Add ability to filter keys provided by dynamic remote web3signer.

Author: cheatfate

beacon_chain/beacon_node.nim

@@ -8,7 +8,7 @@
 # Everything needed to run a full Beacon Node
 
 import
-  std/osproc,
+  std/[osproc, sets],
 
   # Nimble packages
   chronos, presto, bearssl/rand,
@@ -30,7 +30,7 @@ import
   ./rpc/state_ttl_cache
 
 export
-  osproc, chronos, presto, action_tracker,
+  osproc, sets, chronos, presto, action_tracker,
   beacon_clock, beacon_chain_db, conf, light_client,
   attestation_pool, sync_committee_msg_pool, validator_change_pool,
   eth2_network, el_manager, request_manager, sync_manager,
@@ -78,6 +78,7 @@ type
     keymanagerHost*: ref KeymanagerHost
     keymanagerServer*: RestServerRef
     keystoreCache*: KeystoreCacheRef
+    keysFilter*: HashSet[ValidatorPubKey]
     eventBus*: EventBus
     vcProcess*: Process
     requestManager*: RequestManager

beacon_chain/conf.nim

@@ -187,6 +187,10 @@ type
       name: "web3-signer-update-interval"
       defaultValue: 3600 .}: Natural
 
+    web3SignersKeyFilter* {.
+      desc: "Validator keys which will be used with remote Web3Signer"
+      name: "web3-signer-key" .}: seq[ValidatorPubKey]
+
     secretsDirFlag* {.
       desc: "A directory containing validator keystore passwords"
       name: "secrets-dir" .}: Option[InputDir]
@@ -938,6 +942,10 @@ type
       desc: "Remote Web3Signer URL that will be used as a source of validators"
       name: "web3-signer-url" .}: seq[Uri]
 
+    web3SignersKeyFilter* {.
+      desc: "Validator keys which will be used with remote Web3Signer"
+      name: "web3-signer-key" .}: seq[ValidatorPubKey]
+
     secretsDirFlag* {.
       desc: "A directory containing validator keystore passwords"
       name: "secrets-dir" .}: Option[InputDir]

beacon_chain/nimbus_beacon_node.nim

@@ -818,7 +818,8 @@ proc init*(T: type BeaconNode,
     beaconClock: beaconClock,
     validatorMonitor: validatorMonitor,
     stateTtlCache: stateTtlCache,
-    dynamicFeeRecipientsStore: newClone(DynamicFeeRecipientsStore.init()))
+    dynamicFeeRecipientsStore: newClone(DynamicFeeRecipientsStore.init()),
+    keysFilter: toHashSet(config.web3SignersKeyFilter))
 
   node.initLightClient(
     rng, cfg, dag.forkDigests, getBeaconTime, dag.genesis_validators_root)

beacon_chain/nimbus_validator_client.nim

@@ -98,12 +98,29 @@ proc initGenesis(vc: ValidatorClientRef): Future[RestGenesis] {.async.} =
             dec(counter)
       return melem
 
-proc addValidatorsFromWeb3Signer(vc: ValidatorClientRef, web3signerUrl: Web3SignerUrl) {.async.} =
-  let res = await queryValidatorsSource(web3signerUrl)
-  if res.isOk():
-    let dynamicKeystores = res.get()
-    for keystore in dynamicKeystores:
-      vc.addValidator(keystore)
+proc addValidatorsFromWeb3Signer(vc: ValidatorClientRef,
+                                 web3signerUrl: Web3SignerUrl) {.async.} =
+  let keystores =
+    try:
+      let res = await queryValidatorsSource(web3signerUrl)
+      if res.isErr():
+        # Error is already reported via log warning.
+        default(seq[KeystoreData])
+      else:
+        res.get()
+    except CatchableError as exc:
+      warn "Unexpected error happens while polling validator's source",
+           error = $exc.name, reason = $exc.msg
+      default(seq[KeystoreData])
+
+  proc addValidatorProc(data: KeystoreData) =
+    vc.addValidator(data)
+
+  debug "Web3Signer has been polled for validators",
+        keystores_found = len(keystores),
+        web3signer_url = web3signerUrl.url
+  vc.attachedValidators.updateDynamicValidators(
+    web3signerUrl, keystores, vc.keysFilter, addValidatorProc)
 
