fix!: change grpc deny to allow

applications/minotari_merge_mining_proxy/src/run_merge_miner.rs

@@ -79,8 +79,8 @@ pub async fn start_merge_miner(cli: Cli) -> Result<(), anyhow::Error> {
         if let MmProxyError::BaseNodeNotResponding(_) = e {
             error!(target: LOG_TARGET, "{}", e.to_string());
             println!();
-            let msg = "Are the base node's gRPC mining methods denied in its 'config.toml'? Please ensure these \
-                       methods are commented out:\n  'grpc_server_deny_methods': \"get_new_block_template\", \
+            let msg = "Are the base node's gRPC mining methods allowed in its 'config.toml'? Please ensure these \
+                       methods are enabled in:\n  'grpc_server_allow_methods': \"get_new_block_template\", \
                        \"get_tip_info\", \"get_new_block\", \"submit_block\"";
             println!("{}", msg);
             println!();

applications/minotari_miner/src/run_miner.rs

@@ -132,9 +132,9 @@ pub async fn start_miner(cli: Cli) -> Result<(), ExitError> {
             if let MinerError::BaseNodeNotResponding(_) = e {
                 error!(target: LOG_TARGET, "{}", e.to_string());
                 println!();
-                let msg = "Could not connect to the base node. \nAre the base node's gRPC mining methods denied in \
-                           its 'config.toml'? Please ensure these methods are commented out:\n  \
-                           'grpc_server_deny_methods': \"get_new_block_template\", \"get_tip_info\", \
+                let msg = "Could not connect to the base node. \nAre the base node's gRPC mining methods allowed in \
+                           its 'config.toml'? Please ensure these methods are enabled in:\n  \
+                           'grpc_server_allow_methods': \"get_new_block_template\", \"get_tip_info\", \
                            \"get_new_block\", \"submit_block\"";
                 println!("{}", msg);
                 println!();

applications/minotari_node/src/cli.rs

@@ -49,6 +49,8 @@ pub struct Cli {
     pub grpc_enabled: bool,
     #[clap(long, env = "MINOTARI_NODE_ENABLE_MINING", alias = "enable-mining")]
     pub mining_enabled: bool,
+    #[clap(long, env = "MINOTARI_NODE_SECOND_LAYER_GRPC_ENABLED", alias = "enable-second-layer")]
+    pub second_layer_grpc_enabled: bool,
 }
 
 impl ConfigOverrideProvider for Cli {
@@ -67,6 +69,10 @@ impl ConfigOverrideProvider for Cli {
             overrides.push(("base_node.grpc_enabled".to_string(), "true".to_string()));
             overrides.push(("base_node.mining_enabled".to_string(), "true".to_string()));
         }
+        if self.second_layer_grpc_enabled {
+            overrides.push(("base_node.grpc_enabled".to_string(), "true".to_string()));
+            overrides.push(("base_node.second_layer_grpc_enabled".to_string(), "true".to_string()));
+        }
         overrides
     }
 }

applications/minotari_node/src/config.rs

@@ -89,13 +89,15 @@ pub struct BaseNodeConfig {
     /// GRPC address of base node
     pub grpc_address: Option<Multiaddr>,
     /// GRPC server config - which methods are active and which not
-    pub grpc_server_deny_methods: Vec<GrpcMethod>,
+    pub grpc_server_allow_methods: Vec<GrpcMethod>,
     /// GRPC authentication mode
     pub grpc_authentication: GrpcAuthentication,
     /// GRPC tls enabled
     pub grpc_tls_enabled: bool,
     /// Enable mining on the base node, overriding other settings regarding mining
     pub mining_enabled: bool,
+    /// Enable second layer specific grpc methods.
+    pub second_layer_grpc_enabled: bool,
     /// A path to the file that stores the base node identity and secret key
     pub identity_file: PathBuf,
     /// Spin up and use a built-in Tor instance. This only works on macos/linux - requires that the wallet was built
@@ -154,19 +156,11 @@ impl Default for BaseNodeConfig {
             network: Network::default(),
             grpc_enabled: true,
             grpc_address: None,
-            grpc_server_deny_methods: vec![
-                // These gRPC server methods share sensitive information, thus disabled by default
-                GrpcMethod::GetVersion,
-                GrpcMethod::CheckForUpdates,
-                GrpcMethod::GetSyncInfo,
-                GrpcMethod::GetSyncProgress,
-                GrpcMethod::GetTipInfo,
-                GrpcMethod::Identify,
-                GrpcMethod::GetNetworkStatus,
-            ],
+            grpc_server_allow_methods: vec![GrpcMethod::GetVersion],
             grpc_authentication: GrpcAuthentication::default(),
             grpc_tls_enabled: false,
             mining_enabled: false,
+            second_layer_grpc_enabled: false,
             identity_file: PathBuf::from("config/base_node_id.json"),
             use_libtor: true,
             tor_identity_file: PathBuf::from("config/base_node_tor_id.json"),
@@ -280,14 +274,14 @@ mod tests {
     #[derive(Clone, Serialize, Deserialize, Debug)]
     #[allow(clippy::struct_excessive_bools)]
     struct TestInnerConfig {
-        deny_methods: Vec<GrpcMethod>,
+        allow_methods: Vec<GrpcMethod>,
     }
 
     #[test]
     fn it_deserializes_enums() {
         let config_str = r#"
             name = "blockchain champion"
-            inner_config.deny_methods = [
+            inner_config.allow_methods = [
                 "list_headers",
                 "get_constants",
             #    "get_blocks"
@@ -298,10 +292,10 @@ mod tests {
         let config = toml::from_str::<TestConfig>(config_str).unwrap();
 
         // Enums in the config
-        assert!(config.inner_config.deny_methods.contains(&GrpcMethod::ListHeaders));
-        assert!(config.inner_config.deny_methods.contains(&GrpcMethod::GetConstants));
-        assert!(!config.inner_config.deny_methods.contains(&GrpcMethod::GetBlocks)); // commented out in the config
-        assert!(config.inner_config.deny_methods.contains(&GrpcMethod::Identify));
-        assert!(!config.inner_config.deny_methods.contains(&GrpcMethod::GetShardKey)); // commented out in the config
+        assert!(config.inner_config.allow_methods.contains(&GrpcMethod::ListHeaders));
+        assert!(config.inner_config.allow_methods.contains(&GrpcMethod::GetConstants));
+        assert!(!config.inner_config.allow_methods.contains(&GrpcMethod::GetBlocks)); // commented out in the config
+        assert!(config.inner_config.allow_methods.contains(&GrpcMethod::Identify));
+        assert!(!config.inner_config.allow_methods.contains(&GrpcMethod::GetShardKey)); // commented out in the config
     }
 }

applications/minotari_node/src/grpc/base_node_grpc_server.rs

@@ -121,17 +121,34 @@ impl BaseNodeGrpcServer {
 
     fn is_method_enabled(&self, grpc_method: GrpcMethod) -> bool {
         let mining_method = vec![
+            GrpcMethod::GetVersion,
             GrpcMethod::GetNewBlockTemplate,
             GrpcMethod::GetNewBlock,
             GrpcMethod::GetNewBlockBlob,
             GrpcMethod::SubmitBlock,
             GrpcMethod::SubmitBlockBlob,
             GrpcMethod::GetTipInfo,
         ];
+
+        let second_layer_methods = vec![
+            GrpcMethod::GetVersion,
+            GrpcMethod::GetConstants,
+            GrpcMethod::GetMempoolTransactions,
+            GrpcMethod::GetTipInfo,
+            GrpcMethod::GetActiveValidatorNodes,
+            GrpcMethod::GetShardKey,
+            GrpcMethod::GetTemplateRegistrations,
+            GrpcMethod::GetHeaderByHash,
+            GrpcMethod::GetSideChainUtxos,
+        ];
         if self.config.mining_enabled && mining_method.contains(&grpc_method) {
             return true;
         }
-        !self.config.grpc_server_deny_methods.contains(&grpc_method)
+        if self.config.second_layer_grpc_enabled && second_layer_methods.contains(&grpc_method) {
+            return true;
+        }
+
+        self.config.grpc_server_allow_methods.contains(&grpc_method)
     }
 }
 

applications/minotari_node/src/lib.rs

@@ -88,6 +88,7 @@ pub async fn run_base_node(
         profile_with_tokio_console: false,
         grpc_enabled: false,
         mining_enabled: false,
+        second_layer_grpc_enabled: false,
     };
 
     run_base_node_with_cli(node_identity, config, cli, shutdown).await

common/config/presets/c_base_node_b_non_mining_deny_methods.toml → common/config/presets/c_base_node_b_mining_allow_methods.toml

