-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add gnoland secrets
command suite
#1593
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1593 +/- ##
==========================================
- Coverage 47.54% 45.04% -2.51%
==========================================
Files 388 464 +76
Lines 61242 67975 +6733
==========================================
+ Hits 29117 30617 +1500
- Misses 29686 34785 +5099
- Partials 2439 2573 +134 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great, nothing to say about the code. 👍
Just one suggestion: is it possible to change the name of the package? I feel that secrets
is way too generic for a command name. Even though I understand that it might seem a bit redundant, I think gnosecrets
would be clearer and more appropriate here.
Looks nice, could you add some usage examples to better understand how these commands will be used by the users, and how they will interact with 3rd party commands? Thanks. |
Can we rename Also, we can change @albttx, what are your thoughts on this API proposal? |
Just a reminder on my vision for node management in the future:
I am mainly referring to "gno.land" and not TM2 for building other blockchains, where we can adopt a different DX strategy. If we proceed in this direction, I suggest removing features related to secrets and keeping only the essential steps in the As for the new binary, I believe it would be more suitable for advanced users at the moment. We can relocate it to This approach would give us a binary focused on being a production node ( |
Hello, I'm not really sure to understand where is the need of this command. As a node runner on I believe what we need is:
When i need new keys on a cosmos-sdk based chain i do (which is quite rare...) gaiad init --moniker osef --home /tmp/osef
cp /tmp/osef/config/{node_key.json,priv_validator_key.json} . I made a PR on a proposal for the |
To start a node and connect to a new or existing network, users essentially need 4 things:
This PR introduces commands that let you generate and manage your secrets, outside of the lazy load With @moul's suggestion, your chain connection process would look like this:
Please note that the configuration file you provide will contain the list of initial bootnodes that you'll connect to upon startup, and your node will start syncing / communicating with other peers in the network We've already solved genesis manipulation with #1252 (and child PRs), meaning you can use those subcommands to add validators, change the initial state and so on. |
I plan to integrate a config command suite in my next PR, under What do you think about swapping I am fully in favor of integrating this into the What option seems better?
I'm leaning much more towards the first option, because there is a clear separation of functionality. Keep in mind we will have a config management suite as well, so it would need to follow this pattern as well ( |
After discussing with @albttx internally, we've converged on a possibly best solution: The
But we also want to introduce a new command:
It's essentially a 2 step process to get up and running as a node (if we exclude the step where people change their default peers...). I like this approach because:
Looking for thoughts @moul @ajnavarro @gfanton |
I've made this command suite as a subcommand of |
I'm not really fan of Here is a quick recap of my position on
# TCP or UNIX socket address for CometBFT to listen on for
# connections from an external PrivValidator process
priv_validator_laddr = ""
What do you think about about changing this into a flag ? something like $ gnoland init --force-new-secrets
are you sure ? [y,N] |
## Description Based on discussions in gnolang#1593, this PR introduces the CLI suite for manipulating the `config.toml`. Using this suite, we can build better workflows for power users. This PR is a series of lego blocks that are required for us to get a normal user chain connection going: - gnolang#1252 - solved `genesis.json` management and manipulation - gnolang#1593 - solved node secrets management and manipulation - this PR - solves `config.toml` management and manipulation All of these PRs get us to a point where the user can run: - `gnoland init` - `gnoland start` to get up and running with any Gno network. The added middle step is fine-tuning the configuration and genesis, but it's worth noting this step is optional. New commands: ```shell gnoland config --help USAGE config <subcommand> [flags] Gno config manipulation suite, for editing base and module configurations SUBCOMMANDS init Initializes the Gno node configuration set Edits the Gno node configuration get Shows the Gno node configuration ``` In short, the `gnoland config init` command initializes a default `config.toml`, while other subcommands allow editing viewing any field in the specific configuration. <details><summary>Contributors' checklist...</summary> - [x] Added new tests, or not needed, or not feasible - [x] Provided an example (e.g. screenshot) to aid review or the PR is self-explanatory - [x] Updated the official documentation or not needed - [x] No breaking changes were made, or a `BREAKING CHANGE: xxx` message was included in the description - [x] Added references to related issues and PRs - [ ] Provided any useful hints for running manual tests - [ ] Added new benchmarks to [generated graphs](https://gnoland.github.io/benchmarks), if any. More info [here](https://github.com/gnolang/gno/blob/master/.benchmarks/README.md). </details>
I've updated this PR after your suggestions, and our internal discussions:
The good part is we were able to reuse the entire testing suite from the previous iteration 😎 |
I'm not entirely sure what the best way to display available secrets keys (constants) is in the CLI itself. Do you think it's a good idea to show it in the help? |
Yes, let's put them in help, or have a error message like "invalid secret, valid ones: [1 2 3]", like we do for when you put a wrong key in |
They were in the error message before, but I've added them to the long help now, so it's even more clear (before the user runs the command): We will also have them on the docs somewhere when we add a secrets page |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the design overall looks good, some scattered notes on how to improve the code.
since I'm on holiday next week, I suggest you address the issues + look for another approval (since it has been a while since Guilhem approved)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good! My only complaint would be that the return value of the secrets get
command on a specific <key>
doesn't produce an exploitable format. I would personally expect that when I use secrets get NodeKey
, it produces something that I can pipe with any other command, like mycmd --with-nodekey "$(gnoland secrets getNodeKey)"
. But maybe that doesn't make sense for other <keys>
.
In any case, this isn't mandatory for me in this PR. Feel free to merge it.
I'll look into having a standard format that can be piped (ie. just the raw key value, address value...) in the future 🙏 |
Description
This PR introduces the secret management command suite as a the
gnoland
subcommand --gnoland secrets
.It is part of a series of PRs I plan to do on improving the chain initialization flow, with subsequent PRs focusing on the
config
file and its manipulation.Secrets being managed:
Available commands:
secrets init
- Initializes the Gno node secrets locally, including the validator key, validator state and node keysecrets verify
- Verifies the Gno node secrets locally, including the validator key, validator state and node keysecrets get
- Shows the Gno node secrets locally, including the validator key, validator state and node keyContributors' checklist...
BREAKING CHANGE: xxx
message was included in the description