Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix!: change grpc deny to allow #6218

Merged
merged 3 commits into from
Mar 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -79,8 +79,8 @@ pub async fn start_merge_miner(cli: Cli) -> Result<(), anyhow::Error> {
if let MmProxyError::BaseNodeNotResponding(_) = e {
error!(target: LOG_TARGET, "{}", e.to_string());
println!();
let msg = "Are the base node's gRPC mining methods denied in its 'config.toml'? Please ensure these \
methods are commented out:\n 'grpc_server_deny_methods': \"get_new_block_template\", \
let msg = "Are the base node's gRPC mining methods allowed in its 'config.toml'? Please ensure these \
methods are enabled in:\n 'grpc_server_allow_methods': \"get_new_block_template\", \
\"get_tip_info\", \"get_new_block\", \"submit_block\"";
println!("{}", msg);
println!();
Expand Down
6 changes: 3 additions & 3 deletions applications/minotari_miner/src/run_miner.rs
Original file line number Diff line number Diff line change
Expand Up @@ -132,9 +132,9 @@ pub async fn start_miner(cli: Cli) -> Result<(), ExitError> {
if let MinerError::BaseNodeNotResponding(_) = e {
error!(target: LOG_TARGET, "{}", e.to_string());
println!();
let msg = "Could not connect to the base node. \nAre the base node's gRPC mining methods denied in \
its 'config.toml'? Please ensure these methods are commented out:\n \
'grpc_server_deny_methods': \"get_new_block_template\", \"get_tip_info\", \
let msg = "Could not connect to the base node. \nAre the base node's gRPC mining methods allowed in \
its 'config.toml'? Please ensure these methods are enabled in:\n \
'grpc_server_allow_methods': \"get_new_block_template\", \"get_tip_info\", \
\"get_new_block\", \"submit_block\"";
println!("{}", msg);
println!();
Expand Down
6 changes: 6 additions & 0 deletions applications/minotari_node/src/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ pub struct Cli {
pub grpc_enabled: bool,
#[clap(long, env = "MINOTARI_NODE_ENABLE_MINING", alias = "enable-mining")]
pub mining_enabled: bool,
#[clap(long, env = "MINOTARI_NODE_SECOND_LAYER_GRPC_ENABLED", alias = "enable-second-layer")]
pub second_layer_grpc_enabled: bool,
}

impl ConfigOverrideProvider for Cli {
Expand All @@ -67,6 +69,10 @@ impl ConfigOverrideProvider for Cli {
overrides.push(("base_node.grpc_enabled".to_string(), "true".to_string()));
overrides.push(("base_node.mining_enabled".to_string(), "true".to_string()));
}
if self.second_layer_grpc_enabled {
overrides.push(("base_node.grpc_enabled".to_string(), "true".to_string()));
overrides.push(("base_node.second_layer_grpc_enabled".to_string(), "true".to_string()));
}
overrides
}
}
30 changes: 12 additions & 18 deletions applications/minotari_node/src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -89,13 +89,15 @@ pub struct BaseNodeConfig {
/// GRPC address of base node
pub grpc_address: Option<Multiaddr>,
/// GRPC server config - which methods are active and which not
pub grpc_server_deny_methods: Vec<GrpcMethod>,
pub grpc_server_allow_methods: Vec<GrpcMethod>,
/// GRPC authentication mode
pub grpc_authentication: GrpcAuthentication,
/// GRPC tls enabled
pub grpc_tls_enabled: bool,
/// Enable mining on the base node, overriding other settings regarding mining
pub mining_enabled: bool,
/// Enable second layer specific grpc methods.
pub second_layer_grpc_enabled: bool,
/// A path to the file that stores the base node identity and secret key
pub identity_file: PathBuf,
/// Spin up and use a built-in Tor instance. This only works on macos/linux - requires that the wallet was built
Expand Down Expand Up @@ -154,19 +156,11 @@ impl Default for BaseNodeConfig {
network: Network::default(),
grpc_enabled: true,
grpc_address: None,
grpc_server_deny_methods: vec![
// These gRPC server methods share sensitive information, thus disabled by default
GrpcMethod::GetVersion,
GrpcMethod::CheckForUpdates,
GrpcMethod::GetSyncInfo,
GrpcMethod::GetSyncProgress,
GrpcMethod::GetTipInfo,
GrpcMethod::Identify,
GrpcMethod::GetNetworkStatus,
],
grpc_server_allow_methods: vec![GrpcMethod::GetVersion],
grpc_authentication: GrpcAuthentication::default(),
grpc_tls_enabled: false,
mining_enabled: false,
second_layer_grpc_enabled: false,
identity_file: PathBuf::from("config/base_node_id.json"),
use_libtor: true,
tor_identity_file: PathBuf::from("config/base_node_tor_id.json"),
Expand Down Expand Up @@ -280,14 +274,14 @@ mod tests {
#[derive(Clone, Serialize, Deserialize, Debug)]
#[allow(clippy::struct_excessive_bools)]
struct TestInnerConfig {
deny_methods: Vec<GrpcMethod>,
allow_methods: Vec<GrpcMethod>,
}

