[Merged by Bors] - auth for engine api #3046

pawanjay176 · 2022-02-28T14:11:54Z

Issue Addressed

Resolves #3015

Proposed Changes

Add JWT token based authentication to engine api requests. The jwt secret key is read from the provided file and is used to sign tokens that are used for authenticated communication with the EL node.

Interop with geth (synced merge-devnet-4 with the merge-kiln-v2 branch on geth)
Interop with other EL clients (nethermind on merge-devnet-4)
~~Implement zeroize for jwt secrets~~
Add auth server tests with mock_execution_layer
Get auth working with the execution_engine_integration tests

paulhauner · 2022-03-02T00:24:10Z

#3040 has done some refactoring of the execution_engine_integration tests and is likely to merge soon. It might be best to rebase this on #3040 so we don't get conflicts :)

After you rebase on #3040 you may need to run the tests differently (see PR notes). I suggest using this command in the root of this repo:

make test-exec-engine

pawanjay176 · 2022-03-02T14:50:48Z

Follows the proposal here #3015 (comment) to generate a new secret in a default location if one isn't provided for any EL endpoint.

Will rebase on unstable once #3040 gets merged.

paulhauner · 2022-03-03T04:52:43Z

I've been using this for some testing and it's working really nicely!

#3040 has merged now 🎉 I have a branch here, where I took this branch and rebased it onto unstable and resolved some compile/clippy errors: https://github.com/paulhauner/lighthouse/tree/jwt-auth-paul Feel free to use it, if you want ☺️

beacon_node/execution_layer/src/engines.rs

pawanjay176 · 2022-03-03T11:15:12Z

Hey @paulhauner sorry ended up rebasing myself. This is ready for review now.

paulhauner

This has been working great on merge-devnet-5! I just have a few little things and then we're good to go! 🚀

beacon_node/execution_layer/src/engine_api/auth.rs

beacon_node/execution_layer/src/engines.rs

beacon_node/execution_layer/src/lib.rs

beacon_node/src/cli.rs

beacon_node/execution_layer/src/engines.rs

paulhauner

Almost there! I have two more suggestions 🙏 One is recommended in this review and the other is at #3046 (comment).

beacon_node/src/config.rs

paulhauner · 2022-03-08T00:48:20Z

Oh also, it seems that Geth have updated some CLI flags. If we don't fix them here then bors will fail. The fix is nice and simple: 9be6845

Co-authored-by: Paul Hauner <paul@paulhauner.com>

paulhauner

Looks good!

Let's try an optimistic bors 🚀

bors r+

## Issue Addressed Resolves #3015 ## Proposed Changes Add JWT token based authentication to engine api requests. The jwt secret key is read from the provided file and is used to sign tokens that are used for authenticated communication with the EL node. - [x] Interop with geth (synced `merge-devnet-4` with the `merge-kiln-v2` branch on geth) - [x] Interop with other EL clients (nethermind on `merge-devnet-4`) - [x] ~Implement `zeroize` for jwt secrets~ - [x] Add auth server tests with `mock_execution_layer` - [x] Get auth working with the `execution_engine_integration` tests Co-authored-by: Paul Hauner <paul@paulhauner.com>

bors · 2022-03-08T08:37:05Z

Pull request successfully merged into unstable.

Build succeeded:

pawanjay176 added the work-in-progress PR is a work-in-progress label Feb 28, 2022

paulhauner added the bellatrix Required to support the Bellatrix Upgrade label Mar 1, 2022

pawanjay176 marked this pull request as ready for review March 2, 2022 14:47

pawanjay176 force-pushed the jwt-auth branch from 078ed4c to 4abefcc Compare March 3, 2022 06:37

pawanjay176 commented Mar 3, 2022

View reviewed changes

beacon_node/execution_layer/src/engines.rs Outdated Show resolved Hide resolved

pawanjay176 added ready-for-review The code is ready for review and removed work-in-progress PR is a work-in-progress labels Mar 3, 2022

