feat(claimer): add sender to authority-claimer

offchain/authority-claimer/Cargo.toml

@@ -10,22 +10,32 @@ path = "src/main.rs"
 test = false
 
 [dependencies]
+contracts = { path = "../contracts" }
 http-server = { path = "../http-server" }
 rollups-events = { path = "../rollups-events" }
+types = { path = "../types" }
 
 async-trait.workspace = true
 clap = { workspace = true, features = ["derive"] }
+ethabi.workspace = true
+ethers.workspace = true
+ethers-signers = { workspace = true, features = ["aws"] }
 eth-tx-manager.workspace = true
 rusoto_core.workspace = true
+rusoto_kms.workspace = true
+rusoto_sts.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 snafu.workspace = true
 tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
 tracing-subscriber = { workspace = true, features = ["env-filter"] }
 tracing.workspace = true
+url.workspace = true
 
 [dev-dependencies]
 test-fixtures = { path = "../test-fixtures" }
 
 backoff = { workspace = true, features = ["tokio"] }
+serial_test.workspace = true
 testcontainers.workspace = true
+tracing-test = { workspace = true, features = ["no-env-filter"] }

offchain/authority-claimer/src/auth.rs

@@ -0,0 +1,102 @@
+// (c) Cartesi and individual authors (see AUTHORS)
+// SPDX-License-Identifier: Apache-2.0 (see LICENSE)
+
+//! This module handles the authentication configuration used by the transaction manager.
+//!
+//! It supports local authentication (given a mnemonic) and AWS KMS authentication.
+
+use clap::Parser;
+use rusoto_core::{region::ParseRegionError, Region};
+use snafu::{ResultExt, Snafu};
+use std::{fs, str::FromStr};
+
+#[derive(Debug, Snafu)]
+pub enum AuthError {
+    #[snafu(display("Configuration missing mnemonic/key-id"))]
+    MissingConfiguration,
+
+    #[snafu(display(
+        "Could not read mnemonic file at path `{}`: {}",
+        path,
+        source
+    ))]
+    MnemonicFileError {
+        path: String,
+        source: std::io::Error,
+    },
+
+    #[snafu(display("Missing AWS region"))]
+    MissingRegion,
+
+    #[snafu(display("Invalid AWS region"))]
+    InvalidRegion { source: ParseRegionError },
+}
+
+#[derive(Debug, Clone, Parser)]
+#[command(name = "auth_config")]
+#[command(about = "Configuration for signing authentication")]
+pub struct AuthEnvCLIConfig {
+    /// Signer mnemonic, overrides `auth_mnemonic_file` and `auth_aws_kms_*`
+    #[arg(long, env)]
+    pub auth_mnemonic: Option<String>,
+
+    /// Signer mnemonic file path, overrides `auth_aws_kms_*`
+    #[arg(long, env)]
+    pub auth_mnemonic_file: Option<String>,
+
+    /// Mnemonic account index
+    #[arg(long, env)]
+    pub auth_mnemonic_account_index: Option<u32>,
+
+    /// AWS KMS signer key-id
+    #[arg(long, env)]
+    pub auth_aws_kms_key_id: Option<String>,
+
+    /// AWS KMS signer region
+    #[arg(long, env)]
+    pub auth_aws_kms_region: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+pub enum AuthConfig {
+    Mnemonic {
+        mnemonic: String,
+        account_index: Option<u32>,
+    },
+
+    Aws {
+        key_id: String,
+        region: Region,
+    },
+}
+
+impl AuthConfig {
+    pub fn initialize(cli: AuthEnvCLIConfig) -> Result<AuthConfig, AuthError> {
+        let account_index = cli.auth_mnemonic_account_index;
+        if let Some(mnemonic) = cli.auth_mnemonic {
+            Ok(AuthConfig::Mnemonic {
+                mnemonic,
+                account_index,
+            })
+        } else if let Some(path) = cli.auth_mnemonic_file {
+            let mnemonic = fs::read_to_string(path.clone())
+                .context(MnemonicFileSnafu { path })?
+                .trim()
+                .to_string();
+            Ok(AuthConfig::Mnemonic {
+                mnemonic,
+                account_index,
+            })
+        } else {
+            match (cli.auth_aws_kms_key_id, cli.auth_aws_kms_region) {
+                (None, _) => Err(AuthError::MissingConfiguration),
+                (Some(_), None) => Err(AuthError::MissingRegion),
+                (Some(key_id), Some(region)) => {
+                    let region = Region::from_str(&region)
+                        .context(InvalidRegionSnafu)?;
+                    Ok(AuthConfig::Aws { key_id, region })
+                }
+            }
+        }
+    }
+}

