http flags | panic on hashicorp err | migrations | EEA failure (#309)

* rename https flags for better consistency

* prevent panic on empty hashicorp error list

* append migrations as part of docker image

* fix eea priv transactions

* fix eea sign tx formattter

.env.sample

@@ -1,9 +1,9 @@
 LOG_LEVEL=debug
 LOG_FORMAT=text
 
-HTTP_SERVER_SSL=true
-HTTP_SERVER_KEY=/certificates/https.key
-HTTP_SERVER_CERT=/certificates/https.crt
+HTTPS_ENABLE=true
+HTTPS_SERVER_KEY=/certificates/https.key
+HTTPS_SERVER_CERT=/certificates/https.crt
 
 AUTH_OIDC_CA_CERT=/certificates/client.crt
 AUTH_OIDC_CA_KEY=/certificates/client.key

Dockerfile

@@ -27,6 +27,7 @@ RUN upx /bin/main
 FROM gcr.io/distroless/static:$VERSION
 WORKDIR /
 COPY --from=builder /bin/main .
+COPY ./deps/migrations /migrations
 COPY LICENSE .
 USER 65532:65532
 

cmd/flags/http.go

@@ -77,10 +77,10 @@ Environment variable: %q`, httpHostEnv)
 }
 
 const (
-	enableHTTPSFlag     = "enable-https"
-	enableHTTPSViperKey = "enable.https"
+	enableHTTPSFlag     = "https-enable"
+	enableHTTPSViperKey = "https-enable"
 	enableHTTPSDefault  = false
-	enableHTTPSEnv      = "HTTP_SERVER_SSL"
+	enableHTTPSEnv      = "HTTPS_ENABLE"
 )
 
 // Hostname register a flag for HTTP server address
@@ -92,10 +92,10 @@ Environment variable: %q`, enableHTTPSEnv)
 }
 
 const (
-	httpServerKeyFlag     = "tls-server-key"
-	httpServerKeyViperKey = "tls.server.key"
+	httpServerKeyFlag     = "https-server-key"
+	httpServerKeyViperKey = "https.server.key"
 	httpServerKeyDefault  = ""
-	httpServerKeyEnv      = "HTTP_SERVER_KEY"
+	httpServerKeyEnv      = "HTTPS_SERVER_KEY"
 )
 
 func httpServerKey(f *pflag.FlagSet) {
@@ -106,10 +106,10 @@ Environment variable: %q`, httpServerKeyEnv)
 }
 
 const (
-	httpServerCertFlag     = "tls-server-cert"
-	httpServerCertViperKey = "tls.server.cert"
+	httpServerCertFlag     = "https-server-cert"
+	httpServerCertViperKey = "https.server.cert"
 	httpServerCertDefault  = ""
-	httpServerCertEnv      = "HTTP_SERVER_CERT"
+	httpServerCertEnv      = "HTTPS_SERVER_CERT"
 )
 
 func httpServerCert(f *pflag.FlagSet) {

docker-compose.yml

@@ -53,9 +53,9 @@ services:
       <<: *qkm-common
       AUTH_OIDC_CA_CERT: ${AUTH_OIDC_CA_CERT-/certificates/client.crt}
       AUTH_OIDC_ISSUER_URL: ${AUTH_OIDC_ISSUER_URL-}
-      HTTP_SERVER_SSL: ${HTTP_SERVER_SSL-true}
-      HTTP_SERVER_KEY: ${HTTP_SERVER_KEY-/certificates/https.key}
-      HTTP_SERVER_CERT: ${HTTP_SERVER_CERT-/certificates/https.crt}
+      HTTPS_ENABLE: ${HTTPS_ENABLE-true}
+      HTTPS_SERVER_KEY: ${HTTPS_SERVER_KEY-/certificates/https.key}
+      HTTPS_SERVER_CERT: ${HTTPS_SERVER_CERT-/certificates/https.crt}
       AUTH_TLS_CA: ${AUTH_TLS_CA-/ca/ca.crt}
       AUTH_API_KEY_FILE: ${AUTH_API_KEY_FILE-}
     ports:

