feat: support secure grpc connections

[rach-id]

Overview

Closes #352

Checklist

• New and updated code has appropriate documentation
• New and updated code has new and/or updated testing
• Required CI checks are passing
• Visual proof for any user facing features like CLI or documentation updates
• Linked issues closed with keywords

Summary by CodeRabbit

• New Features

  • Added a new --grpc-insecure flag to enable gRPC communication over insecure channels.

• Bug Fixes

  • Adjusted function calls to accommodate the new grpcInsecure parameter, ensuring correct behavior based on the user's preference for secure or insecure gRPC connections.

• Tests

  • Updated test cases to reflect the new grpcInsecure parameter in function calls.

[coderabbitai]

Walkthrough

The changes introduced in this diff primarily revolve around the addition of a new flag grpcInsecure to enable gRPC communication over insecure channels. This flag has been integrated into various functions and methods across multiple files, allowing the user to specify whether the gRPC connection should be secure or not. The changes also include modifications to test cases and scripts to accommodate this new feature.

Changes

File(s)	Summary
cmd/blobstream/base/config.go	Added a new flag FlagGRPCInsecure to enable gRPC over insecure channels.
cmd/blobstream/common/helpers.go	Added a new parameter grpcInsecure bool to the function NewTmAndAppQuerier.
cmd/blobstream/deploy/cmd.go, cmd/blobstream/orchestrator/cmd.go, cmd/blobstream/relayer/cmd.go	Modified the Start function to include an additional argument config.grpcInsecure.
cmd/blobstream/deploy/config.go, cmd/blobstream/orchestrator/config.go, cmd/blobstream/relayer/config.go	Added a new flag grpcInsecure to the respective config structs and updated the flag parsing functions.
cmd/blobstream/query/cmd.go	Added a new parameter config.grpcInsecure to the common.NewTmAndAppQuerier() function call in Signers() and Signature() functions.
cmd/blobstream/query/config.go	Added a new flag "grpcInsecure" to the Config struct and updated the parseFlags function to parse this flag.
e2e/qgb_network.go, e2e/relayer_test.go	Modified the Start method of the rpc.AppQuerier to be called with a true argument.
e2e/scripts/...	Added the --grpc.insecure flag to the command line arguments in various scripts.
rpc/app_querier.go	Introduced a new parameter grpcInsecure bool to the Start function in the AppQuerier struct.
rpc/app_querier_test.go	Modified the appQuerier.Start() function calls in various test functions to include a true argument.
testing/qgb.go	Modified the Start() function of the AppQuerier struct to be called with a true argument in NewRelayer and NewOrchestrator functions.

Poem

🐇 Hop, hop, hop, with every key we tap,

Adding flags and tweaking code, closing the security gap. 🛡️

With grpcInsecure now in play, 🎮

We choose the connection, come what may. 🔗

As autumn leaves fall, we code away, 🍂

Celebrating changes, in our own special way. 🎉

So here's to code, and the joy it brings, 🥂

To the rhythm of life, and the song it sings. 🎵

---

Tips

Chat with CodeRabbit Bot (@coderabbitai)

• If you reply to a review comment from CodeRabbit, the bot will automatically respond.
• To engage with CodeRabbit bot directly around the specific lines of code in the PR, mention @coderabbitai in your review comment
• Note: Review comments are made on code diffs or files, not on the PR overview.
• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai help to get help.
• @coderabbitai resolve to resolve all the CodeRabbit review comments.

Note: For conversation with the bot, please use the review comments on code diffs or files.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.json

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between cae6432 and 387844e.

Files selected for processing (19)

• cmd/blobstream/base/config.go (2 hunks)
• cmd/blobstream/common/helpers.go (2 hunks)
• cmd/blobstream/deploy/cmd.go (1 hunks)
• cmd/blobstream/deploy/config.go (4 hunks)
• cmd/blobstream/orchestrator/cmd.go (1 hunks)
• cmd/blobstream/orchestrator/config.go (4 hunks)
• cmd/blobstream/query/cmd.go (2 hunks)
• cmd/blobstream/query/config.go (4 hunks)
• cmd/blobstream/relayer/cmd.go (1 hunks)
• cmd/blobstream/relayer/config.go (4 hunks)
• e2e/qgb_network.go (8 hunks)
• e2e/relayer_test.go (2 hunks)
• e2e/scripts/deploy_blobstream_contract.sh (1 hunks)
• e2e/scripts/start_orchestrator_after_validator_created.sh (1 hunks)
• e2e/scripts/start_relayer.sh (1 hunks)
• orchestrator/orchestrator_test.go (1 hunks)
• rpc/app_querier.go (2 hunks)
• rpc/app_querier_test.go (9 hunks)
• testing/qgb.go (2 hunks)

