Rename white/blacklist to allow/deny list (#6173)

* Rename white/blacklist to allow/deny list
* Deprecate flag properly

beacon-chain/db/kv/encoding.go

@@ -16,7 +16,7 @@ func decode(data []byte, dst proto.Message) error {
 	if err != nil {
 		return err
 	}
-	if isWhitelisted(dst) {
+	if isSSZStorageFormat(dst) {
 		return dst.(fastssz.Unmarshaler).UnmarshalSSZ(data)
 	}
 	return proto.Unmarshal(data, dst)
@@ -28,7 +28,7 @@ func encode(msg proto.Message) ([]byte, error) {
 	}
 	var enc []byte
 	var err error
-	if isWhitelisted(msg) {
+	if isSSZStorageFormat(msg) {
 		enc, err = msg.(fastssz.Marshaler).MarshalSSZ()
 		if err != nil {
 			return nil, err
@@ -42,7 +42,8 @@ func encode(msg proto.Message) ([]byte, error) {
 	return snappy.Encode(nil, enc), nil
 }
 
-func isWhitelisted(obj interface{}) bool {
+// isSSZStorageFormat returns true if the object type should be saved in SSZ encoded format.
+func isSSZStorageFormat(obj interface{}) bool {
 	switch obj.(type) {
 	case *pb.BeaconState:
 		return true

beacon-chain/main.go

@@ -65,8 +65,8 @@ var appFlags = []cli.Flag{
 	cmd.P2PMaxPeers,
 	cmd.P2PPrivKey,
 	cmd.P2PMetadata,
-	cmd.P2PWhitelist,
-	cmd.P2PBlacklist,
+	cmd.P2PAllowList,
+	cmd.P2PDenyList,
 	cmd.P2PEncoding,
 	cmd.P2PPubsub,
 	cmd.DataDirFlag,

beacon-chain/node/node.go

@@ -329,8 +329,8 @@ func (b *BeaconNode) registerP2P(cliCtx *cli.Context) error {
 		TCPPort:           cliCtx.Uint(cmd.P2PTCPPort.Name),
 		UDPPort:           cliCtx.Uint(cmd.P2PUDPPort.Name),
 		MaxPeers:          cliCtx.Uint(cmd.P2PMaxPeers.Name),
-		WhitelistCIDR:     cliCtx.String(cmd.P2PWhitelist.Name),
-		BlacklistCIDR:     sliceutil.SplitCommaSeparated(cliCtx.StringSlice(cmd.P2PBlacklist.Name)),
+		AllowListCIDR:     cliCtx.String(cmd.P2PAllowList.Name),
+		DenyListCIDR:      sliceutil.SplitCommaSeparated(cliCtx.StringSlice(cmd.P2PDenyList.Name)),
 		EnableUPnP:        cliCtx.Bool(cmd.EnableUPnPFlag.Name),
 		DisableDiscv5:     cliCtx.Bool(flags.DisableDiscv5.Name),
 		Encoding:          cliCtx.String(cmd.P2PEncoding.Name),

beacon-chain/p2p/config.go

@@ -24,8 +24,8 @@ type Config struct {
 	TCPPort               uint
 	UDPPort               uint
 	MaxPeers              uint
-	WhitelistCIDR         string
-	BlacklistCIDR         []string
+	AllowListCIDR         string
+	DenyListCIDR          []string
 	Encoding              string
 	StateNotifier         statefeed.Notifier
 	PubSub                string

beacon-chain/p2p/options.go

@@ -25,8 +25,8 @@ func buildOptions(cfg *Config, ip net.IP, priKey *ecdsa.PrivateKey) []libp2p.Opt
 		privKeyOption(priKey),
 		libp2p.EnableRelay(),
 		libp2p.ListenAddrs(listen),
-		whitelistSubnet(cfg.WhitelistCIDR),
-		blacklistSubnets(cfg.BlacklistCIDR),
+		allowListSubnet(cfg.AllowListCIDR),
+		denyListSubnets(cfg.DenyListCIDR),
 		// Add one for the boot node and another for the relay, otherwise when we are close to maxPeers we will be above the high
 		// water mark and continually trigger pruning.
 		libp2p.ConnectionManager(connmgr.NewConnManager(int(cfg.MaxPeers+2), int(cfg.MaxPeers+2), 1*time.Second)),
@@ -98,10 +98,10 @@ func privKeyOption(privkey *ecdsa.PrivateKey) libp2p.Option {
 	}
 }
 
