feat(testnet): test-genesis as a default, env vars for client config (#…

…5283)

CONFIG CHANGES:

* chore(testnet): move extra permissions from test genesis to default genesis
* feat(testnet): enable env vars for client configuration

Signed-off-by: Shunkichi Sato <[email protected]>

.github/workflows/iroha2-dev-nightly.yml

@@ -41,11 +41,11 @@ jobs:
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Build and push iroha2:dev-nightly image
+      - name: Build and push iroha:testnet-2.0.0-rc.1-nightly image
         uses: docker/build-push-action@v6
         with:
           push: true
-          tags: hyperledger/iroha:dev-nightly-${{ github.sha }}
+          tags: hyperledger/iroha:testnet-2.0.0-rc.1-nightly-${{ github.sha }}
           labels: commit=${{ github.sha }}
           build-args: TAG=dev
           # This context specification is required

.github/workflows/iroha2-dev-pr-static.yml

@@ -2,7 +2,7 @@ name: I2::Dev::Static
 
 on:
   pull_request:
-    branches: [ main ]
+    branches: [testnet/2.0.0-rc.1]
     paths:
       - '**.rs'
       - '**.json'

.github/workflows/iroha2-dev-pr-title.yml

@@ -2,7 +2,7 @@ name: I2::Dev::Title
 
 on:
   pull_request_target:
-    branches: [main]
+    branches: [testnet/2.0.0-rc.1]
     types: [opened, edited, synchronize, reopened]
 
 permissions:
@@ -46,4 +46,4 @@ jobs:
         uses: marocchino/sticky-pull-request-comment@v2
         with:
           header: pr-title-lint-error
-          delete: true
+          delete: true

.github/workflows/iroha2-dev-pr-wasm.yml

@@ -2,7 +2,7 @@ name: I2::Dev::Wasm
 
 on:
   pull_request:
-    branches: [main]
+    branches: [testnet/2.0.0-rc.1]
     paths:
       - '.github/workflows/iroha2-dev-pr-wasm.yaml'
 

.github/workflows/iroha2-dev-pr.yml

@@ -2,7 +2,7 @@ name: I2::Dev::Tests
 
 on:
   pull_request:
-    branches: [main]
+    branches: [testnet/2.0.0-rc.1]
     paths:
       - '**.rs'
       - '**.json'
@@ -160,12 +160,12 @@ jobs:
         uses: docker/setup-buildx-action@v2
         with:
           install: true
-      - name: Build and push iroha2:dev image
+      - name: Build and push iroha:testnet-2.0.0-rc.1 image
         uses: docker/build-push-action@v6
         if: always()
         with:
           push: true
-          tags: docker.soramitsu.co.jp/iroha2/iroha2:dev-${{ github.event.pull_request.head.sha }}
+          tags: docker.soramitsu.co.jp/iroha2/iroha:testnet-2.0.0-rc.1-${{ github.event.pull_request.head.sha }}
           labels: commit=${{ github.sha }}
           build-args: TAG=dev
           file: Dockerfile.glibc
@@ -214,7 +214,7 @@ jobs:
           file: Dockerfile.glibc
           tags: |
             hyperledger/iroha:local
-            hyperledger/iroha:dev
+            hyperledger/iroha:testnet-2.0.0-rc.1
           cache-from: type=gha
           cache-to: type=gha,mode=max
       - name: Test docker-compose.single.yml

