[pull] develop from smartcontractkit:develop#428
Merged
Conversation
* Check secret owner calls matches all inner secret owners * Moved check into Authorizer code instead * Make sure we're passing back the right error types * Added smoke tests for mismatched auth * Remove invalid owner test since we now check that elsewhere
* Add a limit to how many items can be written into the pending queue * Update throughput test back to normal * Updated go mod and PR comments * Updated go mod
* Add `AcceptOwnershipEOA` changeset for handling EOA-to-EOA ownership transfers * Add tests * Fix lint
* Use TEE runtime to determine if workflows should run in confidential module or not
* Update to new SDK and module that uses subscriptions
* Update common
* Update common
* Regions, and fixup confidential module
* Update common to allow regions in any tee
* unspecified tee type
* Update common
* fix(workflows/syncer/v2): wire confidential module routing into engine factory
createModule built a RequirementSelectingModule that wraps a local WASM
module and a ConfidentialModule, so triggers carrying a TEE requirement
in their subscription route to the confidential-workflows capability
(which executes WASM inside the enclave) while other triggers continue
to run locally. The routing infrastructure was correct but unused:
engineFactoryFn never called createModule, so the V2 engine received
a bare local WASM module and every trigger ran locally.
For a confidential workflow whose handler is declared as
cre.HandlerInTee(..., cre.AnyTee{}), the cron fires, the engine calls
localWASM.Execute(triggerRequest), the WASM calls runtime.GetSecret,
which routes to the workflow-node SecretsFetcher and queries vault
capability config on the remote capabilities DON. That config's
DefaultConfig is nil for remote capabilities, so unmarshalConfig
errors with "cannot unwrap nil values.Map" and every execution fails:
the test waits 5 minutes for a successful trigger that never comes.
Inline the createModule wrap into engineFactoryFn's V2 branch and
delete the orphan function. Thread binaryURL through engineFactoryFn
so ConfidentialModule can hand it to the capability.
* test(workflows/syncer/v2): make confidential routing test fail without the wiring fix
Test_workflowRegisteredHandler_confidentialRouting was designed to catch
the missing wire-up of the RequirementSelectingModule. It didn't, because
the captureTrigger stub had shouldRun=true, so its assertion inside
RegisterTrigger always passed even when the engine routed the trigger to
the local trigger capability (which is the bug path the test should
reject). Flip the flag to false so the assertion fails when the routing
falls back to the local registry.
With the wiring in place the trigger flows through the confidential cap
mock (which sets trigger.ran via its Execute), so RegisterTrigger on the
captureTrigger is never invoked and the shouldRun assertion does not run.
Without the wiring the engine registers the trigger directly with the
captureTrigger, the assertion fires, and the test fails.
* Update common
* Update standalone engine for TEE messaging
* Use checked in versions of everything
* Undo accidental changes
* missed reverting a couple files
* Fix accidental revert of go.mod go version
* Fix lint
* More lint and accidental file change reverting
* One more revert, no longer needed because the go.mod was fixed
* Reapply accidental file revert to fix org id...
---------
Co-authored-by: Tejaswi Nadahalli <tejaswi.nadahalli@smartcontract.com>
* move FinalizeLatest inside the tx sending loop * do not require in a goroutine * use assert.Eventually
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )