sui_core/authority/
test_authority_builder.rs

1// Copyright (c) Mysten Labs, Inc.
2// SPDX-License-Identifier: Apache-2.0
3
4use super::ExecutionEnv;
5use super::backpressure::BackpressureManager;
6use super::epoch_start_configuration::EpochFlag;
7use crate::authority::authority_per_epoch_store::AuthorityPerEpochStore;
8use crate::authority::authority_store_pruner::PrunerWatermarks;
9use crate::authority::authority_store_tables::{
10    AuthorityPerpetualTables, AuthorityPerpetualTablesOptions,
11};
12use crate::authority::epoch_start_configuration::EpochStartConfiguration;
13use crate::authority::submitted_transaction_cache::SubmittedTransactionCacheMetrics;
14use crate::authority::{AuthorityState, AuthorityStore};
15use crate::checkpoints::CheckpointStore;
16use crate::epoch::committee_store::CommitteeStore;
17use crate::epoch::epoch_metrics::EpochMetrics;
18use crate::epoch::randomness::RandomnessManager;
19use crate::execution_cache::build_execution_cache;
20use crate::jsonrpc_index::IndexStore;
21use crate::mock_consensus::{ConsensusMode, MockConsensusClient};
22use crate::module_cache_metrics::ResolverMetrics;
23use crate::randomness_round_receiver::RandomnessRoundReceiverHandle;
24use crate::signature_verifier::SignatureVerifierMetrics;
25use fastcrypto::traits::KeyPair;
26use prometheus::Registry;
27use std::path::PathBuf;
28use std::sync::Arc;
29use sui_config::ExecutionCacheConfig;
30use sui_config::certificate_deny_config::CertificateDenyConfig;
31use sui_config::genesis::Genesis;
32use sui_config::node::AuthorityOverloadConfig;
33use sui_config::node::{
34    AuthorityStorePruningConfig, DBCheckpointConfig, ExpensiveSafetyCheckConfig,
35};
36use sui_config::transaction_deny_config::TransactionDenyConfig;
37use sui_macros::nondeterministic;
38use sui_network::randomness;
39use sui_protocol_config::{Chain, ProtocolConfig};
40use sui_swarm_config::genesis_config::AccountConfig;
41use sui_swarm_config::network_config::NetworkConfig;
42use sui_types::base_types::{AuthorityName, ObjectID};
43use sui_types::crypto::AuthorityKeyPair;
44use sui_types::digests::ChainIdentifier;
45use sui_types::executable_transaction::VerifiedExecutableTransaction;
46use sui_types::object::Object;
47use sui_types::sui_system_state::SuiSystemStateTrait;
48use sui_types::supported_protocol_versions::SupportedProtocolVersions;
49use sui_types::transaction::VerifiedTransaction;
50
51#[derive(Default, Clone)]
52pub struct TestAuthorityBuilder<'a> {
53    store_base_path: Option<PathBuf>,
54    store: Option<Arc<AuthorityStore>>,
55    transaction_deny_config: Option<TransactionDenyConfig>,
56    certificate_deny_config: Option<CertificateDenyConfig>,
57    protocol_config: Option<ProtocolConfig>,
58    reference_gas_price: Option<u64>,
59    node_keypair: Option<&'a AuthorityKeyPair>,
60    genesis: Option<&'a Genesis>,
61    /// Pre-built network config to avoid rebuilding genesis
62    network_config: Option<&'a NetworkConfig>,
63    starting_objects: Option<&'a [Object]>,
64    expensive_safety_checks: Option<ExpensiveSafetyCheckConfig>,
65    disable_indexer: bool,
66    accounts: Vec<AccountConfig>,
67    /// By default, we don't insert the genesis checkpoint, which isn't needed by most tests.
