expose shard and shard vault rpc call (#1498)

* now shielding from vault instead of alice. breaks sidechain block production

* fix

* fix unit testing

* fix clippy

* clean up rpc api definitions

* rpc works

* added cli commands for new rpc methods

* get-shard and get-shard-vault subcommands work

* cargo fix

* fix clippy

cli/src/lib.rs

@@ -119,6 +119,8 @@ pub enum CliError {
 	TrustedOp { msg: String },
 	#[error("EvmReadCommands error: {:?}", msg)]
 	EvmRead { msg: String },
+	#[error("worker rpc api error: {:?}", msg)]
+	WorkerRpcApi { msg: String },
 }
 
 pub type CliResult = Result<CliResultOk, CliError>;

cli/src/trusted_base_cli/commands/get_shard.rs

@@ -0,0 +1,67 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+use crate::{
+	command_utils::get_worker_api_direct, trusted_cli::TrustedCli, Cli, CliError, CliResult,
+	CliResultOk,
+};
+use base58::ToBase58;
+use codec::{Decode, Encode};
+
+use itc_rpc_client::direct_client::DirectApi;
+use itp_rpc::{RpcRequest, RpcResponse, RpcReturnValue};
+
+use itp_types::DirectRequestStatus;
+use itp_utils::FromHexPrefixed;
+use log::*;
+
+use sp_core::H256;
+
+#[derive(Parser)]
+pub struct GetShardCommand {}
+
+impl GetShardCommand {
+	pub(crate) fn run(&self, cli: &Cli, _trusted_args: &TrustedCli) -> CliResult {
+		let direct_api = get_worker_api_direct(cli);
+		let rpc_method = "author_getShard".to_owned();
+		let jsonrpc_call: String = RpcRequest::compose_jsonrpc_call(rpc_method, vec![]).unwrap();
+		let rpc_response_str = direct_api.get(&jsonrpc_call).unwrap();
+		// Decode RPC response.
+		let rpc_response: RpcResponse = serde_json::from_str(&rpc_response_str)
+			.map_err(|err| CliError::WorkerRpcApi { msg: err.to_string() })?;
+		let rpc_return_value = RpcReturnValue::from_hex(&rpc_response.result)
+			// Replace with `inspect_err` once it's stable.
+			.map_err(|err| {
+				error!("Failed to decode RpcReturnValue: {:?}", err);
+				CliError::WorkerRpcApi { msg: "failed to decode RpcReturnValue".to_string() }
+			})?;
+
+		if rpc_return_value.status == DirectRequestStatus::Error {
+			println!("[Error] {}", String::decode(&mut rpc_return_value.value.as_slice()).unwrap());
+			return Err(CliError::WorkerRpcApi { msg: "rpc error".to_string() })
+		}
+
+		let shard = H256::decode(&mut rpc_return_value.value.as_slice())
+			// Replace with `inspect_err` once it's stable.
+			.map_err(|err| {
+				error!("Failed to decode shard: {:?}", err);
+				CliError::WorkerRpcApi { msg: err.to_string() }
+			})?;
+		println!("{}", shard.encode().to_base58());
+		Ok(CliResultOk::H256 { hash: shard })
+	}
+}

cli/src/trusted_base_cli/commands/get_shard_vault.rs

@@ -0,0 +1,71 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+use crate::{
+	command_utils::get_worker_api_direct, trusted_cli::TrustedCli, Cli, CliError, CliResult,
+	CliResultOk,
+};
+
+use codec::Decode;
+
+use itc_rpc_client::direct_client::DirectApi;
+use itp_rpc::{RpcRequest, RpcResponse, RpcReturnValue};
+
+use itp_types::{AccountId, DirectRequestStatus};
+use itp_utils::FromHexPrefixed;
+use log::*;
+
+use sp_core::crypto::Ss58Codec;
+
+#[derive(Parser)]
+pub struct GetShardVaultCommand {}
+
+impl GetShardVaultCommand {
+	pub(crate) fn run(&self, cli: &Cli, _trusted_args: &TrustedCli) -> CliResult {
+		let direct_api = get_worker_api_direct(cli);
+		let rpc_method = "author_getShardVault".to_owned();
+		let jsonrpc_call: String = RpcRequest::compose_jsonrpc_call(rpc_method, vec![]).unwrap();
+		let rpc_response_str = direct_api.get(&jsonrpc_call).unwrap();
+		// Decode RPC response.
+		let rpc_response: RpcResponse = serde_json::from_str(&rpc_response_str)
+			.map_err(|err| CliError::WorkerRpcApi { msg: err.to_string() })?;
+		let rpc_return_value = RpcReturnValue::from_hex(&rpc_response.result)
+			// Replace with `inspect_err` once it's stable.
+			.map_err(|err| {
+				error!("Failed to decode RpcReturnValue: {:?}", err);
+				CliError::WorkerRpcApi { msg: "failed to decode RpcReturnValue".to_string() }
+			})?;
+
+		if rpc_return_value.status == DirectRequestStatus::Error {
+			println!("[Error] {}", String::decode(&mut rpc_return_value.value.as_slice()).unwrap());
+			return Err(CliError::WorkerRpcApi { msg: "rpc error".to_string() })
+		}
+
+		let vault = AccountId::decode(&mut rpc_return_value.value.as_slice())
+			// Replace with `inspect_err` once it's stable.
+			.map_err(|err| {
+				error!("Failed to decode vault account: {:?}", err);
+				CliError::WorkerRpcApi { msg: err.to_string() }
+			})?;
+		let vault_ss58 = vault.to_ss58check();
+		println!("{}", vault_ss58);
+		Ok(CliResultOk::PubKeysBase58 {
+			pubkeys_sr25519: None,
+			pubkeys_ed25519: Some(vec![vault_ss58]),
+		})
+	}
+}

cli/src/trusted_base_cli/commands/mod.rs

@@ -1,4 +1,6 @@
 pub mod balance;
+pub mod get_shard;
+pub mod get_shard_vault;
 pub mod nonce;
 pub mod set_balance;
 pub mod transfer;

cli/src/trusted_base_cli/mod.rs

@@ -17,8 +17,9 @@
 
 use crate::{
 	trusted_base_cli::commands::{
-		balance::BalanceCommand, nonce::NonceCommand, set_balance::SetBalanceCommand,
-		transfer::TransferCommand, unshield_funds::UnshieldFundsCommand,
+		balance::BalanceCommand, get_shard::GetShardCommand, get_shard_vault::GetShardVaultCommand,
+		nonce::NonceCommand, set_balance::SetBalanceCommand, transfer::TransferCommand,
+		unshield_funds::UnshieldFundsCommand,
 	},
 	trusted_cli::TrustedCli,
 	trusted_command_utils::get_keystore_path,
@@ -54,6 +55,12 @@ pub enum TrustedBaseCommand {
 	/// gets the nonce of a given account, taking the pending trusted calls
 	/// in top pool in consideration
 	Nonce(NonceCommand),
+
+	/// get shard for this worker
+	GetShard(GetShardCommand),
+
+	/// get shard vault for shielding (if defined for this worker)
+	GetShardVault(GetShardVaultCommand),
 }
 
 impl TrustedBaseCommand {
@@ -66,6 +73,8 @@ impl TrustedBaseCommand {
 			TrustedBaseCommand::Balance(cmd) => cmd.run(cli, trusted_cli),
 			TrustedBaseCommand::UnshieldFunds(cmd) => cmd.run(cli, trusted_cli),
 			TrustedBaseCommand::Nonce(cmd) => cmd.run(cli, trusted_cli),
+			TrustedBaseCommand::GetShard(cmd) => cmd.run(cli, trusted_cli),
+			TrustedBaseCommand::GetShardVault(cmd) => cmd.run(cli, trusted_cli),
 		}
 	}
 }

cli/src/trusted_cli.rs

@@ -25,7 +25,7 @@ use crate::trusted_base_cli::TrustedBaseCommand;
 pub struct TrustedCli {
 	/// targeted worker MRENCLAVE
 	#[clap(short, long)]
-	pub(crate) mrenclave: String,
+	pub(crate) mrenclave: Option<String>,
 
 	/// shard identifier
 	#[clap(short, long)]

cli/src/trusted_command_utils.rs

@@ -91,7 +91,12 @@ pub(crate) fn get_keystore_path(trusted_args: &TrustedCli) -> PathBuf {
 }
 
 pub(crate) fn get_identifiers(trusted_args: &TrustedCli) -> ([u8; 32], ShardIdentifier) {
-	let mrenclave = mrenclave_from_base58(&trusted_args.mrenclave);
+	let mrenclave = mrenclave_from_base58(
+		trusted_args
+			.mrenclave
+			.as_ref()
+			.expect("argument '--mrenclave' must be provided for this command"),
+	);
 	let shard = match &trusted_args.shard {
 		Some(val) =>
 			ShardIdentifier::from_slice(&val.from_base58().expect("shard has to be base58 encoded")),

cli/src/trusted_operation.rs

@@ -222,7 +222,12 @@ pub fn read_shard(trusted_args: &TrustedCli) -> StdResult<ShardIdentifier, codec
 			Ok(s) => ShardIdentifier::decode(&mut &s[..]),
 			_ => panic!("shard argument must be base58 encoded"),
 		},
-		None => match trusted_args.mrenclave.from_base58() {
+		None => match trusted_args
+			.mrenclave
+			.as_ref()
+			.expect("at least argument '--mrenclave' must be provided for this command")
+			.from_base58()
+		{
 			Ok(s) => ShardIdentifier::decode(&mut &s[..]),
 			_ => panic!("mrenclave argument must be base58 encoded"),
 		},

core/parentchain/block-import-dispatcher/src/immediate_dispatcher.rs

@@ -22,7 +22,7 @@ use std::{boxed::Box, vec::Vec};
 
