Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add jwt based token auth to the engine api calls #3777

Merged
merged 10 commits into from
Feb 28, 2022
Merged

Add jwt based token auth to the engine api calls #3777

merged 10 commits into from
Feb 28, 2022

Conversation

g11tech
Copy link
Contributor

@g11tech g11tech commented Feb 19, 2022
edited
Loading

Motivation
Kiln spec v2 mandates jwt based auth for engine api calls to EL, using a shared jwt-secret fovided via a hex encoded file.

This PR implements providing the file with hex encoded 256 bit secret via cli param --jwt-secret /path/to/jwtsecret/file.
Description
Part of Kiln tracker
TODO:

  • instead of passing secret read from file and authenticate its length as per spec
  • test it against geth
  • Update CI sim merge for geth

@g11tech g11tech marked this pull request as draft February 19, 2022 20:06
@codecov
Copy link

codecov bot commented Feb 19, 2022
edited
Loading

Codecov Report

Merging #3777 (46e723b) into master (2a530d8) will decrease coverage by 0.92%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #3777      +/-   ##
==========================================
- Coverage   36.77%   35.84%   -0.93%     
==========================================
  Files         322      324       +2     
  Lines        8812     9353     +541     
  Branches     1371     1534     +163     
==========================================
+ Hits         3241     3353     +112     
- Misses       5429     5852     +423     
- Partials      142      148       +6