 proc initValidators(vc: ValidatorClientRef): Future[bool] {.async.} =
   info "Loading validators", validatorsDir = vc.config.validatorsDir()
@@ -283,6 +300,7 @@ proc new*(T: type ValidatorClientRef,
       doppelExit: newAsyncEvent(),
       indicesAvailable: newAsyncEvent(),
       dynamicFeeRecipientsStore: newClone(DynamicFeeRecipientsStore.init()),
+      keysFilter: toHashSet(config.web3SignersKeyFilter),
       sigintHandleFut: waitSignal(SIGINT),
       sigtermHandleFut: waitSignal(SIGTERM),
       keystoreCache: KeystoreCacheRef.init()
@@ -300,6 +318,7 @@ proc new*(T: type ValidatorClientRef,
       indicesAvailable: newAsyncEvent(),
       doppelExit: newAsyncEvent(),
       dynamicFeeRecipientsStore: newClone(DynamicFeeRecipientsStore.init()),
+      keysFilter: toHashSet(config.web3SignersKeyFilter),
       sigintHandleFut: newFuture[void]("sigint_placeholder"),
       sigtermHandleFut: newFuture[void]("sigterm_placeholder"),
       keystoreCache: KeystoreCacheRef.init()

beacon_chain/validator_client/common.nim

@@ -233,6 +233,7 @@ type
     rootsSeen*: Table[Eth2Digest, Slot]
     processingDelay*: Opt[Duration]
     finalizedEpoch*: Opt[Epoch]
+    keysFilter*: HashSet[ValidatorPubKey]
     rng*: ref HmacDrbgContext
 
   ApiStrategyKind* {.pure.} = enum
@@ -911,24 +912,6 @@ proc getSubcommitteeIndex*(index: IndexInSyncCommittee): SyncSubcommitteeIndex =
 proc currentSlot*(vc: ValidatorClientRef): Slot =
   vc.beaconClock.now().slotOrZero()
 
-proc addValidator*(vc: ValidatorClientRef, keystore: KeystoreData) =
-  let
-    withdrawalAddress =
-      if vc.keymanagerHost.isNil:
-        Opt.none Eth1Address
-      else:
-        vc.keymanagerHost[].getValidatorWithdrawalAddress(keystore.pubkey)
-    perValidatorDefaultFeeRecipient = getPerValidatorDefaultFeeRecipient(
-      vc.config.defaultFeeRecipient, withdrawalAddress)
-    feeRecipient = vc.config.validatorsDir.getSuggestedFeeRecipient(
-      keystore.pubkey, perValidatorDefaultFeeRecipient).valueOr(
-        perValidatorDefaultFeeRecipient)
-    gasLimit = vc.config.validatorsDir.getSuggestedGasLimit(
-      keystore.pubkey, vc.config.suggestedGasLimit).valueOr(
-        vc.config.suggestedGasLimit)
-
-  discard vc.attachedValidators[].addValidator(keystore, feeRecipient, gasLimit)
-
 proc removeValidator*(vc: ValidatorClientRef,
                       pubkey: ValidatorPubKey) {.async.} =
   let validator = vc.attachedValidators[].getValidator(pubkey).valueOr:
@@ -961,6 +944,19 @@ proc getGasLimit(vc: ValidatorClientRef,
   getGasLimit(vc.config.validatorsDir, vc.config.suggestedGasLimit,
               validator.pubkey)
 
+proc addValidator*(vc: ValidatorClientRef, keystore: KeystoreData) =
+  let
+    currentEpoch = vc.beaconClock.now().slotOrZero().epoch()
+    feeRecipient = getFeeRecipient(
+      vc.dynamicFeeRecipientsStore, keystore.pubkey, Opt.none(ValidatorIndex),
+      Opt.none(Validator), vc.config.defaultFeeRecipient(),
+      vc.config.validatorsDir(), currentEpoch)
+    gasLimit =
+      getGasLimit(vc.config.validatorsDir, vc.config.suggestedGasLimit,
+      keystore.pubkey)
+
+  discard vc.attachedValidators[].addValidator(keystore, feeRecipient, gasLimit)
+
 proc prepareProposersList*(vc: ValidatorClientRef,
                            epoch: Epoch): seq[PrepareBeaconProposer] =
   var res: seq[PrepareBeaconProposer]

beacon_chain/validator_client/duties_service.nim

@@ -649,9 +649,9 @@ proc dynamicValidatorsLoop*(service: DutiesServiceRef,
               debug "Web3Signer has been polled for validators",
                     keystores_found = len(keystores),
                     web3signer_url = web3signerUrl.url
-              vc.attachedValidators.updateDynamicValidators(web3signerUrl,
-                                                            keystores,
-                                                            addValidatorProc)
+              vc.attachedValidators.updateDynamicValidators(
+                web3signerUrl, keystores, vc.keysFilter,
+                addValidatorProc)
               seconds(intervalInSeconds)
             else:
               seconds(5)

beacon_chain/validators/beacon_validators.nim

@@ -105,7 +105,8 @@ proc getValidator*(validators: auto,
     Opt.some ValidatorAndIndex(index: ValidatorIndex(idx),
                                validator: validators[idx])
 
