1use std::{net::SocketAddr, path::PathBuf, time::Duration};
6
7use fastcrypto::{
8 encoding::{Encoding, Hex},
9 traits::KeyPair,
10};
11use iota_config::{
12 AUTHORITIES_DB_NAME, CONSENSUS_DB_NAME, ConsensusConfig, FULL_NODE_DB_PATH,
13 IOTA_GENESIS_MIGRATION_TX_DATA_FILENAME, NodeConfig, local_ip_utils,
14 node::{
15 AuthorityKeyPairWithPath, AuthorityOverloadConfig, AuthorityStorePruningConfig,
16 CheckpointExecutorConfig, DBCheckpointConfig, DEFAULT_GRPC_CONCURRENCY_LIMIT,
17 ExecutionCacheConfig, ExpensiveSafetyCheckConfig, Genesis, KeyPairWithPath, RunWithRange,
18 StateArchiveConfig, StateSnapshotConfig, default_enable_index_processing,
19 default_end_of_epoch_broadcast_channel_capacity, default_zklogin_oauth_providers,
20 },
21 p2p::{P2pConfig, SeedPeer, StateSyncConfig},
22 verifier_signing_config::VerifierSigningConfig,
23};
24use iota_types::{
25 crypto::{AuthorityKeyPair, AuthorityPublicKeyBytes, IotaKeyPair, NetworkKeyPair},
26 multiaddr::Multiaddr,
27 supported_protocol_versions::SupportedProtocolVersions,
28 traffic_control::{PolicyConfig, RemoteFirewallConfig},
29};
30
31use crate::{
32 genesis_config::{ValidatorGenesisConfig, ValidatorGenesisConfigBuilder},
33 network_config::NetworkConfig,
34};
35
36#[derive(Clone, Default)]
40pub struct ValidatorConfigBuilder {
41 config_directory: Option<PathBuf>,
42 supported_protocol_versions: Option<SupportedProtocolVersions>,
43 force_unpruned_checkpoints: bool,
44 jwk_fetch_interval: Option<Duration>,
45 authority_overload_config: Option<AuthorityOverloadConfig>,
46 data_ingestion_dir: Option<PathBuf>,
47 policy_config: Option<PolicyConfig>,
48 firewall_config: Option<RemoteFirewallConfig>,
49 max_submit_position: Option<usize>,
50 submit_delay_step_override_millis: Option<u64>,
51}
52
53impl ValidatorConfigBuilder {
54 pub fn new() -> Self {
55 Self {
56 ..Default::default()
57 }
58 }
59
60 pub fn with_config_directory(mut self, config_directory: PathBuf) -> Self {
61 assert!(self.config_directory.is_none());
62 self.config_directory = Some(config_directory);
63 self
64 }
65
66 pub fn with_supported_protocol_versions(
67 mut self,
68 supported_protocol_versions: SupportedProtocolVersions,
69 ) -> Self {
70 assert!(self.supported_protocol_versions.is_none());
71 self.supported_protocol_versions = Some(supported_protocol_versions);
72 self
73 }
74
75 pub fn with_unpruned_checkpoints(mut self) -> Self {
76 self.force_unpruned_checkpoints = true;
77 self
78 }
79
80 pub fn with_jwk_fetch_interval(mut self, i: Duration) -> Self {
81 self.jwk_fetch_interval = Some(i);
82 self
83 }
84
85 pub fn with_authority_overload_config(mut self, config: AuthorityOverloadConfig) -> Self {
86 self.authority_overload_config = Some(config);
87 self
88 }
89
90 pub fn with_data_ingestion_dir(mut self, path: PathBuf) -> Self {
91 self.data_ingestion_dir = Some(path);
92 self
93 }
94
95 pub fn with_policy_config(mut self, config: Option<PolicyConfig>) -> Self {
96 self.policy_config = config;
97 self
98 }
99
100 pub fn with_firewall_config(mut self, config: Option<RemoteFirewallConfig>) -> Self {
101 self.firewall_config = config;
102 self
103 }
104
105 pub fn with_max_submit_position(mut self, max_submit_position: usize) -> Self {
106 self.max_submit_position = Some(max_submit_position);
107 self
108 }
109
110 pub fn with_submit_delay_step_override_millis(
111 mut self,
112 submit_delay_step_override_millis: u64,
113 ) -> Self {
114 self.submit_delay_step_override_millis = Some(submit_delay_step_override_millis);
115 self
116 }
117
118 pub fn build_without_genesis(self, validator: ValidatorGenesisConfig) -> NodeConfig {