@github-actions
Copy link
Contributor

github-actions bot commented Feb 19, 2022
edited
Loading

Performance Report

✔️ no performance regression detected

Full benchmark results
Benchmark suite Current: 8aaf754 Previous: 07fbc13 Ratio
BeaconState.hashTreeRoot - No change 567.00 ns/op 664.00 ns/op 0.85
BeaconState.hashTreeRoot - 1 full validator 82.168 us/op 96.317 us/op 0.85
BeaconState.hashTreeRoot - 32 full validator 1.1841 ms/op 1.3798 ms/op 0.86
BeaconState.hashTreeRoot - 512 full validator 16.216 ms/op 18.348 ms/op 0.88
BeaconState.hashTreeRoot - 1 validator.effectiveBalance 80.875 us/op 97.555 us/op 0.83
BeaconState.hashTreeRoot - 32 validator.effectiveBalance 1.5762 ms/op 1.8987 ms/op 0.83
BeaconState.hashTreeRoot - 512 validator.effectiveBalance 19.006 ms/op 21.350 ms/op 0.89
BeaconState.hashTreeRoot - 1 balances 52.095 us/op 72.658 us/op 0.72
BeaconState.hashTreeRoot - 32 balances 499.71 us/op 584.08 us/op 0.86
BeaconState.hashTreeRoot - 512 balances 5.0734 ms/op 5.7192 ms/op 0.89
BeaconState.hashTreeRoot - 250000 balances 89.414 ms/op 107.04 ms/op 0.84
processSlot - 1 slots 42.984 us/op 44.658 us/op 0.96
processSlot - 32 slots 2.1505 ms/op 2.3765 ms/op 0.90
getCommitteeAssignments - req 1 vs - 250000 vc 5.2763 ms/op 6.2149 ms/op 0.85
getCommitteeAssignments - req 100 vs - 250000 vc 7.4569 ms/op 8.6775 ms/op 0.86
getCommitteeAssignments - req 1000 vs - 250000 vc 7.9515 ms/op 9.2997 ms/op 0.86
computeProposers - vc 250000 21.574 ms/op 24.521 ms/op 0.88
computeEpochShuffling - vc 250000 191.17 ms/op 218.19 ms/op 0.88
getNextSyncCommittee - vc 250000 352.27 ms/op 393.95 ms/op 0.89
altair processAttestation - 250000 vs - 7PWei normalcase 32.013 ms/op 36.299 ms/op 0.88
altair processAttestation - 250000 vs - 7PWei worstcase 36.582 ms/op 41.873 ms/op 0.87
altair processAttestation - setStatus - 1/6 committees join 13.955 ms/op 13.419 ms/op 1.04
altair processAttestation - setStatus - 1/3 committees join 23.807 ms/op 26.960 ms/op 0.88
altair processAttestation - setStatus - 1/2 committees join 35.451 ms/op 39.938 ms/op 0.89
altair processAttestation - setStatus - 2/3 committees join 48.601 ms/op 57.805 ms/op 0.84
altair processAttestation - setStatus - 4/5 committees join 59.303 ms/op 62.496 ms/op 0.95
altair processAttestation - setStatus - 100% committees join 74.078 ms/op 77.700 ms/op 0.95
altair processAttestation - updateEpochParticipants - 1/6 committees join 12.657 ms/op 14.324 ms/op 0.88
altair processAttestation - updateEpochParticipants - 1/3 committees join 26.322 ms/op 25.637 ms/op 1.03
altair processAttestation - updateEpochParticipants - 1/2 committees join 21.147 ms/op 22.667 ms/op 0.93
altair processAttestation - updateEpochParticipants - 2/3 committees join 36.829 ms/op 24.378 ms/op 1.51
altair processAttestation - updateEpochParticipants - 4/5 committees join 21.116 ms/op 25.109 ms/op 0.84
altair processAttestation - updateEpochParticipants - 100% committees join 21.719 ms/op 26.791 ms/op 0.81
altair processAttestation - updateAllStatus 18.469 ms/op 21.995 ms/op 0.84
altair processBlock - 250000 vs - 7PWei normalcase 34.205 ms/op 43.246 ms/op 0.79
altair processBlock - 250000 vs - 7PWei worstcase 103.40 ms/op 116.10 ms/op 0.89
altair processEpoch - mainnet_e81889 790.54 ms/op 899.73 ms/op 0.88
mainnet_e81889 - altair beforeProcessEpoch 314.84 ms/op 321.56 ms/op 0.98
mainnet_e81889 - altair processJustificationAndFinalization 54.581 us/op 71.228 us/op 0.77