Files skipped from review due to trivial changes (5)

• cmd/blobstream/base/config.go
• e2e/scripts/deploy_blobstream_contract.sh
• e2e/scripts/start_orchestrator_after_validator_created.sh
• e2e/scripts/start_relayer.sh
• testing/qgb.go

Additional comments: 37

cmd/blobstream/orchestrator/cmd.go (1)

• 57-63: The NewTmAndAppQuerier function now accepts an additional argument config.grpcInsecure. Ensure that all calls to this function throughout the codebase have been updated to match the new signature. Also, make sure that the grpcInsecure flag is properly validated before being passed to the function.

cmd/blobstream/relayer/cmd.go (1)

• 97-103: The NewTmAndAppQuerier function now accepts an additional argument config.grpcInsecure. Ensure that all calls to this function throughout the codebase have been updated to match the new signature. Also, verify that the grpcInsecure flag is being set correctly based on user input or configuration.

rpc/app_querier.go (2)

• 2-11: The imports are correctly organized and necessary for the code in this file.

• 28-45: The Start function has been updated to accept a new parameter grpcInsecure. This parameter is used to determine whether to establish a secure or insecure gRPC connection. The error handling for the grpc.Dial function is correctly implemented. Ensure that all calls to this function throughout the codebase have been updated to match the new signature.

rpc/app_querier_test.go (1)

• 126-130: The Start function now accepts a boolean argument to indicate whether the gRPC connection should be insecure or not. Ensure that all calls to this function throughout the codebase have been updated to match the new signature. Also, consider the implications of using insecure connections in a production environment. It's generally recommended to use secure connections, especially when dealing with sensitive data.

cmd/blobstream/deploy/cmd.go (1)

• 44-50: The Start function now accepts a boolean parameter to indicate whether the gRPC connection should be insecure or not. Ensure that all calls to this function throughout the codebase have been updated to match the new signature. Also, consider the implications of allowing insecure gRPC connections. While this may be useful for testing or development environments, it could pose a security risk in a production environment. It's recommended to ensure that this option is clearly documented and that users are warned of the potential risks.

e2e/relayer_test.go (2)

• 183-187: The Start method of appQuerier is now called with true as an argument, which indicates that the gRPC connection should be insecure. Ensure that this is the intended behavior and that it doesn't introduce any security vulnerabilities.

• 270-274: The Start method of appQuerier is now called with true as an argument, which indicates that the gRPC connection should be insecure. Ensure that this is the intended behavior and that it doesn't introduce any security vulnerabilities.

orchestrator/orchestrator_test.go (1)

• 182-185: The Start method of appQuerier is now called with true as an argument, which means that the gRPC connection will be insecure. Ensure that this is the intended behavior and that it doesn't introduce any security vulnerabilities.

- require.NoError(s.T(), appQuerier.Start(true))
+ require.NoError(s.T(), appQuerier.Start(false))

cmd/blobstream/relayer/config.go (4)

• 49-49: The addRelayerStartFlags function has been updated to include the grpcInsecure flag. Ensure that all calls to this function throughout the codebase have been updated to match the new signature.

• 63-63: The StartConfig struct has been updated to include the grpcInsecure field. Ensure that all instances of this struct throughout the codebase have been updated to include this new field.

• 140-143: The parseRelayerStartFlags function has been updated to parse the grpcInsecure flag. Ensure that all calls to this function throughout the codebase have been updated to match the new signature.

• 160-160: The StartConfig struct is being returned with the grpcInsecure field set. Ensure that all instances where this struct is being used have been updated to handle this new field.

cmd/blobstream/orchestrator/config.go (4)

• 37-41: The addOrchestratorFlags function has been updated to include the AddGRPCInsecureFlag function call. This adds the --grpc-insecure flag to the command.

• 47-51: The StartConfig struct now includes a grpcInsecure field of type bool. This field will hold the value of the --grpc-insecure flag.

• 101-107: The parseOrchestratorFlags function has been updated to parse the --grpc-insecure flag and store its value in the grpcInsecure variable.