68    insert_genesis_checkpoint: bool,
69    authority_overload_config: Option<AuthorityOverloadConfig>,
70    cache_config: Option<ExecutionCacheConfig>,
71    chain_override: Option<Chain>,
72    dev_inspect_disabled: bool,
73    recent_submission_dedup_window_ms: Option<u64>,
74    /// Skip genesis owner/dynamic-field indexing (use for tests that don't query owned objects)
75    skip_genesis_owner_index: bool,
76}
77
78impl<'a> TestAuthorityBuilder<'a> {
79    pub fn new() -> Self {
80        Self::default()
81    }
82
83    pub fn with_store_base_path(mut self, path: PathBuf) -> Self {
84        assert!(self.store_base_path.replace(path).is_none());
85        self
86    }
87
88    pub fn with_starting_objects(mut self, objects: &'a [Object]) -> Self {
89        assert!(self.starting_objects.replace(objects).is_none());
90        self
91    }
92
93    pub fn with_store(mut self, store: Arc<AuthorityStore>) -> Self {
94        assert!(self.store.replace(store).is_none());
95        self
96    }
97
98    pub fn with_transaction_deny_config(mut self, config: TransactionDenyConfig) -> Self {
99        assert!(self.transaction_deny_config.replace(config).is_none());
100        self
101    }
102
103    pub fn with_dev_inspect_disabled(mut self) -> Self {
104        self.dev_inspect_disabled = true;
105        self
106    }
107
108    pub fn with_certificate_deny_config(mut self, config: CertificateDenyConfig) -> Self {
109        assert!(self.certificate_deny_config.replace(config).is_none());
110        self
111    }
112
113    pub fn with_protocol_config(mut self, config: ProtocolConfig) -> Self {
114        assert!(self.protocol_config.replace(config).is_none());
115        self
116    }
117
118    pub fn with_reference_gas_price(mut self, reference_gas_price: u64) -> Self {
119        // If genesis is already set then setting rgp is meaningless since it will be overwritten.
120        assert!(self.genesis.is_none());
121        assert!(
122            self.reference_gas_price
123                .replace(reference_gas_price)
124                .is_none()
125        );
126        self
127    }
128
129    pub fn with_genesis_and_keypair(
130        mut self,
131        genesis: &'a Genesis,
132        keypair: &'a AuthorityKeyPair,
133    ) -> Self {
134        assert!(self.genesis.replace(genesis).is_none());
135        assert!(self.node_keypair.replace(keypair).is_none());
136        self
137    }
138
139    pub fn with_keypair(mut self, keypair: &'a AuthorityKeyPair) -> Self {
140        assert!(self.node_keypair.replace(keypair).is_none());
141        self
142    }
143
144    /// When providing a network config, we will use the \node_idx validator's
145    /// key as the keypair for the new node.
146    pub fn with_network_config(self, config: &'a NetworkConfig, node_idx: usize) -> Self {
147        self.with_genesis_and_keypair(
148            &config.genesis,
149            config.validator_configs()[node_idx].protocol_key_pair(),
150        )
151    }
152
153    /// Provide a pre-built network config to avoid rebuilding genesis.
154    /// This is useful when creating multiple authorities that should share the same genesis.
155    pub fn with_shared_network_config(mut self, config: &'a NetworkConfig) -> Self {
156        assert!(self.network_config.replace(config).is_none());
157        self
158    }
159
160    pub fn disable_indexer(mut self) -> Self {
161        self.disable_indexer = true;
162        self
163    }
164
165    /// Skip genesis owner/dynamic-field indexing. This is much faster for tests
166    /// that don't query owned objects via RPC (e.g., get_owned_objects).
167    pub fn skip_genesis_owner_index(mut self) -> Self {
168        self.skip_genesis_owner_index = true;
169        self
170    }
171
172    pub fn insert_genesis_checkpoint(mut self) -> Self {
173        self.insert_genesis_checkpoint = true;
174        self
175    }
176
177    pub fn with_expensive_safety_checks(mut self, config: ExpensiveSafetyCheckConfig) -> Self {
178        assert!(self.expensive_safety_checks.replace(config).is_none());
179        self
180    }
181
182    pub fn with_accounts(mut self, accounts: Vec<AccountConfig>) -> Self {
183        self.accounts = accounts;
184        self
185    }
186
187    pub fn with_authority_overload_config(mut self, config: AuthorityOverloadConfig) -> Self {
188        assert!(self.authority_overload_config.replace(config).is_none());
189        self
190    }
191
192    pub fn with_cache_config(mut self, config: ExecutionCacheConfig) -> Self {
193        self.cache_config = Some(config);
194        self
195    }
196
197    pub fn with_chain_override(mut self, chain: Chain) -> Self {
198        self.chain_override = Some(chain);
199        self
200    }
201
202    pub fn with_recent_submission_dedup_window_ms(mut self, window_ms: u64) -> Self {
203        assert!(
204            self.recent_submission_dedup_window_ms
205                .replace(window_ms)
206                .is_none()
207        );
208        self
209    }
210
211    pub async fn build(self) -> Arc<AuthorityState> {
212        // `_guard` must be declared here so it is not dropped before
213        // `AuthorityPerEpochStore::new` is called
214        //
215        // Only create a guard if an explicit protocol_config was provided.
