smartcontractkit
diff --git a/‎core/scripts/cre/environment/configs/workflow-gateway-don-aptos.toml‎
Lines changed: 2 additions & 9 deletions b/‎core/scripts/cre/environment/configs/workflow-gateway-don-aptos.toml‎
Lines changed: 2 additions & 9 deletions
diff --git a/‎core/scripts/cre/environment/environment/environment.go‎
Lines changed: 9 additions & 1 deletion b/‎core/scripts/cre/environment/environment/environment.go‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎deployment/cre/jobs/propose_job_spec.go‎
Lines changed: 1 addition & 1 deletion b/‎deployment/cre/jobs/propose_job_spec.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎deployment/cre/jobs/types/job_spec.go‎
Lines changed: 2 additions & 3 deletions b/‎deployment/cre/jobs/types/job_spec.go‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎deployment/cre/jobs/types/job_spec_test.go‎
Lines changed: 7 additions & 7 deletions b/‎deployment/cre/jobs/types/job_spec_test.go‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎system-tests/lib/cre/contracts/keystone.go‎
Lines changed: 4 additions & 4 deletions b/‎system-tests/lib/cre/contracts/keystone.go‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎system-tests/lib/cre/don.go‎
Lines changed: 46 additions & 18 deletions b/‎system-tests/lib/cre/don.go‎
Lines changed: 46 additions & 18 deletions
diff --git a/‎system-tests/lib/cre/don/config/config.go‎
Lines changed: 1 addition & 1 deletion b/‎system-tests/lib/cre/don/config/config.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎system-tests/lib/cre/don_test.go‎
Lines changed: 44 additions & 28 deletions b/‎system-tests/lib/cre/don_test.go‎
Lines changed: 44 additions & 28 deletions
@@ -16,12 +16,6 @@
   # change to your version
   image = "job-distributor:0.22.1"
 
-[fake]
-  port = 8171
-
-[fake_http]
-  port = 8666
-
 #[s3provider]
 #  # use all defaults
 #  port = 9000
@@ -39,8 +33,8 @@
   http_port_range_start = 10100
 
   supported_evm_chains = [1337]
-  env_vars = { CL_EVM_CMD = "", HOME = "/tmp", CL_CRE_SETTINGS_DEFAULT = '{"PerWorkflow":{"CapabilityCallTimeout":"5m0s","ChainAllowed":{"Default":"false","Values":{"1337":"true","4457093679053095497":"true"}},"ChainWrite":{"EVM":{"GasLimit":{"Default":"5000000","Values":{"1337":"10000000"}}}}}}' }
-  capabilities = ["ocr3", "custom-compute", "web-api-trigger", "cron", "http-action", "http-trigger", "consensus", "don-time", "write-evm-1337", "read-contract-1337", "read-contract-4", "write-aptos-4", "evm-1337"]
+  env_vars = { CL_CRE_SETTINGS_DEFAULT = '{"PerWorkflow":{"CapabilityCallTimeout":"5m0s","ChainAllowed":{"Default":"false","Values":{"1337":"true","4457093679053095497":"true"}},"ChainWrite":{"EVM":{"GasLimit":{"Default":"5000000","Values":{"1337":"10000000"}}}}}}' }
+  capabilities = ["cron", "consensus", "read-contract-4", "write-aptos-4"]
   registry_based_launch_allowlist = ["cron-trigger@1.0.0"]
 
   [nodesets.db]
@@ -63,7 +57,6 @@
   override_mode = "each"
   http_port_range_start = 10300
 
-  env_vars = { CL_EVM_CMD = "", HOME = "/tmp" }
   supported_evm_chains = [1337]
 
   [nodesets.db]
 
@@ -336,8 +336,16 @@ func startCmd() *cobra.Command {
 			}
 
 			features := feature_set.New()
+			extraAllowedPorts := append([]int(nil), extraAllowedGatewayPorts...)
+			if in.Fake != nil {
+				extraAllowedPorts = append(extraAllowedPorts, in.Fake.Port)
+			}
+			if in.FakeHTTP != nil {
+				extraAllowedPorts = append(extraAllowedPorts, in.FakeHTTP.Port)
+			}
+
 			gatewayWhitelistConfig := gateway.WhitelistConfig{
-				ExtraAllowedPorts:   append(extraAllowedGatewayPorts, in.Fake.Port, in.FakeHTTP.Port),
+				ExtraAllowedPorts:   extraAllowedPorts,
 				ExtraAllowedIPsCIDR: []string{"0.0.0.0/0"},
 			}
 			output, startErr := StartCLIEnvironment(cmdContext, relativePathToRepoRoot, in, nil, features, nil, envDependencies, gatewayWhitelistConfig)
 
