From 7972526d12a748c803ea955bc5e9e2b625bd0693 Mon Sep 17 00:00:00 2001 From: krehermann <16602512+krehermann@users.noreply.github.com> Date: Wed, 4 Dec 2024 12:42:15 -0500 Subject: [PATCH 1/5] support mcms in ocr3 contract config changeset --- .../common/changeset/mcms_test_helpers.go | 15 +- deployment/common/changeset/test_helpers.go | 4 +- deployment/environment/memory/chain.go | 43 +-- deployment/environment/memory/node.go | 7 + .../keystone/changeset/configure_contracts.go | 19 + .../keystone/changeset/deploy_forwarder.go | 10 +- deployment/keystone/changeset/deploy_ocr3.go | 48 ++- .../keystone/changeset/deploy_ocr3_test.go | 113 ++++++ deployment/keystone/changeset/helpers_test.go | 353 ++++++++++++++++++ .../keystone/changeset/internal/test/utils.go | 1 - .../keystone/changeset/transfer_ownership.go | 4 +- deployment/keystone/deploy.go | 30 +- deployment/keystone/ocr3config.go | 132 ++++++- deployment/keystone/state.go | 7 + 14 files changed, 715 insertions(+), 71 deletions(-) create mode 100644 deployment/keystone/changeset/helpers_test.go diff --git a/deployment/common/changeset/mcms_test_helpers.go b/deployment/common/changeset/mcms_test_helpers.go index 3951149815c..4ed771e60f2 100644 --- a/deployment/common/changeset/mcms_test_helpers.go +++ b/deployment/common/changeset/mcms_test_helpers.go @@ -64,8 +64,12 @@ func SignProposal(t *testing.T, env deployment.Environment, proposal *timelock.M return executor } +type ExecuteProposalCfg struct { + Decoder func(err error) error +} + func ExecuteProposal(t *testing.T, env deployment.Environment, executor *mcms.Executor, - timelock *owner_helpers.RBACTimelock, sel uint64) { + timelock *owner_helpers.RBACTimelock, sel uint64) error { t.Log("Executing proposal on chain", sel) // Set the root. tx, err2 := executor.SetRootOnChain(env.Chains[sel].Client, env.Chains[sel].DeployerKey, mcms.ChainIdentifier(sel)) @@ -106,10 +110,15 @@ func ExecuteProposal(t *testing.T, env deployment.Environment, executor *mcms.Ex } tx, err := timelock.ExecuteBatch( env.Chains[sel].DeployerKey, calls, pred, salt) - require.NoError(t, err) + if err != nil { + return err + } _, err = env.Chains[sel].Confirm(tx) - require.NoError(t, err) + if err != nil { + return err + } } } } + return nil } diff --git a/deployment/common/changeset/test_helpers.go b/deployment/common/changeset/test_helpers.go index 913b4544f30..8f988896e96 100644 --- a/deployment/common/changeset/test_helpers.go +++ b/deployment/common/changeset/test_helpers.go @@ -79,7 +79,9 @@ func ApplyChangesets(t *testing.T, e deployment.Environment, timelocksPerChain m if !ok || timelock == nil { return deployment.Environment{}, fmt.Errorf("timelock not found for chain %d", sel) } - ExecuteProposal(t, e, signed, timelock, sel) + if err := ExecuteProposal(t, e, signed, timelock, sel); err != nil { + return deployment.Environment{}, fmt.Errorf("failed to execute proposal: %w", err) + } } } } diff --git a/deployment/environment/memory/chain.go b/deployment/environment/memory/chain.go index 1bb359f9c53..37eca5432c5 100644 --- a/deployment/environment/memory/chain.go +++ b/deployment/environment/memory/chain.go @@ -46,19 +46,7 @@ func GenerateChains(t *testing.T, numChains int) map[uint64]EVMChain { chains := make(map[uint64]EVMChain) for i := 0; i < numChains; i++ { chainID := chainsel.TEST_90000001.EvmChainID + uint64(i) - key, err := crypto.GenerateKey() - require.NoError(t, err) - owner, err := bind.NewKeyedTransactorWithChainID(key, big.NewInt(1337)) - require.NoError(t, err) - // there have to be enough initial funds on each chain to allocate for all the nodes that share the given chain in the test - backend := simulated.NewBackend(types.GenesisAlloc{ - owner.From: {Balance: big.NewInt(0).Mul(big.NewInt(7000), big.NewInt(params.Ether))}}, - simulated.WithBlockGasLimit(50000000)) - backend.Commit() // ts will be now. - chains[chainID] = EVMChain{ - Backend: backend, - DeployerKey: owner, - } + chains[chainID] = evmChain(t) } return chains } @@ -66,18 +54,23 @@ func GenerateChains(t *testing.T, numChains int) map[uint64]EVMChain { func GenerateChainsWithIds(t *testing.T, chainIDs []uint64) map[uint64]EVMChain { chains := make(map[uint64]EVMChain) for _, chainID := range chainIDs { - key, err := crypto.GenerateKey() - require.NoError(t, err) - owner, err := bind.NewKeyedTransactorWithChainID(key, big.NewInt(1337)) - require.NoError(t, err) - backend := simulated.NewBackend(types.GenesisAlloc{ - owner.From: {Balance: big.NewInt(0).Mul(big.NewInt(700000), big.NewInt(params.Ether))}}, - simulated.WithBlockGasLimit(10000000)) - backend.Commit() // Note initializes block timestamp to now(). - chains[chainID] = EVMChain{ - Backend: backend, - DeployerKey: owner, - } + chains[chainID] = evmChain(t) } return chains } + +func evmChain(t *testing.T) EVMChain { + key, err := crypto.GenerateKey() + require.NoError(t, err) + owner, err := bind.NewKeyedTransactorWithChainID(key, big.NewInt(1337)) + require.NoError(t, err) + // there have to be enough initial funds on each chain to allocate for all the nodes that share the given chain in the test + backend := simulated.NewBackend(types.GenesisAlloc{ + owner.From: {Balance: big.NewInt(0).Mul(big.NewInt(700000), big.NewInt(params.Ether))}}, + simulated.WithBlockGasLimit(50000000)) + backend.Commit() // ts will be now. + return EVMChain{ + Backend: backend, + DeployerKey: owner, + } +} diff --git a/deployment/environment/memory/node.go b/deployment/environment/memory/node.go index fd08d3cf17b..89b9c0a2d0e 100644 --- a/deployment/environment/memory/node.go +++ b/deployment/environment/memory/node.go @@ -68,6 +68,9 @@ func (n Node) ReplayLogs(chains map[uint64]uint64) error { // - Configured for OCR // - Configured for the chains specified // - Transmitter keys funded. +// TODO: support functional options for more `func (c *chainlink.Config, s *chainlink.Secrets)` as +// overrides for the default config. Allows for flexibility. Immediate use case is to set +// workflow forwarder evm config; can refactor registry config to be a functional option. func NewNode( t *testing.T, port int, // Port for the P2P V2 listener. @@ -75,6 +78,7 @@ func NewNode( logLevel zapcore.Level, bootstrap bool, registryConfig deployment.CapabilityRegistryConfig, + customSetup ...func(c *chainlink.Config, s *chainlink.Secrets), ) *Node { evmchains := make(map[uint64]EVMChain) for _, chain := range chains { @@ -125,6 +129,9 @@ func NewNode( chainConfigs = append(chainConfigs, createConfigV2Chain(chainID)) } c.EVM = chainConfigs + for _, setup := range customSetup { + setup(c, s) + } }) // Set logging. diff --git a/deployment/keystone/changeset/configure_contracts.go b/deployment/keystone/changeset/configure_contracts.go index d5bcb32243b..17635a42ed1 100644 --- a/deployment/keystone/changeset/configure_contracts.go +++ b/deployment/keystone/changeset/configure_contracts.go @@ -9,6 +9,25 @@ import ( kslib "github.com/smartcontractkit/chainlink/deployment/keystone" ) +var _ deployment.ChangeSet[InitialContractsCfg] = ConfigureInitialContractsChangeset + +type InitialContractsCfg struct { + RegistryChainSel uint64 + Dons []kslib.DonCapabilities + OCR3Config *kslib.OracleConfigWithSecrets +} + +func ConfigureInitialContractsChangeset(e deployment.Environment, cfg InitialContractsCfg) (deployment.ChangesetOutput, error) { + req := &kslib.ConfigureContractsRequest{ + Env: &e, + RegistryChainSel: cfg.RegistryChainSel, + Dons: cfg.Dons, + OCR3Config: cfg.OCR3Config, + } + return ConfigureInitialContracts(e.Logger, req) +} + +// Deprecated: Use ConfigureInitialContractsChangeset instead. func ConfigureInitialContracts(lggr logger.Logger, req *kslib.ConfigureContractsRequest) (deployment.ChangesetOutput, error) { if err := req.Validate(); err != nil { return deployment.ChangesetOutput{}, fmt.Errorf("failed to validate request: %w", err) diff --git a/deployment/keystone/changeset/deploy_forwarder.go b/deployment/keystone/changeset/deploy_forwarder.go index 2dc160dcf4c..5207d99aacd 100644 --- a/deployment/keystone/changeset/deploy_forwarder.go +++ b/deployment/keystone/changeset/deploy_forwarder.go @@ -9,16 +9,10 @@ import ( var _ deployment.ChangeSet[uint64] = DeployForwarder +// DeployForwarder deploys the KeystoneForwarder contract to all chains in the environment +// callers must merge the output addressbook with the existing one func DeployForwarder(env deployment.Environment, registryChainSel uint64) (deployment.ChangesetOutput, error) { lggr := env.Logger - // expect OCR3 to be deployed & capabilities registry - regAddrs, err := env.ExistingAddresses.AddressesForChain(registryChainSel) - if err != nil { - return deployment.ChangesetOutput{}, fmt.Errorf("no addresses found for chain %d: %w", registryChainSel, err) - } - if len(regAddrs) != 2 { - return deployment.ChangesetOutput{}, fmt.Errorf("expected 2 addresses for chain %d, got %d", registryChainSel, len(regAddrs)) - } ab := deployment.NewMemoryAddressBook() for _, chain := range env.Chains { lggr.Infow("deploying forwarder", "chainSelector", chain.Selector) diff --git a/deployment/keystone/changeset/deploy_ocr3.go b/deployment/keystone/changeset/deploy_ocr3.go index a88fe4afa62..86ccd1d439e 100644 --- a/deployment/keystone/changeset/deploy_ocr3.go +++ b/deployment/keystone/changeset/deploy_ocr3.go @@ -1,10 +1,11 @@ package changeset import ( + "encoding/json" "fmt" + "io" - "github.com/smartcontractkit/chainlink-common/pkg/logger" - + "github.com/smartcontractkit/ccip-owner-contracts/pkg/proposal/timelock" "github.com/smartcontractkit/chainlink/deployment" kslib "github.com/smartcontractkit/chainlink/deployment/keystone" ) @@ -29,12 +30,49 @@ func DeployOCR3(env deployment.Environment, config interface{}) (deployment.Chan return deployment.ChangesetOutput{AddressBook: ab}, nil } -func ConfigureOCR3Contract(lggr logger.Logger, env deployment.Environment, cfg kslib.ConfigureOCR3Config) (deployment.ChangesetOutput, error) { +var _ deployment.ChangeSet[ConfigureOCR3Config] = ConfigureOCR3Contract + +type ConfigureOCR3Config struct { + ChainSel uint64 + NodeIDs []string + OCR3Config *kslib.OracleConfigWithSecrets + DryRun bool + WriteGeneratedConfig io.Writer + + UseMCMS bool +} - _, err := kslib.ConfigureOCR3ContractFromJD(&env, cfg) +func ConfigureOCR3Contract(env deployment.Environment, cfg ConfigureOCR3Config) (deployment.ChangesetOutput, error) { + resp, err := kslib.ConfigureOCR3ContractFromJD(&env, kslib.ConfigureOCR3Config{ + ChainSel: cfg.ChainSel, + NodeIDs: cfg.NodeIDs, + OCR3Config: cfg.OCR3Config, + DryRun: cfg.DryRun, + UseMCMS: cfg.UseMCMS, + }) if err != nil { return deployment.ChangesetOutput{}, fmt.Errorf("failed to configure OCR3Capability: %w", err) } + if w := cfg.WriteGeneratedConfig; w != nil { + b, err := json.MarshalIndent(&resp.OCR2OracleConfig, "", " ") + if err != nil { + return deployment.ChangesetOutput{}, fmt.Errorf("failed to marshal response output: %w", err) + } + env.Logger.Infof("Generated OCR3 config: %s", string(b)) + n, err := w.Write(b) + if err != nil { + return deployment.ChangesetOutput{}, fmt.Errorf("failed to write response output: %w", err) + } + if n != len(b) { + return deployment.ChangesetOutput{}, fmt.Errorf("failed to write all bytes") + } + } // does not create any new addresses - return deployment.ChangesetOutput{}, nil + var proposals []timelock.MCMSWithTimelockProposal + if cfg.UseMCMS { + proposals = append(proposals, *resp.Proposal) + } + return deployment.ChangesetOutput{ + Proposals: proposals, + }, nil } diff --git a/deployment/keystone/changeset/deploy_ocr3_test.go b/deployment/keystone/changeset/deploy_ocr3_test.go index d3fdf118f8b..b178e63ab6e 100644 --- a/deployment/keystone/changeset/deploy_ocr3_test.go +++ b/deployment/keystone/changeset/deploy_ocr3_test.go @@ -1,6 +1,8 @@ package changeset_test import ( + "bytes" + "encoding/json" "testing" "go.uber.org/zap/zapcore" @@ -8,9 +10,14 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/gethwrappers" "github.com/smartcontractkit/chainlink-common/pkg/logger" + "github.com/smartcontractkit/chainlink/deployment" + commonchangeset "github.com/smartcontractkit/chainlink/deployment/common/changeset" "github.com/smartcontractkit/chainlink/deployment/environment/memory" + kslib "github.com/smartcontractkit/chainlink/deployment/keystone" "github.com/smartcontractkit/chainlink/deployment/keystone/changeset" + "github.com/smartcontractkit/chainlink/v2/core/gethwrappers/keystone/generated/ocr3_capability" ) func TestDeployOCR3(t *testing.T) { @@ -37,3 +44,109 @@ func TestDeployOCR3(t *testing.T) { oaddrs, _ := resp.AddressBook.AddressesForChain(env.AllChainSelectors()[1]) assert.Len(t, oaddrs, 0) } + +func TestConfigureOCR3(t *testing.T) { + t.Parallel() + lggr := logger.Test(t) + //ctx := tests.Context(t) + + c := kslib.OracleConfigWithSecrets{ + OracleConfig: kslib.OracleConfig{ + MaxFaultyOracles: 1, + DeltaProgressMillis: 12345, + }, + OCRSecrets: deployment.XXXGenerateTestOCRSecrets(), + } + + t.Run("no mcms", func(t *testing.T) { + + te := Setup(t, TestConfig{ + WFDonConfig: DonConfig{N: 4}, + AssetDonConfig: DonConfig{N: 4}, + WriterDonConfig: DonConfig{N: 4}, + NumChains: 1, + }) + + var wfNodes []string + for id, _ := range te.WFNodes { + wfNodes = append(wfNodes, id) + } + + w := &bytes.Buffer{} + cfg := changeset.ConfigureOCR3Config{ + ChainSel: te.RegistrySelector, + NodeIDs: wfNodes, + OCR3Config: &c, + WriteGeneratedConfig: w, + UseMCMS: false, + } + + csOut, err := changeset.ConfigureOCR3Contract(te.Env, cfg) + require.NoError(t, err) + var got kslib.OCR2OracleConfig + err = json.Unmarshal(w.Bytes(), &got) + require.NoError(t, err) + assert.Len(t, got.Signers, 4) + assert.Len(t, got.Transmitters, 4) + assert.Nil(t, csOut.Proposals) + }) + + t.Run("mcms", func(t *testing.T) { + te := Setup(t, TestConfig{ + WFDonConfig: DonConfig{N: 4}, + AssetDonConfig: DonConfig{N: 4}, + WriterDonConfig: DonConfig{N: 4}, + NumChains: 1, + EnableMCMS: true, + }) + + var wfNodes []string + for id, _ := range te.WFNodes { + wfNodes = append(wfNodes, id) + } + + w := &bytes.Buffer{} + cfg := changeset.ConfigureOCR3Config{ + ChainSel: te.RegistrySelector, + NodeIDs: wfNodes, + OCR3Config: &c, + WriteGeneratedConfig: w, + UseMCMS: true, + } + + csOut, err := changeset.ConfigureOCR3Contract(te.Env, cfg) + require.NoError(t, err) + var got kslib.OCR2OracleConfig + err = json.Unmarshal(w.Bytes(), &got) + require.NoError(t, err) + assert.Len(t, got.Signers, 4) + assert.Len(t, got.Transmitters, 4) + assert.NotNil(t, csOut.Proposals) + t.Logf("got: %v", csOut.Proposals[0]) + + contractSetsResp, err := kslib.GetContractSets(lggr, &kslib.GetContractSetsRequest{ + Chains: te.Env.Chains, + AddressBook: te.Env.ExistingAddresses, + }) + require.NoError(t, err) + var timelocks = map[uint64]*gethwrappers.RBACTimelock{ + te.RegistrySelector: contractSetsResp.ContractSets[te.RegistrySelector].Timelock, + } + // now apply the changeset such that the proposal is signed and execed + w2 := &bytes.Buffer{} + cfg.WriteGeneratedConfig = w2 + _, err = commonchangeset.ApplyChangesets(t, te.Env, timelocks, []commonchangeset.ChangesetApplication{ + { + Changeset: commonchangeset.WrapChangeSet(changeset.ConfigureOCR3Contract), + Config: cfg, + }, + }) + if err != nil { + t.Logf("failed to apply changeset: %v", err) + require.NoError(t, kslib.DecodeErr(ocr3_capability.OCR3CapabilityABI, err)) + } + + require.NoError(t, err) + }) + +} diff --git a/deployment/keystone/changeset/helpers_test.go b/deployment/keystone/changeset/helpers_test.go new file mode 100644 index 00000000000..f4642a9a36e --- /dev/null +++ b/deployment/keystone/changeset/helpers_test.go @@ -0,0 +1,353 @@ +package changeset_test + +import ( + "context" + "errors" + "fmt" + "math/big" + + "math" + "testing" + + "github.com/smartcontractkit/chainlink-common/pkg/logger" + "github.com/smartcontractkit/chainlink-common/pkg/utils/tests" + "github.com/smartcontractkit/chainlink-protos/job-distributor/v1/node" + "github.com/smartcontractkit/chainlink/deployment" + commonchangeset "github.com/smartcontractkit/chainlink/deployment/common/changeset" + commontypes "github.com/smartcontractkit/chainlink/deployment/common/types" + "github.com/smartcontractkit/chainlink/deployment/environment/memory" + "github.com/smartcontractkit/chainlink/deployment/keystone" + kschangeset "github.com/smartcontractkit/chainlink/deployment/keystone/changeset" + kcr "github.com/smartcontractkit/chainlink/v2/core/gethwrappers/keystone/generated/capabilities_registry" + "github.com/smartcontractkit/chainlink/v2/core/services/keystore/keys/p2pkey" + "github.com/stretchr/testify/require" + "go.uber.org/zap/zapcore" + "golang.org/x/exp/maps" +) + +type DonConfig struct { + N int + // TODO: add override functions +} + +func (c DonConfig) Validate() error { + if c.N < 4 { + return errors.New("N must be at least 4") + } + return nil +} + +// TODO: seperate the config into different types; wf should expand to types of ocr keybundles; writer to target chains; ... +type WFDonConfig = DonConfig +type AssetDonConfig = DonConfig +type WriterDonConfig = DonConfig + +type TestConfig struct { + WFDonConfig + AssetDonConfig + WriterDonConfig + NumChains int + + EnableMCMS bool +} + +func (c TestConfig) Validate() error { + if err := c.WFDonConfig.Validate(); err != nil { + return err + } + if err := c.AssetDonConfig.Validate(); err != nil { + return err + } + if err := c.WriterDonConfig.Validate(); err != nil { + return err + } + if c.NumChains < 1 { + return errors.New("NumChains must be at least 1") + } + return nil +} + +type TestEnv struct { + Env deployment.Environment + RegistrySelector uint64 + + WFNodes map[string]memory.Node + CWNodes map[string]memory.Node + AssetNodes map[string]memory.Node +} + +func Setup(t *testing.T, c TestConfig) TestEnv { + require.NoError(t, c.Validate()) + lggr := logger.Test(t) + ctx := tests.Context(t) + chains := memory.NewMemoryChains(t, c.NumChains) + registryChainSel := registryChain(t, chains) + // note that all the nodes require TOML configuration of the cap registry address + // and writers need forwarder address as TOML config + // we choose to use changesets to deploy the initial contracts because that's how it's done in the real world + // this requires a initial environment to house the address book + e := deployment.Environment{ + Logger: lggr, + Chains: chains, + ExistingAddresses: deployment.NewMemoryAddressBook(), + } + e, err := commonchangeset.ApplyChangesets(t, e, nil, []commonchangeset.ChangesetApplication{ + { + Changeset: commonchangeset.WrapChangeSet(kschangeset.DeployCapabilityRegistry), + Config: registryChainSel, + }, + { + Changeset: commonchangeset.WrapChangeSet(kschangeset.DeployOCR3), + Config: registryChainSel, + }, + { + Changeset: commonchangeset.WrapChangeSet(kschangeset.DeployForwarder), + Config: registryChainSel, + }, + }) + require.NoError(t, err) + require.NotNil(t, e) + require.Len(t, e.Chains, c.NumChains) + validateInitialChainState(t, e, registryChainSel) + // now that we have the initial contracts deployed, we can configure the nodes with the addresses + // TODO: configure the nodes with the correct override functions + crConfig := deployment.CapabilityRegistryConfig{ + EVMChainID: registryChainSel, + Contract: [20]byte{}, + } + + wfChains := map[uint64]deployment.Chain{} + wfChains[registryChainSel] = chains[registryChainSel] + wfNodes := memory.NewNodes(t, zapcore.InfoLevel, wfChains, c.WFDonConfig.N, 0, crConfig) + require.Len(t, wfNodes, c.WFDonConfig.N) + + writerChains := map[uint64]deployment.Chain{} + maps.Copy(writerChains, chains) + cwNodes := memory.NewNodes(t, zapcore.InfoLevel, writerChains, c.WriterDonConfig.N, 0, crConfig) + require.Len(t, cwNodes, c.WriterDonConfig.N) + + assetChains := map[uint64]deployment.Chain{} + assetChains[registryChainSel] = chains[registryChainSel] + assetNodes := memory.NewNodes(t, zapcore.InfoLevel, assetChains, c.AssetDonConfig.N, 0, crConfig) + require.Len(t, assetNodes, c.AssetDonConfig.N) + + // TODO: partition nodes into multiple nops + + wfDon := keystone.DonCapabilities{ + Name: keystone.WFDonName, + Nops: []keystone.NOP{ + { + Name: "nop 1", + Nodes: maps.Keys(wfNodes), + }, + }, + Capabilities: []kcr.CapabilitiesRegistryCapability{keystone.OCR3Cap}, + } + cwDon := keystone.DonCapabilities{ + Name: keystone.TargetDonName, + Nops: []keystone.NOP{ + { + Name: "nop 2", + Nodes: maps.Keys(cwNodes), + }, + }, + Capabilities: []kcr.CapabilitiesRegistryCapability{keystone.WriteChainCap}, + } + assetDon := keystone.DonCapabilities{ + Name: keystone.StreamDonName, + Nops: []keystone.NOP{ + { + Name: "nop 3", + Nodes: maps.Keys(assetNodes), + }, + }, + Capabilities: []kcr.CapabilitiesRegistryCapability{keystone.StreamTriggerCap}, + } + + allChains := make(map[uint64]deployment.Chain) + maps.Copy(allChains, chains) + + allNodes := make(map[string]memory.Node) + maps.Copy(allNodes, wfNodes) + maps.Copy(allNodes, cwNodes) + maps.Copy(allNodes, assetNodes) + env := memory.NewMemoryEnvironmentFromChainsNodes(func() context.Context { return ctx }, lggr, allChains, allNodes) + // set the env addresses to the deployed addresses that were created prior to configuring the nodes + err = env.ExistingAddresses.Merge(e.ExistingAddresses) + require.NoError(t, err) + + var ocr3Config = keystone.OracleConfigWithSecrets{ + OracleConfig: keystone.OracleConfig{ + MaxFaultyOracles: len(wfNodes) / 3, + }, + OCRSecrets: deployment.XXXGenerateTestOCRSecrets(), + } + var allDons = []keystone.DonCapabilities{wfDon, cwDon, assetDon} + + _, err = kschangeset.ConfigureInitialContractsChangeset(env, kschangeset.InitialContractsCfg{ + RegistryChainSel: registryChainSel, + Dons: allDons, + OCR3Config: &ocr3Config, + }) + require.NoError(t, err) + // TODO: KS-rm_deploy_opt + //require.Nil(t, csOut.AddressBook, "no new addresses should be created in configure initial contracts") + //require.NoError(t, env.ExistingAddresses.Merge(csOut.AddressBook)) + + req := &keystone.GetContractSetsRequest{ + Chains: env.Chains, + AddressBook: env.ExistingAddresses, + } + + contractSetsResp, err := keystone.GetContractSets(lggr, req) + require.NoError(t, err) + require.Len(t, contractSetsResp.ContractSets, len(env.Chains)) + // check the registry + regChainContracts, ok := contractSetsResp.ContractSets[registryChainSel] + require.True(t, ok) + gotRegistry := regChainContracts.CapabilitiesRegistry + require.NotNil(t, gotRegistry) + // validate the registry + // check the nodes + gotNodes, err := gotRegistry.GetNodes(nil) + require.NoError(t, err) + require.Len(t, gotNodes, len(allNodes)) + gotWfNodes, err := gotRegistry.GetNodesByP2PIds(nil, p2pIDs(t, maps.Keys(wfNodes))) + require.NoError(t, err) + require.Len(t, gotWfNodes, len(wfNodes)) + gotCwNodes, err := gotRegistry.GetNodesByP2PIds(nil, p2pIDs(t, maps.Keys(cwNodes))) + require.NoError(t, err) + require.Len(t, gotCwNodes, len(cwNodes)) + gotAssetNodes, err := gotRegistry.GetNodesByP2PIds(nil, p2pIDs(t, maps.Keys(assetNodes))) + require.NoError(t, err) + require.Len(t, gotAssetNodes, len(assetNodes)) + + // check the dons + gotDons, err := gotRegistry.GetDONs(nil) + require.NoError(t, err) + require.Len(t, gotDons, len(allDons)) + // todo: add validation of the expected capabilities + + if c.EnableMCMS { + // deploy, configure and xfer ownership of MCMS + env, err = commonchangeset.ApplyChangesets(t, env, nil, []commonchangeset.ChangesetApplication{ + { + Changeset: commonchangeset.WrapChangeSet(commonchangeset.DeployMCMSWithTimelock), + Config: map[uint64]commontypes.MCMSWithTimelockConfig{ + registryChainSel: { + Canceller: commonchangeset.SingleGroupMCMS(t), + Bypasser: commonchangeset.SingleGroupMCMS(t), + Proposer: commonchangeset.SingleGroupMCMS(t), + TimelockExecutors: env.AllDeployerKeys(), + TimelockMinDelay: big.NewInt(0), + }, + }, + }, + { + Changeset: commonchangeset.WrapChangeSet(kschangeset.TransferAllOwnership), + Config: &kschangeset.TransferAllOwnershipRequest{ + ChainSelector: registryChainSel, + }, + }, + }) + require.NoError(t, err) + // ensure the MCMS is deployed + req = &keystone.GetContractSetsRequest{ + Chains: env.Chains, + AddressBook: env.ExistingAddresses, + } + contractSetsResp, err = keystone.GetContractSets(lggr, req) + require.NoError(t, err) + require.Len(t, contractSetsResp.ContractSets, len(env.Chains)) + // check the registry + regChainContracts, ok = contractSetsResp.ContractSets[registryChainSel] + require.True(t, ok) + gotRegistry = regChainContracts.CapabilitiesRegistry + require.NotNil(t, gotRegistry) + // check the MCMS + gotMCMS := regChainContracts.MCMSWithTimelockState + require.NoError(t, gotMCMS.Validate()) + } + return TestEnv{ + Env: env, + RegistrySelector: registryChainSel, + WFNodes: wfNodes, + CWNodes: cwNodes, + AssetNodes: assetNodes, + } +} + +func registryChain(t *testing.T, chains map[uint64]deployment.Chain) uint64 { + var registryChainSel uint64 = math.MaxUint64 + for sel := range chains { + if sel < registryChainSel { + registryChainSel = sel + } + } + return