119 let key_path = get_key_path(&validator.authority_key_pair);
120 let config_directory = self
121 .config_directory
122 .unwrap_or_else(|| tempfile::tempdir().unwrap().into_path());
123 let migration_tx_data_path =
124 Some(config_directory.join(IOTA_GENESIS_MIGRATION_TX_DATA_FILENAME));
125 let db_path = config_directory
126 .join(AUTHORITIES_DB_NAME)
127 .join(key_path.clone());
128 let network_address = validator.network_address;
129 let consensus_db_path = config_directory.join(CONSENSUS_DB_NAME).join(key_path);
130 let localhost = local_ip_utils::localhost_for_testing();
131 let consensus_config = ConsensusConfig {
132 db_path: consensus_db_path,
133 db_retention_epochs: None,
134 db_pruner_period_secs: None,
135 max_pending_transactions: None,
136 max_submit_position: self.max_submit_position,
137 submit_delay_step_override_millis: self.submit_delay_step_override_millis,
138 parameters: Default::default(),
139 };
140
141 let p2p_config = P2pConfig {
142 listen_address: validator.p2p_listen_address.unwrap_or_else(|| {
143 validator
144 .p2p_address
145 .udp_multiaddr_to_listen_address()
146 .unwrap()
147 }),
148 external_address: Some(validator.p2p_address),
149 state_sync: Some(StateSyncConfig {
152 checkpoint_content_timeout_ms: Some(10_000),
153 ..Default::default()
154 }),
155 ..Default::default()
156 };
157
158 let mut pruning_config = AuthorityStorePruningConfig::default();
159 if self.force_unpruned_checkpoints {
160 pruning_config.set_num_epochs_to_retain_for_checkpoints(None);
161 }
162 let pruning_config = pruning_config;
163 let checkpoint_executor_config = CheckpointExecutorConfig {
164 data_ingestion_dir: self.data_ingestion_dir,
165 ..Default::default()
166 };
167
168 NodeConfig {
169 authority_key_pair: AuthorityKeyPairWithPath::new(validator.authority_key_pair),
170 network_key_pair: KeyPairWithPath::new(IotaKeyPair::Ed25519(
171 validator.network_key_pair,
172 )),
173 account_key_pair: KeyPairWithPath::new(validator.account_key_pair),
174 protocol_key_pair: KeyPairWithPath::new(IotaKeyPair::Ed25519(
175 validator.protocol_key_pair,
176 )),
177 db_path,
178 network_address,
179 metrics_address: validator.metrics_address,
180 admin_interface_address: local_ip_utils::new_tcp_address_for_testing(&localhost)
181 .to_socket_addr()
182 .unwrap(),
183 json_rpc_address: local_ip_utils::new_tcp_address_for_testing(&localhost)
184 .to_socket_addr()
185 .unwrap(),
186 consensus_config: Some(consensus_config),
187 remove_deprecated_tables: false,
188 enable_index_processing: default_enable_index_processing(),
189 genesis: Genesis::new_empty(),
190 migration_tx_data_path,
191 grpc_load_shed: None,
192 grpc_concurrency_limit: Some(DEFAULT_GRPC_CONCURRENCY_LIMIT),
193 p2p_config,
194 authority_store_pruning_config: pruning_config,
195 end_of_epoch_broadcast_channel_capacity:
196 default_end_of_epoch_broadcast_channel_capacity(),
197 checkpoint_executor_config,
198 metrics: None,
199 supported_protocol_versions: self.supported_protocol_versions,
200 db_checkpoint_config: Default::default(),
201 indirect_objects_threshold: usize::MAX,
202 expensive_safety_check_config: ExpensiveSafetyCheckConfig::default(),
205 transaction_deny_config: Default::default(),
206 certificate_deny_config: Default::default(),
207 state_debug_dump_config: Default::default(),
208 state_archive_write_config: StateArchiveConfig::default(),
209 state_archive_read_config: vec![],
210 state_snapshot_write_config: StateSnapshotConfig::default(),
211 indexer_max_subscriptions: Default::default(),
212 transaction_kv_store_read_config: Default::default(),