@@ -91,7 +91,7 @@ func (u ProposeJobSpec) Apply(e cldf.Environment, input ProposeJobSpecInput) (cl
 	switch input.Template {
 	// This will hold all standard capabilities jobs as we add support for them.
 	case job_types.EVM, job_types.Cron, job_types.HTTPTrigger, job_types.HTTPAction, job_types.ConfidentialHTTP, job_types.Consensus, job_types.WebAPITrigger, job_types.WebAPITarget, job_types.CustomCompute, job_types.LogEventTrigger, job_types.ReadContract, job_types.Solana:
-		job, err := input.Inputs.ToStandardCapabilityJob(input.JobName, false)
+		job, err := input.Inputs.ToStandardCapabilityJob(input.JobName)
 		if err != nil {
 			return cldf.ChangesetOutput{}, fmt.Errorf("failed to convert inputs to standard capability job: %w", err)
 		}
 
@@ -30,10 +30,9 @@ func (j JobSpecInput) UnmarshalFrom(source any) error {
 	return yaml.Unmarshal(bytes, &j)
 }
 
-func (j JobSpecInput) ToStandardCapabilityJob(jobName string, generateOracleFactory bool) (pkg.StandardCapabilityJob, error) {
+func (j JobSpecInput) ToStandardCapabilityJob(jobName string) (pkg.StandardCapabilityJob, error) {
 	out := pkg.StandardCapabilityJob{
-		JobName:               jobName,
-		GenerateOracleFactory: generateOracleFactory,
+		JobName: jobName,
 	}
 	err := j.UnmarshalTo(&out)
 	if err != nil {
 
@@ -34,7 +34,7 @@ func TestJobSpecInput_ToStandardCapabilityJob(t *testing.T) {
 			},
 		}
 
-		job, err := input.ToStandardCapabilityJob(jobName, false)
+		job, err := input.ToStandardCapabilityJob(jobName)
 		require.NoError(t, err)
 		assert.Equal(t, jobName, job.JobName)
 		assert.Equal(t, "run", job.Command)
@@ -56,7 +56,7 @@ func TestJobSpecInput_ToStandardCapabilityJob(t *testing.T) {
 			"externalJobID": "123",
 			"oracleFactory": pkg.OracleFactory{},
 		}
-		_, err := input.ToStandardCapabilityJob(jobName, false)
+		_, err := input.ToStandardCapabilityJob(jobName)
 		require.Error(t, err)
 		assert.Contains(t, err.Error(), "command is required")
 	})
@@ -68,7 +68,7 @@ func TestJobSpecInput_ToStandardCapabilityJob(t *testing.T) {
 			"externalJobID": "123",
 			"oracleFactory": pkg.OracleFactory{},
 		}
-		_, err := input.ToStandardCapabilityJob(jobName, false)
+		_, err := input.ToStandardCapabilityJob(jobName)
 		require.Error(t, err)
 		assert.Contains(t, err.Error(), "command is required and must be a string")
 	})
@@ -80,7 +80,7 @@ func TestJobSpecInput_ToStandardCapabilityJob(t *testing.T) {
 			"externalJobID": "123",
 			"oracleFactory": pkg.OracleFactory{},
 		}
-		_, err := input.ToStandardCapabilityJob(jobName, false)
+		_, err := input.ToStandardCapabilityJob(jobName)
 		require.NoError(t, err)
 	})
 
@@ -91,7 +91,7 @@ func TestJobSpecInput_ToStandardCapabilityJob(t *testing.T) {
 			"externalJobID": "123",
 			"oracleFactory": pkg.OracleFactory{},
 		}
-		_, err := input.ToStandardCapabilityJob(jobName, false)
+		_, err := input.ToStandardCapabilityJob(jobName)
 		require.Error(t, err)
 		assert.Contains(t, err.Error(), "cannot unmarshal !!map into string")
 	})
@@ -103,7 +103,7 @@ func TestJobSpecInput_ToStandardCapabilityJob(t *testing.T) {
 			"externalJobID": struct{}{},
 			"oracleFactory": pkg.OracleFactory{},
 		}
-		_, err := input.ToStandardCapabilityJob(jobName, false)
+		_, err := input.ToStandardCapabilityJob(jobName)
 		require.Error(t, err)
 		assert.Contains(t, err.Error(), "cannot unmarshal !!map into string")
 	})
@@ -115,7 +115,7 @@ func TestJobSpecInput_ToStandardCapabilityJob(t *testing.T) {
 			"externalJobID": "123",
 			"oracleFactory": "not a factory",
 		}
-		_, err := input.ToStandardCapabilityJob(jobName, false)
+		_, err := input.ToStandardCapabilityJob(jobName)
 		require.Error(t, err)
 		assert.Contains(t, err.Error(), "cannot unmarshal !!str")
 	})
 