@@ -1,7 +1,8 @@
-
 [base_node]
+#mining_enabled = false
+#second_layer_grpc_enabled = false
 # Set to false to disable the base node GRPC server (default = true)
-grpc_enabled = false
+grpc_enabled = true
 
 # The socket to expose for the gRPC base node server (default = "/ip4/127.0.0.1/tcp/18142")
 #grpc_address = "/ip4/127.0.0.1/tcp/18142"
@@ -12,22 +13,22 @@ grpc_enabled = false
 # Use gRPC over TLS (default = false)
 #grpc_tls_enabled = false
 
-# Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`)
-grpc_server_deny_methods = [
+# Uncomment all gRPC server methods that should be allowed (only active when `grpc_enabled = true`)
+grpc_server_allow_methods = [
     "get_version",
-    "check_for_updates",
-    "get_sync_info",
-    "get_sync_progress",
+    #"check_for_updates",
+    #"get_sync_info",
+    #"get_sync_progress",
     "get_tip_info",
-    "identify",
-    "get_network_status",
+    #"identify",
+    #"get_network_status",
     "list_headers",
-    "get_header_by_hash",
-    "get_blocks",
-    "get_block_timing",
-    "get_constants",
-    "get_block_size",
-    "get_block_fees",
+    #"get_header_by_hash",
+    #"get_blocks",
+    #"get_block_timing",
+    #"get_constants",
+    #"get_block_size",
+    #"get_block_fees",
     "get_tokens_in_circulation",
     "get_network_difficulty",
     "get_new_block_template",
@@ -39,8 +40,8 @@ grpc_server_deny_methods = [
     "search_kernels",
     "search_utxos",
     "fetch_matching_utxos",
-    "get_peers",
-    "get_mempool_transactions",
+    #"get_peers",
+    #"get_mempool_transactions",
     "transaction_state",
     "list_connected_peers",
     "get_mempool_stats",

common/config/presets/c_base_node_b_mining_deny_methods.toml → common/config/presets/c_base_node_b_non_mining_allow_methods.toml

@@ -1,7 +1,8 @@
-
 [base_node]
+#mining_enabled = false
+#second_layer_grpc_enabled = false
 # Set to false to disable the base node GRPC server (default = true)
-grpc_enabled = true
+grpc_enabled = false
 
 # The socket to expose for the gRPC base node server (default = "/ip4/127.0.0.1/tcp/18142")
 #grpc_address = "/ip4/127.0.0.1/tcp/18142"
@@ -12,22 +13,22 @@ grpc_enabled = true
 # Use gRPC over TLS (default = false)
 #grpc_tls_enabled = false
 
-# Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`)
-grpc_server_deny_methods = [
+# Uncomment all gRPC server methods that should be allowed (only active when `grpc_enabled = true`)
+grpc_server_allow_methods = [
     "get_version",
-    "check_for_updates",
-    "get_sync_info",
-    "get_sync_progress",
+    #"check_for_updates",
+    #"get_sync_info",
+    #"get_sync_progress",
     #"get_tip_info",
-    "identify",
-    "get_network_status",
+    #"identify",
+    #"get_network_status",
     #"list_headers",
-    "get_header_by_hash",
-    "get_blocks",
-    "get_block_timing",
-    "get_constants",
-    "get_block_size",
-    "get_block_fees",
+    #"get_header_by_hash",
+    #"get_blocks",
+    #"get_block_timing",
+    #"get_constants",
+    #"get_block_size",
+    #"get_block_fees",
     #"get_tokens_in_circulation",
     #"get_network_difficulty",
     #"get_new_block_template",
@@ -39,8 +40,8 @@ grpc_server_deny_methods = [
     #"search_kernels",
     #"search_utxos",
     #"fetch_matching_utxos",
-    "get_peers",
-    "get_mempool_transactions",
+    #"get_peers",
+    #"get_mempool_transactions",
     #"transaction_state",
     #"list_connected_peers",
     #"get_mempool_stats",

