Configuration support fully specified source to destination mapping

README.md

@@ -25,6 +25,90 @@ The relayer binary accepts a path to a JSON configuration file as the sole argum
 ./build/awm-relayer --config-file path-to-config
 ```
 
+### Configuration
+
+The relayer is configured via a JSON file, the path to which is passed in via the `--config-file` command line argument. The following configuration options are available:
+
+`"log-level": "debug" | "info" | "warn" | "error" | "fatal" | "panic"` 
+- The log level for the relayer. Defaults to `info`.
+
+`"network-id": integer`
+- The ID of the Avalanche network to which the relayer will connect. Defaults to `1` (Mainnet).
+
+`"p-chain-api-url": string`
+- The URL of the Avalanche P-Chain API node to which the relayer will connect. Defaults to `https://api.avax.network`.
+
+`"encrypt-connection": boolean`
+- Whether or not to encrypt the connection to the P-Chain API node. Defaults to `true`.
+
+`"storage-location": string`
+- The path to the directory in which the relayer will store its state. Defaults to `./awm-relayer-storage`.
+
+`"source-subnets": []SourceSubnets`
+- The list of source subnets to support. Each `SourceSubnet` has the following configuration:
+
+  `"subnet-id": string` 
+  - cb58-encoded Subnet ID
+
+  `"blockchain-id": string` 
+  - cb58-encoded Blockchain ID
+
+  `"vm": string` 
+  - The VM type of the source subnet.
+
+  `"api-node-host": string` 
+  - The host of the source subnet's API node.
+
+  `"api-node-port": integer` 
+  - The port of the source subnet's API node.
+
+  `"encrypt-connection": boolean` 
+  - Whether or not to encrypt the connection to the source subnet's API node.
+
+  `"rpc-endpoint": string` 
+  - The RPC endpoint of the source subnet's API node. If provided, `api-node-host`, `api-node-port`, and `encrypt-connection` are ignored
+
+  `"ws-endpoint": string` 
+  - The WebSocket endpoint of the source subnet's API node. If provided, `api-node-host`, `api-node-port`, and `encrypt-connection` are ignored
+
+  `"message-contracts": map[string]MessageProtocolConfig` 
+  - Map of contract addresses to the config options of the protocol at that address. Each `MessageProtocolConfig` consists of a unique `message-format` name, and the raw JSON `settings`
+
+  `"supported-destinations": []string` 
+  - List of destination subnet IDs that the source subnet supports. If empty, then all destinations are supported.
+
+`"destination-subnets": []DestinationSubnets`
+- The list of destination subnets to support. Each `DestinationSubnet` has the following configuration:
+
+  `"subnet-id": string`
+  - cb58-encoded Subnet ID
+
+  `"blockchain-id": string` 
+  - cb58-encoded Blockchain ID
+
+  `"vm": string` 
+  - The VM type of the source subnet.
+
+  `"api-node-host": string` 
+  - The host of the source subnet's API node.
+
+  `"api-node-port": integer` 
+  - The port of the source subnet's API node.
+
+  `"encrypt-connection": boolean` 
+  - Whether or not to encrypt the connection to the source subnet's API node.
+
+  `"rpc-endpoint": string` 
+  - The RPC endpoint of the source subnet's API node. If provided, `api-node-host`, `api-node-port`, and `encrypt-connection` are ignored
+
+  `"ws-endpoint": string` 
+  - The WebSocket endpoint of the source subnet's API node. If provided, `api-node-host`, `api-node-port`, and `encrypt-connection` are ignored
+
+  `"account-private-key": string` 
+  - The hex-encoded private key to use for signing transactions on the destination subnet. May be provided by the environment variable `ACCOUNT_PRIVATE_KEY`. Each `destination-subnet` may use a separate private key by appending the blockchain ID to the private key environment variable name, e.g. `ACCOUNT_PRIVATE_KEY_11111111111111111111111111111111LpoYY` 
+
+
+
 ## Architecture
 
 **Note:** The relayer in its current state supports Teleporter messages between `subnet-evm` instances. A handful of abstractions have been added to make the relayer extensible to other Warp message formats and VM types, but this work is ongoing.