@@ -214,11 +214,11 @@ func (d *dons) mustToV2ConfigureInput(chainSelector uint64, contractAddress stri
 		for i, nop := range don.Nops {
 			nopName := nop.Name
 
-			ns, err := deployment.NodeInfo(nop.Nodes, d.offChain)
-			if err != nil {
-				panic(err)
-			}
 			if _, exists := nopMap[nopName]; !exists {
+				ns, err := deployment.NodeInfo(nop.Nodes, d.offChain)
+				if err != nil {
+					panic(err)
+				}
 				nopMap[nopName] = capabilities_registry_v2.CapabilitiesRegistryNodeOperatorParams{
 					Admin: adminAddrs[i],
 					Name:  nopName,
 
@@ -3,6 +3,7 @@ package cre
 import (
 	"context"
 	"fmt"
+	"net/http"
 	"net/url"
 	"slices"
 	"strconv"
@@ -426,10 +427,6 @@ func NewNode(ctx context.Context, name string, nodeMetadata *NodeMetadata, ctfNo
 		}
 	}
 
-	if account := nodeMetadata.AptosAccount(); account != "" {
-		node.Addresses.AptosAddresses = []string{account}
-	}
-
 	return node, nil
 }
 
@@ -439,9 +436,8 @@ type JobDistributorDetails struct {
 }
 
 type Addresses struct {
-	AdminAddress   string   `toml:"admin_address" json:"admin_address"`     // address used to pay for transactions, applicable only for worker nodes
-	MultiAddress   string   `toml:"multi_address" json:"multi_address"`     // multi address used by OCR2, applicable only for bootstrap nodes
-	AptosAddresses []string `toml:"aptos_addresses" json:"aptos_addresses"` // Aptos public addresses cached from node metadata or the node key API
+	AdminAddress string `toml:"admin_address" json:"admin_address"` // address used to pay for transactions, applicable only for worker nodes
+	MultiAddress string `toml:"multi_address" json:"multi_address"` // multi address used by OCR2, applicable only for bootstrap nodes
 }
 
 type NodeClients struct {
@@ -496,11 +492,11 @@ func createJDChainConfigs(ctx context.Context, n *Node, supportedChains []blockc
 				account = accounts[0]
 			}
 		case chainselectors.FamilyAptos:
-			accounts, err := AptosAccountsForNode(ctx, n)
-			if err != nil {
-				return fmt.Errorf("failed to fetch aptos account address for node %s: %w", n.Name, err)
+			aptosAccount, aptosErr := aptosAccountForNode(ctx, n)
+			if aptosErr != nil {
+				return fmt.Errorf("failed to fetch aptos account address for node %s: %w", n.Name, aptosErr)
 			}
-			account = accounts[0]
+			account = aptosAccount
 			// Deployment parsing prefers AccountAddressPublicKey for Aptos chain configs.
 			// Mirror transmitter into this field so OCRConfigForChainSelector always resolves it.
 			accountAddrPubKey = account
@@ -586,15 +582,47 @@ func createJDChainConfigs(ctx context.Context, n *Node, supportedChains []blockc
 	return nil
 }
 