#[test]
fn it_deserializes_enums() {
let config_str = r#"
name = "blockchain champion"
inner_config.deny_methods = [
inner_config.allow_methods = [
"list_headers",
"get_constants",
# "get_blocks"
Expand All @@ -298,10 +292,10 @@ mod tests {
let config = toml::from_str::<TestConfig>(config_str).unwrap();

// Enums in the config
assert!(config.inner_config.deny_methods.contains(&GrpcMethod::ListHeaders));
assert!(config.inner_config.deny_methods.contains(&GrpcMethod::GetConstants));
assert!(!config.inner_config.deny_methods.contains(&GrpcMethod::GetBlocks)); // commented out in the config
assert!(config.inner_config.deny_methods.contains(&GrpcMethod::Identify));
assert!(!config.inner_config.deny_methods.contains(&GrpcMethod::GetShardKey)); // commented out in the config
assert!(config.inner_config.allow_methods.contains(&GrpcMethod::ListHeaders));
assert!(config.inner_config.allow_methods.contains(&GrpcMethod::GetConstants));
assert!(!config.inner_config.allow_methods.contains(&GrpcMethod::GetBlocks)); // commented out in the config
assert!(config.inner_config.allow_methods.contains(&GrpcMethod::Identify));
assert!(!config.inner_config.allow_methods.contains(&GrpcMethod::GetShardKey)); // commented out in the config
}
}
19 changes: 18 additions & 1 deletion applications/minotari_node/src/grpc/base_node_grpc_server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -121,17 +121,34 @@ impl BaseNodeGrpcServer {

fn is_method_enabled(&self, grpc_method: GrpcMethod) -> bool {
let mining_method = vec![
GrpcMethod::GetVersion,
GrpcMethod::GetNewBlockTemplate,
GrpcMethod::GetNewBlock,
GrpcMethod::GetNewBlockBlob,
GrpcMethod::SubmitBlock,
GrpcMethod::SubmitBlockBlob,
GrpcMethod::GetTipInfo,
];

let second_layer_methods = vec![
GrpcMethod::GetVersion,
GrpcMethod::GetConstants,
GrpcMethod::GetMempoolTransactions,
GrpcMethod::GetTipInfo,
GrpcMethod::GetActiveValidatorNodes,
GrpcMethod::GetShardKey,
GrpcMethod::GetTemplateRegistrations,
GrpcMethod::GetHeaderByHash,
GrpcMethod::GetSideChainUtxos,
];
if self.config.mining_enabled && mining_method.contains(&grpc_method) {
return true;
}
!self.config.grpc_server_deny_methods.contains(&grpc_method)
if self.config.second_layer_grpc_enabled && second_layer_methods.contains(&grpc_method) {
return true;
}

self.config.grpc_server_allow_methods.contains(&grpc_method)
}
}

Expand Down
1 change: 1 addition & 0 deletions applications/minotari_node/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ pub async fn run_base_node(
profile_with_tokio_console: false,
grpc_enabled: false,
mining_enabled: false,
second_layer_grpc_enabled: false,
};

run_base_node_with_cli(node_identity, config, cli, shutdown).await
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@

