migration of privval module to gRPC

node/node.go

@@ -8,7 +8,6 @@ import (
 	"net"
 	"net/http"
 	_ "net/http/pprof" // nolint: gosec // securely exposed on separate, optional port
-	"strings"
 	"time"
 
 	"github.com/prometheus/client_golang/prometheus"
@@ -662,7 +661,7 @@ func NewNode(config *cfg.Config,
 	// external signing process.
 	if config.PrivValidatorListenAddr != "" {
 		// FIXME: we should start services inside OnStart
-		privValidator, err = createAndStartPrivValidatorSocketClient(config.PrivValidatorListenAddr, logger)
+		privValidator, err = createAndStartPrivValidatorSocketClient(config.PrivValidatorListenAddr, config.PrivValidatorClientCertificate, logger)
 		if err != nil {
 			return nil, fmt.Errorf("error with private validator socket client: %w", err)
 		}
@@ -1312,14 +1311,13 @@ func saveGenesisDoc(db dbm.DB, genDoc *types.GenesisDoc) {
 
 func createAndStartPrivValidatorSocketClient(
 	listenAddr string,
+	cert string,
 	logger log.Logger,
 ) (types.PrivValidator, error) {
-	pve, err := privval.NewSignerListener(listenAddr, logger)
-	if err != nil {
-		return nil, fmt.Errorf("failed to start private validator: %w", err)
-	}
 
-	pvsc, err := privval.NewSignerClient(pve)
+	dialOptions := ConstructDialOptions(cert)
+
+	pvsc, err := privval.NewSignerClient(listenAddr, dialOptions, logger)
 	if err != nil {
 		return nil, fmt.Errorf("failed to start private validator: %w", err)
 	}
@@ -1334,28 +1332,6 @@ func createAndStartPrivValidatorSocketClient(
 		retries = 50 // 50 * 100ms = 5s total
 		timeout = 100 * time.Millisecond
 	)
-	pvscWithRetries := privval.NewRetrySignerClient(pvsc, retries, timeout)
 
-	return pvscWithRetries, nil
-}
-
-// splitAndTrimEmpty slices s into all subslices separated by sep and returns a
-// slice of the string s with all leading and trailing Unicode code points
-// contained in cutset removed. If sep is empty, SplitAndTrim splits after each
-// UTF-8 sequence. First part is equivalent to strings.SplitN with a count of
-// -1.  also filter out empty strings, only return non-empty strings.
-func splitAndTrimEmpty(s, sep, cutset string) []string {
-	if s == "" {
-		return []string{}
-	}
-
-	spl := strings.Split(s, sep)
-	nonEmptyStrings := make([]string, 0, len(spl))
-	for i := 0; i < len(spl); i++ {
-		element := strings.Trim(spl[i], cutset)
-		if element != "" {
-			nonEmptyStrings = append(nonEmptyStrings, element)
-		}
-	}
-	return nonEmptyStrings
+	return pvsc, nil
 }

node/node_test.go

@@ -73,25 +73,6 @@ func TestNodeStartStop(t *testing.T) {
 	}
 }
 
-func TestSplitAndTrimEmpty(t *testing.T) {
-	testCases := []struct {
-		s        string
-		sep      string
-		cutset   string
-		expected []string
-	}{
-		{"a,b,c", ",", " ", []string{"a", "b", "c"}},
-		{" a , b , c ", ",", " ", []string{"a", "b", "c"}},
-		{" a, b, c ", ",", " ", []string{"a", "b", "c"}},
-		{" a, ", ",", " ", []string{"a"}},
-		{"   ", ",", " ", []string{}},
-	}
-
-	for _, tc := range testCases {
-		assert.Equal(t, tc.expected, splitAndTrimEmpty(tc.s, tc.sep, tc.cutset), "%s", tc.s)
-	}
-}
-
 func TestNodeDelayedStart(t *testing.T) {
 	config := cfg.ResetTestRoot("node_delayed_start_test")
 	defer os.RemoveAll(config.RootDir)

node/utils.go

@@ -0,0 +1,78 @@
+package node
+
+import (
+	"strings"
+	"time"
+
+	grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry"
+	"github.com/prometheus/common/log"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/credentials"
+)
+
+// splitAndTrimEmpty slices s into all subslices separated by sep and returns a
+// slice of the string s with all leading and trailing Unicode code points
+// contained in cutset removed. If sep is empty, SplitAndTrim splits after each
+// UTF-8 sequence. First part is equivalent to strings.SplitN with a count of
+// -1.  also filter out empty strings, only return non-empty strings.
+func splitAndTrimEmpty(s, sep, cutset string) []string {
+	if s == "" {
+		return []string{}
+	}
+
+	spl := strings.Split(s, sep)
+	nonEmptyStrings := make([]string, 0, len(spl))
+	for i := 0; i < len(spl); i++ {
+		element := strings.Trim(spl[i], cutset)
+		if element != "" {
+			nonEmptyStrings = append(nonEmptyStrings, element)
+		}
+	}
+	return nonEmptyStrings
+}
+
+// ConstructDialOptions constructs a list of grpc dial options
+func ConstructDialOptions(
+	withCert string,
+	extraOpts ...grpc.DialOption,
+) []grpc.DialOption {
+	var transportSecurity grpc.DialOption
+	if withCert != "" {
+		creds, err := credentials.NewClientTLSFromFile(withCert, "")
+		if err != nil {
+			log.Errorf("Could not get valid credentials: %v", err)
+			return nil
+		}
+		transportSecurity = grpc.WithTransportCredentials(creds)
+	} else {
+		transportSecurity = grpc.WithInsecure()
+		log.Warn("You are using an insecure gRPC connection! Please provide a certificate and key to use a secure connection.")
+	}
+
+	const (
+		retries            = 50 // 50 * 100ms = 5s total
+		timeout            = 100 * time.Millisecond
+		maxCallRecvMsgSize = 10 << 20 // Default 10Mb
+	)
+
+	opts := []grpc_retry.CallOption{
+		grpc_retry.WithBackoff(grpc_retry.BackoffExponential(timeout)),
+	}
+
+	dialOpts := []grpc.DialOption{
+		transportSecurity,
+		grpc.WithDefaultCallOptions(
+			grpc.MaxCallRecvMsgSize(maxCallRecvMsgSize),
+			grpc_retry.WithMax(retries),
+		),
+		grpc.WithUnaryInterceptor(
+			grpc_retry.UnaryClientInterceptor(opts...),
+		),
+	}
+
+	for _, opt := range extraOpts {
+		dialOpts = append(dialOpts, opt)
+	}
+
+	return dialOpts
+}

node/utils_test.go

@@ -0,0 +1,26 @@
+package node
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSplitAndTrimEmpty(t *testing.T) {
+	testCases := []struct {
+		s        string
+		sep      string
+		cutset   string
+		expected []string
+	}{
+		{"a,b,c", ",", " ", []string{"a", "b", "c"}},
+		{" a , b , c ", ",", " ", []string{"a", "b", "c"}},
+		{" a, b, c ", ",", " ", []string{"a", "b", "c"}},
+		{" a, ", ",", " ", []string{"a"}},
+		{"   ", ",", " ", []string{}},
+	}
+
+	for _, tc := range testCases {
+		assert.Equal(t, tc.expected, splitAndTrimEmpty(tc.s, tc.sep, tc.cutset), "%s", tc.s)
+	}
+}