chore: suffix secrets and datastore kind with env (#132)

integration-tests/tests/docker/mod.rs

@@ -179,7 +179,6 @@ impl LeaderNode {
     pub async fn start(
         docker: &Docker,
         network: &str,
-        node_id: u64,
         sign_nodes: Vec<String>,
         near_rpc: &str,
         relayer_url: &str,
@@ -195,8 +194,6 @@ impl LeaderNode {
 
         let mut cmd = vec![
             "start-leader".to_string(),
-            "--node-id".to_string(),
-            node_id.to_string(),
             "--web-port".to_string(),
             web_port.to_string(),
             "--near-rpc".to_string(),

integration-tests/tests/lib.rs

@@ -96,7 +96,6 @@ where
     let leader_node = LeaderNode::start(
         &docker,
         NETWORK,
-        0,
         signer_urls.clone(),
         &near_rpc,
         &relayer.address,

mpc-recovery/src/gcp/mod.rs

@@ -15,6 +15,7 @@ use hyper_rustls::HttpsConnector;
 
 #[derive(Clone)]
 pub struct GcpService {
+    env: String,
     project_id: String,
     datastore: Datastore<HttpsConnector<HttpConnector>>,
     secret_manager: SecretManager<HttpsConnector<HttpConnector>>,
@@ -26,6 +27,7 @@ pub trait KeyKind {
 
 impl GcpService {
     pub async fn new(
+        env: String,
         project_id: String,
         gcp_datastore_url: Option<String>,
     ) -> anyhow::Result<Self> {
@@ -61,6 +63,7 @@ impl GcpService {
         }
 
         Ok(Self {
+            env,
             project_id,
             datastore,
             secret_manager,
@@ -94,7 +97,9 @@ impl GcpService {
         let request = LookupRequest {
             keys: Some(vec![Key {
                 path: Some(vec![PathElement {
-                    kind: Some(T::kind()),
+                    // We can't create multiple datastore databases in GCP, so we have to suffix
+                    // type kinds with env (`dev`, `prod`).
+                    kind: Some(format!("{}-{}", T::kind(), self.env)),
                     name: Some(name_key.to_string()),
                     id: None,
                 }]),
@@ -122,8 +127,18 @@ impl GcpService {
     }
 
     #[tracing::instrument(level = "debug", skip_all)]
-    pub async fn insert<T: IntoValue>(&self, value: T) -> anyhow::Result<()> {
-        let entity = Entity::from_value(value.into_value())?;
+    pub async fn insert<T: IntoValue + KeyKind>(&self, value: T) -> anyhow::Result<()> {
+        let mut entity = Entity::from_value(value.into_value())?;
+        let path_element = entity
+            .key
+            .as_mut()
+            .and_then(|k| k.path.as_mut())
+            .and_then(|p| p.first_mut());
+        if let Some(path_element) = path_element {
+            // We can't create multiple datastore databases in GCP, so we have to suffix
+            // type kinds with env (`dev`, `prod`).
+            path_element.kind = Some(format!("{}-{}", T::kind(), self.env))
+        }
 
         let request = CommitRequest {
             database_id: Some("".to_string()),

mpc-recovery/src/leader_node/mod.rs

@@ -1,5 +1,6 @@
 use crate::key_recovery::get_user_recovery_pk;
 use crate::msg::{AddKeyRequest, AddKeyResponse, NewAccountRequest, NewAccountResponse};
+use crate::nar;
 use crate::oauth::OAuthTokenVerifier;
 use crate::relayer::error::RelayerError;
 use crate::relayer::msg::RegisterAccountRequest;
@@ -8,7 +9,6 @@ use crate::transaction::{
     get_add_key_delegate_action, get_create_account_delegate_action,
     get_local_signed_delegated_action, get_mpc_signed_delegated_action,
 };
-use crate::{nar, NodeId};
 use axum::{http::StatusCode, routing::post, Extension, Json, Router};
 use near_crypto::{ParseKeyError, PublicKey, SecretKey};
 use near_primitives::account::id::ParseAccountError;
@@ -18,7 +18,7 @@ use rand::{distributions::Alphanumeric, Rng};
 use std::net::SocketAddr;
 
 pub struct Config {
-    pub id: NodeId,
+    pub env: String,
     pub port: u16,
     pub sign_nodes: Vec<String>,
     pub near_rpc: String,
@@ -33,7 +33,7 @@ pub struct Config {
 
 pub async fn run<T: OAuthTokenVerifier + 'static>(config: Config) {
     let Config {
-        id,
+        env,
         port,
         sign_nodes,
         near_rpc,
@@ -44,7 +44,7 @@ pub async fn run<T: OAuthTokenVerifier + 'static>(config: Config) {
         account_lookup_url,
         pagoda_firebase_audience_id,
     } = config;
-    let _span = tracing::debug_span!("run", id, port);
+    let _span = tracing::debug_span!("run", env, port);
     tracing::debug!(?sign_nodes, "running a leader node");
 
     let client = NearRpcAndRelayerClient::connect(&near_rpc, relayer_url);
@@ -66,7 +66,7 @@ pub async fn run<T: OAuthTokenVerifier + 'static>(config: Config) {
         .unwrap();
 
     let state = LeaderState {
-        id,
+        env,
         sign_nodes,
         client,
         reqwest_client: reqwest::Client::new(),
@@ -96,7 +96,7 @@ pub async fn run<T: OAuthTokenVerifier + 'static>(config: Config) {
 