mainnet_e81889 - altair processInactivityUpdates 18.395 ms/op 20.138 ms/op 0.91
mainnet_e81889 - altair processRewardsAndPenalties 162.23 ms/op 106.42 ms/op 1.52
mainnet_e81889 - altair processRegistryUpdates 5.7470 us/op 10.651 us/op 0.54
mainnet_e81889 - altair processSlashings 1.0930 us/op 3.2040 us/op 0.34
mainnet_e81889 - altair processEth1DataReset 1.0620 us/op 3.0610 us/op 0.35
mainnet_e81889 - altair processEffectiveBalanceUpdates 6.3065 ms/op 7.6049 ms/op 0.83
mainnet_e81889 - altair processSlashingsReset 9.1540 us/op 15.681 us/op 0.58
mainnet_e81889 - altair processRandaoMixesReset 12.578 us/op 19.802 us/op 0.64
mainnet_e81889 - altair processHistoricalRootsUpdate 1.3470 us/op 4.0440 us/op 0.33
mainnet_e81889 - altair processParticipationFlagUpdates 67.182 ms/op 78.764 ms/op 0.85
mainnet_e81889 - altair processSyncCommitteeUpdates 1.2470 us/op 2.6240 us/op 0.48
mainnet_e81889 - altair afterProcessEpoch 223.30 ms/op 263.85 ms/op 0.85
altair processInactivityUpdates - 250000 normalcase 80.581 ms/op 82.511 ms/op 0.98
altair processInactivityUpdates - 250000 worstcase 74.221 ms/op 80.324 ms/op 0.92
altair processParticipationFlagUpdates - 250000 anycase 61.357 ms/op 70.351 ms/op 0.87
altair processRewardsAndPenalties - 250000 normalcase 86.745 ms/op 113.33 ms/op 0.77
altair processRewardsAndPenalties - 250000 worstcase 99.430 ms/op 92.528 ms/op 1.07
altair processSyncCommitteeUpdates - 250000 360.77 ms/op 406.80 ms/op 0.89
Tree 40 250000 create 743.42 ms/op 706.30 ms/op 1.05
Tree 40 250000 get(125000) 331.78 ns/op 388.78 ns/op 0.85
Tree 40 250000 set(125000) 2.2259 us/op 2.2607 us/op 0.98
Tree 40 250000 toArray() 41.524 ms/op 44.874 ms/op 0.93
Tree 40 250000 iterate all - toArray() + loop 41.583 ms/op 44.657 ms/op 0.93
Tree 40 250000 iterate all - get(i) 120.83 ms/op 141.75 ms/op 0.85
MutableVector 250000 create 22.300 ms/op 24.621 ms/op 0.91
MutableVector 250000 get(125000) 13.022 ns/op 14.777 ns/op 0.88
MutableVector 250000 set(125000) 625.55 ns/op 614.55 ns/op 1.02
MutableVector 250000 toArray() 9.1621 ms/op 10.090 ms/op 0.91
MutableVector 250000 iterate all - toArray() + loop 9.2872 ms/op 10.476 ms/op 0.89
MutableVector 250000 iterate all - get(i) 3.7731 ms/op 4.4898 ms/op 0.84
Array 250000 create 6.1786 ms/op 6.3313 ms/op 0.98
Array 250000 clone - spread 2.6557 ms/op 2.7367 ms/op 0.97
Array 250000 get(125000) 1.2320 ns/op 1.3140 ns/op 0.94
Array 250000 set(125000) 1.1940 ns/op 1.3000 ns/op 0.92
Array 250000 iterate all - loop 169.16 us/op 200.35 us/op 0.84
effectiveBalanceIncrements clone Uint8Array 300000 86.300 us/op 76.547 us/op 1.13
effectiveBalanceIncrements clone MutableVector 300000 821.00 ns/op 596.00 ns/op 1.38
effectiveBalanceIncrements rw all Uint8Array 300000 301.96 us/op 360.46 us/op 0.84
effectiveBalanceIncrements rw all MutableVector 300000 219.30 ms/op 188.06 ms/op 1.17
aggregationBits - 2048 els - readonlyValues 197.89 us/op 207.39 us/op 0.95
aggregationBits - 2048 els - zipIndexesInBitList 41.010 us/op 35.843 us/op 1.14
regular array get 100000 times 67.437 us/op 80.448 us/op 0.84
wrappedArray get 100000 times 67.419 us/op 80.838 us/op 0.83
arrayWithProxy get 100000 times 29.099 ms/op 39.779 ms/op 0.73
ssz.Root.equals 1.1590 us/op 1.3090 us/op 0.89
ssz.Root.equals with valueOf() 1.3800 us/op 1.4800 us/op 0.93
byteArrayEquals with valueOf() 1.3620 us/op 1.4430 us/op 0.94
phase0 processBlock - 250000 vs - 7PWei normalcase 8.3416 ms/op 9.0563 ms/op 0.92
