Watermark order issue

.gitignore

@@ -22,8 +22,9 @@ dist
 .release-env
 .env
 .docker-creds
-signatory
-signatory-cli
+./signatory
+./signatory-cli
+.DS_Store
 
 # some integration_tests write secret env var to files
 integration_test/gcp-token.json

cmd/approve-list-svc/server/server_test.go

@@ -80,7 +80,7 @@ func testServer(t *testing.T, addr []net.IP) error {
 	s, err := signatory.New(context.Background(), &conf)
 	require.NoError(t, err)
 
-	msg, _ := hex.DecodeString("019caecab9000753d3029bc7d9a36b60cce68ade985a0a16929587166e0d3de61efff2fa31b7116bf670000000005ee3c23b04519d71c4e54089c56773c44979b3ba3d61078ade40332ad81577ae074f653e0e0000001100000001010000000800000000000753d2da051ba81185783e4cbc633cf2ba809139ef07c3e5f6c5867f930e7667b224430000cde7fbbb948e030000")
+	msg, _ := hex.DecodeString("11ed9d217c0000518e0118425847ac255b6d7c30ce8fec23b8eaf13b741de7d18509ac2ef83c741209630000000061947af504805682ea5d089837764b3efcc90b91db24294ff9ddb66019f332ccba17cc4741000000210000000102000000040000518e0000000000000004ffffffff0000000400000000eb1320a71e8bf8b0162a3ec315461e9153a38b70d00d5dde2df85eb92748f8d068d776e356683a9e23c186ccfb72ddc6c9857bb1704487972922e7c89a7121f800000000a8e1dd3c000000000000")
 	_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: signKeyHash, Message: msg, Source: net.IPv6loopback})
 	return err
 }

cmd/commands/root.go

@@ -78,11 +78,16 @@ func NewRootCommand(c *Context, name string) *cobra.Command {
 				return err
 			}
 
+			watermark, err := signatory.NewFileWatermark(baseDir)
+			if err != nil {
+				return err
+			}
+
 			sigConf := signatory.Config{
 				Policy:      pol,
 				Vaults:      conf.Vaults,
 				Interceptor: metrics.Interceptor,
-				Watermark:   &signatory.FileWatermark{BaseDir: baseDir},
+				Watermark:   watermark,
 			}
 
 			if conf.PolicyHook != nil && conf.PolicyHook.Address != "" {

integration_test/.watermarks/.gitignore

@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore

integration_test/docker-compose.yml

@@ -72,6 +72,8 @@ services:
       - "9583:9583"
     networks:
       - ecadnet
+    volumes:
+      - ./.watermarks:/var/lib/signatory
     configs:
       - source: sigy-config
         target: /etc/signatory.yaml

pkg/signatory/policy_hook_test.go

@@ -119,7 +119,7 @@ func testPolicyHookAuth(t *testing.T, status int) error {
 	s, err := signatory.New(context.Background(), &conf)
 	require.NoError(t, err)
 
-	msg := mustHex("019caecab9000753d3029bc7d9a36b60cce68ade985a0a16929587166e0d3de61efff2fa31b7116bf670000000005ee3c23b04519d71c4e54089c56773c44979b3ba3d61078ade40332ad81577ae074f653e0e0000001100000001010000000800000000000753d2da051ba81185783e4cbc633cf2ba809139ef07c3e5f6c5867f930e7667b224430000cde7fbbb948e030000")
+	msg := mustHex("11ed9d217c0000518e0118425847ac255b6d7c30ce8fec23b8eaf13b741de7d18509ac2ef83c741209630000000061947af504805682ea5d089837764b3efcc90b91db24294ff9ddb66019f332ccba17cc4741000000210000000102000000040000518e0000000000000004ffffffff0000000400000000eb1320a71e8bf8b0162a3ec315461e9153a38b70d00d5dde2df85eb92748f8d068d776e356683a9e23c186ccfb72ddc6c9857bb1704487972922e7c89a7121f800000000a8e1dd3c000000000000")
 	_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: signKeyHash, Message: msg})
 	return err
 }
@@ -156,7 +156,7 @@ func testPolicyHook(t *testing.T, status int) error {
 	s, err := signatory.New(context.Background(), &conf)
 	require.NoError(t, err)
 