-// whitelistSubnet adds a whitelist multiaddress filter for a given CIDR subnet.
+// allowListSubnet adds an allowed multiaddress filter for a given CIDR subnet.
 // Example: 192.168.0.0/16 may be used to accept only connections on your local
 // network.
-func whitelistSubnet(cidr string) libp2p.Option {
+func allowListSubnet(cidr string) libp2p.Option {
 	if cidr == "" {
 		return func(_ *libp2p.Config) error {
 			return nil
@@ -119,10 +119,10 @@ func whitelistSubnet(cidr string) libp2p.Option {
 	return libp2p.Filters(filters)
 }
 
-// blacklistSubnet adds a blacklist multiaddress filter for multiple given CIDR subnets.
+// denyListSubnets adds a deny multiaddress filter for multiple given CIDR subnets.
 // Example: 192.168.0.0/16 may be used to deny connections from your local
 // network.
-func blacklistSubnets(mulCidrs []string) libp2p.Option {
+func denyListSubnets(mulCidrs []string) libp2p.Option {
 	if len(mulCidrs) == 0 {
 		return func(_ *libp2p.Config) error {
 			return nil

beacon-chain/p2p/options_test.go

@@ -64,8 +64,8 @@ func TestPrivateKeyLoading(t *testing.T) {
 	}
 }
 
-func TestPeerBlacklist(t *testing.T) {
-	// create host with blacklist
+func TestPeerDenyList(t *testing.T) {
+	// create host with deny list
 	ipAddr, pkey := createAddrAndPrivKey(t)
 	ipAddr2, pkey2 := createAddrAndPrivKey(t)
 
@@ -78,7 +78,7 @@ func TestPeerBlacklist(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Failed to p2p listen: %v", err)
 	}
-	h1, err := libp2p.New(context.Background(), []libp2p.Option{privKeyOption(pkey), libp2p.ListenAddrs(listen), blacklistSubnets([]string{cidr})}...)
+	h1, err := libp2p.New(context.Background(), []libp2p.Option{privKeyOption(pkey), libp2p.ListenAddrs(listen), denyListSubnets([]string{cidr})}...)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -111,6 +111,6 @@ func TestPeerBlacklist(t *testing.T) {
 	}
 	err = h1.Connect(context.Background(), *addrInfo)
 	if err == nil {
-		t.Error("Wanted connection to fail with blacklist")
+		t.Error("Wanted connection to fail with deny list")
 	}
 }

beacon-chain/usage.go

@@ -112,8 +112,8 @@ var appHelpFlagGroups = []flagGroup{
 			cmd.P2PMaxPeers,
 			cmd.P2PPrivKey,
 			cmd.P2PMetadata,
-			cmd.P2PWhitelist,
-			cmd.P2PBlacklist,
+			cmd.P2PAllowList,
+			cmd.P2PDenyList,
 			cmd.StaticPeers,
 			cmd.EnableUPnPFlag,
 			cmd.P2PEncoding,

shared/cmd/flags.go

@@ -118,19 +118,19 @@ var (
 		Usage: "The max number of p2p peers to maintain.",
 		Value: 30,
 	}
-	// P2PWhitelist defines a CIDR subnet to exclusively allow connections.
-	P2PWhitelist = &cli.StringFlag{
-		Name: "p2p-whitelist",
-		Usage: "The CIDR subnet for whitelisting peer connections. Example: 192.168.0.0/16 " +
-			"would whitelist connections to peers on your local network only. The default " +
-			"is to accept all connections.",
-	}
-	// P2PBlacklist defines a list of CIDR subnets to disallow connections from them.
-	P2PBlacklist = &cli.StringSliceFlag{
-		Name: "p2p-blacklist",
-		Usage: "The CIDR subnets for blacklisting peer connections. Example: 192.168.0.0/16 " +
-			"would blacklist connections from peers on your local network only. The default " +
-			"is to accept all connections.",
+	// P2PAllowList defines a CIDR subnet to exclusively allow connections.
+	P2PAllowList = &cli.StringFlag{
+		Name: "p2p-allowlist",
+		Usage: "The CIDR subnet for allowing only certain peer connections. Example: " +
+			"192.168.0.0/16 would permit connections to peers on your local network only. The " +
+			"default is to accept all connections.",
+	}
+	// P2PDenyList defines a list of CIDR subnets to disallow connections from them.
+	P2PDenyList = &cli.StringSliceFlag{
+		Name: "p2p-denylist",
+		Usage: "The CIDR subnets for denying certainy peer connections. Example: " +
+			"192.168.0.0/16 would deny connections from peers on your local network only. The " +
+			"default is to accept all connections.",
 	}
 	// P2PEncoding defines the encoding format for p2p messages.
 	P2PEncoding = &cli.StringFlag{