 /// Block import dispatcher that immediately imports the blocks, without any processing or queueing.
 pub struct ImmediateDispatcher<BlockImporter> {
-	block_importer: BlockImporter,
+	pub block_importer: BlockImporter,
 	import_event_observers: Vec<Box<dyn Fn() + Send + Sync + 'static>>,
 }
 

core/parentchain/block-import-dispatcher/src/triggered_dispatcher.rs

@@ -62,7 +62,7 @@ pub trait TriggerParentchainBlockImport {
 /// Dispatcher for block imports that retains blocks until the import is triggered, using the
 /// `TriggerParentchainBlockImport` trait implementation.
 pub struct TriggeredDispatcher<BlockImporter, BlockImportQueue, EventsImportQueue> {
-	block_importer: BlockImporter,
+	pub block_importer: BlockImporter,
 	import_queue: BlockImportQueue,
 	events_queue: EventsImportQueue,
 }

core/parentchain/block-importer/src/block_importer.rs

@@ -47,7 +47,7 @@ pub struct ParentchainBlockImporter<
 	validator_accessor: Arc<ValidatorAccessor>,
 	stf_executor: Arc<StfExecutor>,
 	extrinsics_factory: Arc<ExtrinsicsFactory>,
-	indirect_calls_executor: Arc<IndirectCallsExecutor>,
+	pub indirect_calls_executor: Arc<IndirectCallsExecutor>,
 	_phantom: PhantomData<ParentchainBlock>,
 }
 

core/parentchain/indirect-calls-executor/src/executor.rs

@@ -60,7 +60,7 @@ pub struct IndirectCallsExecutor<
 	G,
 > {
 	pub(crate) shielding_key_repo: Arc<ShieldingKeyRepository>,
-	pub(crate) stf_enclave_signer: Arc<StfEnclaveSigner>,
+	pub stf_enclave_signer: Arc<StfEnclaveSigner>,
 	pub(crate) top_pool_author: Arc<TopPoolAuthor>,
 	pub(crate) node_meta_data_provider: Arc<NodeMetadataProvider>,
 	_phantom: PhantomData<(IndirectCallsFilter, EventCreator, ParentchainEventHandler, TCS, G)>,

docker/README.md

@@ -113,4 +113,4 @@ You can suppress the log output for a container by setting the logging driver. T
 logging:
     driver: local
 ```
-Mind the indent. Explanations for all the logging drivers in `docker compose` can be found [here](https://docs.docker.com/config/containers/logging/local/).
+Mind the indent. Explanations for all the logging drivers in `docker compose` can be found [here](https://docs.docker.com/config/containers/logging/local/).

enclave-runtime/Cargo.lock

@@ -788,6 +788,7 @@ dependencies = [
  "itc-direct-rpc-server",
  "itc-offchain-worker-executor",
  "itc-parentchain",
+ "itc-parentchain-block-import-dispatcher",
  "itc-parentchain-test",
  "itc-tls-websocket-server",
  "itp-attestation-handler",

enclave-runtime/Cargo.toml

@@ -99,6 +99,7 @@ ita-stf = { path = "../app-libs/stf", default-features = false, features = ["sgx
 itc-direct-rpc-server = { path = "../core/direct-rpc-server", default-features = false, features = ["sgx"] }
 itc-offchain-worker-executor = { path = "../core/offchain-worker-executor", default-features = false, features = ["sgx"] }
 itc-parentchain = { path = "../core/parentchain/parentchain-crate", default-features = false, features = ["sgx"] }
+itc-parentchain-block-import-dispatcher = { path = "../core/parentchain/block-import-dispatcher", default-features = false, features = ["sgx"] }
 itc-parentchain-test = { path = "../core/parentchain/test", default-features = false }
 itc-tls-websocket-server = { path = "../core/tls-websocket-server", default-features = false, features = ["sgx"] }
 itp-attestation-handler = { path = "../core-primitives/attestation-handler", default-features = false, features = ["sgx"] }