.github/workflows/iroha2-dev.yml

@@ -2,7 +2,7 @@ name: I2::Dev::Publish
 
 on:
   push:
-    branches: [main]
+    branches: [testnet/2.0.0-rc.1]
 
 env:
   CARGO_TERM_COLOR: always
@@ -58,24 +58,24 @@ jobs:
           registry: docker.soramitsu.co.jp
           username: ${{ secrets.HARBOR_USERNAME }}
           password: ${{ secrets.HARBOR_TOKEN }}
-      - name: Build and push iroha2:dev image
+      - name: Build and push iroha:testnet-2.0.0-rc.1 image
         uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile.glibc
           push: true
           tags: |
-            hyperledger/iroha:dev
-            docker.soramitsu.co.jp/iroha2/iroha:dev
+            hyperledger/iroha:testnet-2.0.0-rc.1
+            docker.soramitsu.co.jp/iroha2/iroha:testnet-2.0.0-rc.1
           labels: commit=${{ github.sha }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
       - name: Copy artifacts from iroha image
         run: |
           mkdir -p ${{ env.ARTIFACTS_DIR }}
-          docker run --rm --entrypoint cat hyperledger/iroha:dev ${{ env.BIN_PATH }}/iroha > ${{ env.ARTIFACTS_DIR }}/iroha
-          docker run --rm --entrypoint cat hyperledger/iroha:dev ${{ env.BIN_PATH }}/irohad > ${{ env.ARTIFACTS_DIR }}/irohad
-          docker run --rm --entrypoint cat hyperledger/iroha:dev ${{ env.BIN_PATH }}/kagami > ${{ env.ARTIFACTS_DIR }}/kagami
+          docker run --rm --entrypoint cat hyperledger/iroha:testnet-2.0.0-rc.1 ${{ env.BIN_PATH }}/iroha > ${{ env.ARTIFACTS_DIR }}/iroha
+          docker run --rm --entrypoint cat hyperledger/iroha:testnet-2.0.0-rc.1 ${{ env.BIN_PATH }}/irohad > ${{ env.ARTIFACTS_DIR }}/irohad
+          docker run --rm --entrypoint cat hyperledger/iroha:testnet-2.0.0-rc.1 ${{ env.BIN_PATH }}/kagami > ${{ env.ARTIFACTS_DIR }}/kagami
       - name: Generate schema
         run: cargo run --bin kagami -- schema > ${{ env.ARTIFACTS_DIR }}/schema.json
       - name: Archive artifacts

.github/workflows/iroha2-doc-links.yml

@@ -6,7 +6,7 @@ name: I2::Doc::Links
 
 on:
   pull_request:
-    branches: [main, stable, lts]
+    branches: [testnet/2.0.0-rc.1]
     paths:
       - '**/*.md'
       - '**/*.txt'

.github/workflows/iroha2-no-incorrect-image.yml

@@ -2,9 +2,7 @@ name: I2::CI::check_for_incorrect_images
 
 on:
   push:
-    branches:
-      - main
-      - stable
+    branches: [testnet/2.0.0-rc.1]
 
 jobs:
   check:
@@ -17,9 +15,5 @@ jobs:
       - uses: actions/checkout@v4
       - name: Install dependencies
         run: pip install -r .github/scripts/ci_test/requirements.txt --no-input
-      - name: Check containers on iroha2 stable branch
-        if: github.base_ref == 'stable'
-        run: python .github/scripts/ci_test/ci_image_scan.py --allow iroha2:stable -- docker-compose*.yml
-      - name: Check containers on iroha2 main branch
-        if: github.base_ref == 'main'
-        run: python .github/scripts/ci_test/ci_image_scan.py --allow iroha2:dev -- docker-compose*.yml
+      - name: Check containers
+        run: python .github/scripts/ci_test/ci_image_scan.py --allow iroha:testnet-2.0.0-rc.1 -- docker-compose*.yml

.github/workflows/iroha2-pr-ui.yml

@@ -2,7 +2,7 @@ name: I2::Tests::UI
 
 on:
   pull_request:
-    branches: [main, stable, lts]
+    branches: [testnet/2.0.0-rc.1]
     paths:
       - 'crates/*_derive/**.rs'
       - 'crates/*_macro*/**.rs'

README.md

@@ -78,7 +78,7 @@ Prerequisites:
 - (Optional) Build the latest Iroha image:
 
   ```bash
-  docker build . -t hyperledger/iroha2:dev
+  docker build . -t hyperledger/iroha:dev
   ```
 
   If you skip this step, the Iroha container will be built using the latest available image.
@@ -181,7 +181,7 @@ Iroha stores blocks and snapshots in the `storage` directory, which is created a
 
 Multiple instances of Iroha peer and client binaries can be run on the same physical machine and in the same working directory. However, we recommend to give each instance a clean new working directory.
 