offchain/authority-claimer/src/claimer.rs

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0 (see LICENSE)
 
 use async_trait::async_trait;
-use rollups_events::RollupsClaim;
+use rollups_events::{Address, RollupsClaim};
 use snafu::ResultExt;
 use std::fmt::Debug;
 use tracing::info;
@@ -34,13 +34,19 @@ pub enum ClaimerError<D: DuplicateChecker, T: TransactionSender> {
 /// `DuplicateChecker` and a `TransactionSender`.
 #[derive(Debug)]
 pub struct AbstractClaimer<D: DuplicateChecker, T: TransactionSender> {
+    dapp_address: Address,
     duplicate_checker: D,
     transaction_sender: T,
 }
 
 impl<D: DuplicateChecker, T: TransactionSender> AbstractClaimer<D, T> {
-    pub fn new(duplicate_checker: D, transaction_sender: T) -> Self {
+    pub fn new(
+        dapp_address: Address,
+        duplicate_checker: D,
+        transaction_sender: T,
+    ) -> Self {
         Self {
+            dapp_address,
             duplicate_checker,
             transaction_sender,
         }
@@ -72,7 +78,10 @@ where
         info!("Sending a new rollups claim");
         self.transaction_sender = self
             .transaction_sender
-            .send_rollups_claim_transaction(rollups_claim)
+            .send_rollups_claim_transaction(
+                self.dapp_address.clone(),
+                rollups_claim,
+            )
             .await
             .context(TransactionSenderSnafu)?;
 

offchain/authority-claimer/src/config/cli.rs

@@ -11,12 +11,17 @@ use rusoto_core::Region;
 use snafu::ResultExt;
 use std::{fs, path::PathBuf, str::FromStr};
 
+use crate::auth::{AuthConfig, AuthEnvCLIConfig};
 use crate::config::{
     error::{
-        AuthorityClaimerConfigError, InvalidRegionSnafu, MnemonicFileSnafu,
-        TxManagerSnafu, TxSigningConfigError, TxSigningSnafu,
+        AuthSnafu, AuthorityClaimerConfigError, InvalidRegionSnafu,
+        MnemonicFileSnafu, TxManagerSnafu, TxSigningConfigError,
+        TxSigningSnafu,
+    },
+    json::{
+        read_json_file, DappDeployment, RollupsDeployment,
+        RollupsDeploymentJson,
     },
-    json::{read_json_file, DappDeployment},
     AuthorityClaimerConfig, TxSigningConfig,
 };
 
@@ -37,9 +42,16 @@ pub(crate) struct AuthorityClaimerCLI {
     #[command(flatten)]
     broker_config: BrokerCLIConfig,
 
+    #[command(flatten)]
+    pub auth_config: AuthEnvCLIConfig,
+
     /// Path to a file with the deployment json of the dapp
     #[arg(long, env, default_value = "./dapp_deployment.json")]
     dapp_deployment_file: PathBuf,
+
+    /// Path to file with deployment json of rollups
+    #[arg(long, env, default_value = "./rollups_deployment.json")]
+    pub rollups_deployment_file: PathBuf,
 }
 
 impl TryFrom<AuthorityClaimerCLI> for AuthorityClaimerConfig {
@@ -56,16 +68,28 @@ impl TryFrom<AuthorityClaimerCLI> for AuthorityClaimerConfig {
 
         let broker_config = BrokerConfig::from(cli_config.broker_config);
 
+        let auth_config = AuthConfig::initialize(cli_config.auth_config)
+            .context(AuthSnafu)?;
+
         let dapp_deployment =
             read_json_file::<DappDeployment>(cli_config.dapp_deployment_file)?;
         let dapp_address = dapp_deployment.dapp_address;
         let dapp_deploy_block_hash = dapp_deployment.dapp_deploy_block_hash;
 
+        let rollups_deployment = read_json_file::<RollupsDeploymentJson>(
+            cli_config.rollups_deployment_file,
+        )
+        .map(RollupsDeployment::from)?;
+
+        let authority_address = rollups_deployment.authority_address;
+
         Ok(AuthorityClaimerConfig {
             tx_manager_config,
             tx_signing_config,
             tx_manager_priority: Priority::Normal,
+            auth_config,
             broker_config,
+            authority_address,
             dapp_address,
             dapp_deploy_block_hash,
         })

offchain/authority-claimer/src/config/error.rs

@@ -6,6 +6,8 @@ use rusoto_core::region::ParseRegionError;
 use snafu::Snafu;
 use std::path::PathBuf;
 