config/config.go

@@ -22,6 +22,9 @@ import (
 	"github.com/spf13/viper"
 )
 
+// global config singleton
+var globalConfig Config
+
 const (
 	relayerPrivateKeyBytes      = 32
 	accountPrivateKeyEnvVarName = "ACCOUNT_PRIVATE_KEY"
@@ -37,15 +40,19 @@ type MessageProtocolConfig struct {
 	Settings      map[string]interface{} `mapstructure:"settings" json:"settings"`
 }
 type SourceSubnet struct {
-	SubnetID          string                           `mapstructure:"subnet-id" json:"subnet-id"`
-	ChainID           string                           `mapstructure:"chain-id" json:"chain-id"`
-	VM                string                           `mapstructure:"vm" json:"vm"`
-	APINodeHost       string                           `mapstructure:"api-node-host" json:"api-node-host"`
-	APINodePort       uint32                           `mapstructure:"api-node-port" json:"api-node-port"`
-	EncryptConnection bool                             `mapstructure:"encrypt-connection" json:"encrypt-connection"`
-	RPCEndpoint       string                           `mapstructure:"rpc-endpoint" json:"rpc-endpoint"`
-	WSEndpoint        string                           `mapstructure:"ws-endpoint" json:"ws-endpoint"`
-	MessageContracts  map[string]MessageProtocolConfig `mapstructure:"message-contracts" json:"message-contracts"`
+	SubnetID              string                           `mapstructure:"subnet-id" json:"subnet-id"`
+	ChainID               string                           `mapstructure:"chain-id" json:"chain-id"`
+	VM                    string                           `mapstructure:"vm" json:"vm"`
+	APINodeHost           string                           `mapstructure:"api-node-host" json:"api-node-host"`
+	APINodePort           uint32                           `mapstructure:"api-node-port" json:"api-node-port"`
+	EncryptConnection     bool                             `mapstructure:"encrypt-connection" json:"encrypt-connection"`
+	RPCEndpoint           string                           `mapstructure:"rpc-endpoint" json:"rpc-endpoint"`
+	WSEndpoint            string                           `mapstructure:"ws-endpoint" json:"ws-endpoint"`
+	MessageContracts      map[string]MessageProtocolConfig `mapstructure:"message-contracts" json:"message-contracts"`
+	SupportedDestinations []string                         `mapstructure:"supported-destinations" json:"allowed-destinations"`
+
+	// convenience field
+	supportedDestinationsMap map[ids.ID]bool
 }
 
 type DestinationSubnet struct {
@@ -152,6 +159,8 @@ func BuildConfig(v *viper.Viper) (Config, bool, error) {
 	}
 	cfg.PChainAPIURL = pChainapiUrl
 
+	globalConfig = cfg
+
 	return cfg, optionOverwritten, nil
 }
 
@@ -165,17 +174,8 @@ func (c *Config) Validate() error {
 	if _, err := url.ParseRequestURI(c.PChainAPIURL); err != nil {
 		return err
 	}
-	sourceChains := set.NewSet[string](len(c.SourceSubnets))
-	for _, s := range c.SourceSubnets {
-		if err := s.Validate(); err != nil {