-The provided `docker-compose` file showcases a minimum viable network and the general methods of using the `hyperledger/iroha2:dev` docker image for deploying a network of peers.
+The provided `docker-compose` file showcases a minimum viable network and the general methods of using the `hyperledger/iroha:dev` docker image for deploying a network of peers.
 
 ## Further Reading
 

crates/iroha/src/config.rs

@@ -3,7 +3,7 @@
 use core::str::FromStr;
 use std::{path::Path, time::Duration};
 
-use derive_more::Display;
+use derive_more::{Constructor, Display, From};
 use error_stack::ResultExt;
 use eyre::Result;
 use iroha_config_base::{read::ConfigReader, toml::TomlSource};
@@ -51,14 +51,34 @@ impl FromStr for WebLogin {
 }
 
 /// Basic Authentication credentials
-#[derive(Clone, Deserialize, Serialize, Debug)]
+#[derive(Clone, Deserialize, Serialize, Debug, Constructor, PartialEq, Eq)]
 pub struct BasicAuth {
     /// Login for Basic Authentication
     pub web_login: WebLogin,
     /// Password for Basic Authentication
     pub password: SecretString,
 }
 
+#[derive(Debug, Display, From)]
+#[allow(missing_docs)]
+pub struct BasicAuthParseError(String);
+
+impl std::error::Error for BasicAuthParseError {}
+
+impl FromStr for BasicAuth {
+    type Err = BasicAuthParseError;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        let Some((login, password)) = s.split_once(':') else {
+            return Err(format!("`login:password` expected, got {s}").into());
+        };
+        Ok(Self {
+            web_login: login.parse().expect("should have no colons"),
+            password: SecretString::new(password.into()),
+        })
+    }
+}
+
 /// Complete client configuration
 #[derive(Clone, Debug, Serialize)]
 #[allow(missing_docs)]
@@ -103,6 +123,37 @@ mod tests {
 
     use super::*;
 
+    #[test]
+    fn parse_basic_auth() {
+        let items = [
+            (
+                ":",
+                Some(BasicAuth::new(
+                    "".parse().unwrap(),
+                    SecretString::new(String::new()),
+                )),
+            ),
+            (
+                "login:password",
+                Some(BasicAuth::new(
+                    "login".parse().unwrap(),
+                    SecretString::new("password".into()),
+                )),
+            ),
+            (
+                "login:pass:word",
+                Some(BasicAuth::new(
+                    "login".parse().unwrap(),
+                    SecretString::new("pass:word".into()),
+                )),
+            ),
+            ("login password", None),
+        ];
+        for (str, opt) in items {
+            assert_eq!(str.parse::<BasicAuth>().ok(), opt)
+        }
+    }
+
     #[test]
     fn web_login_ok() {
         let _ok: WebLogin = "alice".parse().expect("input is valid");

crates/iroha/src/config/user.rs

@@ -18,9 +18,11 @@ use crate::{
 #[derive(Clone, Debug, ReadConfig)]
 #[allow(missing_docs)]
 pub struct Root {
+    #[config(env = "CHAIN")]
     pub chain: ChainId,
     #[config(env = "TORII_URL")]
     pub torii_url: WithOrigin<Url>,
+    #[config(env = "BASIC_AUTH")]
     pub basic_auth: Option<BasicAuth>,
     #[config(nested)]
     pub account: Account,
@@ -125,19 +127,31 @@ impl Root {
 #[derive(Debug, Clone, ReadConfig)]
 #[allow(missing_docs)]
 pub struct Account {
+    #[config(env = "ACCOUNT_DOMAIN")]
     pub domain: DomainId,
+    #[config(env = "ACCOUNT_PUBLIC_KEY")]
     pub public_key: WithOrigin<PublicKey>,
+    #[config(env = "ACCOUNT_PRIVATE_KEY")]
     pub private_key: WithOrigin<PrivateKey>,
 }
 