-	msg := mustHex("019caecab9000753d3029bc7d9a36b60cce68ade985a0a16929587166e0d3de61efff2fa31b7116bf670000000005ee3c23b04519d71c4e54089c56773c44979b3ba3d61078ade40332ad81577ae074f653e0e0000001100000001010000000800000000000753d2da051ba81185783e4cbc633cf2ba809139ef07c3e5f6c5867f930e7667b224430000cde7fbbb948e030000")
+	msg := mustHex("11ed9d217c0000518e0118425847ac255b6d7c30ce8fec23b8eaf13b741de7d18509ac2ef83c741209630000000061947af504805682ea5d089837764b3efcc90b91db24294ff9ddb66019f332ccba17cc4741000000210000000102000000040000518e0000000000000004ffffffff0000000400000000eb1320a71e8bf8b0162a3ec315461e9153a38b70d00d5dde2df85eb92748f8d068d776e356683a9e23c186ccfb72ddc6c9857bb1704487972922e7c89a7121f800000000a8e1dd3c000000000000")
 	_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: signKeyHash, Message: msg})
 	return err
 }

pkg/signatory/request/request.go

@@ -11,43 +11,37 @@ type SignRequest interface {
 	RequestKind() string
 }
 
-type EmmyBlockRequest struct {
-	Chain       *tz.ChainID
-	BlockHeader protocol.ShellHeader
-}
-
-func (*EmmyBlockRequest) RequestKind() string { return "block" }
-
-type TenderbakeBlockRequest struct {
+type BlockRequest struct {
 	Chain       *tz.ChainID
 	BlockHeader protocol.TenderbakeBlockHeader
 }
 
-func (*TenderbakeBlockRequest) RequestKind() string { return "block" }
-
-type EmmyEndorsementRequest struct {
-	Chain     *tz.ChainID
-	Branch    *tz.BlockHash
-	Operation protocol.InlinedEmmyEndorsementContents
-}
-
-func (*EmmyEndorsementRequest) RequestKind() string { return "endorsement" }
+func (*BlockRequest) RequestKind() string       { return "block" }
+func (r *BlockRequest) GetChainID() *tz.ChainID { return r.Chain }
+func (r *BlockRequest) GetLevel() int32         { return r.BlockHeader.Level }
+func (r *BlockRequest) GetRound() int32         { return r.BlockHeader.PayloadRound }
 
 type PreendorsementRequest struct {
 	Chain     *tz.ChainID
 	Branch    *tz.BlockHash
 	Operation protocol.InlinedPreendorsementContents
 }
 
-func (*PreendorsementRequest) RequestKind() string { return "preendorsement" }
+func (*PreendorsementRequest) RequestKind() string       { return "preendorsement" }
+func (r *PreendorsementRequest) GetChainID() *tz.ChainID { return r.Chain }
+func (r *PreendorsementRequest) GetLevel() int32         { return r.Operation.(*protocol.Preendorsement).Level }
+func (r *PreendorsementRequest) GetRound() int32         { return r.Operation.(*protocol.Preendorsement).Round }
 
 type EndorsementRequest struct {
 	Chain     *tz.ChainID
 	Branch    *tz.BlockHash
 	Operation protocol.InlinedEndorsementContents
 }
 
-func (*EndorsementRequest) RequestKind() string { return "endorsement" }
+func (*EndorsementRequest) RequestKind() string       { return "endorsement" }
+func (r *EndorsementRequest) GetChainID() *tz.ChainID { return r.Chain }
+func (r *EndorsementRequest) GetLevel() int32         { return r.Operation.(*protocol.Endorsement).Level }
+func (r *EndorsementRequest) GetRound() int32         { return r.Operation.(*protocol.Endorsement).Round }
 
 type GenericOperationRequest struct {
 	Branch     *tz.BlockHash
@@ -59,10 +53,8 @@ func (*GenericOperationRequest) RequestKind() string { return "generic" }
 func init() {
 	encoding.RegisterEnum(&encoding.Enum[SignRequest]{
 		Variants: encoding.Variants[SignRequest]{
-			0x01: (*EmmyBlockRequest)(nil),
-			0x02: (*EmmyEndorsementRequest)(nil),
 			0x03: (*GenericOperationRequest)(nil),
-			0x11: (*TenderbakeBlockRequest)(nil),
+			0x11: (*BlockRequest)(nil),
 			0x12: (*PreendorsementRequest)(nil),
 			0x13: (*EndorsementRequest)(nil),
 		},
@@ -71,131 +63,40 @@ func init() {
 
 type WithWatermark interface {
 	SignRequest
-	Watermark() *Watermark
-}
-
-const (
-	WmOrderDefault = iota
-	WmOrderPreendorsement
-	WmOrderEndorsement
-)
-
-type Level struct {
-	Level int32            `json:"level"`
-	Round tz.Option[int32] `json:"round"`
-}
-
-func (l *Level) Cmp(other *Level) tz.Option[int] {
-	if l.Round.IsNone() && other.Round.IsSome() {
-		return tz.None[int]()
-	}
-
-	if d := l.Level - other.Level; d == 0 {
-		switch {
-		case l.Round.IsSome() && other.Round.IsSome():
-			return tz.Some(int(l.Round.Unwrap() - other.Round.Unwrap()))
-		case l.Round.IsSome() && other.Round.IsNone():
-			return tz.Some(1)
-		default:
-			return tz.Some(0)
-		}
-	} else {
-		return tz.Some(int(d))
-	}
+	GetChainID() *tz.ChainID
+	GetLevel() int32
+	GetRound() int32
 }
 
 type Watermark struct {
-	Level
-	Chain *tz.ChainID
-	Order int
-}
-
-type StoredWatermark struct {
-	Level
-	Order int                            `json:"order"`
+	Level int32                          `json:"level"`
+	Round int32                          `json:"round"`
 	Hash  tz.Option[tz.BlockPayloadHash] `json:"hash"`
 }
 