pkg/ethereum/args.go

@@ -11,19 +11,25 @@ import (
 )
 
 type PrivacyFlag uint64
+type PrivateType string
 
 const (
 	StandardPrivatePrivacyFlag PrivacyFlag = iota                              // 0
 	PartyProtectionPrivacyFlag PrivacyFlag = 1 << PrivacyFlag(iota-1)          // 1
 	StateValidationPrivacyFlag             = iota | PartyProtectionPrivacyFlag // 3 which includes PrivacyFlagPartyProtection
 )
 
+const (
+	PrivateTypeRestricted   PrivateType = "restricted"
+	PrivateTypeUnrestricted PrivateType = "unrestricted"
+)
+
 // TODO: Delete usage of unnecessary pointers: https://app.zenhub.com/workspaces/orchestrate-5ea70772b186e10067f57842/issues/consensys/quorum-key-manager/96
 // PrivateArgs arguments for private transactions
 type PrivateArgs struct {
 	PrivateFrom    *string      `json:"privateFrom,omitempty"`
 	PrivateFor     *[]string    `json:"privateFor,omitempty"`
-	PrivateType    *string      `json:"restriction,omitempty"`
+	PrivateType    *PrivateType `json:"restriction,omitempty"`
 	PrivacyFlag    *PrivacyFlag `json:"privacyFlag,omitempty"`
 	PrivacyGroupID *string      `json:"privacyGroupId,omitempty"`
 }

src/infra/hashicorp/client/parsers.go

@@ -15,14 +15,14 @@ func parseErrorResponse(err error) error {
 
 	switch httpError.StatusCode {
 	case http.StatusNotFound:
-		return errors.NotFoundError(httpError.Errors[0])
+		return errors.NotFoundError(httpError.Error())
 	case http.StatusBadRequest:
-		return errors.InvalidFormatError(httpError.Errors[0])
+		return errors.InvalidFormatError(httpError.Error())
 	case http.StatusUnprocessableEntity:
-		return errors.InvalidParameterError(httpError.Errors[0])
+		return errors.InvalidParameterError(httpError.Error())
 	case http.StatusConflict:
-		return errors.AlreadyExistsError(httpError.Errors[0])
+		return errors.AlreadyExistsError(httpError.Error())
 	default:
-		return errors.HashicorpVaultError(httpError.Errors[0])
+		return errors.HashicorpVaultError(httpError.Error())
 	}
 }

src/nodes/interceptor/eea_send_transaction.go

@@ -13,10 +13,6 @@ import (
 	"github.com/ethereum/go-ethereum/common/hexutil"
 )
 
-const (
-	privateTxTypeRestricted = "restricted"
-)
-
 func (i *Interceptor) eeaSendTransaction(ctx context.Context, msg *ethereum.SendEEATxMsg) (*ethcommon.Hash, error) {
 	i.logger.Debug("sending EEA transaction")
 
@@ -84,7 +80,7 @@ func (i *Interceptor) eeaSendTransaction(ctx context.Context, msg *ethereum.Send
 	}
 
 	if msg.PrivateType == nil {
-		msg.PrivateType = common.ToPtr(privateTxTypeRestricted).(*string)
+		msg.PrivateType = common.ToPtr(ethereum.PrivateTypeRestricted).(*ethereum.PrivateType)
 	}
 
 	// Get ChainID from Node

src/nodes/interceptor/eea_send_transaction_test.go

@@ -67,7 +67,7 @@ func TestEEASendTransaction(t *testing.T) {
 				privCaller.EXPECT().GetTransactionCount(gomock.Any(), expectedFrom, "kAbelwaVW7okoEn1+okO+AbA4Hhz/7DaCOWVQz9nx5M=").Return(uint64(5), nil)
 