-func AptosAccountsForNode(_ context.Context, n *Node) ([]string, error) {
-	if len(n.Addresses.AptosAddresses) > 0 {
-		return append([]string(nil), n.Addresses.AptosAddresses...), nil
-	}
+func aptosAccountForNode(ctx context.Context, n *Node) (string, error) {
 	if n.Keys != nil && n.Keys.AptosAccount() != "" {
-		n.Addresses.AptosAddresses = []string{n.Keys.AptosAccount()}
-		return append([]string(nil), n.Addresses.AptosAddresses...), nil
+		return n.Keys.AptosAccount(), nil
+	}
+
+	var runtimeKeys struct {
+		Data []struct {
+			Attributes struct {
+				Account   string `json:"account"`
+				PublicKey string `json:"publicKey"`
+			} `json:"attributes"`
+		} `json:"data"`
+	}
+	resp, err := n.Clients.RestClient.APIClient.R().
+		SetContext(ctx).
+		SetResult(&runtimeKeys).
+		Get("/v2/keys/aptos")
+	if err != nil {
+		return "", fmt.Errorf("failed to read Aptos keys from node API: %w", err)
+	}
+	if resp.StatusCode() != http.StatusOK {
+		return "", fmt.Errorf("aptos keys endpoint returned status %d", resp.StatusCode())
 	}
-	return nil, fmt.Errorf("missing cached aptos addresses for node %s", n.Name)
+	if len(runtimeKeys.Data) == 0 {
+		return "", fmt.Errorf("no Aptos keys found on node %s", n.Name)
+	}
+
+	account, err := crypto.NormalizeAptosAccount(runtimeKeys.Data[0].Attributes.Account)
+	if err != nil {
+		return "", fmt.Errorf("invalid Aptos account returned by node API: %w", err)
+	}
+
+	if n.Keys != nil {
+		if n.Keys.Aptos == nil {
+			n.Keys.Aptos = &crypto.AptosKey{}
+		}
+		n.Keys.Aptos.Account = account
+		n.Keys.Aptos.PublicKey = runtimeKeys.Data[0].Attributes.PublicKey
+	}
+
+	return account, nil
 }
 
 // AcceptJob accepts the job proposal for the given job proposal spec
 
@@ -543,7 +543,7 @@ func addWorkerNodeConfig(
 		}
 
 		gateways := []coretoml.ConnectorGateway{}
-		if topology != nil && len(topology.GatewayConnectors.Configurations) > 0 {
+		if topology != nil && topology.GatewayConnectors != nil && len(topology.GatewayConnectors.Configurations) > 0 {
 			for _, gateway := range topology.GatewayConnectors.Configurations {
 				gateways = append(gateways, coretoml.ConnectorGateway{
 					ID: ptr.Ptr(gateway.AuthGatewayID),
 
@@ -2,58 +2,74 @@ package cre
 
 import (
 	"context"
+	"net/http"
+	"net/http/httptest"
+	"sync/atomic"
 	"testing"
 
+	"github.com/go-resty/resty/v2"
 	"github.com/stretchr/testify/require"
 
+	"github.com/smartcontractkit/chainlink-testing-framework/framework/clclient"
 	"github.com/smartcontractkit/chainlink/system-tests/lib/cre/don/secrets"
-	"github.com/smartcontractkit/chainlink/system-tests/lib/crypto"
+	crecrypto "github.com/smartcontractkit/chainlink/system-tests/lib/crypto"
 )
 
-func TestAptosAccountsForNode_ReturnsCachedAddresses(t *testing.T) {
+func TestAptosAccountForNode_UsesMetadataKeyWithoutCallingNodeAPI(t *testing.T) {
 	t.Parallel()
 
-	node := &Node{
-		Name: "node-1",
-		Addresses: Addresses{
-			AptosAddresses: []string{"0x1", "0x2"},
-		},
-	}
+	var hits atomic.Int32
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		hits.Add(1)
+		http.NotFound(w, r)
+	}))
+	t.Cleanup(server.Close)
 
-	addresses, err := AptosAccountsForNode(context.Background(), node)
+	expected, err := crecrypto.NormalizeAptosAccount("0x1")
 	require.NoError(t, err)
-	require.Equal(t, []string{"0x1", "0x2"}, addresses)
-
-	addresses[0] = "0xdead"
-	require.Equal(t, []string{"0x1", "0x2"}, node.Addresses.AptosAddresses)
-}
-
-func TestAptosAccountsForNode_RequiresCachedMetadataWhenCacheMissing(t *testing.T) {
-	t.Parallel()
 
 	node := &Node{
 		Name: "node-1",
+		Keys: &secrets.NodeKeys{
+			Aptos: &crecrypto.AptosKey{Account: expected},
+		},
+		Clients: NodeClients{
+			RestClient: &clclient.ChainlinkClient{APIClient: resty.New().SetBaseURL(server.URL)},
+		},
 	}
 
-	_, err := AptosAccountsForNode(context.Background(), node)
-	require.Error(t, err)
-	require.ErrorContains(t, err, "missing cached aptos addresses for node node-1")
+	account, err := aptosAccountForNode(context.Background(), node)
+	require.NoError(t, err)
+	require.Equal(t, expected, account)
+	require.Zero(t, hits.Load(), "node API must not be called when metadata already has the Aptos key")
 }
 
-func TestAptosAccountsForNode_ReturnsMetadataKeyWhenCacheMissing(t *testing.T) {
+func TestAptosAccountForNode_FallsBackToNodeAPIAndCachesKey(t *testing.T) {
 	t.Parallel()
 
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, "/v2/keys/aptos", r.URL.Path)
+		w.Header().Set("Content-Type", "application/json")
+		_, err := w.Write([]byte(`{"data":[{"attributes":{"account":"0x1","publicKey":"0xabc123"}}]}`))
+		require.NoError(t, err)
+	}))
+	t.Cleanup(server.Close)
+
 	node := &Node{
 		Name: "node-1",
-		Keys: &secrets.NodeKeys{
-			Aptos: &crypto.AptosKey{
-				Account: "0x1",
-			},
+		Keys: &secrets.NodeKeys{},
+		Clients: NodeClients{
+			RestClient: &clclient.ChainlinkClient{APIClient: resty.New().SetBaseURL(server.URL)},
 		},
 	}
 
-	addresses, err := AptosAccountsForNode(context.Background(), node)
+	account, err := aptosAccountForNode(context.Background(), node)
+	require.NoError(t, err)
+
+	expected, err := crecrypto.NormalizeAptosAccount("0x1")
 	require.NoError(t, err)
-	require.Equal(t, []string{"0x1"}, addresses)
-	require.Equal(t, []string{"0x1"}, node.Addresses.AptosAddresses)
+	require.Equal(t, expected, account)
+	require.NotNil(t, node.Keys.Aptos)
+	require.Equal(t, expected, node.Keys.Aptos.Account)
+	require.Equal(t, "0xabc123", node.Keys.Aptos.PublicKey)
 }
Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ func (u ProposeJobSpec) Apply(e cldf.Environment, input ProposeJobSpecInput) (cl`
`91`	`91`	`switch input.Template {`
`92`	`92`	`// This will hold all standard capabilities jobs as we add support for them.`
`93`	`93`	`case job_types.EVM, job_types.Cron, job_types.HTTPTrigger, job_types.HTTPAction, job_types.ConfidentialHTTP, job_types.Consensus, job_types.WebAPITrigger, job_types.WebAPITarget, job_types.CustomCompute, job_types.LogEventTrigger, job_types.ReadContract, job_types.Solana:`
`94`		`- job, err := input.Inputs.ToStandardCapabilityJob(input.JobName, false)`
	`94`	`+ job, err := input.Inputs.ToStandardCapabilityJob(input.JobName)`
`95`	`95`	`if err != nil {`
`96`	`96`	`return cldf.ChangesetOutput{}, fmt.Errorf("failed to convert inputs to standard capability job: %w", err)`
`97`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,10 +30,9 @@ func (j JobSpecInput) UnmarshalFrom(source any) error {`
`30`	`30`	`return yaml.Unmarshal(bytes, &j)`
`31`	`31`	`}`
`32`	`32`
`33`		`-func (j JobSpecInput) ToStandardCapabilityJob(jobName string, generateOracleFactory bool) (pkg.StandardCapabilityJob, error) {`
	`33`	`+func (j JobSpecInput) ToStandardCapabilityJob(jobName string) (pkg.StandardCapabilityJob, error) {`
`34`	`34`	`out := pkg.StandardCapabilityJob{`
`35`		`- JobName: jobName,`
`36`		`- GenerateOracleFactory: generateOracleFactory,`
	`35`	`+ JobName: jobName,`
`37`	`36`	`}`
`38`	`37`	`err := j.UnmarshalTo(&out)`
`39`	`38`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -543,7 +543,7 @@ func addWorkerNodeConfig(`
`543`	`543`	`}`
`544`	`544`
`545`	`545`	`gateways := []coretoml.ConnectorGateway{}`
`546`		`- if topology != nil && len(topology.GatewayConnectors.Configurations) > 0 {`
	`546`	`+ if topology != nil && topology.GatewayConnectors != nil && len(topology.GatewayConnectors.Configurations) > 0 {`
`547`	`547`	`for _, gateway := range topology.GatewayConnectors.Configurations {`
`548`	`548`	`gateways = append(gateways, coretoml.ConnectorGateway{`
`549`	`549`	`ID: ptr.Ptr(gateway.AuthGatewayID),`