 #[derive(Debug, Clone, ReadConfig)]
 #[allow(missing_docs)]
 pub struct Transaction {
-    #[config(default = "super::DEFAULT_TRANSACTION_TIME_TO_LIVE.into()")]
+    #[config(
+        env = "TRANSACTION_TIME_TO_LIVE_MS",
+        default = "super::DEFAULT_TRANSACTION_TIME_TO_LIVE.into()"
+    )]
     pub time_to_live_ms: WithOrigin<DurationMs>,
-    #[config(default = "super::DEFAULT_TRANSACTION_STATUS_TIMEOUT.into()")]
+    #[config(
+        env = "TRANSACTION_STATUS_TIMEOUT_MS",
+        default = "super::DEFAULT_TRANSACTION_STATUS_TIMEOUT.into()"
+    )]
     pub status_timeout_ms: WithOrigin<DurationMs>,
-    #[config(default = "super::DEFAULT_TRANSACTION_NONCE")]
+    #[config(
+        env = "TRANSACTION_NONCE",
+        default = "super::DEFAULT_TRANSACTION_NONCE"
+    )]
     pub nonce: bool,
 }
 
@@ -151,12 +165,28 @@ mod tests {
 
     #[test]
     fn parses_all_envs() {
-        let env = MockEnv::from([("TORII_URL", "http://localhost:8080")]);
+        let env = MockEnv::from([
+            ("CHAIN", "00000000-0000-0000-0000-000000000000"),
+            ("TORII_URL", "http://localhost:8080"),
+            ("BASIC_AUTH", "mad_hatter:ilovetea"),
+            ("ACCOUNT_DOMAIN", "wonderland"),
+            (
+                "ACCOUNT_PUBLIC_KEY",
+                "ed0120CE7FA46C9DCE7EA4B125E2E36BDB63EA33073E7590AC92816AE1E861B7048B03",
+            ),
+            (
+                "ACCOUNT_PRIVATE_KEY",
+                "802620CCF31D85E3B32A4BEA59987CE0C78E3B8E2DB93881468AB2435FE45D5C9DCD53",
+            ),
+            ("TRANSACTION_TIME_TO_LIVE_MS", "100_000"),
+            ("TRANSACTION_STATUS_TIMEOUT_MS", "15_000"),
+            ("TRANSACTION_NONCE", "false"),
+        ]);
 
-        let _ = ConfigReader::new()
+        let _root = ConfigReader::new()
             .with_env(env.clone())
             .read_and_complete::<Root>()
-            .expect_err("there are missing fields, but that of no concern");
+            .expect("should be able to be configured only from env vars");
 
         assert_eq!(env.unvisited(), HashSet::new());
         assert_eq!(env.unknown(), HashSet::new());

crates/iroha/src/secrecy.rs

@@ -4,8 +4,8 @@ use std::fmt;
 use derive_more::Constructor;
 use serde::{Deserialize, Serialize, Serializer};
 
-/// SecretString epresents a sensitive secret string.
-#[derive(Clone, Deserialize, Constructor)]
+/// String sensitive to printing and serialization
+#[derive(Clone, Deserialize, Constructor, PartialEq, Eq)]
 pub struct SecretString(String);
 
 impl SecretString {

crates/iroha_config_base/Cargo.toml

@@ -16,6 +16,7 @@ iroha_config_base_derive = { path = "../iroha_config_base_derive" }
 drop_bomb = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_with = { workspace = true, features = ["macros", "std"] }
+serde_json = { workspace = true }
 thiserror = { workspace = true }
 num-traits = "0.2.19"
 toml = { workspace = true }