shared/featureconfig/BUILD.bazel

@@ -11,6 +11,7 @@ go_library(
     importpath = "github.com/prysmaticlabs/prysm/shared/featureconfig",
     visibility = ["//visibility:public"],
     deps = [
+        "//shared/cmd:go_default_library",
         "//shared/params:go_default_library",
         "@com_github_sirupsen_logrus//:go_default_library",
         "@com_github_urfave_cli_v2//:go_default_library",

shared/featureconfig/config.go

@@ -20,6 +20,7 @@ The process for implementing new features using this package is as follows:
 package featureconfig
 
 import (
+	"github.com/prysmaticlabs/prysm/shared/cmd"
 	"github.com/prysmaticlabs/prysm/shared/params"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v2"
@@ -220,6 +221,19 @@ func ConfigureBeaconChain(ctx *cli.Context) {
 		log.Warn("Enabling feature that reduces attester state copy")
 		cfg.ReduceAttesterStateCopy = true
 	}
+	if ctx.IsSet(deprecatedP2PWhitelist.Name) {
+		log.Warnf("--%s is deprecated, please use --%s", deprecatedP2PWhitelist.Name, cmd.P2PAllowList.Name)
+		if err := ctx.Set(cmd.P2PAllowList.Name, ctx.String(deprecatedP2PWhitelist.Name)); err != nil {
+			log.WithError(err).Error("Failed to update P2PAllowList flag")
+		}
+	}
+	if ctx.IsSet(deprecatedP2PBlacklist.Name) {
+		log.Warnf("--%s is deprecated, please use --%s", deprecatedP2PBlacklist.Name, cmd.P2PDenyList.Name)
+		if err := ctx.Set(cmd.P2PDenyList.Name, ctx.String(deprecatedP2PBlacklist.Name)); err != nil {
+			log.WithError(err).Error("Failed to update P2PDenyList flag")
+		}
+	}
+
 	Init(cfg)
 }
 

shared/featureconfig/flags.go

@@ -388,7 +388,18 @@ var (
 	deprecateEnableFieldTrie = &cli.BoolFlag{
 		Name:   "enable-state-field-trie",
 		Usage:  deprecatedUsage,
-		Hidden: true}
+		Hidden: true,
+	}
+	deprecatedP2PWhitelist = &cli.StringFlag{
+		Name:   "p2p-whitelist",
+		Usage:  deprecatedUsage,
+		Hidden: true,
+	}
+	deprecatedP2PBlacklist = &cli.StringFlag{
+		Name:   "p2p-blacklist",
+		Usage:  deprecatedUsage,
+		Hidden: true,
+	}
 )
 
 var deprecatedFlags = []cli.Flag{
@@ -435,6 +446,8 @@ var deprecatedFlags = []cli.Flag{
 	deprecatedDisableHistoricalDetectionFlag,
 	deprecateEnableStateRefCopy,
 	deprecateEnableFieldTrie,
+	deprecatedP2PWhitelist,
+	deprecatedP2PBlacklist,
 }
 
 // ValidatorFlags contains a list of all the feature flags that apply to the validator client.

tools/cluster-pk-manager/server/db.go

@@ -26,8 +26,8 @@ var (
 		Name: "assigned_pk_count",
 		Help: "The number of private keys currently assigned to alive pods",
 	})
-	blacklistedPKCount = promauto.NewGauge(prometheus.GaugeOpts{
-		Name: "blacklisted_pk_count",
+	bannedPKCount = promauto.NewGauge(prometheus.GaugeOpts{
+		Name: "banned_pk_count",
 		Help: "The number of private keys which have been removed that are of exited validators",
 	})
 )
@@ -71,8 +71,8 @@ func newDB(dbPath string) *db {
 
 	// Populate metrics on start.
 	if err := boltdb.View(func(tx *bolt.Tx) error {
-		// Populate blacklisted key count.
-		blacklistedPKCount.Set(float64(tx.Bucket(deletedKeysBucket).Stats().KeyN))
+		// Populate banned key count.
+		bannedPKCount.Set(float64(tx.Bucket(deletedKeysBucket).Stats().KeyN))
 
 		keys := 0
 
@@ -125,7 +125,7 @@ func (d *db) DeleteUnallocatedKey(_ context.Context, privateKey []byte) error {
 		if err := tx.Bucket(deletedKeysBucket).Put(privateKey, dummyVal); err != nil {
 			return err
 		}
-		blacklistedPKCount.Inc()
+		bannedPKCount.Inc()
 		allocatedPkCount.Dec()
 		return nil
 	})
@@ -335,7 +335,7 @@ func (d *db) RemovePKFromPod(podName string, key []byte) error {
 		if err != nil {
 			return err
 		}
-		blacklistedPKCount.Inc()
+		bannedPKCount.Inc()
 		allocatedPkCount.Dec()
 		assignedPkCount.Dec()
 		nowBytes, err := time.Now().MarshalBinary()