 				// SignEEA
-				expectedPrivateArgs := (&ethereum.PrivateArgs{PrivateType: common.ToPtr(privateTxTypeRestricted).(*string)}).WithPrivacyGroupID("kAbelwaVW7okoEn1+okO+AbA4Hhz/7DaCOWVQz9nx5M=")
+				expectedPrivateArgs := (&ethereum.PrivateArgs{PrivateType: common.ToPtr(ethereum.PrivateTypeRestricted).(*ethereum.PrivateType)}).WithPrivacyGroupID("kAbelwaVW7okoEn1+okO+AbA4Hhz/7DaCOWVQz9nx5M=")
 				accountsStore.EXPECT().SignEEA(gomock.Any(), expectedFrom, big.NewInt(1998), gomock.Any(), expectedPrivateArgs).Return(ethcommon.FromHex("0xa6122e27"), nil)
 
 				// SendRawTransaction
@@ -97,7 +97,7 @@ func TestEEASendTransaction(t *testing.T) {
 				privCaller.EXPECT().GetEeaTransactionCount(gomock.Any(), expectedFrom, "GGilEkXLaQ9yhhtbpBT03Me9iYa7U/mWXxrJhnbl1XY=", []string{"KkOjNLmCI6r+mICrC6l+XuEDjFEzQllaMQMpWLl4y1s=", "eLb69r4K8/9WviwlfDiZ4jf97P9czyS3DkKu0QYGLjg="}).Return(uint64(5), nil)
 
 				// Sign
-				expectedPrivateArgs := (&ethereum.PrivateArgs{PrivateType: common.ToPtr(privateTxTypeRestricted).(*string)}).WithPrivateFrom("GGilEkXLaQ9yhhtbpBT03Me9iYa7U/mWXxrJhnbl1XY=").WithPrivateFor([]string{"KkOjNLmCI6r+mICrC6l+XuEDjFEzQllaMQMpWLl4y1s=", "eLb69r4K8/9WviwlfDiZ4jf97P9czyS3DkKu0QYGLjg="})
+				expectedPrivateArgs := (&ethereum.PrivateArgs{PrivateType: common.ToPtr(ethereum.PrivateTypeRestricted).(*ethereum.PrivateType)}).WithPrivateFrom("GGilEkXLaQ9yhhtbpBT03Me9iYa7U/mWXxrJhnbl1XY=").WithPrivateFor([]string{"KkOjNLmCI6r+mICrC6l+XuEDjFEzQllaMQMpWLl4y1s=", "eLb69r4K8/9WviwlfDiZ4jf97P9czyS3DkKu0QYGLjg="})
 				accountsStore.EXPECT().SignEEA(gomock.Any(), expectedFrom, big.NewInt(1998), gomock.Any(), expectedPrivateArgs).Return(ethcommon.FromHex("0xa6122e27"), nil)
 
 				eeaCaller.EXPECT().SendRawTransaction(gomock.Any(), ethcommon.FromHex("0xa6122e27")).Return(ethcommon.HexToHash("0x6052dd2131667ef3e0a0666f2812db2defceaec91c470bb43de92268e8306778"), nil)

src/stores/api/formatters/eth1.go

@@ -1,8 +1,6 @@
 package formatters
 
 import (
-	"math/big"
-
 	common2 "github.com/consensys/quorum-key-manager/pkg/common"
 	"github.com/consensys/quorum-key-manager/pkg/ethereum"
 	"github.com/consensys/quorum-key-manager/src/stores/api/types"
@@ -14,8 +12,7 @@ import (
 )
 
 const (
-	PrivateTxTypeRestricted = "restricted"
-	EIP712DomainLabel       = "EIP712Domain"
+	EIP712DomainLabel = "EIP712Domain"
 )
 
 func FormatSignTypedDataRequest(request *types.SignTypedDataRequest) *signer.TypedData {
@@ -76,16 +73,21 @@ func FormatPrivateTransaction(tx *types.SignQuorumPrivateTransactionRequest) *qu
 
