rofl-scheduler: Read offer access policy from on-chain metadata#2485
rofl-scheduler: Read offer access policy from on-chain metadata#2485anzoman wants to merge 1 commit into
Conversation
✅ Deploy Preview for oasisprotocol-oasis-sdk canceled.
|
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2485 +/- ##
==========================================
+ Coverage 51.29% 51.50% +0.20%
==========================================
Files 237 237
Lines 17236 17179 -57
==========================================
+ Hits 8842 8848 +6
+ Misses 8334 8271 -63
Partials 60 60 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
Move the per-offer allowed_creators and allowed_artifacts access policy
out of the scheduler's local node config and into on-chain offer
metadata, so a provider can change it with a transaction instead of
editing the node config and restarting the machine.
The scheduler now reads these well-known offer metadata keys each round:
- net.oasis.scheduler.offer.allowed_creators: comma-separated creator
addresses; empty or absent means all creators are allowed.
- net.oasis.scheduler.offer.allowed_artifacts.<kind>: comma-separated
allowed artifact hashes per kind; an absent kind allows all.
- net.oasis.scheduler.offer.private: marks an offer private so it can
be hidden from normal offer listings. Read but not acted on by the
scheduler.
The global allowed_creators and allowed_artifacts fields are removed from
the local config (no fallback); RawLocalConfig now ignores unknown fields
so existing configs still load. Matching metadata-key constants are added
to the Go client SDK for use by the CLI.
77aad7b to
cc93e2d
Compare
kostko
left a comment
There was a problem hiding this comment.
This makes sense to me, have you done any tests with an actual scheduler? Before this can be deployed all existing offers need to be updated to use this metadata, right?
matevz
left a comment
There was a problem hiding this comment.
Do I remember correctly the current offer is copied over to machine once you deploy your app? And this copied offer is read in the new rofl-scheduler code instead of the latest on-chain offer? So if someone changes offer Metadata afterwards, those won't be reflected in the existing ROFL replica until it's redeployed.
|
|
||
| let private = metadata | ||
| .get(METADATA_KEY_OFFER_PRIVATE) | ||
| .map(|v| is_truthy(v)) |
There was a problem hiding this comment.
v should be clearly defined by the metadata format and then implemented in CLI accordingly. I'd use "1".
Moves per-offer
allowed_creatorsandallowed_artifactsfrom the scheduler's local node config to on-chain offer metadata, so providers can change access policy with a transaction instead of editing the node config and restarting the machine. The scheduler parses anOfferPolicyfrom each offer's metadata every round (keysallowed_creators,allowed_artifacts.<kind>, and aprivatelisting hint); matching constants are added to the Go SDK for the CLI. The global local-config fields are removed with no fallback.Implements #2475.