-func (w *Watermark) Stored(hash *crypt.Digest) *StoredWatermark {
-	wm := StoredWatermark{
-		Level: w.Level,
-		Order: w.Order,
-	}
-	if hash != nil {
-		var h tz.BlockPayloadHash
-		copy(h[:], hash[:])
-		wm.Hash = tz.Some(h)
-	}
-	return &wm
-}
-
-func (w *Watermark) Validate(stored *StoredWatermark, hash *crypt.Digest) bool {
-	if hash != nil && stored.Hash.IsSome() && *(*tz.BlockPayloadHash)(hash) == stored.Hash.Unwrap() {
-		return true
-	}
-	c := w.Level.Cmp(&stored.Level)
-	return c.IsSome() && (c.Unwrap() > 0 || c.Unwrap() == 0 && w.Order > stored.Order)
-}
-
-func (r *EmmyBlockRequest) Watermark() *Watermark {
-	return &Watermark{
-		Chain: r.Chain,
-		Level: Level{
-			Level: r.BlockHeader.Level,
-			Round: tz.None[int32](),
-		},
-		Order: WmOrderDefault,
-	}
-}
-
-func (r *TenderbakeBlockRequest) Watermark() *Watermark {
-	return &Watermark{
-		Chain: r.Chain,
-		Level: Level{
-			Level: r.BlockHeader.Level,
-			Round: tz.Some(r.BlockHeader.PayloadRound),
-		},
-		Order: WmOrderDefault,
-	}
-}
-
-func (r *EmmyEndorsementRequest) Watermark() *Watermark {
+func NewWatermark(req WithWatermark, hash *crypt.Digest) *Watermark {
 	return &Watermark{
-		Chain: r.Chain,
-		Level: Level{
-			Level: r.Operation.(*protocol.EmmyEndorsement).Level,
-			Round: tz.None[int32](),
-		},
-		Order: WmOrderEndorsement,
+		Level: req.GetLevel(),
+		Round: req.GetRound(),
+		Hash:  tz.Some((tz.BlockPayloadHash)(*hash)),
 	}
 }
 
-func (r *PreendorsementRequest) Watermark() *Watermark {
-	return &Watermark{
-		Chain: r.Chain,
-		Level: Level{
-			Level: r.Operation.(*protocol.Preendorsement).Level,
-			Round: tz.Some(r.Operation.(*protocol.Preendorsement).Round),
-		},
-		Order: WmOrderPreendorsement,
+func (l *Watermark) Validate(stored *Watermark) bool {
+	if l.Hash.IsSome() && stored.Hash.IsSome() && l.Hash.Unwrap() == stored.Hash.Unwrap() {
+		return true
 	}
-}
-
-func (r *EndorsementRequest) Watermark() *Watermark {
-	return &Watermark{
-		Chain: r.Chain,
-		Level: Level{
-			Level: r.Operation.(*protocol.Endorsement).Level,
-			Round: tz.Some(r.Operation.(*protocol.Endorsement).Round),
-		},
-		Order: WmOrderEndorsement,
+	var diff int32
+	if d := l.Level - stored.Level; d == 0 {
+		diff = l.Round - stored.Round
+	} else {
+		diff = d
 	}
+	return diff > 0
 }
 
 var (
-	_ WithWatermark = (*EmmyBlockRequest)(nil)
-	_ WithWatermark = (*EmmyEndorsementRequest)(nil)
-	_ WithWatermark = (*TenderbakeBlockRequest)(nil)
+	_ WithWatermark = (*BlockRequest)(nil)
 	_ WithWatermark = (*PreendorsementRequest)(nil)
 	_ WithWatermark = (*EndorsementRequest)(nil)
 )

pkg/signatory/request/request_test.go

@@ -68,7 +68,7 @@ func TestSignRequest(t *testing.T) {
 		{
 			title: "block",
 			src:   "11ed9d217c0000518e0118425847ac255b6d7c30ce8fec23b8eaf13b741de7d18509ac2ef83c741209630000000061947af504805682ea5d089837764b3efcc90b91db24294ff9ddb66019f332ccba17cc4741000000210000000102000000040000518e0000000000000004ffffffff0000000400000000eb1320a71e8bf8b0162a3ec315461e9153a38b70d00d5dde2df85eb92748f8d068d776e356683a9e23c186ccfb72ddc6c9857bb1704487972922e7c89a7121f800000000a8e1dd3c000000000000",
-			expect: &TenderbakeBlockRequest{
+			expect: &BlockRequest{
 				Chain: &tz.ChainID{0xed, 0x9d, 0x21, 0x7c},
 				BlockHeader: proto.TenderbakeBlockHeader{
 					ShellHeader: proto.ShellHeader{