-			return err
-		}
-		if sourceChains.Contains(s.ChainID) {
-			return fmt.Errorf("configured source subnets must have unique chain IDs")
-		}
-		sourceChains.Add(s.ChainID)
-	}
 
+	// Validate the destination chains
 	destinationChains := set.NewSet[string](len(c.DestinationSubnets))
 	for _, s := range c.DestinationSubnets {
 		if err := s.Validate(); err != nil {
@@ -187,27 +187,31 @@ func (c *Config) Validate() error {
 		destinationChains.Add(s.ChainID)
 	}
 
-	return nil
-}
-
-// GetSourceIDs returns the Subnet and Chain IDs of all subnets configured as a source
-func (cfg *Config) GetSourceIDs() ([]ids.ID, []ids.ID, error) {
-	var sourceSubnetIDs []ids.ID
-	var sourceChainIDs []ids.ID
-	for _, s := range cfg.SourceSubnets {
-		subnetID, err := ids.FromString(s.SubnetID)
-		if err != nil {
-			return nil, nil, fmt.Errorf("invalid subnetID in configuration. error: %v", err)
+	// Validate the source chains, and validate that the allowed destinations are configured as destinations
+	sourceChains := set.NewSet[string](len(c.SourceSubnets))
+	for _, s := range c.SourceSubnets {
+		if err := s.Validate(); err != nil {
+			return err
 		}
-		sourceSubnetIDs = append(sourceSubnetIDs, subnetID)
+		if sourceChains.Contains(s.ChainID) {
+			return fmt.Errorf("configured source subnets must have unique chain IDs")
+		}
+		sourceChains.Add(s.ChainID)
 
-		chainID, err := ids.FromString(s.ChainID)
-		if err != nil {
-			return nil, nil, fmt.Errorf("invalid subnetID in configuration. error: %v", err)
+		for _, blockchainID := range s.SupportedDestinations {
+			if !destinationChains.Contains(blockchainID) {
+				return fmt.Errorf("configured source subnet %s has a supported destination blockchain ID %s that is not configured as a destination blockchain",
+					s.SubnetID,
+					blockchainID)
+			}
 		}
-		sourceChainIDs = append(sourceChainIDs, chainID)
 	}
-	return sourceSubnetIDs, sourceChainIDs, nil
+
+	return nil
+}
+
+func (s *SourceSubnet) GetSupportedDestinations() map[ids.ID]bool {
+	return s.supportedDestinationsMap
 }
 
 func (s *SourceSubnet) Validate() error {
@@ -244,6 +248,23 @@ func (s *SourceSubnet) Validate() error {
 		}
 	}
 
+	// Validate the allowed destinations
+	for _, chainIDs := range s.SupportedDestinations {
+		if _, err := ids.FromString(chainIDs); err != nil {
+			return fmt.Errorf("invalid chainID in source subnet configuration. Provided ID: %s", chainIDs)
+		}
+	}
+
+	// Store the allowed destinations for future use
+	s.supportedDestinationsMap = make(map[ids.ID]bool)
+	for _, chainIDStr := range s.SupportedDestinations {
+		chainID, err := ids.FromString(chainIDStr)
+		if err != nil {
+			return fmt.Errorf("invalid chainID in configuration. error: %v", err)
+		}
+		s.supportedDestinationsMap[chainID] = true
+	}
+
 	return nil
 }
 
@@ -373,3 +394,27 @@ func (s *DestinationSubnet) GetRelayerAccountInfo() (*ecdsa.PrivateKey, common.A
 	pkBytes = append(pkBytes, pk.PublicKey.Y.Bytes()...)