common/src/configuration/utils.rs

@@ -119,18 +119,18 @@ pub fn prompt_default_config() -> [&'static str; 12] {
 /// Returns the default configuration file template in parts from the embedded presets. If use_mining_config is true,
 /// the base node configuration that enables mining is returned, otherwise the non-mining configuration is returned.
 pub fn get_default_config(use_mining_config: bool) -> [&'static str; 12] {
-    let base_node_deny_methods = if use_mining_config {
-        include_str!("../../config/presets/c_base_node_b_mining_deny_methods.toml")
+    let base_node_allow_methods = if use_mining_config {
+        include_str!("../../config/presets/c_base_node_b_mining_allow_methods.toml")
     } else {
-        include_str!("../../config/presets/c_base_node_b_non_mining_deny_methods.toml")
+        include_str!("../../config/presets/c_base_node_b_non_mining_allow_methods.toml")
     };
 
     let common = include_str!("../../config/presets/a_common.toml");
     [
         common,
         include_str!("../../config/presets/b_peer_seeds.toml"),
         include_str!("../../config/presets/c_base_node_a.toml"),
-        base_node_deny_methods,
+        base_node_allow_methods,
         include_str!("../../config/presets/c_base_node_c.toml"),
         include_str!("../../config/presets/d_console_wallet.toml"),
         include_str!("../../config/presets/g_miner.toml"),

integration_tests/src/base_node_process.rs

@@ -30,7 +30,7 @@ use std::{
 };
 
 use minotari_app_utilities::identity_management::save_as_json;
-use minotari_node::{run_base_node, BaseNodeConfig, MetricsConfig};
+use minotari_node::{config::GrpcMethod, run_base_node, BaseNodeConfig, MetricsConfig};
 use minotari_node_grpc_client::BaseNodeGrpcClient;
 use rand::rngs::OsRng;
 use tari_common::{
@@ -190,8 +190,42 @@ pub async fn spawn_base_node_with_config(
         if base_node_config.base_node.storage.pruning_horizon != 0 {
             base_node_config.base_node.storage.pruning_interval = 1;
         };
-
-        base_node_config.base_node.grpc_server_deny_methods = vec![];
+        base_node_config.base_node.grpc_server_allow_methods = vec![
+            GrpcMethod::ListHeaders,
+            GrpcMethod::GetHeaderByHash,
+            GrpcMethod::GetBlocks,
+            GrpcMethod::GetBlockTiming,
+            GrpcMethod::GetConstants,
+            GrpcMethod::GetBlockSize,
+            GrpcMethod::GetBlockFees,
+            GrpcMethod::GetVersion,
+            GrpcMethod::CheckForUpdates,
+            GrpcMethod::GetTokensInCirculation,
+            GrpcMethod::GetNetworkDifficulty,
+            GrpcMethod::GetNewBlockTemplate,
+            GrpcMethod::GetNewBlock,
+            GrpcMethod::GetNewBlockBlob,
+            GrpcMethod::SubmitBlock,
+            GrpcMethod::SubmitBlockBlob,
+            GrpcMethod::SubmitTransaction,
+            GrpcMethod::GetSyncInfo,
+            GrpcMethod::GetSyncProgress,
+            GrpcMethod::GetTipInfo,
+            GrpcMethod::SearchKernels,
+            GrpcMethod::SearchUtxos,
+            GrpcMethod::FetchMatchingUtxos,
+            GrpcMethod::GetPeers,
+            GrpcMethod::GetMempoolTransactions,
+            GrpcMethod::TransactionState,
+            GrpcMethod::Identify,
+            GrpcMethod::GetNetworkStatus,
+            GrpcMethod::ListConnectedPeers,
+            GrpcMethod::GetMempoolStats,
+            GrpcMethod::GetActiveValidatorNodes,
+            GrpcMethod::GetShardKey,
+            GrpcMethod::GetTemplateRegistrations,
+            GrpcMethod::GetSideChainUtxos,
+        ];
 
         // Heirachically set the base path for all configs
         base_node_config.base_node.set_base_path(temp_dir_path.clone());