[node] Churner TLS (#46)

ian-shim · jianoaix · commit b107e3262d98 · 2023-11-16T19:58:42.000Z
diff --git a/node/config.go b/node/config.go
@@ -66,6 +66,7 @@ type Config struct {
 	ChurnerUrl                    string
 	NumBatchValidators            int
 	ClientIPHeader                string
+	UseSecureGrpc                 bool
 
 	EthClientConfig geth.EthClientConfig
 	LoggingConfig   logging.Config
@@ -164,5 +165,6 @@ func NewConfig(ctx *cli.Context) (*Config, error) {
 		ChurnerUrl:                    ctx.GlobalString(flags.ChurnerUrlFlag.Name),
 		NumBatchValidators:            ctx.GlobalInt(flags.NumBatchValidatorsFlag.Name),
 		ClientIPHeader:                ctx.GlobalString(flags.ClientIPHeaderFlag.Name),
+		UseSecureGrpc:                 !testMode,
 	}, nil
 }
diff --git a/node/flags/flags.go b/node/flags/flags.go
@@ -218,7 +218,6 @@ var (
 		Required: false,
 		EnvVar:   common.PrefixEnvVar(EnvVarPrefix, "TEST_PRIVATE_BLS"),
 	}
-
 	ClientIPHeaderFlag = cli.StringFlag{
 		Name:     common.PrefixFlag(FlagPrefix, "client-ip-header"),
 		Usage:    "The name of the header used to get the client IP address. If set to empty string, the IP address will be taken from the connection. The rightmost value of the header will be used.",
diff --git a/node/node.go b/node/node.go
@@ -176,7 +176,7 @@ func (n *Node) Start(ctx context.Context) error {
 			OperatorId: n.Config.ID,
 			QuorumIDs:  n.Config.QuorumIDList,
 		}
-		err := RegisterOperator(ctx, operator, n.Transactor, n.Config.ChurnerUrl, n.Logger)
+		err := RegisterOperator(ctx, operator, n.Transactor, n.Config.ChurnerUrl, n.Config.UseSecureGrpc, n.Logger)
 		if err != nil {
 			return fmt.Errorf("failed to register the operator: %w", err)
 		}
diff --git a/node/operator.go b/node/operator.go
@@ -2,6 +2,7 @@ package node
 
 import (
 	"context"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"time"
@@ -12,6 +13,7 @@ import (
 	"github.com/Layr-Labs/eigenda/core"
 	"github.com/ethereum/go-ethereum/crypto"
 	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
 )
 
@@ -24,7 +26,7 @@ type Operator struct {
 }
 
 // Register operator registers the operator with the given public key for the given quorum IDs.
-func RegisterOperator(ctx context.Context, operator *Operator, transactor core.Transactor, churnerUrl string, logger common.Logger) error {
+func RegisterOperator(ctx context.Context, operator *Operator, transactor core.Transactor, churnerUrl string, useSecureGrpc bool, logger common.Logger) error {
 	registeredQuorumIds, err := transactor.GetRegisteredQuorumIdsForOperator(ctx, operator.OperatorId)
 	if err != nil {
 		return fmt.Errorf("failed to get registered quorum ids for an operator: %w", err)
@@ -72,7 +74,7 @@ func RegisterOperator(ctx context.Context, operator *Operator, transactor core.T
 
 	// if we should call the churner, call it
 	if shouldCallChurner {
-		churnReply, err := requestChurnApproval(ctx, operator, churnerUrl, logger)
+		churnReply, err := requestChurnApproval(ctx, operator, churnerUrl, useSecureGrpc, logger)
 		if err != nil {
 			return fmt.Errorf("failed to request churn approval: %w", err)
 		}
@@ -93,12 +95,18 @@ func DeregisterOperator(ctx context.Context, KeyPair *core.KeyPair, transactor c
 	return transactor.DeregisterOperator(ctx, KeyPair.GetPubKeyG1(), blockNumber)
 }
 