 func FormatEEATransaction(tx *types.SignEEATransactionRequest) (*ethtypes.Transaction, *ethereum.PrivateArgs) {
 	privateArgs := &ethereum.PrivateArgs{
-		PrivateFrom:    &tx.PrivateFrom,
-		PrivateFor:     &tx.PrivateFor,
-		PrivateType:    common2.ToPtr(PrivateTxTypeRestricted).(*string),
-		PrivacyGroupID: &tx.PrivacyGroupID,
+		PrivateFrom: &tx.PrivateFrom,
+		PrivateType: common2.ToPtr(ethereum.PrivateTypeRestricted).(*ethereum.PrivateType),
+	}
+
+	if tx.PrivacyGroupID != "" {
+		privateArgs.PrivacyGroupID = &tx.PrivacyGroupID
+	} else if len(tx.PrivateFor) > 0 {
+		privateArgs.PrivateFor = &tx.PrivateFor
 	}
 
 	if tx.To == nil {
-		return ethtypes.NewContractCreation(uint64(tx.Nonce), big.NewInt(0), uint64(0), big.NewInt(0), tx.Data), privateArgs
+		return ethtypes.NewContractCreation(uint64(tx.Nonce), tx.Value.ToInt(), uint64(tx.GasLimit), tx.GasPrice.ToInt(), tx.Data), privateArgs
 	}
-	return ethtypes.NewTransaction(uint64(tx.Nonce), *tx.To, big.NewInt(0), uint64(0), big.NewInt(0), tx.Data), privateArgs
+
+	return ethtypes.NewTransaction(uint64(tx.Nonce), *tx.To, tx.Value.ToInt(), uint64(tx.GasLimit), tx.GasPrice.ToInt(), tx.Data), privateArgs
 }
 
 func FormatEthAccResponse(ethAcc *entities.ETHAccount) *types.EthAccountResponse {

src/stores/api/types/ethereum.go

@@ -69,6 +69,9 @@ type SignQuorumPrivateTransactionRequest struct {
 type SignEEATransactionRequest struct {
 	Nonce          hexutil.Uint64  `json:"nonce" example:"0x1" swaggertype:"string"`
 	To             *common.Address `json:"to,omitempty" example:"0x905B88EFf8Bda1543d4d6f4aA05afef143D27E18" swaggertype:"string"`
+	Value          hexutil.Big     `json:"value,omitempty" example:"0x1" swaggertype:"string"`
+	GasPrice       hexutil.Big     `json:"gasPrice,omitempty" example:"0x0" swaggertype:"string"`
+	GasLimit       hexutil.Uint64  `json:"gasLimit,omitempty" example:"0x5208" swaggertype:"string"`
 	Data           hexutil.Bytes   `json:"data,omitempty" example:"0xfeaeee..." swaggertype:"string"`
 	ChainID        hexutil.Big     `json:"chainID" validate:"required" example:"0x1 (mainnet)" swaggertype:"string"`
 	PrivateFrom    string          `json:"privateFrom" validate:"required,base64,required_with=PrivateFor PrivacyGroupID" example:"A1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo="`

src/stores/connectors/ethereum/sign.go

@@ -102,14 +102,14 @@ func (c Connector) SignEEA(ctx context.Context, addr common.Address, chainID *bi
 
 	privateFromEncoded, err := base64.StdEncoding.DecodeString(*args.PrivateFrom)
 	if err != nil {
-		errMessage := "invalid privateFrom param"
+		errMessage := "invalid 'privateFrom'"
 		c.logger.WithError(err).Error(errMessage)
 		return nil, errors.InvalidParameterError(errMessage)
 	}
 
 	privateRecipientEncoded, err := getEncodedPrivateRecipient(args.PrivacyGroupID, args.PrivateFor)
 	if err != nil {
-		errMessage := "invalid privacyGroupID or privateFor"
+		errMessage := "invalid 'privacyGroupID' or 'privateFor'"
 		c.logger.WithError(err).Error(errMessage)
 		return nil, errors.InvalidParameterError(errMessage)
 	}
@@ -134,7 +134,7 @@ func (c Connector) SignEEA(ctx context.Context, addr common.Address, chainID *bi
 		return nil, errors.InvalidParameterError(errMessage)
 	}
 