 #[derive(Clone)]
 struct LeaderState {
-    id: NodeId,
+    env: String,
     sign_nodes: Vec<String>,
     client: NearRpcAndRelayerClient,
     reqwest_client: reqwest::Client,
@@ -252,7 +252,7 @@ mod response {
     }
 }
 
-#[tracing::instrument(level = "info", skip_all, fields(id = state.id))]
+#[tracing::instrument(level = "info", skip_all, fields(env = state.env))]
 async fn new_account<T: OAuthTokenVerifier>(
     Extension(state): Extension<LeaderState>,
     Json(request): Json<NewAccountRequest>,
@@ -405,7 +405,7 @@ async fn process_add_key<T: OAuthTokenVerifier>(
     .await
 }
 
-#[tracing::instrument(level = "info", skip_all, fields(id = state.id))]
+#[tracing::instrument(level = "info", skip_all, fields(env = state.env))]
 async fn add_key<T: OAuthTokenVerifier>(
     Extension(state): Extension<LeaderState>,
     Json(request): Json<AddKeyRequest>,

mpc-recovery/src/main.rs

@@ -14,9 +14,9 @@ enum Cli {
         n: usize,
     },
     StartLeader {
-        /// Node ID
-        #[arg(long, env("MPC_RECOVERY_NODE_ID"))]
-        node_id: u64,
+        /// Environment to run in (`dev` or `prod`)
+        #[arg(long, env("MPC_RECOVERY_ENV"), default_value("dev"))]
+        env: String,
         /// The web port for this server
         #[arg(long, env("MPC_RECOVERY_WEB_PORT"))]
         web_port: u16,
@@ -65,6 +65,9 @@ enum Cli {
         test: bool,
     },
     StartSign {
+        /// Environment to run in (`dev` or `prod`)
+        #[arg(long, env("MPC_RECOVERY_ENV"), default_value("dev"))]
+        env: String,
         /// Node ID
         #[arg(long, env("MPC_RECOVERY_NODE_ID"))]
         node_id: u64,
@@ -91,14 +94,15 @@ enum Cli {
 
 async fn load_sh_skare(
     gcp_service: &GcpService,
+    env: &str,
     node_id: u64,
     sk_share_arg: Option<String>,
 ) -> anyhow::Result<String> {
     match sk_share_arg {
         Some(sk_share) => Ok(sk_share),
         None => {
             let name = format!(
-                "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-{node_id}/versions/latest"
+                "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-secret-share-{node_id}-{env}/versions/latest"
             );
             Ok(std::str::from_utf8(&gcp_service.load_secret(name).await?)?.to_string())
         }
@@ -107,14 +111,14 @@ async fn load_sh_skare(
 
 async fn load_account_creator_sk(
     gcp_service: &GcpService,
-    node_id: u64,
+    env: &str,
     account_creator_sk_arg: Option<String>,
 ) -> anyhow::Result<String> {
     match account_creator_sk_arg {
         Some(account_creator_sk) => Ok(account_creator_sk),
         None => {
             let name = format!(
-                "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-{node_id}/versions/latest"
+                "projects/pagoda-discovery-platform-dev/secrets/mpc-recovery-account-creator-sk-{env}/versions/latest"
             );
             Ok(std::str::from_utf8(&gcp_service.load_secret(name).await?)?.to_string())
         }
@@ -146,7 +150,7 @@ async fn main() -> anyhow::Result<()> {
             }
         }
         Cli::StartLeader {
-            node_id,
+            env,
             web_port,
             sign_nodes,
             near_rpc,
@@ -160,14 +164,15 @@ async fn main() -> anyhow::Result<()> {
             gcp_datastore_url,
             test,
         } => {
-            let gcp_service = GcpService::new(gcp_project_id, gcp_datastore_url).await?;
+            let gcp_service =
+                GcpService::new(env.clone(), gcp_project_id, gcp_datastore_url).await?;
             let account_creator_sk =
-                load_account_creator_sk(&gcp_service, node_id, account_creator_sk).await?;
+                load_account_creator_sk(&gcp_service, &env, account_creator_sk).await?;
 
             let account_creator_sk = account_creator_sk.parse()?;
 
             let config = LeaderConfig {
-                id: node_id,
+                env,
                 port: web_port,
                 sign_nodes,
                 near_rpc,
@@ -187,6 +192,7 @@ async fn main() -> anyhow::Result<()> {
             }
         }
         Cli::StartSign {
+            env,
             node_id,
             pk_set,
             sk_share,
@@ -195,8 +201,9 @@ async fn main() -> anyhow::Result<()> {
             gcp_datastore_url,
             test,
         } => {
-            let gcp_service = GcpService::new(gcp_project_id, gcp_datastore_url).await?;
-            let sk_share = load_sh_skare(&gcp_service, node_id, sk_share).await?;
+            let gcp_service =
+                GcpService::new(env.clone(), gcp_project_id, gcp_datastore_url).await?;
+            let sk_share = load_sh_skare(&gcp_service, &env, node_id, sk_share).await?;
 
             // TODO put these in a better defined format
             let pk_set: Vec<Point<Ed25519>> = serde_json::from_str(&pk_set).unwrap();