SecretStore: service pack 1 (#8435)

* SecretStore: error unify initial commit SecretStore: pass real error in error messages SecretStore: is_internal_error -> Error::is_non_fatal warnings SecretStore: ConsensusTemporaryUnreachable fix after merge removed comments removed comments SecretStore: updated HTTP error responses SecretStore: more ConsensusTemporaryUnreachable tests fix after rebase * SecretStore: unified SS contract config options && read * SecretStore: service pack SecretStore: service pack (continue) * fixed grumbles
2018-06-14 10:01:52 +03:00
parent b37b3cd1fc
commit 6f758bc7b1
24 changed files with 853 additions and 434 deletions
--- a/parity/cli/mod.rs
+++ b/parity/cli/mod.rs
@@ -563,38 +563,42 @@ usage! {
 			"--no-secretstore-http",
 			"Disable Secret Store HTTP API.",

- 			FLAG flag_no_secretstore_acl_check: (bool) = false, or |c: &Config| c.secretstore.as_ref()?.disable_acl_check.clone(),
-			"--no-acl-check",
-			"Disable ACL check (useful for test environments).",
-
 			FLAG flag_no_secretstore_auto_migrate: (bool) = false, or |c: &Config| c.secretstore.as_ref()?.disable_auto_migrate.clone(),
 			"--no-secretstore-auto-migrate",
 			"Do not run servers set change session automatically when servers set changes. This option has no effect when servers set is read from configuration file.",

-			ARG arg_secretstore_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract.clone(),
+			ARG arg_secretstore_acl_contract: (Option<String>) = Some("registry".into()), or |c: &Config| c.secretstore.as_ref()?.acl_contract.clone(),
+			"--secretstore-acl-contract=[SOURCE]",
+			"Secret Store permissioning contract address source: none, registry (contract address is read from 'secretstore_acl_checker' entry in registry) or address.",
+
+			ARG arg_secretstore_contract: (Option<String>) = None, or |c: &Config| c.secretstore.as_ref()?.service_contract.clone(),
 			"--secretstore-contract=[SOURCE]",
-			"Secret Store Service contract address source: none, registry (contract address is read from secretstore_service entry in registry) or address.",
+			"Secret Store Service contract address source: none, registry (contract address is read from 'secretstore_service' entry in registry) or address.",

-			ARG arg_secretstore_srv_gen_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract_srv_gen.clone(),
+			ARG arg_secretstore_srv_gen_contract: (Option<String>) = None, or |c: &Config| c.secretstore.as_ref()?.service_contract_srv_gen.clone(),
 			"--secretstore-srv-gen-contract=[SOURCE]",
-			"Secret Store Service server key generation contract address source: none, registry (contract address is read from secretstore_service_srv_gen entry in registry) or address.",
+			"Secret Store Service server key generation contract address source: none, registry (contract address is read from 'secretstore_service_srv_gen' entry in registry) or address.",

-			ARG arg_secretstore_srv_retr_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract_srv_retr.clone(),
+			ARG arg_secretstore_srv_retr_contract: (Option<String>) = None, or |c: &Config| c.secretstore.as_ref()?.service_contract_srv_retr.clone(),
 			"--secretstore-srv-retr-contract=[SOURCE]",
-			"Secret Store Service server key retrieval contract address source: none, registry (contract address is read from secretstore_service_srv_retr entry in registry) or address.",
+			"Secret Store Service server key retrieval contract address source: none, registry (contract address is read from 'secretstore_service_srv_retr' entry in registry) or address.",

-			ARG arg_secretstore_doc_store_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract_doc_store.clone(),
+			ARG arg_secretstore_doc_store_contract: (Option<String>) = None, or |c: &Config| c.secretstore.as_ref()?.service_contract_doc_store.clone(),
 			"--secretstore-doc-store-contract=[SOURCE]",
-			"Secret Store Service document key store contract address source: none, registry (contract address is read from secretstore_service_doc_store entry in registry) or address.",
+			"Secret Store Service document key store contract address source: none, registry (contract address is read from 'secretstore_service_doc_store' entry in registry) or address.",

-			ARG arg_secretstore_doc_sretr_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract_doc_sretr.clone(),
+			ARG arg_secretstore_doc_sretr_contract: (Option<String>) = None, or |c: &Config| c.secretstore.as_ref()?.service_contract_doc_sretr.clone(),
 			"--secretstore-doc-sretr-contract=[SOURCE]",
-			"Secret Store Service document key shadow retrieval contract address source: none, registry (contract address is read from secretstore_service_doc_sretr entry in registry) or address.",
+			"Secret Store Service document key shadow retrieval contract address source: none, registry (contract address is read from 'secretstore_service_doc_sretr' entry in registry) or address.",