-	signature, err := c.sign(ctx, addr, hash[:])
+	signature, err := c.sign(ctx, addr, hash.Bytes())
 	if err != nil {
 		return nil, err
 	}

src/stores/connectors/ethereum/sign_test.go

@@ -6,13 +6,12 @@ import (
 	"math/big"
 	"testing"
 
-	mock3 "github.com/consensys/quorum-key-manager/src/auth/mock"
-	authtypes "github.com/consensys/quorum-key-manager/src/auth/types"
-
+	common2 "github.com/consensys/quorum-key-manager/pkg/common"
 	"github.com/consensys/quorum-key-manager/pkg/errors"
 	"github.com/consensys/quorum-key-manager/pkg/ethereum"
+	mock3 "github.com/consensys/quorum-key-manager/src/auth/mock"
+	authtypes "github.com/consensys/quorum-key-manager/src/auth/types"
 	"github.com/consensys/quorum-key-manager/src/infra/log/testutils"
-	"github.com/consensys/quorum-key-manager/src/stores/api/formatters"
 	mock2 "github.com/consensys/quorum-key-manager/src/stores/database/mock"
 	testutils2 "github.com/consensys/quorum-key-manager/src/stores/entities/testutils"
 	"github.com/consensys/quorum-key-manager/src/stores/mock"
@@ -284,11 +283,10 @@ func TestSignEEA(t *testing.T) {
 	)
 	privateFrom := "A1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo="
 	privateFor := []string{"A1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo=", "B1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo="}
-	privateType := formatters.PrivateTxTypeRestricted
 	privateArgs := &ethereum.PrivateArgs{
 		PrivateFrom: &privateFrom,
 		PrivateFor:  &privateFor,
-		PrivateType: &privateType,
+		PrivateType: common2.ToPtr(ethereum.PrivateTypeRestricted).(*ethereum.PrivateType),
 	}
 	ecdsaSignature := hexutil.MustDecode("0x6854034c21ebb5a6d4aa9a9c1462862b1e4af355383413a0dcfbba309f56ed0220c0ebc19f159ce83c24dde6f1b2d424025e45bc8b00be3e2fd4367949d4f0b3")
 

tests/acceptance/store_test_ethereum.go

@@ -8,7 +8,6 @@ import (
 	"github.com/consensys/quorum-key-manager/pkg/errors"
 	"github.com/consensys/quorum-key-manager/pkg/ethereum"
 	"github.com/consensys/quorum-key-manager/src/stores"
-	"github.com/consensys/quorum-key-manager/src/stores/api/formatters"
 	"github.com/consensys/quorum-key-manager/src/stores/database"
 	"github.com/consensys/quorum-key-manager/src/stores/entities"
 	"github.com/consensys/quorum-key-manager/src/stores/entities/testutils"
@@ -303,11 +302,10 @@ func (s *ethTestSuite) TestSignEEA() {
 	)
 	privateFrom := "A1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo="
 	privateFor := []string{"A1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo=", "B1aVtMxLCUHmBVHXoZzzBgPbW/wj5axDpW9X8l91SGo="}
-	privateType := formatters.PrivateTxTypeRestricted
 	privateArgs := &ethereum.PrivateArgs{
 		PrivateFrom: &privateFrom,
 		PrivateFor:  &privateFor,
-		PrivateType: &privateType,
+		PrivateType: common.ToPtr(ethereum.PrivateTypeRestricted).(*ethereum.PrivateType),
 	}
 
 	account, err := s.store.Create(ctx, id, &entities.Attributes{