-proc addValidatorsFromWeb3Signer(node: BeaconNode, web3signerUrl: Web3SignerUrl, epoch: Epoch) {.async.} =
+proc addValidatorsFromWeb3Signer(node: BeaconNode, web3signerUrl: Web3SignerUrl,
+                                 epoch: Epoch) {.async.} =
   let dynamicStores =
     try:
       let res = await queryValidatorsSource(web3signerUrl)
@@ -119,22 +120,22 @@ proc addValidatorsFromWeb3Signer(node: BeaconNode, web3signerUrl: Web3SignerUrl,
            error = $exc.name, reason = $exc.msg
       default(seq[KeystoreData])
 
-  for keystore in dynamicStores:
+  proc addValidatorProc(keystore: KeystoreData) =
     let
-      data =
-        withState(node.dag.headState):
-          getValidator(forkyState.data.validators.asSeq(), keystore.pubkey)
-      index =
-        if data.isSome():
-          Opt.some(data.get().index)
-        else:
-          Opt.none(ValidatorIndex)
+      epoch = node.currentSlot().epoch
+      index = Opt.none(ValidatorIndex)
       feeRecipient =
         node.consensusManager[].getFeeRecipient(keystore.pubkey, index, epoch)
-      gasLimit = node.consensusManager[].getGasLimit(keystore.pubkey)
-      v = node.attachedValidators[].addValidator(keystore, feeRecipient,
-                                                 gasLimit)
-    v.updateValidator(data)
+      gasLimit =
+        node.consensusManager[].getGasLimit(keystore.pubkey)
+    discard node.attachedValidators[].addValidator(keystore, feeRecipient,
+                                                   gasLimit)
+
+  debug "Validators source has been polled for validators",
+        keystores_found = len(dynamicStores),
+        web3signer_url = web3signerUrl.url
+  node.attachedValidators.updateDynamicValidators(
+    web3signerUrl, dynamicStores, node.keysFilter, addValidatorProc)
 
 proc addValidators*(node: BeaconNode) {.async.} =
   info "Loading validators", validatorsDir = node.config.validatorsDir(),
@@ -198,9 +199,8 @@ proc pollForDynamicValidators*(node: BeaconNode,
               debug "Validators source has been polled for validators",
                     keystores_found = len(keystores),
                     web3signer_url = web3signerUrl.url
-              node.attachedValidators.updateDynamicValidators(web3signerUrl,
-                                                              keystores,
-                                                              addValidatorProc)
+              node.attachedValidators.updateDynamicValidators(
+                web3signerUrl, keystores, node.keysFilter, addValidatorProc)
               seconds(intervalInSeconds)
             else:
               # In case of error we going to repeat our call with much smaller

beacon_chain/validators/validator_pool.nim

@@ -8,7 +8,7 @@
 {.push raises: [].}
 
 import
-  std/[tables, json, streams, sequtils, uri],
+  std/[tables, sets, json, streams, sequtils, uri],
   chronos, chronicles, metrics,
   json_serialization/std/net,
   presto/client,
@@ -391,13 +391,15 @@ func triggersDoppelganger*(
 proc updateDynamicValidators*(pool: ref ValidatorPool,
                               web3signerUrl: Web3SignerUrl,
                               keystores: openArray[KeystoreData],
+                              keysFilter: HashSet[ValidatorPubKey],
                               addProc: AddValidatorProc) =
   var
     keystoresTable: Table[ValidatorPubKey, Opt[KeystoreData]]
     deleteValidators: seq[ValidatorPubKey]
 
   for keystore in keystores:
-    keystoresTable[keystore.pubkey] = Opt.some(keystore)
+    if (len(keysFilter) == 0) or (keystore.pubkey in keysFilter):
+      keystoresTable[keystore.pubkey] = Opt.some(keystore)
 
   # We preserve `Local` and `Remote` keystores which are not from dynamic set,
   # and also we removing all the dynamic keystores which are not part of new
@@ -421,8 +423,10 @@ proc updateDynamicValidators*(pool: ref ValidatorPool,
     pool[].removeValidator(pubkey)
 
   # Adding new dynamic keystores.
-  for keystore in keystores.items():
-    let res = pool[].getValidator(keystore.pubkey)
+  for value in keystoresTable.values():
+    let
+      keystore = value.get()
+      res = pool[].getValidator(keystore.pubkey)
     if res.isSome():
       let validator = res.get()
       if validator.kind != ValidatorKind.Remote or