 	return pk, common.BytesToAddress(crypto.Keccak256(pkBytes)), nil
 }
+
+//
+// Global config getters
+//
+
+// GetSourceIDs returns the Subnet and Chain IDs of all subnets configured as a source
+func GetSourceIDs() ([]ids.ID, []ids.ID, error) {
+	var sourceSubnetIDs []ids.ID
+	var sourceChainIDs []ids.ID
+	for _, s := range globalConfig.SourceSubnets {
+		subnetID, err := ids.FromString(s.SubnetID)
+		if err != nil {
+			return nil, nil, fmt.Errorf("invalid subnetID in configuration. error: %v", err)
+		}
+		sourceSubnetIDs = append(sourceSubnetIDs, subnetID)
+
+		chainID, err := ids.FromString(s.ChainID)
+		if err != nil {
+			return nil, nil, fmt.Errorf("invalid subnetID in configuration. error: %v", err)
+		}
+		sourceChainIDs = append(sourceChainIDs, chainID)
+	}
+	return sourceSubnetIDs, sourceChainIDs, nil
+}

main/main.go

@@ -86,7 +86,7 @@ func main() {
 
 	// Initialize the global app request network
 	logger.Info("Initializing app request network")
-	sourceSubnetIDs, sourceChainIDs, err := cfg.GetSourceIDs()
+	sourceSubnetIDs, sourceChainIDs, err := config.GetSourceIDs()
 	if err != nil {
 		logger.Error(
 			"Failed to get source IDs",

messages/message_manager.go

@@ -36,6 +36,7 @@ func NewMessageManager(
 	messageProtocolAddress common.Hash,
 	messageProtocolConfig config.MessageProtocolConfig,
 	destinationClients map[ids.ID]vms.DestinationClient,
+	supportedDestinationsChainIDs map[ids.ID]bool,
 ) (MessageManager, error) {
 	format := messageProtocolConfig.MessageFormat
 	switch config.ParseMessageProtocol(format) {
@@ -44,6 +45,7 @@ func NewMessageManager(
 			messageProtocolAddress,
 			messageProtocolConfig,
 			destinationClients,
+			supportedDestinationsChainIDs,
 		)
 	default:
 		return nil, fmt.Errorf("invalid message format %s", format)

messages/teleporter/message_manager.go

@@ -34,6 +34,7 @@ type messageManager struct {
 	// The cache is keyed by the Warp message ID, NOT the Teleporter message ID
 	teleporterMessageCache *cache.LRU[ids.ID, *TeleporterMessage]
 	destinationClients     map[ids.ID]vms.DestinationClient
+	supportedDestinationss map[ids.ID]bool
 
 	logger logging.Logger
 }
@@ -43,6 +44,7 @@ func NewMessageManager(
 	messageProtocolAddress common.Hash,
 	messageProtocolConfig config.MessageProtocolConfig,
 	destinationClients map[ids.ID]vms.DestinationClient,
+	supportedDestinationss map[ids.ID]bool,
 ) (*messageManager, error) {
 	// Marshal the map and unmarshal into the Teleporter config
 	data, err := json.Marshal(messageProtocolConfig.Settings)
@@ -71,6 +73,7 @@ func NewMessageManager(
 		teleporterMessageCache: teleporterMessageCache,
 		destinationClients:     destinationClients,
 		logger:                 logger,
+		supportedDestinationss: supportedDestinationss,
 	}, nil
 }
 
@@ -105,6 +108,22 @@ func (m *messageManager) ShouldSendMessage(warpMessageInfo *vmtypes.WarpMessageI
 	if !ok {
 		return false, fmt.Errorf("relayer not configured to deliver to destination. destinationChainID=%s", destinationChainID.String())
 	}
+
+	// If supportedDestinationss is empty, then all destinations are allowed
+	// If supportedDestinationss is not empty, then only the allowed destinations are allowed
+	if len(m.supportedDestinationss) > 0 {
+		if allowed, exist := m.supportedDestinationss[destinationChainID]; !exist || !allowed {
+			m.logger.Info(
+				"Relayer not configured to relay between source and destination",
+				zap.String("sourceChainID", warpMessageInfo.WarpUnsignedMessage.SourceChainID.String()),
+				zap.String("destinationChainID", destinationChainID.String()),
+				zap.String("warpMessageID", warpMessageInfo.WarpUnsignedMessage.ID().String()),
+				zap.String("teleporterMessageID", teleporterMessage.MessageID.String()),
+			)
+			return false, nil
+		}
+	}
+
 	senderAddress := destinationClient.SenderAddress()
 	if !isAllowedRelayer(teleporterMessage.AllowedRelayerAddresses, senderAddress) {
 		m.logger.Info(