• 117-123: > Note: This review was outside of the patch, so it was mapped to the patch with the greatest overlap. Original lines [109-121]

The StartConfig struct is now initialized with the grpcInsecure field set to the value of the --grpc-insecure flag.

cmd/blobstream/deploy/config.go (4)

• 42-46: The addDeployFlags function has been updated to include the AddGRPCInsecureFlag function call. This adds the --grpc-insecure flag to the command. Ensure that the AddGRPCInsecureFlag function correctly adds the flag and that it defaults to false.

• 53-57: The deployConfig struct now includes a grpcInsecure field. This field will hold the value of the --grpc-insecure flag.

• 103-109: The parseDeployFlags function has been updated to parse the --grpc-insecure flag and assign its value to the grpcInsecure field in the deployConfig struct. Ensure that the flag is correctly parsed and that any errors are properly handled.

• 119-123: The grpcInsecure field is now included in the deployConfig struct returned by the parseDeployFlags function. Ensure that the value of this field is correctly used in the rest of the codebase.

cmd/blobstream/common/helpers.go (2)

• 27-30: The function signature has been updated to include a new parameter grpcInsecure bool. Ensure that all calls to this function throughout the codebase have been updated to match the new signature.

• 48-48: The function call appQuerier.Start() has been updated to appQuerier.Start(grpcInsecure). This change allows the caller to specify whether the gRPC connection should be insecure or not. Ensure that the Start function in the AppQuerier struct has been updated to accept this new parameter.

cmd/blobstream/query/cmd.go (2)

• 75-81: The changes made here are correct and align with the pull request summary. The common.NewTmAndAppQuerier() function now accepts an additional argument config.grpcInsecure which is used to determine whether the gRPC connection should be insecure or not. The stops variable is also correctly appended with the returned stops value from common.NewTmAndAppQuerier(). Ensure that all calls to common.NewTmAndAppQuerier() throughout the codebase have been updated to match the new signature.

• 358-364: The changes made here are correct and align with the pull request summary. The common.NewTmAndAppQuerier() function now accepts an additional argument config.grpcInsecure which is used to determine whether the gRPC connection should be insecure or not. The stops variable is also correctly appended with the returned stops value from common.NewTmAndAppQuerier(). Ensure that all calls to common.NewTmAndAppQuerier() throughout the codebase have been updated to match the new signature.

cmd/blobstream/query/config.go (4)

• 3-10: The new import statement is correctly added. Ensure that the package is available in the project dependencies.

• 21-24: The new flag is correctly added to the command. Ensure that the flag is documented in the user guide or help command.

• 30-34: The new field is correctly added to the Config struct. Ensure that the field is used in the rest of the codebase.

• 58-72: The new flag is correctly parsed and added to the Config struct. Ensure that error handling is consistent with the rest of the codebase.

e2e/qgb_network.go (8)

• 423-426: Ensure that the Start method of appQuerier can handle the true argument correctly and that it doesn't introduce any security vulnerabilities due to the insecure gRPC connection.

• 494-497: Same as above.

• 542-545: Same as above.

• 605-608: Same as above.

• 654-657: Same as above.

• 675-678: Same as above.

• 697-700: Same as above.

• 995-998: Same as above.

[codecov-commenter]

Codecov Report

Merging #576 (387844e) into main (cae6432) will decrease coverage by 0.15%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main     #576      +/-   ##
==========================================
- Coverage   34.98%   34.84%   -0.15%     
==========================================
  Files          27       27              
  Lines        2221     2230       +9     
==========================================
  Hits          777      777              
- Misses       1351     1360       +9     
  Partials       93       93              

Files	Coverage Δ
rpc/app_querier.go	0.00% <0.00%> (ø)

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 387844e and 95df2a0.

Files selected for processing (1)

• e2e/scripts/start_orchestrator_after_validator_created.sh (2 hunks)

Additional comments: 2

e2e/scripts/start_orchestrator_after_validator_created.sh (2)

• 53-59: The --grpc.insecure flag is added to the command-line arguments. This flag enables insecure gRPC communication. Ensure that this flag is used responsibly and only in environments where security is not a concern, such as local testing or development. In production environments, secure communication should always be used.

• 67-73: The --grpc.insecure flag is added to the command-line arguments. This flag enables insecure gRPC communication. Ensure that this flag is used responsibly and only in environments where security is not a concern, such as local testing or development. In production environments, secure communication should always be used.

[evan-forbes]

does comet/sdk even support secure?

[rach-id]

Secure grpc is supported not rpc