phase0 processBlock - 250000 vs - 7PWei worstcase 75.484 ms/op 84.038 ms/op 0.90
phase0 afterProcessEpoch - 250000 vs - 7PWei 229.24 ms/op 243.81 ms/op 0.94
phase0 beforeProcessEpoch - 250000 vs - 7PWei 555.66 ms/op 616.03 ms/op 0.90
phase0 processEpoch - mainnet_e58758 781.63 ms/op 866.14 ms/op 0.90
mainnet_e58758 - phase0 beforeProcessEpoch 431.01 ms/op 475.30 ms/op 0.91
mainnet_e58758 - phase0 processJustificationAndFinalization 54.131 us/op 69.864 us/op 0.77
mainnet_e58758 - phase0 processRewardsAndPenalties 113.93 ms/op 108.22 ms/op 1.05
mainnet_e58758 - phase0 processRegistryUpdates 36.835 us/op 48.110 us/op 0.77
mainnet_e58758 - phase0 processSlashings 1.1220 us/op 3.5760 us/op 0.31
mainnet_e58758 - phase0 processEth1DataReset 1.1500 us/op 2.8500 us/op 0.40
mainnet_e58758 - phase0 processEffectiveBalanceUpdates 5.1950 ms/op 6.2363 ms/op 0.83
mainnet_e58758 - phase0 processSlashingsReset 7.0450 us/op 13.701 us/op 0.51
mainnet_e58758 - phase0 processRandaoMixesReset 11.002 us/op 16.777 us/op 0.66
mainnet_e58758 - phase0 processHistoricalRootsUpdate 1.2700 us/op 3.9530 us/op 0.32
mainnet_e58758 - phase0 processParticipationRecordUpdates 7.9620 us/op 12.234 us/op 0.65
mainnet_e58758 - phase0 afterProcessEpoch 182.16 ms/op 213.27 ms/op 0.85
phase0 processEffectiveBalanceUpdates - 250000 normalcase 6.0154 ms/op 7.1387 ms/op 0.84
phase0 processEffectiveBalanceUpdates - 250000 worstcase 0.5 6.3994 ms/op 7.6967 ms/op 0.83
phase0 processRegistryUpdates - 250000 normalcase 36.001 us/op 46.600 us/op 0.77
phase0 processRegistryUpdates - 250000 badcase_full_deposits 3.0395 ms/op 3.1985 ms/op 0.95
phase0 processRegistryUpdates - 250000 worstcase 0.5 1.7860 s/op 1.7944 s/op 1.00
phase0 getAttestationDeltas - 250000 normalcase 15.526 ms/op 15.133 ms/op 1.03
phase0 getAttestationDeltas - 250000 worstcase 13.157 ms/op 15.116 ms/op 0.87
phase0 processSlashings - 250000 worstcase 39.180 ms/op 38.921 ms/op 1.01
shuffle list - 16384 els 13.176 ms/op 15.493 ms/op 0.85
shuffle list - 250000 els 188.58 ms/op 221.67 ms/op 0.85
getEffectiveBalanceIncrementsZeroInactive - 250000 vs - 7PWei 470.49 us/op 543.61 us/op 0.87
pass gossip attestations to forkchoice per slot 14.959 ms/op 16.536 ms/op 0.90
computeDeltas 3.4325 ms/op 3.6621 ms/op 0.94
computeProposerBoostScoreFromBalances 503.34 us/op 598.66 us/op 0.84
getPubkeys - index2pubkey - req 1000 vs - 250000 vc 2.5330 ms/op 2.1812 ms/op 1.16
getPubkeys - validatorsArr - req 1000 vs - 250000 vc 731.78 us/op 930.51 us/op 0.79
BLS verify - blst-native 1.8615 ms/op 2.1979 ms/op 0.85
BLS verifyMultipleSignatures 3 - blst-native 3.8178 ms/op 4.5344 ms/op 0.84
BLS verifyMultipleSignatures 8 - blst-native 8.2338 ms/op 9.7643 ms/op 0.84
BLS verifyMultipleSignatures 32 - blst-native 29.879 ms/op 35.440 ms/op 0.84
BLS aggregatePubkeys 32 - blst-native 39.863 us/op 48.541 us/op 0.82
BLS aggregatePubkeys 128 - blst-native 154.01 us/op 182.50 us/op 0.84
getAttestationsForBlock 62.625 ms/op 67.698 ms/op 0.93
CheckpointStateCache - add get delete 18.833 us/op 21.041 us/op 0.90
validate gossip signedAggregateAndProof - struct 4.5003 ms/op 5.3052 ms/op 0.85
validate gossip signedAggregateAndProof - treeBacked 4.4362 ms/op 5.1998 ms/op 0.85
validate gossip attestation - struct 2.1025 ms/op 2.4892 ms/op 0.84
validate gossip attestation - treeBacked 2.1029 ms/op 2.5137 ms/op 0.84
pickEth1Vote - no votes 9.8354 ms/op 10.082 ms/op 0.98