213 transaction_kv_store_write_config: None,
214 enable_rest_api: true,
215 jwk_fetch_interval_seconds: self
216 .jwk_fetch_interval
217 .map(|i| i.as_secs())
218 .unwrap_or(3600),
219 zklogin_oauth_providers: default_zklogin_oauth_providers(),
220 authority_overload_config: self.authority_overload_config.unwrap_or_default(),
221 run_with_range: None,
222 jsonrpc_server_type: None,
223 policy_config: self.policy_config,
224 firewall_config: self.firewall_config,
225 execution_cache: ExecutionCacheConfig::default(),
226 enable_validator_tx_finalizer: true,
227 verifier_signing_config: VerifierSigningConfig::default(),
228 iota_names_config: None,
229 }
230 }
231
232 pub fn build(
233 self,
234 validator: ValidatorGenesisConfig,
235 genesis: iota_config::genesis::Genesis,
236 ) -> NodeConfig {
237 let mut config = self.build_without_genesis(validator);
238 config.genesis = iota_config::node::Genesis::new(genesis);
239 config
240 }
241
242 pub fn build_new_validator<R: rand::RngCore + rand::CryptoRng>(
243 self,
244 rng: &mut R,
245 network_config: &NetworkConfig,
246 ) -> NodeConfig {
247 let validator_config = ValidatorGenesisConfigBuilder::new().build(rng);
248 self.build(validator_config, network_config.genesis.clone())
249 }
250}
251
252#[derive(Clone, Debug, Default)]
253pub struct FullnodeConfigBuilder {
254 config_directory: Option<PathBuf>,
255 rpc_port: Option<u16>,
257 rpc_addr: Option<SocketAddr>,
258 supported_protocol_versions: Option<SupportedProtocolVersions>,
259 db_checkpoint_config: Option<DBCheckpointConfig>,
260 expensive_safety_check_config: Option<ExpensiveSafetyCheckConfig>,
261 db_path: Option<PathBuf>,
262 network_address: Option<Multiaddr>,
263 json_rpc_address: Option<SocketAddr>,
264 metrics_address: Option<SocketAddr>,
265 admin_interface_address: Option<SocketAddr>,
266 genesis: Option<Genesis>,
267 p2p_external_address: Option<Multiaddr>,
268 p2p_listen_address: Option<SocketAddr>,
269 network_key_pair: Option<KeyPairWithPath>,
270 run_with_range: Option<RunWithRange>,
271 policy_config: Option<PolicyConfig>,
272 fw_config: Option<RemoteFirewallConfig>,
273 data_ingestion_dir: Option<PathBuf>,
274}
275
276impl FullnodeConfigBuilder {
277 pub fn new() -> Self {
278 Self::default()
279 }
280
281 pub fn with_config_directory(mut self, config_directory: PathBuf) -> Self {
282 self.config_directory = Some(config_directory);
283 self
284 }
285
286 pub fn with_rpc_port(mut self, port: u16) -> Self {
287 assert!(self.rpc_addr.is_none() && self.rpc_port.is_none());
288 self.rpc_port = Some(port);
289 self
290 }
291
292 pub fn with_rpc_addr(mut self, addr: impl Into<SocketAddr>) -> Self {
293 assert!(self.rpc_addr.is_none() && self.rpc_port.is_none());
294 self.rpc_addr = Some(addr.into());
295 self
296 }
297
298 pub fn with_supported_protocol_versions(mut self, versions: SupportedProtocolVersions) -> Self {
299 self.supported_protocol_versions = Some(versions);
300 self
301 }
302
303 pub fn with_db_checkpoint_config(mut self, db_checkpoint_config: DBCheckpointConfig) -> Self {
304 self.db_checkpoint_config = Some(db_checkpoint_config);
305 self
306 }
307
308 pub fn with_expensive_safety_check_config(
309 mut self,
310 expensive_safety_check_config: ExpensiveSafetyCheckConfig,
311 ) -> Self {
312 self.expensive_safety_check_config = Some(expensive_safety_check_config);
313 self
314 }
315
316 pub fn with_db_path(mut self, db_path: PathBuf) -> Self {
317 self.db_path = Some(db_path);
318 self
319 }
320
321 pub fn with_network_address(mut self, network_address: Multiaddr) -> Self {
322 self.network_address = Some(network_address);
323 self
324 }
325