216        let _guard = self
217            .protocol_config
218            .clone()
219            .map(|config| ProtocolConfig::apply_overrides_for_testing(move |_, _| config.clone()));
220
221        // Use pre-built network config if available, otherwise build one
222        let owned_network_config;
223        let local_network_config: &NetworkConfig = if let Some(config) = self.network_config {
224            config
225        } else {
226            let mut local_network_config_builder =
227                sui_swarm_config::network_config_builder::ConfigBuilder::new_with_temp_dir()
228                    .with_accounts(self.accounts)
229                    .with_reference_gas_price(self.reference_gas_price.unwrap_or(500));
230            if let Some(protocol_config) = &self.protocol_config {
231                local_network_config_builder =
232                    local_network_config_builder.with_protocol_version(protocol_config.version);
233            }
234            owned_network_config = local_network_config_builder.build();
235            &owned_network_config
236        };
237        let genesis = &self.genesis.unwrap_or(&local_network_config.genesis);
238        let genesis_committee = genesis.committee();
239        let path = self.store_base_path.unwrap_or_else(|| {
240            let dir = std::env::temp_dir();
241            let store_base_path =
242                dir.join(format!("DB_{:?}", nondeterministic!(ObjectID::random())));
243            std::fs::create_dir(&store_base_path).unwrap();
244            store_base_path
245        });
246        let mut config = local_network_config.validator_configs()[0].clone();
247        let registry = Registry::new();
248
249        let authority_store = match self.store {
250            Some(store) => store,
251            None => {
252                let perpetual_tables_options = AuthorityPerpetualTablesOptions::default();
253                let perpetual_tables = Arc::new(AuthorityPerpetualTables::open(
254                    &path.join("store"),
255                    Some(perpetual_tables_options),
256                    None,
257                ));
258                // unwrap ok - for testing only.
259                AuthorityStore::open_with_committee_for_testing(
260                    perpetual_tables,
261                    &genesis_committee,
262                    genesis,
263                )
264                .await
265                .unwrap()
266            }
267        };
268
269        if let Some(cache_config) = self.cache_config {
270            config.execution_cache = cache_config;
271        }
272
273        let keypair = if let Some(keypair) = self.node_keypair {
274            keypair
275        } else {
276            config.protocol_key_pair()
277        };
278
279        let secret = Arc::pin(keypair.copy());
280        let name: AuthorityName = secret.public().into();
281        let cache_metrics = Arc::new(ResolverMetrics::new(&registry));
282        let signature_verifier_metrics = SignatureVerifierMetrics::new(&registry);
283        let epoch_flags = EpochFlag::default_flags_for_new_epoch(&config);
284        let epoch_start_configuration = EpochStartConfiguration::new(
285            genesis.sui_system_object().into_epoch_start_state(),
286            *genesis.checkpoint().digest(),
287            &genesis.objects(),
288            epoch_flags,
289        )
290        .unwrap();
291        let expensive_safety_checks = self.expensive_safety_checks.unwrap_or_default();
292
293        let pruner_watermarks = Arc::new(PrunerWatermarks::default());
294        let checkpoint_store =
295            CheckpointStore::new(&path.join("checkpoints"), pruner_watermarks.clone());
296        let backpressure_manager =
297            BackpressureManager::new_from_checkpoint_store(&checkpoint_store);
298
299        let cache_traits = build_execution_cache(
300            &Default::default(),
301            &registry,
302            &authority_store,
303            backpressure_manager.clone(),
304        );
305
306        let chain_id = ChainIdentifier::from(*genesis.checkpoint().digest());
307        let chain = match self.chain_override {
308            Some(chain) => chain,
309            None => chain_id.chain(),
310        };
311
312        let epoch_store = AuthorityPerEpochStore::new(
313            name,
314            Arc::new(genesis_committee.clone()),
315            &path.join("store"),
316            None,
317            EpochMetrics::new(&registry),
318            epoch_start_configuration,
319            cache_traits.backing_package_store.clone(),
320            cache_traits.object_store.clone(),
321            cache_metrics,
322            signature_verifier_metrics,
323            &expensive_safety_checks,
324            (chain_id, chain),
325            checkpoint_store
326                .get_highest_executed_checkpoint_seq_number()
327                .unwrap()
328                .unwrap_or(0),
329            0,
330            Arc::new(SubmittedTransactionCacheMetrics::new(&registry)),
331            None,
332        )
333        .expect("failed to create authority per epoch store");
334
335        let committee_store = Arc::new(CommitteeStore::new(
336            path.join("epochs"),
337            &genesis_committee,
338            None,
339        ));
340
341        if self.insert_genesis_checkpoint {
342            checkpoint_store.insert_genesis_checkpoint(
343                genesis.checkpoint(),
344                genesis.checkpoint_contents().clone(),
345                &epoch_store,
346            );
347        }
348        let index_store = if self.disable_indexer {
349            None
350        } else {
351            Some(Arc::new(IndexStore::new(
352                path.join("indexes"),
353                &registry,
354                epoch_store
355                    .protocol_config()
356                    .max_move_identifier_len_as_option(),
357                false,
358            )))
359        };
360
361        let transaction_deny_config = self.transaction_deny_config.unwrap_or_default();
362        let certificate_deny_config = self.certificate_deny_config.unwrap_or_default();
363        let authority_overload_config = self.authority_overload_config.unwrap_or_default();
364        let mut pruning_config = AuthorityStorePruningConfig::default();
365        if !epoch_store
366            .protocol_config()
367            .simplified_unwrap_then_delete()
368        {
369            // We cannot prune tombstones if simplified_unwrap_then_delete is not enabled.