registryChainSel +} + +// validateInitialChainState checks that the initial chain state +// has the expected contracts deployed +func validateInitialChainState(t *testing.T, env deployment.Environment, registryChainSel uint64) { + ad := env.ExistingAddresses + // all contracts on registry chain + registryChainAddrs, err := ad.AddressesForChain(registryChainSel) + require.NoError(t, err) + require.Len(t, registryChainAddrs, 3) // registry, ocr3, forwarder + // only forwarder on non-home chain + for sel := range env.Chains { + chainAddrs, err := ad.AddressesForChain(sel) + require.NoError(t, err) + if sel != registryChainSel { + require.Len(t, chainAddrs, 1) + } else { + require.Len(t, chainAddrs, 3) + } + containsForwarder := false + for _, tv := range chainAddrs { + if tv.Type == keystone.KeystoneForwarder { + containsForwarder = true + break + } + } + require.True(t, containsForwarder, "no forwarder found in %v on chain %d for target don", chainAddrs, sel) + } +} + +func TestSetup(t *testing.T) { + t.Parallel() + ctx := tests.Context(t) + for _, useMCMS := range []bool{true, false} { + te := Setup(t, TestConfig{ + WFDonConfig: DonConfig{N: 4}, + AssetDonConfig: DonConfig{N: 4}, + WriterDonConfig: DonConfig{N: 4}, + NumChains: 3, + EnableMCMS: useMCMS, + }) + t.Run(fmt.Sprintf("use MCMS %T", useMCMS), func(t *testing.T) { + require.NotNil(t, te.Env.ExistingAddresses) + require.Len(t, te.Env.Chains, 3) + require.NotEmpty(t, te.RegistrySelector) + require.NotNil(t, te.Env.Offchain) + r, err := te.Env.Offchain.ListNodes(ctx, &node.ListNodesRequest{}) + require.NoError(t, err) + require.Len(t, r.Nodes, 12) + }) + } +} + +func ptr[T any](t T) *T { + return &t +} + +func p2pIDs(t *testing.T, vals []string) [][32]byte { + var out [][32]byte + for _, v := range vals { + id, err := p2pkey.MakePeerID(v) + require.NoError(t, err) + out = append(out, id) + } + return out +} diff --git a/deployment/keystone/changeset/internal/test/utils.go b/deployment/keystone/changeset/internal/test/utils.go index 7c0ab557a83..722ae02818b 100644 --- a/deployment/keystone/changeset/internal/test/utils.go +++ b/deployment/keystone/changeset/internal/test/utils.go @@ -144,7 +144,6 @@ func addDons(t *testing.T, lggr logger.Logger, chain deployment.Chain, registry cc.Config = defaultCapConfig(t, ccfg.Capability) } var exists bool - //var cc kcr.CapabilitiesRegistryCapabilityConfiguration{} cc.CapabilityId, exists = capCache.Get(ccfg.Capability) require.True(t, exists, "capability not found in cache %v", ccfg.Capability) capConfigs = append(capConfigs, cc) diff --git a/deployment/keystone/changeset/transfer_ownership.go b/deployment/keystone/changeset/transfer_ownership.go index 73af5d5bdb2..ee45693e559 100644 --- a/deployment/keystone/changeset/transfer_ownership.go +++ b/deployment/keystone/changeset/transfer_ownership.go @@ -56,7 +56,9 @@ func TransferAllOwnership(e deployment.Environment, req *TransferAllOwnershipReq consumers, err := feedsConsumersFromAddrBook(addrBook, chain) if err != nil { - return deployment.ChangesetOutput{}, fmt.Errorf("failed to fetch feeds consumers: %w", err) + //return deployment.ChangesetOutput{}, fmt.Errorf("failed to fetch feeds consumers: %w", err) + // Ignore error if no consumers are found + e.Logger.Warnw("failed to fetch feeds consumers", "err", err) } // Initialize the Contracts slice diff --git a/deployment/keystone/deploy.go b/deployment/keystone/deploy.go index 7b304c1ba0c..a20bec8ec67 100644 --- a/deployment/keystone/deploy.go +++ b/deployment/keystone/deploy.go @@ -16,6 +16,7 @@ import ( "github.com/ethereum/go-ethereum/rpc" "golang.org/x/exp/maps" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/proposal/timelock" "github.com/smartcontractkit/chainlink/deployment" "google.golang.org/protobuf/proto" @@ -40,6 +41,7 @@ type ConfigureContractsRequest struct { Dons []DonCapabilities // externally sourced based on the environment OCR3Config *OracleConfigWithSecrets // TODO: probably should be a map of don to config; but currently we only have one wf don therefore one config + // TODO rm this option; unused DoContractDeploy bool // if false, the contracts are assumed to be deployed and the address book is used } @@ -75,6 +77,7 @@ func ConfigureContracts(ctx context.Context, lggr logger.Logger, req ConfigureCo } addrBook := req.Env.ExistingAddresses + // TODO: KS-rm_deploy_opt remove this option; it's not used if req.DoContractDeploy { contractDeployCS, err := DeployContracts(req.Env, req.RegistryChainSel) if err != nil { @@ -312,6 +315,7 @@ func ConfigureForwardContracts(env *deployment.Environment, dons []RegisteredDon return nil } +// Depreciated: use changeset.ConfigureOCR3Contract instead // ocr3 contract on the registry chain for the wf dons func ConfigureOCR3Contract(env *deployment.Environment, chainSel uint64, dons []RegisteredDon, addrBook deployment.AddressBook, cfg *OracleConfigWithSecrets) error { registryChain, ok := env.Chains[chainSel] @@ -342,10 +346,11 @@ func ConfigureOCR3Contract(env *deployment.Environment, chainSel uint64, dons [] } _, err := configureOCR3contract(configureOCR3Request{ - cfg: cfg, - chain: registryChain, - contract: contract, - nodes: don.Nodes, + cfg: cfg, + chain: registryChain, + contract: contract, + nodes: don.Nodes, + contractSet: &contracts, }) if err != nil { return fmt.Errorf("failed to configure OCR3 contract for don %s: %w", don.Name, err) @@ -356,6 +361,7 @@ func ConfigureOCR3Contract(env *deployment.Environment, chainSel uint64, dons [] type ConfigureOCR3Resp struct { OCR2OracleConfig + Proposal *timelock.MCMSWithTimelockProposal } type ConfigureOCR3Config struct { @@ -363,8 +369,11 @@ type ConfigureOCR3Config struct { NodeIDs []string OCR3Config *OracleConfigWithSecrets DryRun bool + + UseMCMS bool } +// Depreciated: use changeset.ConfigureOCR3Contract instead func ConfigureOCR3ContractFromJD(env *deployment.Environment, cfg ConfigureOCR3Config) (*ConfigureOCR3Resp, error) { prefix := "" if cfg.DryRun { @@ -395,17 +404,20 @@ func ConfigureOCR3ContractFromJD(env *deployment.Environment, cfg ConfigureOCR3C return nil, err } r, err := configureOCR3contract(configureOCR3Request{ - cfg: cfg.OCR3Config, - chain: registryChain, - contract: contract, - nodes: nodes, - dryRun: cfg.DryRun, + cfg: cfg.OCR3Config, + chain: registryChain, + contract: contract, + nodes: nodes, + dryRun: cfg.DryRun, + contractSet: &contracts, + useMCMS: cfg.UseMCMS, }) if err != nil { return nil, err } return &ConfigureOCR3Resp{ OCR2OracleConfig: r.ocrConfig, + Proposal: r.proposal, }, nil } diff --git a/deployment/keystone/ocr3config.go b/deployment/keystone/ocr3config.go index a281a69ed8a..74a5480cd1b 100644 --- a/deployment/keystone/ocr3config.go +++ b/deployment/keystone/ocr3config.go @@ -8,6 +8,8 @@ import ( "encoding/json" "errors" "fmt" + "math/big" + "strings" "time" "github.com/ethereum/go-ethereum/common" @@ -16,7 +18,11 @@ import ( "github.com/smartcontractkit/libocr/offchainreporting2plus/ocr3confighelper" "github.com/smartcontractkit/libocr/offchainreporting2plus/types" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/gethwrappers" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/proposal/mcms" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/proposal/timelock" "github.com/smartcontractkit/chainlink/deployment" + "github.com/smartcontractkit/chainlink/deployment/common/proposalutils" kocr3 "github.com/smartcontractkit/chainlink/v2/core/gethwrappers/keystone/generated/ocr3_capability" "github.com/smartcontractkit/chainlink/v2/core/services/keystore/chaintype" "github.com/smartcontractkit/chainlink/v2/core/services/ocrcommon" @@ -107,6 +113,44 @@ func (c OCR2OracleConfig) MarshalJSON() ([]byte, error) { return json.Marshal(alias) } +func (c *OCR2OracleConfig) UnmarshalJSON(data []byte) error { + type aliasT struct { + Signers []string + Transmitters []string + F uint8 + OnchainConfig string + OffchainConfigVersion uint64 + OffchainConfig string + } + var alias aliasT + err := json.Unmarshal(data, &alias) + if err != nil { + return fmt.Errorf("failed to unmarshal OCR2OracleConfig alias: %w", err) + } + c.F = alias.F + c.OffchainConfigVersion = alias.OffchainConfigVersion + c.Signers = make([][]byte, len(alias.Signers)) + for i, signer := range alias.Signers { + c.Signers[i], err = hex.DecodeString(strings.TrimPrefix(signer, "0x")) + if err != nil { + return fmt.Errorf("failed to decode signer: %w", err) + } + } + c.Transmitters = make([]common.Address, len(alias.Transmitters)) + for i, transmitter := range alias.Transmitters { + c.Transmitters[i] = common.HexToAddress(transmitter) + } + c.OnchainConfig, err = hex.DecodeString(strings.TrimPrefix(alias.OnchainConfig, "0x")) + if err != nil { + return fmt.Errorf("failed to decode onchain config: %w", err) + } + c.OffchainConfig, err = hex.DecodeString(strings.TrimPrefix(alias.OffchainConfig, "0x")) + if err != nil { + return fmt.Errorf("failed to decode offchain config: %w", err) + } + return nil +} + func GenerateOCR3Config(cfg OracleConfigWithSecrets, nca []NodeKeys) (OCR2OracleConfig, error) { onchainPubKeys := [][]byte{} allPubKeys := map[string]any{} @@ -245,6 +289,9 @@ type configureOCR3Request struct { contract *kocr3.OCR3Capability nodes []deployment.Node dryRun bool + + useMCMS bool + contractSet *ContractSet } func (r configureOCR3Request) generateOCR3Config() (OCR2OracleConfig, error) { @@ -254,6 +301,7 @@ func (r configureOCR3Request) generateOCR3Config() (OCR2OracleConfig, error) { type configureOCR3Response struct { ocrConfig OCR2OracleConfig + proposal *timelock.MCMSWithTimelockProposal } func configureOCR3contract(req configureOCR3Request) (*configureOCR3Response, error) { @@ -265,24 +313,72 @@ func configureOCR3contract(req configureOCR3Request) (*configureOCR3Response, er return nil, fmt.Errorf("failed to generate OCR3 config: %w", err) } if req.dryRun { - return &configureOCR3Response{ocrConfig}, nil + return &configureOCR3Response{ocrConfig, nil}, nil } - tx, err := req.contract.SetConfig(req.chain.DeployerKey, - ocrConfig.Signers, - ocrConfig.Transmitters, - ocrConfig.F, - ocrConfig.OnchainConfig, - ocrConfig.OffchainConfigVersion, - ocrConfig.OffchainConfig, - ) - if err != nil { - err = DecodeErr(kocr3.OCR3CapabilityABI, err) - return nil, fmt.Errorf("failed to call SetConfig for OCR3 contract %s: %w", req.contract.Address().String(), err) - } - _, err = req.chain.Confirm(tx) - if err != nil { - err = DecodeErr(kocr3.OCR3CapabilityABI, err) - return nil, fmt.Errorf("failed to confirm SetConfig for OCR3 contract %s: %w", req.contract.Address().String(), err) + var proposal *timelock.MCMSWithTimelockProposal + if !req.useMCMS { + + tx, err := req.contract.SetConfig(req.chain.DeployerKey, + ocrConfig.Signers, + ocrConfig.Transmitters, + ocrConfig.F, + ocrConfig.OnchainConfig, + ocrConfig.OffchainConfigVersion, + ocrConfig.OffchainConfig, + ) + if err != nil { + err = DecodeErr(kocr3.OCR3CapabilityABI, err) + return nil, fmt.Errorf("failed to call SetConfig for OCR3 contract %s: %w", req.contract.Address().String(), err) + } + _, err = req.chain.Confirm(tx) + if err != nil { + err = DecodeErr(kocr3.OCR3CapabilityABI, err) + return nil, fmt.Errorf("failed to confirm SetConfig for OCR3 contract %s: %w", req.contract.Address().String(), err) + } + } else { + // use MCMS + configRequest, err := req.contract.SetConfig( + deployment.SimTransactOpts(), + ocrConfig.Signers, + ocrConfig.Transmitters, + ocrConfig.F, + ocrConfig.OnchainConfig, + ocrConfig.OffchainConfigVersion, + ocrConfig.OffchainConfig) + if err != nil { + err = DecodeErr(kocr3.OCR3CapabilityABI, err) + return nil, fmt.Errorf("failed to simulate SetConfig for OCR3 contract %s: %w", req.contract.Address().String(), err) + } + o := timelock.BatchChainOperation{ + ChainIdentifier: mcms.ChainIdentifier(req.chain.Selector), + Batch: []mcms.Operation{ + { + // Enable the source in on ramp + To: req.contract.Address(), + Data: configRequest.Data(), + Value: big.NewInt(0), + }, + }, + } + var ( + timelocksPerChain = make(map[uint64]common.Address) + proposerMCMSes = make(map[uint64]*gethwrappers.ManyChainMultiSig) + ) + + timelocksPerChain[req.chain.Selector] = req.contractSet.Timelock.Address() + proposerMCMSes[req.chain.Selector] = req.contractSet.ProposerMcm + + proposal, err = proposalutils.BuildProposalFromBatches( + timelocksPerChain, + proposerMCMSes, + []timelock.BatchChainOperation{o}, + "proposal to set ocr3 config", + 0, + ) + if err != nil { + return nil, fmt.Errorf("failed to build proposal: %w", err) + } } - return &configureOCR3Response{ocrConfig}, nil + + return &configureOCR3Response{ocrConfig, proposal}, nil } diff --git a/deployment/keystone/state.go b/deployment/keystone/state.go index 68f2ab97a5d..17c9fb18bd1 100644 --- a/deployment/keystone/state.go +++ b/deployment/keystone/state.go @@ -8,6 +8,7 @@ import ( "github.com/smartcontractkit/chainlink-common/pkg/logger" "github.com/smartcontractkit/chainlink/deployment" + commonchangeset "github.com/smartcontractkit/chainlink/deployment/common/changeset" common_v1_0 "github.com/smartcontractkit/chainlink/deployment/common/view/v1_0" "github.com/smartcontractkit/chainlink/deployment/keystone/view" "github.com/smartcontractkit/chainlink/v2/core/gethwrappers/keystone/generated/capabilities_registry" @@ -25,6 +26,7 @@ type GetContractSetsResponse struct { } type ContractSet struct { + commonchangeset.MCMSWithTimelockState OCR3 *ocr3_capability.OCR3Capability Forwarder *forwarder.KeystoneForwarder CapabilitiesRegistry *capabilities_registry.CapabilitiesRegistry @@ -62,6 +64,11 @@ func GetContractSets(lggr logger.Logger, req *GetContractSetsRequest) (*GetContr func loadContractSet(lggr logger.Logger, chain deployment.Chain, addresses map[string]deployment.TypeAndVersion) (*ContractSet, error) { var out ContractSet + mcmsWithTimelock, err := commonchangeset.LoadMCMSWithTimelockState(chain, addresses) + if err != nil { + return nil, fmt.Errorf("failed to load mcms contract: %w", err) + } + out.MCMSWithTimelockState = *mcmsWithTimelock for addr, tv := range addresses { // todo handle versions From 1973a3d53ce2b718ef1a0a7c412fe37ecfc358ee Mon Sep 17 00:00:00 2001 From: krehermann <16602512+krehermann@users.noreply.github.com> Date: Wed, 4 Dec 2024 15:31:14 -0500 Subject: [PATCH 2/5] test working for ocr3 config with mcms --- .../keystone/changeset/accept_ownership.go | 47 ++++---------- .../changeset/accept_ownership_test.go | 10 +-- deployment/keystone/changeset/deploy_ocr3.go | 2 +- deployment/keystone/changeset/helpers_test.go | 25 +++++++ .../keystone/changeset/transfer_ownership.go | 49 ++++---------- .../changeset/transfer_ownership_test.go | 8 --- deployment/keystone/ocr3config.go | 65 ++++++++----------- deployment/keystone/state.go | 16 +++++ 8 files changed, 96 insertions(+), 126 deletions(-) diff --git a/deployment/keystone/changeset/accept_ownership.go b/deployment/keystone/changeset/accept_ownership.go index 8a4f3c60c53..15bba6ceb9b 100644 --- a/deployment/keystone/changeset/accept_ownership.go +++ b/deployment/keystone/changeset/accept_ownership.go @@ -6,6 +6,7 @@ import ( "github.com/ethereum/go-ethereum/common" ccipowner "github.com/smartcontractkit/ccip-owner-contracts/pkg/gethwrappers" + kslib "github.com/smartcontractkit/chainlink/deployment/keystone" "github.com/smartcontractkit/chainlink/deployment" "github.com/smartcontractkit/chainlink/deployment/common/changeset" @@ -33,50 +34,24 @@ func AcceptAllOwnershipsProposal(e deployment.Environment, req *AcceptAllOwnersh chain := e.Chains[chainSelector] addrBook := e.ExistingAddresses - // Fetch contracts from the address book. - timelocks, err := timelocksFromAddrBook(addrBook, chain) - if err != nil { - return deployment.ChangesetOutput{}, err - } - capRegs, err := capRegistriesFromAddrBook(addrBook, chain) - if err != nil { - return deployment.ChangesetOutput{}, err - } - ocr3, err := ocr3FromAddrBook(addrBook, chain) - if err != nil { - return deployment.ChangesetOutput{}, err - } - forwarders, err := forwardersFromAddrBook(addrBook, chain) - if err != nil { - return deployment.ChangesetOutput{}, err - } - consumers, err := feedsConsumersFromAddrBook(addrBook, chain) - if err != nil { - return deployment.ChangesetOutput{}, err - } - mcmsProposers, err := proposersFromAddrBook(addrBook, chain) + r, err := kslib.GetContractSets(e.Logger, &kslib.GetContractSetsRequest{ + Chains: map[uint64]deployment.Chain{ + req.ChainSelector: chain, + }, + AddressBook: addrBook, + }) if err != nil { return deployment.ChangesetOutput{}, err } - - // Initialize the OwnershipAcceptors slice - var ownershipAcceptors []changeset.OwnershipAcceptor - - // Append all contracts - ownershipAcceptors = append(ownershipAcceptors, toOwnershipAcceptors(capRegs)...) - ownershipAcceptors = append(ownershipAcceptors, toOwnershipAcceptors(ocr3)...) - ownershipAcceptors = append(ownershipAcceptors, toOwnershipAcceptors(forwarders)...) - ownershipAcceptors = append(ownershipAcceptors, toOwnershipAcceptors(consumers)...) - + contracts := r.ContractSets[chainSelector] + ownershipAcceptors := contracts.OwnershipAcceptors() // Construct the configuration cfg := changeset.AcceptOwnershipConfig{ OwnersPerChain: map[uint64]common.Address{ - // Assuming there is only one timelock per chain. - chainSelector: timelocks[0].Address(), + chainSelector: contracts.Timelock.Address(), }, ProposerMCMSes: map[uint64]*ccipowner.ManyChainMultiSig{ - // Assuming there is only one MCMS proposer per chain. - chainSelector: mcmsProposers[0], + chainSelector: contracts.ProposerMcm, }, Contracts: map[uint64][]changeset.OwnershipAcceptor{ chainSelector: ownershipAcceptors, diff --git a/deployment/keystone/changeset/accept_ownership_test.go b/deployment/keystone/changeset/accept_ownership_test.go index 996ff08c149..70f750e1f98 100644 --- a/deployment/keystone/changeset/accept_ownership_test.go +++ b/deployment/keystone/changeset/accept_ownership_test.go @@ -42,14 +42,6 @@ func TestAcceptAllOwnership(t *testing.T) { err = env.ExistingAddresses.Merge(chForwarder.AddressBook) require.NoError(t, err) - chConsumer, err := changeset.DeployFeedsConsumer(env, &changeset.DeployFeedsConsumerRequest{ - ChainSelector: registrySel, - }) - require.NoError(t, err) - require.NotNil(t, chConsumer) - err = env.ExistingAddresses.Merge(chConsumer.AddressBook) - require.NoError(t, err) - chMcms, err := commonchangeset.DeployMCMSWithTimelock(env, map[uint64]types.MCMSWithTimelockConfig{ registrySel: { Canceller: commonchangeset.SingleGroupMCMS(t), @@ -82,5 +74,5 @@ func TestAcceptAllOwnership(t *testing.T) { proposal := output.Proposals[0] require.Len(t, proposal.Transactions, 1) txs := proposal.Transactions[0] - require.Len(t, txs.Batch, 4) + require.Len(t, txs.Batch, 3) // number of contracts to transfer } diff --git a/deployment/keystone/changeset/deploy_ocr3.go b/deployment/keystone/changeset/deploy_ocr3.go index 86ccd1d439e..4ed920df077 100644 --- a/deployment/keystone/changeset/deploy_ocr3.go +++ b/deployment/keystone/changeset/deploy_ocr3.go @@ -37,7 +37,7 @@ type ConfigureOCR3Config struct { NodeIDs []string OCR3Config *kslib.OracleConfigWithSecrets DryRun bool - WriteGeneratedConfig io.Writer + WriteGeneratedConfig io.Writer // if not nil, write the generated config to this writer as JSON [OCR2OracleConfig] UseMCMS bool } diff --git a/deployment/keystone/changeset/helpers_test.go b/deployment/keystone/changeset/helpers_test.go index f4642a9a36e..5739ea98f25 100644 --- a/deployment/keystone/changeset/helpers_test.go +++ b/deployment/keystone/changeset/helpers_test.go @@ -9,6 +9,7 @@ import ( "math" "testing" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/gethwrappers" "github.com/smartcontractkit/chainlink-common/pkg/logger" "github.com/smartcontractkit/chainlink-common/pkg/utils/tests" "github.com/smartcontractkit/chainlink-protos/job-distributor/v1/node" @@ -17,6 +18,7 @@ import ( commontypes "github.com/smartcontractkit/chainlink/deployment/common/types" "github.com/smartcontractkit/chainlink/deployment/environment/memory" "github.com/smartcontractkit/chainlink/deployment/keystone" + kslib "github.com/smartcontractkit/chainlink/deployment/keystone" kschangeset "github.com/smartcontractkit/chainlink/deployment/keystone/changeset" kcr "github.com/smartcontractkit/chainlink/v2/core/gethwrappers/keystone/generated/capabilities_registry" "github.com/smartcontractkit/chainlink/v2/core/services/keystore/keys/p2pkey" @@ -229,6 +231,8 @@ func Setup(t *testing.T, c TestConfig) TestEnv { // todo: add validation of the expected capabilities if c.EnableMCMS { + // TODO: mcms on all the chains + t.Logf("Enabling MCMS registry chain %d", registryChainSel) // deploy, configure and xfer ownership of MCMS env, err = commonchangeset.ApplyChangesets(t, env, nil, []commonchangeset.ChangesetApplication{ { @@ -243,12 +247,33 @@ func Setup(t *testing.T, c TestConfig) TestEnv { }, }, }, + }) + require.NoError(t, err) + // extract the MCMS address + r, err := kslib.GetContractSets(lggr, &kslib.GetContractSetsRequest{ + Chains: map[uint64]deployment.Chain{ + registryChainSel: env.Chains[registryChainSel], + }, + AddressBook: env.ExistingAddresses, + }) + require.NoError(t, err) + mcms := r.ContractSets[registryChainSel].MCMSWithTimelockState + require.NotNil(t, mcms) + // transfer ownership of all contracts to the MCMS + env, err = commonchangeset.ApplyChangesets(t, env, map[uint64]*gethwrappers.RBACTimelock{registryChainSel: mcms.Timelock}, []commonchangeset.ChangesetApplication{ { Changeset: commonchangeset.WrapChangeSet(kschangeset.TransferAllOwnership), Config: &kschangeset.TransferAllOwnershipRequest{ ChainSelector: registryChainSel, }, }, + { + Changeset: commonchangeset.WrapChangeSet(kschangeset.AcceptAllOwnershipsProposal), + Config: &kschangeset.AcceptAllOwnershipRequest{ + ChainSelector: registryChainSel, + MinDelay: 0, + }, + }, }) require.NoError(t, err) // ensure the MCMS is deployed diff --git a/deployment/keystone/changeset/transfer_ownership.go b/deployment/keystone/changeset/transfer_ownership.go index ee45693e559..4c0d56b9f34 100644 --- a/deployment/keystone/changeset/transfer_ownership.go +++ b/deployment/keystone/changeset/transfer_ownership.go @@ -7,6 +7,7 @@ import ( "github.com/smartcontractkit/chainlink/deployment" "github.com/smartcontractkit/chainlink/deployment/common/changeset" + kslib "github.com/smartcontractkit/chainlink/deployment/keystone" ) func toOwnershipTransferrer[T changeset.OwnershipTransferrer](items []T) []changeset.OwnershipTransferrer { @@ -29,52 +30,30 @@ func TransferAllOwnership(e deployment.Environment, req *TransferAllOwnershipReq chain := e.Chains[chainSelector] addrBook := e.ExistingAddresses - // Fetch timelocks for the specified chain. - timelocks, err := timelocksFromAddrBook(addrBook, chain) - if err != nil { - return deployment.ChangesetOutput{}, fmt.Errorf("failed to fetch timelocks: %w", err) - } - if len(timelocks) == 0 { - return deployment.ChangesetOutput{}, fmt.Errorf("no timelocks found for chain %d", chainSelector) - } - - // Fetch contracts from the address book. - capRegs, err := capRegistriesFromAddrBook(addrBook, chain) - if err != nil { - return deployment.ChangesetOutput{}, fmt.Errorf("failed to fetch capabilities registries: %w", err) - } - - ocr3s, err := ocr3FromAddrBook(addrBook, chain) - if err != nil { - return deployment.ChangesetOutput{}, fmt.Errorf("failed to fetch OCR3 capabilities: %w", err) - } - - forwarders, err := forwardersFromAddrBook(addrBook, chain) + r, err := kslib.GetContractSets(e.Logger, &kslib.GetContractSetsRequest{ + Chains: map[uint64]deployment.Chain{ + req.ChainSelector: chain, + }, + AddressBook: addrBook, + }) if err != nil { - return deployment.ChangesetOutput{}, fmt.Errorf("failed to fetch forwarders: %w", err) + return deployment.ChangesetOutput{}, fmt.Errorf("failed to get contract sets: %w", err) } + contracts := r.ContractSets[chainSelector] + timelock := contracts.Timelock - consumers, err := feedsConsumersFromAddrBook(addrBook, chain) - if err != nil { - //return deployment.ChangesetOutput{}, fmt.Errorf("failed to fetch feeds consumers: %w", err) - // Ignore error if no consumers are found - e.Logger.Warnw("failed to fetch feeds consumers", "err", err) + if timelock == nil { + return deployment.ChangesetOutput{}, fmt.Errorf("failed to fetch timelocks: %w", err) } // Initialize the Contracts slice - var ownershipTransferrers []changeset.OwnershipTransferrer - - // Append all contracts - ownershipTransferrers = append(ownershipTransferrers, toOwnershipTransferrer(capRegs)...) - ownershipTransferrers = append(ownershipTransferrers, toOwnershipTransferrer(ocr3s)...) - ownershipTransferrers = append(ownershipTransferrers, toOwnershipTransferrer(forwarders)...) - ownershipTransferrers = append(ownershipTransferrers, toOwnershipTransferrer(consumers)...) + ownershipTransferrers := contracts.OwnershipTransferrers() // Construct the configuration cfg := changeset.TransferOwnershipConfig{ OwnersPerChain: map[uint64]common.Address{ // Assuming there is only one timelock per