[base_node]
#mining_enabled = false
#second_layer_grpc_enabled = false
# Set to false to disable the base node GRPC server (default = true)
grpc_enabled = false
grpc_enabled = true

# The socket to expose for the gRPC base node server (default = "/ip4/127.0.0.1/tcp/18142")
#grpc_address = "/ip4/127.0.0.1/tcp/18142"
Expand All @@ -12,22 +13,22 @@ grpc_enabled = false
# Use gRPC over TLS (default = false)
#grpc_tls_enabled = false

# Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`)
grpc_server_deny_methods = [
# Uncomment all gRPC server methods that should be allowed (only active when `grpc_enabled = true`)
grpc_server_allow_methods = [
"get_version",
"check_for_updates",
"get_sync_info",
"get_sync_progress",
#"check_for_updates",
#"get_sync_info",
#"get_sync_progress",
"get_tip_info",
"identify",
"get_network_status",
#"identify",
#"get_network_status",
"list_headers",
"get_header_by_hash",
"get_blocks",
"get_block_timing",
"get_constants",
"get_block_size",
"get_block_fees",
#"get_header_by_hash",
#"get_blocks",
#"get_block_timing",
#"get_constants",
#"get_block_size",
#"get_block_fees",
"get_tokens_in_circulation",
"get_network_difficulty",
"get_new_block_template",
Expand All @@ -39,8 +40,8 @@ grpc_server_deny_methods = [
"search_kernels",
"search_utxos",
"fetch_matching_utxos",
"get_peers",
"get_mempool_transactions",
#"get_peers",
#"get_mempool_transactions",
"transaction_state",
"list_connected_peers",
"get_mempool_stats",
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@

[base_node]
#mining_enabled = false
#second_layer_grpc_enabled = false
# Set to false to disable the base node GRPC server (default = true)
grpc_enabled = true
grpc_enabled = false

# The socket to expose for the gRPC base node server (default = "/ip4/127.0.0.1/tcp/18142")
#grpc_address = "/ip4/127.0.0.1/tcp/18142"
Expand All @@ -12,22 +13,22 @@ grpc_enabled = true
# Use gRPC over TLS (default = false)
#grpc_tls_enabled = false

# Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`)
grpc_server_deny_methods = [
# Uncomment all gRPC server methods that should be allowed (only active when `grpc_enabled = true`)
grpc_server_allow_methods = [
"get_version",
"check_for_updates",
"get_sync_info",
"get_sync_progress",
#"check_for_updates",
#"get_sync_info",
#"get_sync_progress",
#"get_tip_info",
"identify",
"get_network_status",
#"identify",
#"get_network_status",
#"list_headers",
"get_header_by_hash",
"get_blocks",
"get_block_timing",
"get_constants",
"get_block_size",
"get_block_fees",
#"get_header_by_hash",
#"get_blocks",
#"get_block_timing",
#"get_constants",
#"get_block_size",
#"get_block_fees",
#"get_tokens_in_circulation",
#"get_network_difficulty",
#"get_new_block_template",
Expand All @@ -39,8 +40,8 @@ grpc_server_deny_methods = [
#"search_kernels",
#"search_utxos",
#"fetch_matching_utxos",
"get_peers",
"get_mempool_transactions",
#"get_peers",
#"get_mempool_transactions",
#"transaction_state",
#"list_connected_peers",
#"get_mempool_stats",
Expand Down
8 changes: 4 additions & 4 deletions common/src/configuration/utils.rs
Original file line number Diff line number Diff line change
Expand Up @@ -119,18 +119,18 @@ pub fn prompt_default_config() -> [&'static str; 12] {
/// Returns the default configuration file template in parts from the embedded presets. If use_mining_config is true,
/// the base node configuration that enables mining is returned, otherwise the non-mining configuration is returned.
pub fn get_default_config(use_mining_config: bool) -> [&'static str; 12] {
let base_node_deny_methods = if use_mining_config {
include_str!("../../config/presets/c_base_node_b_mining_deny_methods.toml")
let base_node_allow_methods = if use_mining_config {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about these methods second_layer_grpc_enabled ? I assume it should be set from initial startup.
A node could also double as mining node and second layer comms node.