 			ARG arg_secretstore_nodes: (String) = "", or |c: &Config| c.secretstore.as_ref()?.nodes.as_ref().map(|vec| vec.join(",")),
 			"--secretstore-nodes=[NODES]",
 			"Comma-separated list of other secret store cluster nodes in form NODE_PUBLIC_KEY_IN_HEX@NODE_IP_ADDR:NODE_PORT.",

+			ARG arg_secretstore_server_set_contract: (Option<String>) = Some("registry".into()), or |c: &Config| c.secretstore.as_ref()?.server_set_contract.clone(),
+			"--secretstore-server-set-contract=[SOURCE]",
+			"Secret Store server set contract address source: none, registry (contract address is read from 'secretstore_server_set' entry in registry) or address.",
+
 			ARG arg_secretstore_interface: (String) = "local", or |c: &Config| c.secretstore.as_ref()?.interface.clone(),
 			"--secretstore-interface=[IP]",
 			"Specify the hostname portion for listening to Secret Store Key Server internal requests, IP should be an interface's IP address, or local.",
@@ -1193,8 +1197,8 @@ struct Dapps {
 struct SecretStore {
 	disable: Option<bool>,
 	disable_http: Option<bool>,
-	disable_acl_check: Option<bool>,
 	disable_auto_migrate: Option<bool>,
+	acl_contract: Option<String>,
 	service_contract: Option<String>,
 	service_contract_srv_gen: Option<String>,
 	service_contract_srv_retr: Option<String>,
@@ -1203,6 +1207,7 @@ struct SecretStore {
 	self_secret: Option<String>,
 	admin_public: Option<String>,
 	nodes: Option<Vec<String>>,
+	server_set_contract: Option<String>,
 	interface: Option<String>,
 	port: Option<u16>,
 	http_interface: Option<String>,
@@ -1620,16 +1625,17 @@ mod tests {
 			// SECRETSTORE
 			flag_no_secretstore: false,
 			flag_no_secretstore_http: false,
-			flag_no_secretstore_acl_check: false,
 			flag_no_secretstore_auto_migrate: false,
-			arg_secretstore_contract: "none".into(),
-			arg_secretstore_srv_gen_contract: "none".into(),
-			arg_secretstore_srv_retr_contract: "none".into(),
-			arg_secretstore_doc_store_contract: "none".into(),
-			arg_secretstore_doc_sretr_contract: "none".into(),
+			arg_secretstore_acl_contract: Some("registry".into()),
+			arg_secretstore_contract: Some("none".into()),
+			arg_secretstore_srv_gen_contract: Some("none".into()),
+			arg_secretstore_srv_retr_contract: Some("none".into()),
+			arg_secretstore_doc_store_contract: Some("none".into()),
+			arg_secretstore_doc_sretr_contract: Some("none".into()),
 			arg_secretstore_secret: None,
 			arg_secretstore_admin_public: None,
 			arg_secretstore_nodes: "".into(),
+			arg_secretstore_server_set_contract: Some("registry".into()),
 			arg_secretstore_interface: "local".into(),
 			arg_secretstore_port: 8083u16,
 			arg_secretstore_http_interface: "local".into(),
@@ -1881,8 +1887,8 @@ mod tests {
 			secretstore: Some(SecretStore {
 				disable: None,
 				disable_http: None,
-				disable_acl_check: None,
 				disable_auto_migrate: None,
+				acl_contract: None,
 				service_contract: None,
 				service_contract_srv_gen: None,
 				service_contract_srv_retr: None,
@@ -1891,6 +1897,7 @@ mod tests {
 				self_secret: None,
 				admin_public: None,
 				nodes: None,
+				server_set_contract: None,
 				interface: None,
 				port: Some(8083),
 				http_interface: None,
--- a/parity/cli/tests/config.full.toml
+++ b/parity/cli/tests/config.full.toml
@@ -91,12 +91,13 @@ pass = "test_pass"
 [secretstore]
 disable = false
 disable_http = false
-disable_acl_check = false
+acl_contract = "registry"
 service_contract = "none"
 service_contract_srv_gen = "none"
 service_contract_srv_retr = "none"
 service_contract_doc_store = "none"
 service_contract_doc_sretr = "none"
+server_set_contract = "registry"
 nodes = []
 http_interface = "local"
 http_port = 8082