326 pub fn with_json_rpc_address(mut self, json_rpc_address: impl Into<SocketAddr>) -> Self {
327 self.json_rpc_address = Some(json_rpc_address.into());
328 self
329 }
330
331 pub fn with_metrics_address(mut self, metrics_address: impl Into<SocketAddr>) -> Self {
332 self.metrics_address = Some(metrics_address.into());
333 self
334 }
335
336 pub fn with_admin_interface_address(
337 mut self,
338 admin_interface_address: impl Into<SocketAddr>,
339 ) -> Self {
340 self.admin_interface_address = Some(admin_interface_address.into());
341 self
342 }
343
344 pub fn with_genesis(mut self, genesis: Genesis) -> Self {
345 self.genesis = Some(genesis);
346 self
347 }
348
349 pub fn with_p2p_external_address(mut self, p2p_external_address: Multiaddr) -> Self {
350 self.p2p_external_address = Some(p2p_external_address);
351 self
352 }
353
354 pub fn with_p2p_listen_address(mut self, p2p_listen_address: impl Into<SocketAddr>) -> Self {
355 self.p2p_listen_address = Some(p2p_listen_address.into());
356 self
357 }
358
359 pub fn with_network_key_pair(mut self, network_key_pair: Option<NetworkKeyPair>) -> Self {
360 if let Some(network_key_pair) = network_key_pair {
361 self.network_key_pair =
362 Some(KeyPairWithPath::new(IotaKeyPair::Ed25519(network_key_pair)));
363 }
364 self
365 }
366
367 pub fn with_run_with_range(mut self, run_with_range: Option<RunWithRange>) -> Self {
368 if let Some(run_with_range) = run_with_range {
369 self.run_with_range = Some(run_with_range);
370 }
371 self
372 }
373
374 pub fn with_policy_config(mut self, config: Option<PolicyConfig>) -> Self {
375 self.policy_config = config;
376 self
377 }
378
379 pub fn with_fw_config(mut self, config: Option<RemoteFirewallConfig>) -> Self {
380 self.fw_config = config;
381 self
382 }
383
384 pub fn with_data_ingestion_dir(mut self, path: Option<PathBuf>) -> Self {
385 self.data_ingestion_dir = path;
386 self
387 }
388
389 pub fn build_from_parts<R: rand::RngCore + rand::CryptoRng>(
390 self,
391 rng: &mut R,
392 validator_configs: &[NodeConfig],
393 genesis: iota_config::node::Genesis,
394 ) -> NodeConfig {
395 let validator_config = ValidatorGenesisConfigBuilder::new().build(rng);
398 let ip = validator_config
399 .network_address
400 .to_socket_addr()
401 .unwrap()
402 .ip()
403 .to_string();
404
405 let key_path = get_key_path(&validator_config.authority_key_pair);
406 let config_directory = self
407 .config_directory
408 .unwrap_or_else(|| tempfile::tempdir().unwrap().into_path());
409
410 let migration_tx_data_path =
411 Some(config_directory.join(IOTA_GENESIS_MIGRATION_TX_DATA_FILENAME));
412
413 let p2p_config = {
414 let seed_peers = validator_configs
415 .iter()
416 .map(|config| SeedPeer {
417 peer_id: Some(anemo::PeerId(
418 config.network_key_pair().public().0.to_bytes(),
419 )),
420 address: config.p2p_config.external_address.clone().unwrap(),
421 })
422 .collect();
423
424 P2pConfig {
425 listen_address: self.p2p_listen_address.unwrap_or_else(|| {
426 validator_config.p2p_listen_address.unwrap_or_else(|| {
427 validator_config
428 .p2p_address
429 .udp_multiaddr_to_listen_address()
430 .unwrap()
431 })
432 }),
433 external_address: self
434 .p2p_external_address
435 .or(Some(validator_config.p2p_address.clone())),
436 seed_peers,
437 state_sync: Some(StateSyncConfig {
440 checkpoint_content_timeout_ms: Some(10_000),
441 ..Default::default()
442 }),
443 ..Default::default()
444 }
445 };
446
447 let json_rpc_address = self.rpc_addr.unwrap_or_else(|| {
448 let rpc_port = self
449 .rpc_port
450 .unwrap_or_else(|| local_ip_utils::get_available_port(&ip));
451 format!("{}:{}", ip, rpc_port).parse().unwrap()