370            pruning_config.set_killswitch_tombstone_pruning(true);
371        }
372
373        config.transaction_deny_config = transaction_deny_config;
374        config.certificate_deny_config = certificate_deny_config;
375        config.authority_overload_config = authority_overload_config;
376        config.authority_store_pruning_config = pruning_config;
377        config.dev_inspect_disabled = self.dev_inspect_disabled;
378        if let Some(window_ms) = self.recent_submission_dedup_window_ms {
379            config.recent_submission_dedup_window_ms = Some(window_ms);
380        }
381
382        let chain_identifier = ChainIdentifier::from(*genesis.checkpoint().digest());
383        let policy_config = config.policy_config.clone();
384        let firewall_config = config.firewall_config.clone();
385
386        let genesis_objects_for_index = if self.skip_genesis_owner_index {
387            &[][..]
388        } else {
389            genesis.objects()
390        };
391        let state = AuthorityState::new(
392            name,
393            secret,
394            SupportedProtocolVersions::SYSTEM_DEFAULT,
395            authority_store,
396            cache_traits,
397            epoch_store.clone(),
398            committee_store,
399            index_store,
400            None,
401            checkpoint_store,
402            &registry,
403            genesis_objects_for_index,
404            &DBCheckpointConfig::default(),
405            config.clone(),
406            chain_identifier,
407            policy_config,
408            firewall_config,
409            Arc::new(PrunerWatermarks::default()),
410        )
411        .await;
412
413        // Set up randomness with no-op consensus (DKG will not complete).
414        if epoch_store.randomness_state_enabled() {
415            let consensus_client = Box::new(MockConsensusClient::new(
416                Arc::downgrade(&state),
417                ConsensusMode::Noop,
418            ));
419            let randomness_manager = RandomnessManager::try_new(
420                Arc::downgrade(&epoch_store),
421                consensus_client,
422                randomness::Handle::new_stub(),
423                Some(config.protocol_key_pair()),
424                RandomnessRoundReceiverHandle::new_for_testing(),
425            )
426            .await;
427            if let Some(randomness_manager) = randomness_manager {
428                // Randomness might fail if test configuration does not permit DKG init.
429                // In that case, skip setting it up.
430                epoch_store
431                    .set_randomness_manager(randomness_manager)
432                    .await
433                    .unwrap();
434            }
435        }
436
437        // For any type of local testing that does not actually spawn a node, the checkpoint executor
438        // won't be started, which means we won't actually execute the genesis transaction. In that case,
439        // the genesis objects (e.g. all the genesis test coins) won't be accessible. Executing it
440        // explicitly makes sure all genesis objects are ready for use.
441        state
442            .try_execute_immediately(
443                &VerifiedExecutableTransaction::new_from_checkpoint(
444                    VerifiedTransaction::new_unchecked(genesis.transaction().clone()),
445                    genesis.epoch(),
446                    genesis.checkpoint().sequence_number,
447                ),
448                ExecutionEnv::new(),
449                &state.epoch_store_for_testing(),
450            )
451            .unwrap();
452
453        let batch = state
454            .get_cache_commit()
455            .build_db_batch(epoch_store.epoch(), &[*genesis.transaction().digest()]);
456
457        state.get_cache_commit().commit_transaction_outputs(
458            epoch_store.epoch(),
459            batch,
460            &[*genesis.transaction().digest()],
461        );
462
463        // We want to insert these objects directly instead of relying on genesis because
464        // genesis process would set the previous transaction field for these objects, which would
465        // change their object digest. This makes it difficult to write tests that want to use
466        // these objects directly.
467        // TODO: we should probably have a better way to do this.
468        if let Some(starting_objects) = self.starting_objects {
469            state
470                .insert_objects_unsafe_for_testing_only(starting_objects)
471                .await
472                .unwrap();
473        };
474
475        state
476    }
477}