pickEth1Vote - max votes 52.091 ms/op 56.962 ms/op 0.91
pickEth1Vote - Eth1Data hashTreeRoot value x2048 25.460 ms/op 29.039 ms/op 0.88
pickEth1Vote - Eth1Data hashTreeRoot tree x2048 9.6054 ms/op 11.011 ms/op 0.87
pickEth1Vote - Eth1Data fastSerialize value x2048 5.4635 ms/op 5.8755 ms/op 0.93
pickEth1Vote - Eth1Data fastSerialize tree x2048 25.062 ms/op 26.351 ms/op 0.95
bytes32 toHexString 1.8010 us/op 1.8810 us/op 0.96
bytes32 Buffer.toString(hex) 749.00 ns/op 795.00 ns/op 0.94
bytes32 Buffer.toString(hex) from Uint8Array 1.0130 us/op 1.0980 us/op 0.92
bytes32 Buffer.toString(hex) + 0x 749.00 ns/op 805.00 ns/op 0.93
Object access 1 prop 0.35500 ns/op 0.39500 ns/op 0.90
Map access 1 prop 0.30100 ns/op 0.34500 ns/op 0.87
Object get x1000 17.460 ns/op 20.294 ns/op 0.86
Map get x1000 0.98100 ns/op 1.2500 ns/op 0.78
Object set x1000 110.39 ns/op 122.30 ns/op 0.90
Map set x1000 69.340 ns/op 76.582 ns/op 0.91
Return object 10000 times 0.37270 ns/op 0.44620 ns/op 0.84
Throw Error 10000 times 5.8169 us/op 6.8722 us/op 0.85
enrSubnets - fastDeserialize 64 bits 1.3290 us/op 1.4690 us/op 0.90
enrSubnets - ssz BitVector 64 bits 16.557 us/op 19.582 us/op 0.85
enrSubnets - fastDeserialize 4 bits 470.00 ns/op 530.00 ns/op 0.89
enrSubnets - ssz BitVector 4 bits 2.9310 us/op 3.3710 us/op 0.87
RateTracker 1000000 limit, 1 obj count per request 181.01 ns/op 211.99 ns/op 0.85
RateTracker 1000000 limit, 2 obj count per request 135.92 ns/op 159.25 ns/op 0.85
RateTracker 1000000 limit, 4 obj count per request 113.85 ns/op 131.65 ns/op 0.86
RateTracker 1000000 limit, 8 obj count per request 102.33 ns/op 121.82 ns/op 0.84
RateTracker with prune 4.1910 us/op 4.2850 us/op 0.98
array of 16000 items push then shift 3.1587 us/op 3.7271 us/op 0.85
LinkedList of 16000 items push then shift 16.804 ns/op 18.554 ns/op 0.91
array of 16000 items push then pop 204.99 ns/op 233.00 ns/op 0.88
LinkedList of 16000 items push then pop 16.365 ns/op 18.998 ns/op 0.86
array of 24000 items push then shift 4.5554 us/op 5.4213 us/op 0.84
LinkedList of 24000 items push then shift 20.149 ns/op 21.443 ns/op 0.94
array of 24000 items push then pop 204.92 ns/op 229.77 ns/op 0.89
LinkedList of 24000 items push then pop 17.984 ns/op 20.455 ns/op 0.88

by benchmarkbot/action

@g11tech g11tech mentioned this pull request Feb 20, 2022
Closed
14 tasks
@g11tech g11tech marked this pull request as ready for review February 20, 2022 13:25
@g11tech g11tech marked this pull request as draft February 20, 2022 13:28
@g11tech g11tech marked this pull request as ready for review February 21, 2022 18:17
@ryanio ryanio mentioned this pull request Feb 22, 2022
Closed
4 tasks
dapplion
dapplion approved these changes Feb 28, 2022
View reviewed changes
Copy link
Contributor

@dapplion dapplion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Thank you!

@g11tech g11tech merged commit 53bf6c4 into master Feb 28, 2022
@g11tech g11tech deleted the g11tech/jwtengineauth branch February 28, 2022 07:29
@dapplion dapplion mentioned this pull request Mar 2, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dapplion dapplion dapplion approved these changes

@twoeths twoeths twoeths left review comments

@wemeetagain wemeetagain Awaiting requested review from wemeetagain

@philknows philknows Awaiting requested review from philknows

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@g11tech @twoeths @dapplion