452 });
453
454 let checkpoint_executor_config = CheckpointExecutorConfig {
455 data_ingestion_dir: self.data_ingestion_dir,
456 ..Default::default()
457 };
458
459 NodeConfig {
460 authority_key_pair: AuthorityKeyPairWithPath::new(validator_config.authority_key_pair),
461 account_key_pair: KeyPairWithPath::new(validator_config.account_key_pair),
462 protocol_key_pair: KeyPairWithPath::new(IotaKeyPair::Ed25519(
463 validator_config.protocol_key_pair,
464 )),
465 network_key_pair: self.network_key_pair.unwrap_or(KeyPairWithPath::new(
466 IotaKeyPair::Ed25519(validator_config.network_key_pair),
467 )),
468 db_path: self
469 .db_path
470 .unwrap_or(config_directory.join(FULL_NODE_DB_PATH).join(key_path)),
471 network_address: self
472 .network_address
473 .unwrap_or(validator_config.network_address),
474 metrics_address: self
475 .metrics_address
476 .unwrap_or(local_ip_utils::new_local_tcp_socket_for_testing()),
477 admin_interface_address: self
478 .admin_interface_address
479 .unwrap_or(local_ip_utils::new_local_tcp_socket_for_testing()),
480 json_rpc_address: self.json_rpc_address.unwrap_or(json_rpc_address),
481 consensus_config: None,
482 remove_deprecated_tables: false,
483 enable_index_processing: default_enable_index_processing(),
484 genesis,
485 migration_tx_data_path,
486 grpc_load_shed: None,
487 grpc_concurrency_limit: None,
488 p2p_config,
489 authority_store_pruning_config: AuthorityStorePruningConfig::default(),
490 end_of_epoch_broadcast_channel_capacity:
491 default_end_of_epoch_broadcast_channel_capacity(),
492 checkpoint_executor_config,
493 metrics: None,
494 supported_protocol_versions: self.supported_protocol_versions,
495 db_checkpoint_config: self.db_checkpoint_config.unwrap_or_default(),
496 indirect_objects_threshold: usize::MAX,
497 expensive_safety_check_config: self
498 .expensive_safety_check_config
499 .unwrap_or_else(ExpensiveSafetyCheckConfig::new_enable_all),
500 transaction_deny_config: Default::default(),
501 certificate_deny_config: Default::default(),
502 state_debug_dump_config: Default::default(),
503 state_archive_write_config: StateArchiveConfig::default(),
504 state_archive_read_config: vec![],
505 state_snapshot_write_config: StateSnapshotConfig::default(),
506 indexer_max_subscriptions: Default::default(),
507 transaction_kv_store_read_config: Default::default(),
508 transaction_kv_store_write_config: Default::default(),
509 enable_rest_api: true,
510 jwk_fetch_interval_seconds: 3600,
512 zklogin_oauth_providers: default_zklogin_oauth_providers(),
513 authority_overload_config: Default::default(),
514 run_with_range: self.run_with_range,
515 jsonrpc_server_type: None,
516 policy_config: self.policy_config,
517 firewall_config: self.fw_config,
518 execution_cache: ExecutionCacheConfig::default(),
519 enable_validator_tx_finalizer: false,
521 verifier_signing_config: VerifierSigningConfig::default(),
522 iota_names_config: None,
523 }
524 }
525
526 pub fn build<R: rand::RngCore + rand::CryptoRng>(
527 self,
528 rng: &mut R,
529 network_config: &NetworkConfig,
530 ) -> NodeConfig {
531 let genesis = self
532 .genesis
533 .as_ref()
534 .or_else(|| network_config.get_validator_genesis())
535 .cloned()
536 .unwrap_or_else(|| iota_config::node::Genesis::new(network_config.genesis.clone()));
537 self.build_from_parts(rng, network_config.validator_configs(), genesis)
538 }
539}
540
541fn get_key_path(key_pair: &AuthorityKeyPair) -> String {
544 let public_key: AuthorityPublicKeyBytes = key_pair.public().into();
545 let mut key_path = Hex::encode(public_key);
546 key_path.truncate(12);
549 key_path
550}