+use crate::auth::AuthError;
+
 #[derive(Debug, Snafu)]
 #[snafu(visibility(pub(crate)))]
 pub enum AuthorityClaimerConfigError {
@@ -15,6 +17,9 @@ pub enum AuthorityClaimerConfigError {
     #[snafu(display("TxSigning configuration error"))]
     TxSigningError { source: TxSigningConfigError },
 
+    #[snafu(display("Auth configuration error: {}", source))]
+    AuthError { source: AuthError },
+
     #[snafu(display("Read file error ({})", path.display()))]
     ReadFileError {
         path: PathBuf,

offchain/authority-claimer/src/config/json.rs

@@ -19,6 +19,34 @@ pub(crate) struct DappDeployment {
     pub dapp_deploy_block_hash: Hash,
 }
 
+#[derive(Clone, Debug, Deserialize)]
+pub struct RollupsDeploymentJson {
+    contracts: RollupsDeployment,
+}
+
+#[derive(Clone, Debug, Deserialize)]
+pub(crate) struct RollupsDeployment {
+    #[serde(rename = "History")]
+    pub history_address: Address,
+
+    #[serde(rename = "Authority")]
+    pub authority_address: Address,
+
+    #[serde(rename = "InputBox")]
+    pub input_box_address: Address,
+}
+
+impl From<RollupsDeploymentJson> for RollupsDeployment {
+    fn from(r: RollupsDeploymentJson) -> Self {
+        let contracts = r.contracts;
+        Self {
+            history_address: contracts.history_address,
+            authority_address: contracts.authority_address,
+            input_box_address: contracts.input_box_address,
+        }
+    }
+}
+
 pub(crate) fn read_json_file<T: DeserializeOwned>(
     path: PathBuf,
 ) -> Result<T, AuthorityClaimerConfigError> {

offchain/authority-claimer/src/config/mod.rs

@@ -13,6 +13,8 @@ use http_server::HttpServerConfig;
 use rollups_events::{Address, BrokerConfig, Hash};
 use rusoto_core::Region;
 
+use crate::auth::AuthConfig;
+
 #[derive(Debug, Clone)]
 pub struct Config {
     pub authority_claimer_config: AuthorityClaimerConfig,
@@ -24,7 +26,9 @@ pub struct AuthorityClaimerConfig {
     pub tx_manager_config: TxManagerConfig,
     pub tx_signing_config: TxSigningConfig,
     pub tx_manager_priority: Priority,
+    pub auth_config: AuthConfig,
     pub broker_config: BrokerConfig,
+    pub authority_address: Address,
     pub dapp_address: Address,
     pub dapp_deploy_block_hash: Hash,
 }

offchain/authority-claimer/src/lib.rs

@@ -1,12 +1,14 @@
 // (c) Cartesi and individual authors (see AUTHORS)
 // SPDX-License-Identifier: Apache-2.0 (see LICENSE)
 
+pub mod auth;
 pub mod checker;
 pub mod claimer;
 pub mod config;
 pub mod listener;
 pub mod metrics;
 pub mod sender;
+pub mod signer;
 
 #[cfg(test)]
 mod mock;
@@ -35,7 +37,7 @@ pub async fn run(config: Config) -> Result<(), Box<dyn Error>> {
     let claimer_handle = {
         let config = config.authority_claimer_config;
 
-        let dapp_address = config.dapp_address;
+        let dapp_address = config.dapp_address.clone();
         let dapp_metadata = DAppMetadata {
             chain_id: config.tx_manager_config.chain_id,
             dapp_address,
@@ -48,9 +50,11 @@ pub async fn run(config: Config) -> Result<(), Box<dyn Error>> {
         // Creating the transaction sender.
         trace!("Creating the transaction sender");
         let transaction_sender = DefaultTransactionSender::new(
+            config.clone(),
             dapp_metadata.clone(),
             metrics.clone(),
-        )?;
+        )
+        .await?;
 
         // Creating the broker listener.
         trace!("Creating the broker listener");
@@ -60,8 +64,11 @@ pub async fn run(config: Config) -> Result<(), Box<dyn Error>> {
 
         // Creating the claimer.
         trace!("Creating the claimer");
-        let claimer =
-            AbstractClaimer::new(duplicate_checker, transaction_sender);
+        let claimer = AbstractClaimer::new(
+            config.dapp_address,
+            duplicate_checker,
+            transaction_sender,
+        );
 
         // Returning the claimer event loop.
         broker_listener.start(claimer)