt.repetitions, }; diff --git a/fog/report/cli/src/main.rs b/fog/report/cli/src/main.rs index 64e9161d99..a1ba5b1752 100644 --- a/fog/report/cli/src/main.rs +++ b/fog/report/cli/src/main.rs @@ -73,7 +73,7 @@ struct Config { pub fog_report_id: Option, /// The fog authority spki, in base 64 - /// If omitted, then NO verification of any kind (IAS, MRSIGNER, cert + /// If omitted, then NO verification of any kind (MRSIGNER, cert /// chains) will be performed. /// If a public address is supplied, this cannot be supplied. #[clap(long, short = 's', env = "MC_FOG_SPKI")] @@ -88,7 +88,7 @@ struct Config { #[clap(long, short = 'v', env = "MC_SHOW_EXPIRY")] pub show_expiry: bool, - /// Skip all validation of the fog response, including IAS, cert checking, + /// Skip all validation of the fog response, cert checking, /// and fog authority signature. #[clap(long, short, env = "MC_NO_VALIDATE")] pub no_validate: bool, diff --git a/fog/report/validation/test-utils/README.md b/fog/report/validation/test-utils/README.md index 7bc5798d7d..ed379d484f 100644 --- a/fog/report/validation/test-utils/README.md +++ b/fog/report/validation/test-utils/README.md @@ -2,4 +2,4 @@ mc-fog-report-validation-test-utils =================================== This crate contains a mock fog resolver object for use with the transaction -builder in unit tests. It bypasses IAS, x509, and grpc, and must not be used in production. +builder in unit tests. It bypasses x509 and grpc, and must not be used in production. diff --git a/fog/report/validation/test-utils/src/lib.rs b/fog/report/validation/test-utils/src/lib.rs index fabbfcb84f..e22e0718dc 100644 --- a/fog/report/validation/test-utils/src/lib.rs +++ b/fog/report/validation/test-utils/src/lib.rs @@ -2,7 +2,7 @@ pub use mc_account_keys::PublicAddress; pub use mc_fog_report_validation::{FogPubkeyError, FogPubkeyResolver, FullyValidatedFogPubkey}; use std::collections::BTreeMap; -/// A mock fog resolver for tests, which skips all IAS, x509, and grpc +/// A mock fog resolver for tests, which skips all x509 and grpc /// It maps Fog-urls (Strings) to FullyValidatedFogPubkey /// /// DO NOT use this except in test code! diff --git a/fog/view/server/src/config.rs b/fog/view/server/src/config.rs index 79b5adcf9a..049ae2158e 100644 --- a/fog/view/server/src/config.rs +++ b/fog/view/server/src/config.rs @@ -4,7 +4,6 @@ #![deny(missing_docs)] use crate::sharding_strategy::EpochShardingStrategy; use clap::Parser; -use mc_attest_core::ProviderId; use mc_common::ResponderId; use mc_fog_sql_recovery_db::SqlRecoveryDbConnectionConfig; use mc_fog_uri::{FogViewRouterUri, FogViewStoreUri, FogViewUri}; @@ -28,14 +27,6 @@ pub struct MobileAcctViewConfig { #[clap(long, env = "MC_CLIENT_RESPONDER_ID")] pub client_responder_id: ResponderId, - /// PEM-formatted keypair to send with an Attestation Request. - #[clap(long, env = "MC_IAS_API_KEY")] - pub ias_api_key: String, - - /// The IAS SPID to use when getting a quote - #[clap(long, env = "MC_IAS_SPID")] - pub ias_spid: ProviderId, - /// gRPC listening URI for client requests. #[clap(long, env = "MC_CLIENT_LISTEN_URI")] pub client_listen_uri: FogViewStoreUri, @@ -126,14 +117,6 @@ pub struct FogViewRouterConfig { #[clap(long, use_value_delimiter = true, env = "MC_VIEW_SHARD_URIS")] pub shard_uris: Vec, - /// PEM-formatted keypair to send with an Attestation Request. - #[clap(long, env = "MC_IAS_API_KEY")] - pub ias_api_key: String, - - /// The IAS SPID to use when getting a quote - #[clap(long, env = "MC_IAS_SPID")] - pub ias_spid: ProviderId, - /// The capacity to build the OMAP (ORAM hash table) with. /// About 75% of this capacity can be used. /// The hash table will overflow when there are more TxOut's than this, diff --git a/fog/view/server/test-utils/src/lib.rs b/fog/view/server/test-utils/src/lib.rs index 5b1ad303ad..5e72b13695 100644 --- a/fog/view/server/test-utils/src/lib.rs +++ b/fog/view/server/test-utils/src/lib.rs @@ -83,9 +83,7 @@ impl RouterTestEnvironment { client_responder_id: router_uri .responder_id() .expect("Could not get responder id for Fog View Router."), - ias_api_key: Default::default(), shard_uris, - ias_spid: Default::default(), client_listen_uri: RouterClientListenUri::Streaming(router_uri.clone()), client_auth_token_max_lifetime: Default::default(), client_auth_token_secret: None, @@ -123,8 +121,6 @@ impl RouterTestEnvironment { client_responder_id: router_uri .responder_id() .expect("Could not get responder id for Fog View Router."), - ias_api_key: Default::default(), - ias_spid: Default::default(), shard_uris, client_listen_uri: RouterClientListenUri::Unary(router_uri.clone()), client_auth_token_max_lifetime: Default::default(), @@ -233,8 +229,6 @@ impl RouterTestEnvironment { client_listen_uri: uri.clone(), client_auth_token_secret: None, omap_capacity, - ias_spid: Default::default(), - ias_api_key: Default::default(), admin_listen_uri: Default::default(), client_auth_token_max_lifetime: Default::default(), sharding_strategy, diff --git a/tools/fog-local-network/README.md b/tools/fog-local-network/README.md index 0442ba930e..7f77513b18 100644 --- a/tools/fog-local-network/README.md +++ b/tools/fog-local-network/README.md @@ -53,8 +53,6 @@ In order to use it, the following steps are necessary. LOGSTASH_HOST="... (get this from a team member, optional)" \ LOG_BRANCH=eran-local \ LEDGER_BASE=$(pwd)/ledger \ - IAS_SPID="..." \ - IAS_API_KEY="..." \ python3 ../tools/fog-local-network/fog_local_network.py --network-type dense5 ``` Note that all of the above arguments are identical to the mobilecoin local_network.py script. @@ -128,7 +126,6 @@ in order to control which one is ahead or behind. Usage ----- -1. Set `IAS_API_KEY` and `IAS_SPID` if needed, otherwise they will default to all zeros. In a DEV IAS build that is fine. 1. Create a new Python3 virtual env: `python3 -mvenv env` 1. Activate the virtualenv: `. ./env/bin/activate` 1. Install requirements: `pip install --upgrade pip && pip install -r requirements.txt` diff --git a/tools/fog-local-network/local_fog.py b/tools/fog-local-network/local_fog.py index 1b43777ad4..cd33b2c2e8 100644 --- a/tools/fog-local-network/local_fog.py +++ b/tools/fog-local-network/local_fog.py @@ -33,9 +33,6 @@ PROJECT_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..')) -IAS_API_KEY = os.getenv('IAS_API_KEY', default='0'*64) # 32 bytes -IAS_SPID = os.getenv('IAS_SPID', default='0'*32) # 16 bytes - FOG_SQL_DATABASE_NAME = 'fog_local' # Use env.DATABASE_URL if it exists, else use postgres://$PGHOST/fog_local, # falling back to postgres://localhost/fog_local. @@ -123,8 +120,6 @@ def start(self): f'--client-listen-uri={self.client_listen_url}', f'--peer-listen-uri=insecure-igp://{LISTEN_HOST}:{self.peer_port}/', f'--peers=insecure-igp://localhost:{self.peer_port}/', - f'--ias-api-key={IAS_API_KEY}', - f'--ias-spid={IAS_SPID}', f'--local-node-id localhost:{self.peer_port}', f'--state-file {self.state_file_path}', f'--admin-listen-uri=insecure-mca://{LISTEN_HOST}:{self.admin_port}/', @@ -211,9 +206,7 @@ def start(self): f'exec {self.target_dir}/fog_view_router', f'--client-listen-uri={self.client_listen_url}', f'--client-responder-id={self.client_responder_id}', - f'--ias-api-key={IAS_API_KEY}', f'--shard-uris={",".join(self.shard_uris)}', - f'--ias-spid={IAS_SPID}', f'--admin-listen-uri=insecure-mca://{LISTEN_HOST}:{self.admin_port}/', ]) self.view_router_process = log_and_popen_shell(cmd) @@ -265,8 +258,6 @@ def start(self): f'--client-listen-uri={self.client_listen_url}', f'--client-responder-id={self.client_responder_id}', f'--sharding-strategy={self.sharding_strategy}', - f'--ias-api-key={IAS_API_KEY}', - f'--ias-spid={IAS_SPID}', f'--admin-listen-uri=insecure-mca://{LISTEN_HOST}:{self.admin_port}/', ]) self.view_server_process = log_and_popen_shell(cmd) @@ -344,7 +335,7 @@ def __init__(self, name, ledger_db_path, client_responder_id, client_port, admin self.admin_port = admin_port self.admin_http_gateway_port = admin_http_gateway_port - + self.shard_uris = shard_uris self.release = release @@ -367,8 +358,6 @@ def start(self): f'--ledger-db={self.ledger_db_path}', f'--client-listen-uri={self.client_listen_url}', f'--client-responder-id={self.client_responder_id}', - f'--ias-api-key={IAS_API_KEY}', - f'--ias-spid={IAS_SPID}', f'--shard-uris={",".join(self.shard_uris)}', f'--admin-listen-uri=insecure-mca://{LISTEN_HOST}:{self.admin_port}/', f'--watcher-db {self.watcher_db_path}', @@ -391,7 +380,7 @@ def stop(self): class FogKeyImageStore: def __init__(self, name, client_port, admin_port, admin_http_gateway_port, release, sharding_strategy, ledger_db_path, watcher_db_path): self.name = name - + self.client_port = client_port self.client_responder_id = f'{LISTEN_HOST}:{self.client_port}' self.sharding_strategy = sharding_strategy @@ -399,10 +388,10 @@ def __init__(self, name, client_port, admin_port, admin_http_gateway_port, relea self.sharding_strategy = sharding_strategy self.ledger_db_path = ledger_db_path self.watcher_db_path = watcher_db_path - + self.admin_port = admin_port self.admin_http_gateway_port = admin_http_gateway_port - + self.release = release self.target_dir = os.path.join(PROJECT_DIR, target_dir(self.release)) @@ -427,8 +416,6 @@ def start(self): f'--sharding-strategy={self.sharding_strategy}', f'--ledger-db={self.ledger_db_path}', f'--watcher-db={self.watcher_db_path}', - f'--ias-api-key={IAS_API_KEY}', - f'--ias-spid={IAS_SPID}', f'--admin-listen-uri=insecure-mca://{LISTEN_HOST}:{self.admin_port}/', ]) self.key_image_store_process = log_and_popen_shell(cmd) diff --git a/tools/local-network/README.md b/tools/local-network/README.md index f9721e2085..e57e7ba870 100644 --- a/tools/local-network/README.md +++ b/tools/local-network/README.md @@ -3,9 +3,6 @@ This directory contains scripts for running a local mobilecoin consensus network and a `mobilecoind` instance. The enclaves are built in pre-release mode, which provides debug symbols for debugging purposes, so it is only intended to be used for development and testing purposes. -To run a local network, you may provide both the `IAS_API_KEY` and `IAS_SPID`, which you can obtain by registering with the [Intel SGX Portal](https://api.portal.trustedservices.intel.com/EPID-attestation) -These are optional, and the script will provide defaults that work for local testing in software mode. - ## Quickstart The following sequence is a basic way to start a network locally. @@ -43,8 +40,6 @@ This script starts a local mobilecoin consensus network by launching a separate It relies on environment variables for configuration: - (required) `LEDGER_BASE` - Points at the ledger directory to initialize the nodes with (e.g. `./target/sample_data/ledger`). -- (optional) `IAS_API_KEY` - IAS Api key. (Only needed for IAS prod builds) -- (optional) `IAS_SPID` - IAS Service Provider ID. (Only needed for IAS prod builds) - (optional) `MC_LOG` - Log level configuration. - (optional) `MOB_RELEASE` - When set to 1 (default), build in release mode. - (optional) `LOG_BRANCH` - Enable cloud logging, tagging all logs/metrics with the provided branch name. diff --git a/tools/local-network/local_network.py b/tools/local-network/local_network.py index 605d1697d0..f42097e08b 100755 --- a/tools/local-network/local_network.py +++ b/tools/local-network/local_network.py @@ -24,8 +24,6 @@ # TODO make these command line arguments LEDGER_BASE = os.path.abspath(os.getenv('LEDGER_BASE')) -IAS_API_KEY = os.getenv('IAS_API_KEY', default='0'*64) # 32 bytes -IAS_SPID = os.getenv('IAS_SPID', default='0'*32) # 16 bytes PROJECT_DIR = os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..')) MOB_RELEASE = os.getenv('MOB_RELEASE', '1') == '1' if MOB_RELEASE: @@ -272,8 +270,6 @@ def start(self, network): f'--peer-responder-id localhost:{self.peer_port}', f'--msg-signer-key "{msg_signer_key}"', f'--network {network_json_path}', - f'--ias-api-key={IAS_API_KEY}', - f'--ias-spid={IAS_SPID}', f'--origin-block-path {LEDGER_BASE}', f'--block-version {self.block_version}', f'--ledger-path {self.ledger_dir}',