chain. - chainSelector: timelocks[0].Address(), + chainSelector: timelock.Address(), }, Contracts: map[uint64][]changeset.OwnershipTransferrer{ chainSelector: ownershipTransferrers, diff --git a/deployment/keystone/changeset/transfer_ownership_test.go b/deployment/keystone/changeset/transfer_ownership_test.go index dc5630076bd..731dfbfaa77 100644 --- a/deployment/keystone/changeset/transfer_ownership_test.go +++ b/deployment/keystone/changeset/transfer_ownership_test.go @@ -41,14 +41,6 @@ func TestTransferAllOwnership(t *testing.T) { err = env.ExistingAddresses.Merge(chForwarder.AddressBook) require.NoError(t, err) - chConsumer, err := changeset.DeployFeedsConsumer(env, &changeset.DeployFeedsConsumerRequest{ - ChainSelector: registrySel, - }) - require.NoError(t, err) - require.NotNil(t, chConsumer) - err = env.ExistingAddresses.Merge(chConsumer.AddressBook) - require.NoError(t, err) - chMcms, err := commonchangeset.DeployMCMSWithTimelock(env, map[uint64]types.MCMSWithTimelockConfig{ registrySel: { Canceller: commonchangeset.SingleGroupMCMS(t), diff --git a/deployment/keystone/ocr3config.go b/deployment/keystone/ocr3config.go index 74a5480cd1b..c4f8714b113 100644 --- a/deployment/keystone/ocr3config.go +++ b/deployment/keystone/ocr3config.go @@ -315,63 +315,54 @@ func configureOCR3contract(req configureOCR3Request) (*configureOCR3Response, er if req.dryRun { return &configureOCR3Response{ocrConfig, nil}, nil } + + txOpt := req.chain.DeployerKey + if req.useMCMS { + txOpt = deployment.SimTransactOpts() + } + + tx, err := req.contract.SetConfig(txOpt, + ocrConfig.Signers, + ocrConfig.Transmitters, + ocrConfig.F, + ocrConfig.OnchainConfig, + ocrConfig.OffchainConfigVersion, + ocrConfig.OffchainConfig, + ) + if err != nil { + err = DecodeErr(kocr3.OCR3CapabilityABI, err) + return nil, fmt.Errorf("failed to call SetConfig for OCR3 contract %s using mcms: %T: %w", req.contract.Address().String(), req.useMCMS, err) + } + var proposal *timelock.MCMSWithTimelockProposal if !req.useMCMS { - - tx, err := req.contract.SetConfig(req.chain.DeployerKey, - ocrConfig.Signers, - ocrConfig.Transmitters, - ocrConfig.F, - ocrConfig.OnchainConfig, - ocrConfig.OffchainConfigVersion, - ocrConfig.OffchainConfig, - ) - if err != nil { - err = DecodeErr(kocr3.OCR3CapabilityABI, err) - return nil, fmt.Errorf("failed to call SetConfig for OCR3 contract %s: %w", req.contract.Address().String(), err) - } _, err = req.chain.Confirm(tx) if err != nil { err = DecodeErr(kocr3.OCR3CapabilityABI, err) return nil, fmt.Errorf("failed to confirm SetConfig for OCR3 contract %s: %w", req.contract.Address().String(), err) } } else { - // use MCMS - configRequest, err := req.contract.SetConfig( - deployment.SimTransactOpts(), - ocrConfig.Signers, - ocrConfig.Transmitters, - ocrConfig.F, - ocrConfig.OnchainConfig, - ocrConfig.OffchainConfigVersion, - ocrConfig.OffchainConfig) - if err != nil { - err = DecodeErr(kocr3.OCR3CapabilityABI, err) - return nil, fmt.Errorf("failed to simulate SetConfig for OCR3 contract %s: %w", req.contract.Address().String(), err) - } - o := timelock.BatchChainOperation{ + ops := timelock.BatchChainOperation{ ChainIdentifier: mcms.ChainIdentifier(req.chain.Selector), Batch: []mcms.Operation{ { - // Enable the source in on ramp To: req.contract.Address(), - Data: configRequest.Data(), + Data: tx.Data(), Value: big.NewInt(0), }, }, } - var ( - timelocksPerChain = make(map[uint64]common.Address) - proposerMCMSes = make(map[uint64]*gethwrappers.ManyChainMultiSig) - ) - - timelocksPerChain[req.chain.Selector] = req.contractSet.Timelock.Address() - proposerMCMSes[req.chain.Selector] = req.contractSet.ProposerMcm + timelocksPerChain := map[uint64]common.Address{ + req.chain.Selector: req.contractSet.Timelock.Address(), + } + proposerMCMSes := map[uint64]*gethwrappers.ManyChainMultiSig{ + req.chain.Selector: req.contractSet.ProposerMcm, + } proposal, err = proposalutils.BuildProposalFromBatches( timelocksPerChain, proposerMCMSes, - []timelock.BatchChainOperation{o}, + []timelock.BatchChainOperation{ops}, "proposal to set ocr3 config", 0, ) diff --git a/deployment/keystone/state.go b/deployment/keystone/state.go index 17c9fb18bd1..db84bb2d9a5 100644 --- a/deployment/keystone/state.go +++ b/deployment/keystone/state.go @@ -32,6 +32,22 @@ type ContractSet struct { CapabilitiesRegistry *capabilities_registry.CapabilitiesRegistry } +func (cs ContractSet) OwnershipAcceptors() []commonchangeset.OwnershipAcceptor { + return []commonchangeset.OwnershipAcceptor{ + cs.OCR3, + cs.Forwarder, + cs.CapabilitiesRegistry, + } +} + +func (cs ContractSet) OwnershipTransferrers() []commonchangeset.OwnershipTransferrer { + return []commonchangeset.OwnershipTransferrer{ + cs.OCR3, + cs.Forwarder, + cs.CapabilitiesRegistry, + } +} + func (cs ContractSet) View() (view.KeystoneChainView, error) { out := view.NewKeystoneChainView() if cs.CapabilitiesRegistry != nil { From f92674636e925735cbd47a64a65cb0db9d97b265 Mon Sep 17 00:00:00 2001 From: krehermann <16602512+krehermann@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:39:04 -0500 Subject: [PATCH 3/5] migrate deployment test to setup test env --- .../common/changeset/mcms_test_helpers.go | 15 +- deployment/common/changeset/test_helpers.go | 4 +- deployment/environment/memory/node.go | 7 - .../keystone/changeset/deploy_ocr3_test.go | 10 +- deployment/keystone/changeset/helpers_test.go | 141 ++++++++----- deployment/keystone/deploy_test.go | 186 +----------------- 6 files changed, 101 insertions(+), 262 deletions(-) diff --git a/deployment/common/changeset/mcms_test_helpers.go b/deployment/common/changeset/mcms_test_helpers.go index 4ed771e60f2..3951149815c 100644 --- a/deployment/common/changeset/mcms_test_helpers.go +++ b/deployment/common/changeset/mcms_test_helpers.go @@ -64,12 +64,8 @@ func SignProposal(t *testing.T, env deployment.Environment, proposal *timelock.M return executor } -type ExecuteProposalCfg struct { - Decoder func(err error) error -} - func ExecuteProposal(t *testing.T, env deployment.Environment, executor *mcms.Executor, - timelock *owner_helpers.RBACTimelock, sel uint64) error { + timelock *owner_helpers.RBACTimelock, sel uint64) { t.Log("Executing proposal on chain", sel) // Set the root. tx, err2 := executor.SetRootOnChain(env.Chains[sel].Client, env.Chains[sel].DeployerKey, mcms.ChainIdentifier(sel)) @@ -110,15 +106,10 @@ func ExecuteProposal(t *testing.T, env deployment.Environment, executor *mcms.Ex } tx, err := timelock.ExecuteBatch( env.Chains[sel].DeployerKey, calls, pred, salt) - if err != nil { - return err - } + require.NoError(t, err) _, err = env.Chains[sel].Confirm(tx) - if err != nil { - return err - } + require.NoError(t, err) } } } - return nil } diff --git a/deployment/common/changeset/test_helpers.go b/deployment/common/changeset/test_helpers.go index 8f988896e96..913b4544f30 100644 --- a/deployment/common/changeset/test_helpers.go +++ b/deployment/common/changeset/test_helpers.go @@ -79,9 +79,7 @@ func ApplyChangesets(t *testing.T, e deployment.Environment, timelocksPerChain m if !ok || timelock == nil { return deployment.Environment{}, fmt.Errorf("timelock not found for chain %d", sel) } - if err := ExecuteProposal(t, e, signed, timelock, sel); err != nil { - return deployment.Environment{}, fmt.Errorf("failed to execute proposal: %w", err) - } + ExecuteProposal(t, e, signed, timelock, sel) } } } diff --git a/deployment/environment/memory/node.go b/deployment/environment/memory/node.go index 89b9c0a2d0e..fd08d3cf17b 100644 --- a/deployment/environment/memory/node.go +++ b/deployment/environment/memory/node.go @@ -68,9 +68,6 @@ func (n Node) ReplayLogs(chains map[uint64]uint64) error { // - Configured for OCR // - Configured for the chains specified // - Transmitter keys funded. -// TODO: support functional options for more `func (c *chainlink.Config, s *chainlink.Secrets)` as -// overrides for the default config. Allows for flexibility. Immediate use case is to set -// workflow forwarder evm config; can refactor registry config to be a functional option. func NewNode( t *testing.T, port int, // Port for the P2P V2 listener. @@ -78,7 +75,6 @@ func NewNode( logLevel zapcore.Level, bootstrap bool, registryConfig deployment.CapabilityRegistryConfig, - customSetup ...func(c *chainlink.Config, s *chainlink.Secrets), ) *Node { evmchains := make(map[uint64]EVMChain) for _, chain := range chains { @@ -129,9 +125,6 @@ func NewNode( chainConfigs = append(chainConfigs, createConfigV2Chain(chainID)) } c.EVM = chainConfigs - for _, setup := range customSetup { - setup(c, s) - } }) // Set logging. diff --git a/deployment/keystone/changeset/deploy_ocr3_test.go b/deployment/keystone/changeset/deploy_ocr3_test.go index b178e63ab6e..3ca1e646566 100644 --- a/deployment/keystone/changeset/deploy_ocr3_test.go +++ b/deployment/keystone/changeset/deploy_ocr3_test.go @@ -17,7 +17,6 @@ import ( "github.com/smartcontractkit/chainlink/deployment/environment/memory" kslib "github.com/smartcontractkit/chainlink/deployment/keystone" "github.com/smartcontractkit/chainlink/deployment/keystone/changeset" - "github.com/smartcontractkit/chainlink/v2/core/gethwrappers/keystone/generated/ocr3_capability" ) func TestDeployOCR3(t *testing.T) { @@ -60,7 +59,7 @@ func TestConfigureOCR3(t *testing.T) { t.Run("no mcms", func(t *testing.T) { - te := Setup(t, TestConfig{ + te := SetupTestEnv(t, TestConfig{ WFDonConfig: DonConfig{N: 4}, AssetDonConfig: DonConfig{N: 4}, WriterDonConfig: DonConfig{N: 4}, @@ -92,7 +91,7 @@ func TestConfigureOCR3(t *testing.T) { }) t.Run("mcms", func(t *testing.T) { - te := Setup(t, TestConfig{ + te := SetupTestEnv(t, TestConfig{ WFDonConfig: DonConfig{N: 4}, AssetDonConfig: DonConfig{N: 4}, WriterDonConfig: DonConfig{N: 4}, @@ -141,11 +140,6 @@ func TestConfigureOCR3(t *testing.T) { Config: cfg, }, }) - if err != nil { - t.Logf("failed to apply changeset: %v", err) - require.NoError(t, kslib.DecodeErr(ocr3_capability.OCR3CapabilityABI, err)) - } - require.NoError(t, err) }) diff --git a/deployment/keystone/changeset/helpers_test.go b/deployment/keystone/changeset/helpers_test.go index 5739ea98f25..c236c29feb9 100644 --- a/deployment/keystone/changeset/helpers_test.go +++ b/deployment/keystone/changeset/helpers_test.go @@ -1,10 +1,14 @@ package changeset_test import ( + "bytes" "context" + "crypto/sha256" + "encoding/hex" "errors" "fmt" "math/big" + "sort" "math" "testing" @@ -27,9 +31,31 @@ import ( "golang.org/x/exp/maps" ) +func TestSetupTestEnv(t *testing.T) { + t.Parallel() + ctx := tests.Context(t) + for _, useMCMS := range []bool{true, false} { + te := SetupTestEnv(t, TestConfig{ + WFDonConfig: DonConfig{N: 4}, + AssetDonConfig: DonConfig{N: 4}, + WriterDonConfig: DonConfig{N: 4}, + NumChains: 3, + EnableMCMS: useMCMS, + }) + t.Run(fmt.Sprintf("set up test env using MCMS: %T", useMCMS), func(t *testing.T) { + require.NotNil(t, te.Env.ExistingAddresses) + require.Len(t, te.Env.Chains, 3) + require.NotEmpty(t, te.RegistrySelector) + require.NotNil(t, te.Env.Offchain) + r, err := te.Env.Offchain.ListNodes(ctx, &node.ListNodesRequest{}) + require.NoError(t, err) + require.Len(t, r.Nodes, 12) + }) + } +} + type DonConfig struct { N int - // TODO: add override functions } func (c DonConfig) Validate() error { @@ -39,7 +65,7 @@ func (c DonConfig) Validate() error { return nil } -// TODO: seperate the config into different types; wf should expand to types of ocr keybundles; writer to target chains; ... +// TODO: separate the config into different types; wf should expand to types of ocr keybundles; writer to target chains; ... type WFDonConfig = DonConfig type AssetDonConfig = DonConfig type WriterDonConfig = DonConfig @@ -78,7 +104,8 @@ type TestEnv struct { AssetNodes map[string]memory.Node } -func Setup(t *testing.T, c TestConfig) TestEnv { +// SetupTestEnv sets up a keystone test environment with the given configuration +func SetupTestEnv(t *testing.T, c TestConfig) TestEnv { require.NoError(t, c.Validate()) lggr := logger.Test(t) ctx := tests.Context(t) @@ -205,33 +232,24 @@ func Setup(t *testing.T, c TestConfig) TestEnv { require.NoError(t, err) require.Len(t, contractSetsResp.ContractSets, len(env.Chains)) // check the registry - regChainContracts, ok := contractSetsResp.ContractSets[registryChainSel] - require.True(t, ok) - gotRegistry := regChainContracts.CapabilitiesRegistry + gotRegistry := contractSetsResp.ContractSets[registryChainSel].CapabilitiesRegistry require.NotNil(t, gotRegistry) // validate the registry // check the nodes gotNodes, err := gotRegistry.GetNodes(nil) require.NoError(t, err) require.Len(t, gotNodes, len(allNodes)) - gotWfNodes, err := gotRegistry.GetNodesByP2PIds(nil, p2pIDs(t, maps.Keys(wfNodes))) - require.NoError(t, err) - require.Len(t, gotWfNodes, len(wfNodes)) - gotCwNodes, err := gotRegistry.GetNodesByP2PIds(nil, p2pIDs(t, maps.Keys(cwNodes))) - require.NoError(t, err) - require.Len(t, gotCwNodes, len(cwNodes)) - gotAssetNodes, err := gotRegistry.GetNodesByP2PIds(nil, p2pIDs(t, maps.Keys(assetNodes))) - require.NoError(t, err) - require.Len(t, gotAssetNodes, len(assetNodes)) + validateNodes(t, gotRegistry, wfNodes, expectedHashedCapabilities(t, gotRegistry, wfDon)) + validateNodes(t, gotRegistry, cwNodes, expectedHashedCapabilities(t, gotRegistry, cwDon)) + validateNodes(t, gotRegistry, assetNodes, expectedHashedCapabilities(t, gotRegistry, assetDon)) // check the dons - gotDons, err := gotRegistry.GetDONs(nil) - require.NoError(t, err) - require.Len(t, gotDons, len(allDons)) - // todo: add validation of the expected capabilities + validateDon(t, gotRegistry, wfNodes, wfDon) + validateDon(t, gotRegistry, cwNodes, cwDon) + validateDon(t, gotRegistry, assetNodes, assetDon) if c.EnableMCMS { - // TODO: mcms on all the chains + // TODO: mcms on all the chains, currently only on the registry chain. need to fix this for forwarders t.Logf("Enabling MCMS registry chain %d", registryChainSel) // deploy, configure and xfer ownership of MCMS env, err = commonchangeset.ApplyChangesets(t, env, nil, []commonchangeset.ChangesetApplication{ @@ -284,13 +302,8 @@ func Setup(t *testing.T, c TestConfig) TestEnv { contractSetsResp, err = keystone.GetContractSets(lggr, req) require.NoError(t, err) require.Len(t, contractSetsResp.ContractSets, len(env.Chains)) - // check the registry - regChainContracts, ok = contractSetsResp.ContractSets[registryChainSel] - require.True(t, ok) - gotRegistry = regChainContracts.CapabilitiesRegistry - require.NotNil(t, gotRegistry) - // check the MCMS - gotMCMS := regChainContracts.MCMSWithTimelockState + // check the mcms contract on registry chain + gotMCMS := contractSetsResp.ContractSets[registryChainSel].MCMSWithTimelockState require.NoError(t, gotMCMS.Validate()) } return TestEnv{ @@ -340,29 +353,42 @@ func validateInitialChainState(t *testing.T, env deployment.Environment, registr } } -func TestSetup(t *testing.T) { - t.Parallel() - ctx := tests.Context(t) - for _, useMCMS := range []bool{true, false} { - te := Setup(t, TestConfig{ - WFDonConfig: DonConfig{N: 4}, - AssetDonConfig: DonConfig{N: 4}, - WriterDonConfig: DonConfig{N: 4}, - NumChains: 3, - EnableMCMS: useMCMS, - }) - t.Run(fmt.Sprintf("use MCMS %T", useMCMS), func(t *testing.T) { - require.NotNil(t, te.Env.ExistingAddresses) - require.Len(t, te.Env.Chains, 3) - require.NotEmpty(t, te.RegistrySelector) - require.NotNil(t, te.Env.Offchain) - r, err := te.Env.Offchain.ListNodes(ctx, &node.ListNodesRequest{}) - require.NoError(t, err) - require.Len(t, r.Nodes, 12) - }) +// validateNodes checks that the nodes exist and have the expected capabilities +func validateNodes(t *testing.T, gotRegistry *kcr.CapabilitiesRegistry, nodes map[string]memory.Node, expectedHashedCaps [][32]byte) { + gotNodes, err := gotRegistry.GetNodesByP2PIds(nil, p2pIDs(t, maps.Keys(nodes))) + require.NoError(t, err) + require.Len(t, gotNodes, len(nodes)) + for _, n := range gotNodes { + require.Equal(t, expectedHashedCaps, n.HashedCapabilityIds) } } +// validateDon checks that the don exists and has the expected capabilities +func validateDon(t *testing.T, gotRegistry *kcr.CapabilitiesRegistry, nodes map[string]memory.Node, don kslib.DonCapabilities) { + gotDons, err := gotRegistry.GetDONs(nil) + require.NoError(t, err) + wantP2PID := sortedHash(p2pIDs(t, maps.Keys(nodes))) + found := false + for _, have := range gotDons { + gotP2PID := sortedHash(have.NodeP2PIds) + if gotP2PID == wantP2PID { + found = true + gotCapIDs := capIDs(t, have.CapabilityConfigurations) + require.Equal(t, expectedHashedCapabilities(t, gotRegistry, don), gotCapIDs) + break + } + } + require.True(t, found, "don not found in registry") +} + +func capIDs(t *testing.T, cfgs []kcr.CapabilitiesRegistryCapabilityConfiguration) [][32]byte { + var out [][32]byte + for _, cfg := range cfgs { + out = append(out, cfg.CapabilityId) + } + return out +} + func ptr[T any](t T) *T { return &t } @@ -376,3 +402,24 @@ func p2pIDs(t *testing.T, vals []string) [][32]byte { } return out } + +func expectedHashedCapabilities(t *testing.T, registry *kcr.CapabilitiesRegistry, don kslib.DonCapabilities) [][32]byte { + out := make([][32]byte, len(don.Capabilities)) + var err error + for i, cap := range don.Capabilities { + out[i], err = registry.GetHashedCapabilityId(nil, cap.LabelledName, cap.Version) + require.NoError(t, err) + } + return out +} + +func sortedHash(p2pids [][32]byte) string { + sha256Hash := sha256.New() + sort.Slice(p2pids, func(i, j int) bool { + return bytes.Compare(p2pids[i][:], p2pids[j][:]) < 0 + }) + for _, id := range p2pids { + sha256Hash.Write(id[:]) + } + return hex.EncodeToString(sha256Hash.Sum(nil)) +} diff --git a/deployment/keystone/deploy_test.go b/deployment/keystone/deploy_test.go index b02497c22fa..fd59f3007fd 100644 --- a/deployment/keystone/deploy_test.go +++ b/deployment/keystone/deploy_test.go @@ -1,7 +1,6 @@ package keystone_test import ( - "context" "encoding/json" "fmt" "os" @@ -22,192 +21,9 @@ import ( kcr "github.com/smartcontractkit/chainlink/v2/core/gethwrappers/keystone/generated/capabilities_registry" "github.com/stretchr/testify/assert" - "github.com/test-go/testify/require" - "go.uber.org/zap/zapcore" - "golang.org/x/exp/maps" + "github.com/stretchr/testify/require" ) -func TestDeploy(t *testing.T) { - lggr := logger.Test(t) - ctx := tests.Context(t) - - // sepolia; all nodes are on the this chain - sepoliaChainId := uint64(11155111) - sepoliaArbitrumChainId := uint64(421614) - - sepoliaChainSel, err := chainsel.SelectorFromChainId(sepoliaChainId) - require.NoError(t, err) - // sepoliaArbitrumChainSel, err := chainsel.SelectorFromChainId(sepoliaArbitrumChainId) - // require.NoError(t, err) - // aptos-testnet - aptosChainSel := chainsel.AptosChainIdToChainSelector()[2] - - crConfig := deployment.CapabilityRegistryConfig{ - EVMChainID: sepoliaChainId, - Contract: [20]byte{}, - } - - evmChains := memory.NewMemoryChainsWithChainIDs(t, []uint64{sepoliaChainId, sepoliaArbitrumChainId}) - aptosChain := memory.NewMemoryChain(t, aptosChainSel) - - wfChains := map[uint64]deployment.Chain{} - wfChains[sepoliaChainSel] = evmChains[sepoliaChainSel] - wfChains[aptosChainSel] = aptosChain - wfNodes := memory.NewNodes(t, zapcore.InfoLevel, wfChains, 4, 0, crConfig) - require.Len(t, wfNodes, 4) - - cwNodes := memory.NewNodes(t, zapcore.InfoLevel, evmChains, 4, 0, crConfig) - - assetChains := map[uint64]deployment.Chain{} - assetChains[sepoliaChainSel] = evmChains[sepoliaChainSel] - assetNodes := memory.NewNodes(t, zapcore.InfoLevel, assetChains, 4, 0, crConfig) - require.Len(t, assetNodes, 4) - - // TODO: partition nodes into multiple nops - - wfDon := keystone.DonCapabilities{ - Name: keystone.WFDonName, - Nops: []keystone.NOP{ - { - Name: "nop 1", - Nodes: maps.Keys(wfNodes), - }, - }, - Capabilities: []kcr.CapabilitiesRegistryCapability{keystone.OCR3Cap}, - } - cwDon := keystone.DonCapabilities{ - Name: keystone.TargetDonName, - Nops: []keystone.NOP{ - { - Name: "nop 2", - Nodes: maps.Keys(cwNodes), - }, - }, - Capabilities: []kcr.CapabilitiesRegistryCapability{keystone.WriteChainCap}, - } - assetDon := keystone.DonCapabilities{ - Name: keystone.StreamDonName, - Nops: []keystone.NOP{ - { - Name: "nop 3", - Nodes: maps.Keys(assetNodes), - }, - }, - Capabilities: []kcr.CapabilitiesRegistryCapability{keystone.StreamTriggerCap}, - } - - allChains := make(map[uint64]deployment.Chain) - maps.Copy(allChains, evmChains) - // allChains[aptosChainSel] = aptosChain - - allNodes := make(map[string]memory.Node) - maps.Copy(allNodes, wfNodes) - maps.Copy(allNodes, cwNodes) - maps.Copy(allNodes, assetNodes) - env := memory.NewMemoryEnvironmentFromChainsNodes(func() context.Context { return ctx }, lggr, allChains, allNodes) - - var ocr3Config = keystone.OracleConfigWithSecrets{ - OracleConfig: keystone.OracleConfig{ - MaxFaultyOracles: len(wfNodes) / 3, - }, - OCRSecrets: deployment.XXXGenerateTestOCRSecrets(), - } - - // explicitly deploy the contracts - cs, err := keystone.DeployContracts(&env, sepoliaChainSel) - require.NoError(t, err) - env.ExistingAddresses = cs.AddressBook - deployReq := keystone.ConfigureContractsRequest{ - RegistryChainSel: sepoliaChainSel, - Env: &env, - OCR3Config: &ocr3Config, - Dons: []keystone.DonCapabilities{wfDon, cwDon, assetDon}, - DoContractDeploy: false, - } - deployResp, err := keystone.ConfigureContracts(ctx, lggr, deployReq) - require.NoError(t, err) - ad := deployResp.Changeset.AddressBook - addrs, err := ad.Addresses() - require.NoError(t, err) - lggr.Infow("Deployed Keystone contracts", "address book", addrs) - - // all contracts on home chain - homeChainAddrs, err := ad.AddressesForChain(sepoliaChainSel) - require.NoError(t, err) - require.Len(t, homeChainAddrs, 3) - // only forwarder on non-home chain - for sel := range env.Chains { - chainAddrs, err := ad.AddressesForChain(sel) - require.NoError(t, err) - if sel != sepoliaChainSel { - require.Len(t, chainAddrs, 1) - } else { - require.Len(t, chainAddrs, 3) - } - containsForwarder := false - for _, tv := range chainAddrs { - if tv.Type == keystone.KeystoneForwarder { - containsForwarder = true - break - } - } - require.True(t, containsForwarder, "no forwarder found in %v on chain %d for target don", chainAddrs, sel) - } - req := &keystone.GetContractSetsRequest{ - Chains: env.Chains, - AddressBook: ad, - } - - contractSetsResp, err := keystone.GetContractSets(lggr, req) - require.NoError(t, err) - require.Len(t, contractSetsResp.ContractSets, len(env.Chains)) - // check the registry - regChainContracts, ok := contractSetsResp.ContractSets[sepoliaChainSel] - require.True(t, ok) - gotRegistry := regChainContracts.CapabilitiesRegistry - require.NotNil(t, gotRegistry) - // contract reads - gotDons, err := gotRegistry.GetDONs(&bind.CallOpts{}) - if err != nil { - err = keystone.DecodeErr(kcr.CapabilitiesRegistryABI, err) - require.Fail(t, fmt.Sprintf("failed to get Dons from registry at %s: %s", gotRegistry.Address().String(), err)) - } - require.NoError(t, err) - assert.Len(t, gotDons, len(deployReq.Dons)) - - for n, info := range deployResp.DonInfos { - found := false - for _, gdon := range gotDons { - if gdon.Id == info.Id { - found = true - assert.EqualValues(t, info, gdon) - break - } - } - require.True(t, found, "don %s not found in registry", n) - } - // check the forwarder - for _, cs := range contractSetsResp.ContractSets { - forwarder := cs.Forwarder - require.NotNil(t, forwarder) - // any read to ensure that the contract is deployed correctly - _, err := forwarder.Owner(&bind.CallOpts{}) - require.NoError(t, err) - // TODO expand this test; there is no get method on the forwarder so unclear how to test it - } - // check the ocr3 contract - for chainSel, cs := range contractSetsResp.ContractSets { - if chainSel != sepoliaChainSel { - require.Nil(t, cs.OCR3) - continue - } - require.NotNil(t, cs.OCR3) - // any read to ensure that the contract is deployed correctly - _, err := cs.OCR3.LatestConfigDetails(&bind.CallOpts{}) - require.NoError(t, err) - } -} - // TODO: Deprecated, remove everything below that leverages CLO func nodeOperatorsToIDs(t *testing.T, nops []*models.NodeOperator) (nodeIDs []keystone.NOP) { From 201923ee4cda3ad36efeda4c00f4fefb333a2a14 Mon Sep 17 00:00:00 2001 From: krehermann <16602512+krehermann@users.noreply.github.com> Date: Wed, 4 Dec 2024 21:01:38 -0500 Subject: [PATCH 4/5] fix test --- .../changeset/deploy_forwarder_test.go | 33 ------------------- 1 file changed, 33 deletions(-) diff --git a/deployment/keystone/changeset/deploy_forwarder_test.go b/deployment/keystone/changeset/deploy_forwarder_test.go index 8d73134fc1d..b6d8ec8f753 100644 --- a/deployment/keystone/changeset/deploy_forwarder_test.go +++ b/deployment/keystone/changeset/deploy_forwarder_test.go @@ -10,7 +10,6 @@ import ( "github.com/smartcontractkit/chainlink-common/pkg/logger" "github.com/smartcontractkit/chainlink/deployment" "github.com/smartcontractkit/chainlink/deployment/environment/memory" - kslb "github.com/smartcontractkit/chainlink/deployment/keystone" "github.com/smartcontractkit/chainlink/deployment/keystone/changeset" ) @@ -24,43 +23,11 @@ func TestDeployForwarder(t *testing.T) { } env := memory.NewMemoryEnvironment(t, lggr, zapcore.DebugLevel, cfg) - var ( - ocrTV = deployment.NewTypeAndVersion(kslb.OCR3Capability, deployment.Version1_0_0) - crTV = deployment.NewTypeAndVersion(kslb.CapabilitiesRegistry, deployment.Version1_0_0) - ) - registrySel := env.AllChainSelectors()[0] - t.Run("err if no capabilities registry on registry chain", func(t *testing.T) { - m := make(map[uint64]map[string]deployment.TypeAndVersion) - m[registrySel] = map[string]deployment.TypeAndVersion{ - "0x0000000000000000000000000000000000000002": ocrTV, - } - env.ExistingAddresses = deployment.NewMemoryAddressBookFromMap(m) - // capabilities registry and ocr3 must be deployed on registry chain - _, err := changeset.DeployForwarder(env, registrySel) - require.Error(t, err) - }) - - t.Run("err if no ocr3 on registry chain", func(t *testing.T) { - m := make(map[uint64]map[string]deployment.TypeAndVersion) - m[registrySel] = map[string]deployment.TypeAndVersion{ - "0x0000000000000000000000000000000000000001": crTV, - } - env.ExistingAddresses = deployment.NewMemoryAddressBookFromMap(m) - // capabilities registry and ocr3 must be deployed on registry chain - _, err := changeset.DeployForwarder(env, registrySel) - require.Error(t, err) - }) t.Run("should deploy forwarder", func(t *testing.T) { ab := deployment.NewMemoryAddressBook() - // fake capabilities registry - err := ab.Save(registrySel, "0x0000000000000000000000000000000000000001", crTV) - require.NoError(t, err) - // fake ocr3 - err = ab.Save(registrySel, "0x0000000000000000000000000000000000000002", ocrTV) - require.NoError(t, err) // deploy forwarder env.ExistingAddresses = ab resp, err := changeset.DeployForwarder(env, registrySel) From 524f8d6df76a8b7f9993eb23f947086123f183e5 Mon Sep 17 00:00:00 2001 From: krehermann <16602512+krehermann@users.noreply.github.com> Date: Thu, 5 Dec 2024 12:53:32 -0500 Subject: [PATCH 5/5] refactor forwarder configuration changeset for mcms --- .../keystone/changeset/deploy_forwarder.go | 42 +++++- .../changeset/deploy_forwarder_test.go | 90 +++++++++++ deployment/keystone/changeset/helpers_test.go | 74 ++++----- deployment/keystone/deploy.go | 140 +++++++++--------- deployment/keystone/deploy_test.go | 5 +- deployment/keystone/forwarder_deployer.go | 41 +++++ deployment/keystone/types.go | 46 +++++- 7 files changed, 326 insertions(+), 112 deletions(-) diff --git a/deployment/keystone/changeset/deploy_forwarder.go b/deployment/keystone/changeset/deploy_forwarder.go index 5207d99aacd..cf116decd54 100644 --- a/deployment/keystone/changeset/deploy_forwarder.go +++ b/deployment/keystone/changeset/deploy_forwarder.go @@ -11,7 +11,8 @@ var _ deployment.ChangeSet[uint64] = DeployForwarder // DeployForwarder deploys the KeystoneForwarder contract to all chains in the environment // callers must merge the output addressbook with the existing one -func DeployForwarder(env deployment.Environment, registryChainSel uint64) (deployment.ChangesetOutput, error) { +// TODO: add selectors to deploy only to specific chains +func DeployForwarder(env deployment.Environment, _ uint64) (deployment.ChangesetOutput, error) { lggr := env.Logger ab := deployment.NewMemoryAddressBook() for _, chain := range env.Chains { @@ -25,3 +26,42 @@ func DeployForwarder(env deployment.Environment, registryChainSel uint64) (deplo return deployment.ChangesetOutput{AddressBook: ab}, nil } + +var _ deployment.ChangeSet[ConfigureForwardContractsRequest] = ConfigureForwardContracts + +type ConfigureForwardContractsRequest struct { + WFDonName string + // workflow don node ids in the offchain client. Used to fetch and derive the signer keys + WFNodeIDs []string + RegistryChainSel uint64 + + UseMCMS bool +} + +func (r ConfigureForwardContractsRequest) Validate() error { + if len(r.WFNodeIDs) == 0 { + return fmt.Errorf("WFNodeIDs must not be empty") + } + return nil +} + +func ConfigureForwardContracts(env deployment.Environment, req ConfigureForwardContractsRequest) (deployment.ChangesetOutput, error) { + wfDon, err := kslib.NewRegisteredDon(env, kslib.RegisteredDonConfig{ + NodeIDs: req.WFNodeIDs, + Name: req.WFDonName, + RegistryChainSel: req.RegistryChainSel, + }) + if err != nil { + return deployment.ChangesetOutput{}, fmt.Errorf("failed to create registered don: %w", err) + } + r, err := kslib.ConfigureForwardContracts(&env, kslib.ConfigureForwarderContractsRequest{ + Dons: []kslib.RegisteredDon{*wfDon}, + UseMCMS: req.UseMCMS, + }) + if err != nil { + return deployment.ChangesetOutput{}, fmt.Errorf("failed to configure forward contracts: %w", err) + } + return deployment.ChangesetOutput{ + Proposals: r.Proposals, + }, nil +} diff --git a/deployment/keystone/changeset/deploy_forwarder_test.go b/deployment/keystone/changeset/deploy_forwarder_test.go index b6d8ec8f753..32a53f1cf08 100644 --- a/deployment/keystone/changeset/deploy_forwarder_test.go +++ b/deployment/keystone/changeset/deploy_forwarder_test.go @@ -1,14 +1,17 @@ package changeset_test import ( + "fmt" "testing" "go.uber.org/zap/zapcore" "github.com/stretchr/testify/require" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/gethwrappers" "github.com/smartcontractkit/chainlink-common/pkg/logger" "github.com/smartcontractkit/chainlink/deployment" + commonchangeset "github.com/smartcontractkit/chainlink/deployment/common/changeset" "github.com/smartcontractkit/chainlink/deployment/environment/memory" "github.com/smartcontractkit/chainlink/deployment/keystone/changeset" ) @@ -45,3 +48,90 @@ func TestDeployForwarder(t *testing.T) { require.Len(t, oaddrs, 1) }) } + +func TestConfigureForwarders(t *testing.T) { + t.Parallel() + + t.Run("no mcms ", func(t *testing.T) { + for _, nChains := range []int{1, 3} { + name := fmt.Sprintf("nChains=%d", nChains) + t.Run(name, func(t *testing.T) { + te := SetupTestEnv(t, TestConfig{ + WFDonConfig: DonConfig{N: 4}, + AssetDonConfig: DonConfig{N: 4}, + WriterDonConfig: DonConfig{N: 4}, + NumChains: nChains, + }) + + var wfNodes []string + for id, _ := range te.WFNodes { + wfNodes = append(wfNodes, id) + } + + cfg := changeset.ConfigureForwardContractsRequest{ + WFDonName: "test-wf-don", + WFNodeIDs: wfNodes, + RegistryChainSel: te.RegistrySelector, + } + csOut, err := changeset.ConfigureForwardContracts(te.Env, cfg) + require.NoError(t, err) + require.Nil(t, csOut.AddressBook) + require.Len(t, csOut.Proposals, 0) + // check that forwarder + // TODO set up a listener to check that the forwarder is configured + contractSet := te.ContractSets() + for selector := range te.Env.Chains { + cs, ok := contractSet[selector] + require.True(t, ok) + require.NotNil(t, cs.Forwarder) + } + }) + } + }) + + t.Run("with mcms", func(t *testing.T) { + for _, nChains := range []int{1, 3} { + name := fmt.Sprintf("nChains=%d", nChains) + t.Run(name, func(t *testing.T) { + te := SetupTestEnv(t, TestConfig{ + WFDonConfig: DonConfig{N: 4}, + AssetDonConfig: DonConfig{N: 4}, + WriterDonConfig: DonConfig{N: 4}, + NumChains: nChains, + UseMCMS: true, + }) + + var wfNodes []string + for id, _ := range te.WFNodes { + wfNodes = append(wfNodes, id) + } + + cfg := changeset.ConfigureForwardContractsRequest{ + WFDonName: "test-wf-don", + WFNodeIDs: wfNodes, + RegistryChainSel: te.RegistrySelector, + UseMCMS: true, + } + csOut, err := changeset.ConfigureForwardContracts(te.Env, cfg) + require.NoError(t, err) + require.Len(t, csOut.Proposals, nChains) + require.Nil(t, csOut.AddressBook) + + timelocks := make(map[uint64]*gethwrappers.RBACTimelock) + for selector, contractSet := range te.ContractSets() { + require.NotNil(t, contractSet.Timelock) + timelocks[selector] = contractSet.Timelock + } + _, err = commonchangeset.ApplyChangesets(t, te.Env, timelocks, []commonchangeset.ChangesetApplication{ + { + Changeset: commonchangeset.WrapChangeSet(changeset.ConfigureForwardContracts), + Config: cfg, + }, + }) + require.NoError(t, err) + + }) + } + }) + +} diff --git a/deployment/keystone/changeset/helpers_test.go b/deployment/keystone/changeset/helpers_test.go index 85e69507009..d4435d8f7a6 100644 --- a/deployment/keystone/changeset/helpers_test.go +++ b/deployment/keystone/changeset/helpers_test.go @@ -96,6 +96,7 @@ func (c TestConfig) Validate() error { } type TestEnv struct { + t *testing.T Env deployment.Environment RegistrySelector uint64 @@ -104,6 +105,15 @@ type TestEnv struct { AssetNodes map[string]memory.Node } +func (te TestEnv) ContractSets() map[uint64]kslib.ContractSet { + r, err := kslib.GetContractSets(te.Env.Logger, &kslib.GetContractSetsRequest{ + Chains: te.Env.Chains, + AddressBook: te.Env.ExistingAddresses, + }) + require.NoError(te.t, err) + return r.ContractSets +} + // SetupTestEnv sets up a keystone test environment with the given configuration func SetupTestEnv(t *testing.T, c TestConfig) TestEnv { require.NoError(t, c.Validate()) @@ -250,57 +260,51 @@ func SetupTestEnv(t *testing.T, c TestConfig) TestEnv { if c.UseMCMS { // TODO: mcms on all the chains, currently only on the registry chain. need to fix this for forwarders - t.Logf("Enabling MCMS registry chain %d", registryChainSel) // deploy, configure and xfer ownership of MCMS + timelockCfgs := make(map[uint64]commontypes.MCMSWithTimelockConfig) + for sel := range env.Chains { + t.Logf("Enabling MCMS on chain %d", sel) + timelockCfgs[sel] = commontypes.MCMSWithTimelockConfig{ + Canceller: commonchangeset.SingleGroupMCMS(t), + Bypasser: commonchangeset.SingleGroupMCMS(t), + Proposer: commonchangeset.SingleGroupMCMS(t), + TimelockExecutors: env.AllDeployerKeys(), + TimelockMinDelay: big.NewInt(0), + } + } env, err = commonchangeset.ApplyChangesets(t, env, nil, []commonchangeset.ChangesetApplication{ { Changeset: commonchangeset.WrapChangeSet(commonchangeset.DeployMCMSWithTimelock), - Config: map[uint64]commontypes.MCMSWithTimelockConfig{ - registryChainSel: { - Canceller: commonchangeset.SingleGroupMCMS(t), - Bypasser: commonchangeset.SingleGroupMCMS(t), - Proposer: commonchangeset.SingleGroupMCMS(t), - TimelockExecutors: env.AllDeployerKeys(), - TimelockMinDelay: big.NewInt(0), - }, - }, + Config: timelockCfgs, }, }) require.NoError(t, err) // extract the MCMS address r, err := kslib.GetContractSets(lggr, &kslib.GetContractSetsRequest{ - Chains: map[uint64]deployment.Chain{ - registryChainSel: env.Chains[registryChainSel], - }, + Chains: env.Chains, AddressBook: env.ExistingAddresses, }) require.NoError(t, err) - mcms := r.ContractSets[registryChainSel].MCMSWithTimelockState - require.NotNil(t, mcms) - // transfer ownership of all contracts to the MCMS - env, err = commonchangeset.ApplyChangesets(t, env, map[uint64]*gethwrappers.RBACTimelock{registryChainSel: mcms.Timelock}, []commonchangeset.ChangesetApplication{ - { - Changeset: commonchangeset.WrapChangeSet(kschangeset.AcceptAllOwnershipsProposal), - Config: &kschangeset.AcceptAllOwnershipRequest{ - ChainSelector: registryChainSel, - MinDelay: 0, + for sel := range env.Chains { + mcms := r.ContractSets[sel].MCMSWithTimelockState + require.NotNil(t, mcms, "MCMS not found on chain %d", sel) + require.NoError(t, mcms.Validate()) + + // transfer ownership of all contracts to the MCMS + env, err = commonchangeset.ApplyChangesets(t, env, map[uint64]*gethwrappers.RBACTimelock{sel: mcms.Timelock}, []commonchangeset.ChangesetApplication{ + { + Changeset: commonchangeset.WrapChangeSet(kschangeset.AcceptAllOwnershipsProposal), + Config: &kschangeset.AcceptAllOwnershipRequest{ + ChainSelector: sel, + MinDelay: 0, + }, }, - }, - }) - require.NoError(t, err) - // ensure the MCMS is deployed - req = &keystone.GetContractSetsRequest{ - Chains: env.Chains, - AddressBook: env.ExistingAddresses, + }) + require.NoError(t, err) } - contractSetsResp, err = keystone.GetContractSets(lggr, req) - require.NoError(t, err) - require.Len(t, contractSetsResp.ContractSets, len(env.Chains)) - // check the mcms contract on registry chain - gotMCMS := contractSetsResp.ContractSets[registryChainSel].MCMSWithTimelockState - require.NoError(t, gotMCMS.Validate()) } return TestEnv{ + t: t, Env: env, RegistrySelector: registryChainSel, WFNodes: wfNodes, diff --git a/deployment/keystone/deploy.go b/deployment/keystone/deploy.go index 2aa26312eae..c307a5fb1a4 100644 --- a/deployment/keystone/deploy.go +++ b/deployment/keystone/deploy.go @@ -7,17 +7,22 @@ import ( "encoding/hex" "errors" "fmt" + "math/big" "sort" "strconv" "strings" "time" "github.com/ethereum/go-ethereum/accounts/abi/bind" + "github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/rpc" "golang.org/x/exp/maps" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/gethwrappers" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/proposal/mcms" "github.com/smartcontractkit/ccip-owner-contracts/pkg/proposal/timelock" "github.com/smartcontractkit/chainlink/deployment" + "github.com/smartcontractkit/chainlink/deployment/common/proposalutils" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/durationpb" @@ -76,22 +81,7 @@ func ConfigureContracts(ctx context.Context, lggr logger.Logger, req ConfigureCo return nil, fmt.Errorf("invalid request: %w", err) } - addrBook := req.Env.ExistingAddresses - // TODO: KS-rm_deploy_opt remove this option; it's not used - if req.DoContractDeploy { - contractDeployCS, err := DeployContracts(req.Env, req.RegistryChainSel) - if err != nil { - return nil, fmt.Errorf("failed to deploy contracts: %w", err) - } - addrBook = contractDeployCS.AddressBook - } else { - lggr.Debug("skipping contract deployment") - } - if addrBook == nil { - return nil, errors.New("address book is nil") - } - - cfgRegistryResp, err := ConfigureRegistry(ctx, lggr, req, addrBook) + cfgRegistryResp, err := ConfigureRegistry(ctx, lggr, req, req.Env.ExistingAddresses) if err != nil { return nil, fmt.Errorf("failed to configure registry: %w", err) } @@ -106,21 +96,22 @@ func ConfigureContracts(ctx context.Context, lggr logger.Logger, req ConfigureCo if err != nil { return nil, fmt.Errorf("failed to assimilate registry to Dons: %w", err) } - err = ConfigureForwardContracts(req.Env, dons, addrBook) + // ignore response because we are not using mcms here and therefore no proposals are returned + _, err = ConfigureForwardContracts(req.Env, ConfigureForwarderContractsRequest{ + Dons: dons, + }) if err != nil { return nil, fmt.Errorf("failed to configure forwarder contracts: %w", err) } - err = ConfigureOCR3Contract(req.Env, req.RegistryChainSel, dons, addrBook, req.OCR3Config) + err = ConfigureOCR3Contract(req.Env, req.RegistryChainSel, dons, req.OCR3Config) if err != nil { return nil, fmt.Errorf("failed to configure OCR3 contract: %w", err) } return &ConfigureContractsResponse{ - Changeset: &deployment.ChangesetOutput{ - AddressBook: addrBook, - }, - DonInfos: cfgRegistryResp.DonInfos, + Changeset: &deployment.ChangesetOutput{}, // no new addresses, proposals etc + DonInfos: cfgRegistryResp.DonInfos, }, nil } @@ -285,47 +276,14 @@ func ConfigureRegistry(ctx context.Context, lggr logger.Logger, req ConfigureCon lggr.Infow("registered DONs", "dons", len(donsResp.donInfos)) return &ConfigureContractsResponse{ - Changeset: &deployment.ChangesetOutput{ - AddressBook: addrBook, - }, - DonInfos: donsResp.donInfos, + Changeset: &deployment.ChangesetOutput{}, // no new addresses, proposals etc + DonInfos: donsResp.donInfos, }, nil } -// ConfigureForwardContracts configures the forwarder contracts on all chains for the given DONS -// the address book is required to contain the an address of the deployed forwarder contract for every chain in the environment -func ConfigureForwardContracts(env *deployment.Environment, dons []RegisteredDon, addrBook deployment.AddressBook) error { - contractSetsResp, err := GetContractSets(env.Logger, &GetContractSetsRequest{ - Chains: env.Chains, - AddressBook: addrBook, - }) - if err != nil { - return fmt.Errorf("failed to get contract sets: %w", err) - } - - // configure forwarders on all chains - for _, chain := range env.Chains { - // get the forwarder contract for the chain - contracts, ok := contractSetsResp.ContractSets[chain.Selector] - if !ok { - return fmt.Errorf("failed to get contract set for chain %d", chain.Selector) - } - fwrd := contracts.Forwarder - if fwrd == nil { - return fmt.Errorf("no forwarder contract found for chain %d", chain.Selector) - } - - err := configureForwarder(env.Logger, chain, fwrd, dons) - if err != nil { - return fmt.Errorf("failed to configure forwarder for chain selector %d: %w", chain.Selector, err) - } - } - return nil -} - // Depreciated: use changeset.ConfigureOCR3Contract instead // ocr3 contract on the registry chain for the wf dons -func ConfigureOCR3Contract(env *deployment.Environment, chainSel uint64, dons []RegisteredDon, addrBook deployment.AddressBook, cfg *OracleConfigWithSecrets) error { +func ConfigureOCR3Contract(env *deployment.Environment, chainSel uint64, dons []RegisteredDon, cfg *OracleConfigWithSecrets) error { registryChain, ok := env.Chains[chainSel] if !ok { return fmt.Errorf("chain %d not found in environment", chainSel) @@ -333,7 +291,7 @@ func ConfigureOCR3Contract(env *deployment.Environment, chainSel uint64, dons [] contractSetsResp, err := GetContractSets(env.Logger, &GetContractSetsRequest{ Chains: env.Chains, - AddressBook: addrBook, + AddressBook: env.ExistingAddresses, }) if err != nil { return fmt.Errorf("failed to get contract sets: %w", err) @@ -928,27 +886,67 @@ func containsAllDONs(donInfos []kcr.CapabilitiesRegistryDONInfo, p2pIdsToDon map // configureForwarder sets the config for the forwarder contract on the chain for all Dons that accept workflows // dons that don't accept workflows are not registered with the forwarder -func configureForwarder(lggr logger.Logger, chain deployment.Chain, fwdr *kf.KeystoneForwarder, dons []RegisteredDon) error { - if fwdr == nil { - return errors.New("nil forwarder contract") - } +func configureForwarder(lggr logger.Logger, chain deployment.Chain, contractSet ContractSet, dons []RegisteredDon, useMCMS bool) ([]timelock.MCMSWithTimelockProposal, error) { + if contractSet.Forwarder == nil { + return nil, errors.New("nil forwarder contract") + } + var ( + fwdr = contractSet.Forwarder + proposals []timelock.MCMSWithTimelockProposal + ) for _, dn := range dons { if !dn.Info.AcceptsWorkflows { continue } ver := dn.Info.ConfigCount // note config count on the don info is the version on the forwarder - signers := dn.signers(chainsel.FamilyEVM) - tx, err := fwdr.SetConfig(chain.DeployerKey, dn.Info.Id, ver, dn.Info.F, signers) - if err != nil { - err = DecodeErr(kf.KeystoneForwarderABI, err) - return fmt.Errorf("failed to call SetConfig for forwarder %s on chain %d: %w", fwdr.Address().String(), chain.Selector, err) + signers := dn.Signers(chainsel.FamilyEVM) + txOpts := chain.DeployerKey + if useMCMS { + txOpts = deployment.SimTransactOpts() } - _, err = chain.Confirm(tx) + tx, err := fwdr.SetConfig(txOpts, dn.Info.Id, ver, dn.Info.F, signers) if err != nil { err = DecodeErr(kf.KeystoneForwarderABI, err) - return fmt.Errorf("failed to confirm SetConfig for forwarder %s: %w", fwdr.Address().String(), err) + return nil, fmt.Errorf("failed to call SetConfig for forwarder %s on chain %d: %w", fwdr.Address().String(), chain.Selector, err) + } + if !useMCMS { + _, err = chain.Confirm(tx) + if err != nil { + err = DecodeErr(kf.KeystoneForwarderABI, err) + return nil, fmt.Errorf("failed to confirm SetConfig for forwarder %s: %w", fwdr.Address().String(), err) + } + } else { + // create the mcms proposals + ops := timelock.BatchChainOperation{ + ChainIdentifier: mcms.ChainIdentifier(chain.Selector), + Batch: []mcms.Operation{ + { + To: fwdr.Address(), + Data: tx.Data(), + Value: big.NewInt(0), + }, + }, + } + timelocksPerChain := map[uint64]common.Address{ + chain.Selector: contractSet.Timelock.Address(), + } + proposerMCMSes := map[uint64]*gethwrappers.ManyChainMultiSig{ + chain.Selector: contractSet.ProposerMcm, + } + + proposal, err := proposalutils.BuildProposalFromBatches( + timelocksPerChain, + proposerMCMSes, + []timelock.BatchChainOperation{ops}, + "proposal to set forward config", + 0, + ) + if err != nil { + return nil, fmt.Errorf("failed to build proposal: %w", err) + } + proposals = append(proposals, *proposal) } lggr.Debugw("configured forwarder", "forwarder", fwdr.Address().String(), "donId", dn.Info.Id, "version", ver, "f", dn.Info.F, "signers", signers) } - return nil + return proposals, nil } diff --git a/deployment/keystone/deploy_test.go b/deployment/keystone/deploy_test.go index fd59f3007fd..715f8b7aba7 100644 --- a/deployment/keystone/deploy_test.go +++ b/deployment/keystone/deploy_test.go @@ -142,10 +142,7 @@ func TestDeployCLO(t *testing.T) { } deployResp, err := keystone.ConfigureContracts(ctx, lggr, deployReq) require.NoError(t, err) - ad := deployResp.Changeset.AddressBook - addrs, err := ad.Addresses() - require.NoError(t, err) - lggr.Infow("Deployed Keystone contracts", "address book", addrs) + ad := env.ExistingAddresses // all contracts on home chain homeChainAddrs, err := ad.AddressesForChain(registryChainSel) diff --git a/deployment/keystone/forwarder_deployer.go b/deployment/keystone/forwarder_deployer.go index cf29b20c693..d7cfa7991f4 100644 --- a/deployment/keystone/forwarder_deployer.go +++ b/deployment/keystone/forwarder_deployer.go @@ -4,6 +4,7 @@ import ( "fmt" "github.com/ethereum/go-ethereum/accounts/abi/bind" + "github.com/smartcontractkit/ccip-owner-contracts/pkg/proposal/timelock" "github.com/smartcontractkit/chainlink-common/pkg/logger" "github.com/smartcontractkit/chainlink/deployment" @@ -56,3 +57,43 @@ func (c *KeystoneForwarderDeployer) deploy(req DeployRequest) (*DeployResponse, c.contract = forwarder return resp, nil } + +type ConfigureForwarderContractsRequest struct { + Dons []RegisteredDon + + UseMCMS bool +} +type ConfigureForwarderContractsResponse struct { + Proposals []timelock.MCMSWithTimelockProposal +} + +// Depreciated: use [changeset.ConfigureForwarders] instead +// ConfigureForwardContracts configures the forwarder contracts on all chains for the given DONS +// the address book is required to contain the an address of the deployed forwarder contract for every chain in the environment +func ConfigureForwardContracts(env *deployment.Environment, req ConfigureForwarderContractsRequest) (*ConfigureForwarderContractsResponse, error) { + contractSetsResp, err := GetContractSets(env.Logger, &GetContractSetsRequest{ + Chains: env.Chains, + AddressBook: env.ExistingAddresses, + }) + if err != nil { + return nil, fmt.Errorf("failed to get contract sets: %w", err) + } + + var allProposals []timelock.MCMSWithTimelockProposal + // configure forwarders on all chains + for _, chain := range env.Chains { + // get the forwarder contract for the chain + contracts, ok := contractSetsResp.ContractSets[chain.Selector] + if !ok { + return nil, fmt.Errorf("failed to get contract set for chain %d", chain.Selector) + } + proposals, err := configureForwarder(env.Logger, chain, contracts, req.Dons, req.UseMCMS) + if err != nil { + return nil, fmt.Errorf("failed to configure forwarder for chain selector %d: %w", chain.Selector, err) + } + allProposals = append(allProposals, proposals...) + } + return &ConfigureForwarderContractsResponse{ + Proposals: allProposals, + }, nil +} diff --git a/deployment/keystone/types.go b/deployment/keystone/types.go index 4b00e5e4dc0..11c4191ea84 100644 --- a/deployment/keystone/types.go +++ b/deployment/keystone/types.go @@ -229,7 +229,51 @@ type RegisteredDon struct { Nodes []deployment.Node } -func (d RegisteredDon) signers(chainFamily string) []common.Address { +type RegisteredDonConfig struct { + Name string + NodeIDs []string // ids in the offchain client + RegistryChainSel uint64 +} + +func NewRegisteredDon(env deployment.Environment, cfg RegisteredDonConfig) (*RegisteredDon, error) { + // load the don info from the capabilities registry + r, err := GetContractSets(env.Logger, &GetContractSetsRequest{ + Chains: env.Chains, + AddressBook: env.ExistingAddresses, + }) + if err != nil { + return nil, fmt.Errorf("failed to get contract sets: %w", err) + } + capReg := r.ContractSets[cfg.RegistryChainSel].CapabilitiesRegistry + + di, err := capReg.GetDONs(nil) + if err != nil { + return nil, fmt.Errorf("failed to get dons: %w", err) + } + // load the nodes from the offchain client + nodes, err := deployment.NodeInfo(cfg.NodeIDs, env.Offchain) + if err != nil { + return nil, fmt.Errorf("failed to get node info: %w", err) + } + want := sortedHash(nodes.PeerIDs()) + var don *kcr.CapabilitiesRegistryDONInfo + for i, d := range di { + got := sortedHash(d.NodeP2PIds) + if got == want { + don = &di[i] + } + } + if don == nil { + return nil, fmt.Errorf("don not found in registry") + } + return &RegisteredDon{ + Name: cfg.Name, + Info: *don, + Nodes: nodes, + }, nil +} + +func (d RegisteredDon) Signers(chainFamily string) []common.Address { sort.Slice(d.Nodes, func(i, j int) bool { return d.Nodes[i].PeerID.String() < d.Nodes[j].PeerID.String() })