paulhauner requested changes Mar 7, 2022

View reviewed changes

paulhauner added waiting-on-author The reviewer has suggested changes and awaits thier implementation. and removed ready-for-review The code is ready for review labels Mar 7, 2022

pawanjay176 added 15 commits March 7, 2022 13:15

Add auth for engine api requests

16d47d8

Fix secret key parsing; working interop

f258afd

Fix lint and test

9906ae2

Return correct error type on auth failure

6590949

Add authentication to MockServer

72e48c9

Add mock server auth failure tests

2209967

Add jwt roundtrip test

f8a157b

Working integration tests

bcd8bbc

Create a default jwt secret if not provided through cli

49e0152

Fix tests

b3bc587

Refactor auth to use JwtKey instead of hex string

fb7bd37

Fix tests

4702088

Fix lint

32bfb31

Fix cli tests

7670f1f

Tiny fixes

2a72690

pawanjay176 force-pushed the jwt-auth branch from a560cd6 to d66b71e Compare March 7, 2022 07:47

Apply suggestions from review

2e1cc71

pawanjay176 force-pushed the jwt-auth branch from d66b71e to 2e1cc71 Compare March 7, 2022 08:08

paulhauner mentioned this pull request Mar 7, 2022

Testnet: merge-devnet-5 #3054

Closed

paulhauner requested changes Mar 8, 2022

View reviewed changes

beacon_node/src/config.rs Outdated Show resolved Hide resolved

This was referenced Mar 8, 2022

[Merged by Bors] - Prepare proposer #3043

Closed

[Merged by Bors] - Poll the engine_exchangeTransitionConfigurationV1 endpoint #3047

Closed

pawanjay176 and others added 3 commits March 8, 2022 11:26

Update error message

d7ceccf

Co-authored-by: Paul Hauner <paul@paulhauner.com>

Update geth CLI flags

5fc1ee2

Remove num_auth_failed

672ef28

paulhauner added ready-for-merge This PR is ready to merge. and removed waiting-on-author The reviewer has suggested changes and awaits thier implementation. labels Mar 8, 2022

paulhauner approved these changes Mar 8, 2022

View reviewed changes

bors bot changed the title ~~auth for engine api~~ [Merged by Bors] - auth for engine api Mar 8, 2022

bors bot closed this Mar 8, 2022

paulhauner mentioned this pull request Mar 9, 2022

Implement authentication for execution API #3015

Closed

pawanjay176 deleted the jwt-auth branch March 9, 2022 06:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Merged by Bors] - auth for engine api #3046

[Merged by Bors] - auth for engine api #3046

pawanjay176 commented Feb 28, 2022 •

edited

Loading

paulhauner commented Mar 2, 2022

pawanjay176 commented Mar 2, 2022

paulhauner commented Mar 3, 2022

pawanjay176 commented Mar 3, 2022

paulhauner left a comment

paulhauner left a comment •

edited

Loading

paulhauner commented Mar 8, 2022

paulhauner left a comment

bors bot commented Mar 8, 2022

[Merged by Bors] - auth for engine api #3046

[Merged by Bors] - auth for engine api #3046

Conversation

pawanjay176 commented Feb 28, 2022 • edited Loading

Issue Addressed

Proposed Changes

paulhauner commented Mar 2, 2022

pawanjay176 commented Mar 2, 2022

paulhauner commented Mar 3, 2022

pawanjay176 commented Mar 3, 2022

paulhauner left a comment

Choose a reason for hiding this comment

paulhauner left a comment • edited Loading

Choose a reason for hiding this comment

paulhauner commented Mar 8, 2022

paulhauner left a comment

Choose a reason for hiding this comment

bors bot commented Mar 8, 2022

pawanjay176 commented Feb 28, 2022 •

edited

Loading

paulhauner left a comment •

edited

Loading