-func requestChurnApproval(ctx context.Context, operator *Operator, churnerUrl string, logger common.Logger) (*grpcchurner.ChurnReply, error) {
+func requestChurnApproval(ctx context.Context, operator *Operator, churnerUrl string, useSecureGrpc bool, logger common.Logger) (*grpcchurner.ChurnReply, error) {
 	logger.Info("churner url", "url", churnerUrl)
 
+	var credential = insecure.NewCredentials()
+	if useSecureGrpc {
+		config := &tls.Config{}
+		credential = credentials.NewTLS(config)
+	}
+
 	conn, err := grpc.Dial(
 		churnerUrl,
-		grpc.WithTransportCredentials(insecure.NewCredentials()), // TODO: still need this?
+		grpc.WithTransportCredentials(credential),
 	)
 	if err != nil {
 		logger.Error("Node cannot connect to churner", "err", err)
diff --git a/node/plugin/cmd/main.go b/node/plugin/cmd/main.go
@@ -121,7 +121,7 @@ func pluginOps(ctx *cli.Context) {
 	}
 	if config.Operation == "opt-in" {
 		log.Printf("Info: Operator with Operator Address: %x is opting in to EigenDA", sk.Address)
-		err = node.RegisterOperator(context.Background(), operator, tx, config.ChurnerUrl, logger)
+		err = node.RegisterOperator(context.Background(), operator, tx, config.ChurnerUrl, true, logger)
 		if err != nil {
 			log.Printf("Error: failed to opt-in EigenDA Node Network for operator ID: %x, operator address: %x, error: %v", operatorID, sk.Address, err)
 			return

Original file line number	Diff line number	Diff line change
`@@ -218,7 +218,6 @@ var (`
`218`	`218`	`Required: false,`
`219`	`219`	`EnvVar: common.PrefixEnvVar(EnvVarPrefix, "TEST_PRIVATE_BLS"),`
`220`	`220`	`}`
`221`		`-`
`222`	`221`	`ClientIPHeaderFlag = cli.StringFlag{`
`223`	`222`	`Name: common.PrefixFlag(FlagPrefix, "client-ip-header"),`
`224`	`223`	`Usage: "The name of the header used to get the client IP address. If set to empty string, the IP address will be taken from the connection. The rightmost value of the header will be used.",`
Original file line number	Diff line number	Diff line change
`@@ -176,7 +176,7 @@ func (n *Node) Start(ctx context.Context) error {`
`176`	`176`	`OperatorId: n.Config.ID,`
`177`	`177`	`QuorumIDs: n.Config.QuorumIDList,`
`178`	`178`	`}`
`179`		`- err := RegisterOperator(ctx, operator, n.Transactor, n.Config.ChurnerUrl, n.Logger)`
	`179`	`+ err := RegisterOperator(ctx, operator, n.Transactor, n.Config.ChurnerUrl, n.Config.UseSecureGrpc, n.Logger)`
`180`	`180`	`if err != nil {`
`181`	`181`	`return fmt.Errorf("failed to register the operator: %w", err)`
`182`	`182`	`}`
Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ func pluginOps(ctx *cli.Context) {`
`121`	`121`	`}`
`122`	`122`	`if config.Operation == "opt-in" {`
`123`	`123`	`log.Printf("Info: Operator with Operator Address: %x is opting in to EigenDA", sk.Address)`
`124`		`- err = node.RegisterOperator(context.Background(), operator, tx, config.ChurnerUrl, logger)`
	`124`	`+ err = node.RegisterOperator(context.Background(), operator, tx, config.ChurnerUrl, true, logger)`
`125`	`125`	`if err != nil {`
`126`	`126`	`log.Printf("Error: failed to opt-in EigenDA Node Network for operator ID: %x, operator address: %x, error: %v", operatorID, sk.Address, err)`
`127`	`127`	`return`