include_str!("../../config/presets/c_base_node_b_mining_allow_methods.toml")
} else {
include_str!("../../config/presets/c_base_node_b_non_mining_deny_methods.toml")
include_str!("../../config/presets/c_base_node_b_non_mining_allow_methods.toml")
};

let common = include_str!("../../config/presets/a_common.toml");
[
common,
include_str!("../../config/presets/b_peer_seeds.toml"),
include_str!("../../config/presets/c_base_node_a.toml"),
base_node_deny_methods,
base_node_allow_methods,
include_str!("../../config/presets/c_base_node_c.toml"),
include_str!("../../config/presets/d_console_wallet.toml"),
include_str!("../../config/presets/g_miner.toml"),
Expand Down
40 changes: 37 additions & 3 deletions integration_tests/src/base_node_process.rs
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ use std::{
};

use minotari_app_utilities::identity_management::save_as_json;
use minotari_node::{run_base_node, BaseNodeConfig, MetricsConfig};
use minotari_node::{config::GrpcMethod, run_base_node, BaseNodeConfig, MetricsConfig};
use minotari_node_grpc_client::BaseNodeGrpcClient;
use rand::rngs::OsRng;
use tari_common::{
Expand Down Expand Up @@ -190,8 +190,42 @@ pub async fn spawn_base_node_with_config(
if base_node_config.base_node.storage.pruning_horizon != 0 {
base_node_config.base_node.storage.pruning_interval = 1;
};

base_node_config.base_node.grpc_server_deny_methods = vec![];
base_node_config.base_node.grpc_server_allow_methods = vec![
GrpcMethod::ListHeaders,
GrpcMethod::GetHeaderByHash,
GrpcMethod::GetBlocks,
GrpcMethod::GetBlockTiming,
GrpcMethod::GetConstants,
GrpcMethod::GetBlockSize,
GrpcMethod::GetBlockFees,
GrpcMethod::GetVersion,
GrpcMethod::CheckForUpdates,
GrpcMethod::GetTokensInCirculation,
GrpcMethod::GetNetworkDifficulty,
GrpcMethod::GetNewBlockTemplate,
GrpcMethod::GetNewBlock,
GrpcMethod::GetNewBlockBlob,
GrpcMethod::SubmitBlock,
GrpcMethod::SubmitBlockBlob,
GrpcMethod::SubmitTransaction,
GrpcMethod::GetSyncInfo,
GrpcMethod::GetSyncProgress,
GrpcMethod::GetTipInfo,
GrpcMethod::SearchKernels,
GrpcMethod::SearchUtxos,
GrpcMethod::FetchMatchingUtxos,
GrpcMethod::GetPeers,
GrpcMethod::GetMempoolTransactions,
GrpcMethod::TransactionState,
GrpcMethod::Identify,
GrpcMethod::GetNetworkStatus,
GrpcMethod::ListConnectedPeers,
GrpcMethod::GetMempoolStats,
GrpcMethod::GetActiveValidatorNodes,
GrpcMethod::GetShardKey,
GrpcMethod::GetTemplateRegistrations,
GrpcMethod::GetSideChainUtxos,
];

// Heirachically set the base path for all configs
base_node_config.base_node.set_base_path(temp_dir_path.clone());
Expand Down
Loading