Allow public API usage for GetValidators #77
Conversation
michaelkaplan13
requested review from
cam-schultz,
minghinmatthewlam,
gwen917,
geoff-vball and
bernard-avalabs
as code owners
…lic-api-for-get-validators
|
|
||
| // Set the BLS keys of the result. | ||
| for _, primaryVdr := range primaryVdrs { | ||
| vdr, ok := res[primaryVdr.NodeID] |
There was a problem hiding this comment.
Are we ever expecting primaryVdr to not be found in res? My understanding is that the above call to GetCurrentValidators applies this filter already.
There was a problem hiding this comment.
Nope, I don't think we ever expect it currently. I'll add a warning log for this case. I think it still makes sense to continue rather than returning an error, because the relayer should be able to handle this case the same as if the given validator didn't register a BLS public key on the P-chain. As long as a sufficient % of the subnet stake weight has BLS keys registered and set here, the message should be able to be successfully relayed still.
Update: Realizing now this is separate from validators that don't have BLS keys. It's if the RPC doesn't apply the proper filter. That being said, I'll still add a warning log and still thinking continue is the best option.
There was a problem hiding this comment.
Yup, I agree.
Can we add a check below that primaryVdr.Signer != nil? And if it is, we can emit a warning and continue like we do here.
There was a problem hiding this comment.
Yep, I think that proper check is already there now actually. I chose not to emit any log in that case because it's expected (or at least certainly possible) for the primary network validator to not have any BLS public key registered.
There was a problem hiding this comment.
Let me know if you feel strongly otherwise though. I'm neither here or there on the log 👍
There was a problem hiding this comment.
I may be missing something, but it looks like the first time we access primaryVdr.Signer it's unchecked. If it's nil, that would cause the app to panic.
EDIT: was looking at a stale commit
| func (v *CanonicalValidatorClient) GetValidatorSet( | ||
| ctx context.Context, | ||
| height uint64, | ||
| subnetID ids.ID, | ||
| ) (map[ids.NodeID]*validators.GetValidatorOutput, error) { | ||
| return v.client.GetValidatorsAt(ctx, subnetID, height) | ||
| // Get the current subnet validators. These validators are not expected to include |
There was a problem hiding this comment.
Rather than fully replacing the call to GetValidatorsAt, what are your thoughts on adding this workaround as either a configurable switch, or a fallback option in the case that GetValidatorsAt fails?
For a switch, we could hardcode the public API endpoint and compare the config value against that. However, there's no guarantee that GetValidatorsAt is supported on some other node.
We could always try calling GetValidatorsAt then fallback to this workaround on failure, but that's strictly worse in terms of network round trips if we're using the public API.
There was a problem hiding this comment.
We could also add a config option indicating which API methods are supported by the configured node and switch on that. Alternatively, we could handle that flag dynamically by calling this method on startup and looking for the "method not supported" error message, though that would increase the set of things that could break unexpectedly.
I'm spitballing at this point, curious to hear your thoughts.
There was a problem hiding this comment.
(For context, the reason I'm in favor of having some way to still call GetValidatorsAt is to have a path that minimizes latency for the relayer. If a project has a large enough number of validators, then they might want to run their own P-Chain API node to get that minimal latency path. That being said, I don't actually know if a call to GetValidatorsAt at the current height is necessarily faster than the workaround here, but I would suspect it is)
There was a problem hiding this comment.
All good thoughts...there are definitely trade offs one way or another at certain scales.
My main considerations are:
- The relative frequency of relayer that don't want to set up their own nodes to use an API, and their performance requirements.
- The relative frequency of relayer nodes that do want to set up their own nodes to use an API, and their performance requirements.
- Code and configuration complexity.
I think this is a minute enough of a detail that adding configuration options for it is not worth the additional code complexity and mental bandwidth of those setting up nodes to try to properly understand what the proper value for their set up would be. Checking whether or not the API method is available at start up is a cool idea to get around this, but there's no guarantee than an API won't change it behavior at any point in time, so would be prone to breaking.
That makes me think either always using the workaround method, or always trying to first use GetValidatorsAt and then fallback to the workaround if needed is likely the best approach. For relayer deployments without access to their own API nodes, my inclination is that an additional request would not be a critical performance decrease. I would also guess that deployments that do have or set up their own API nodes, tend to have strictly performance expectations/requirements. Given that, I think using this option as a fallback in the even that GetValidatorsAt fails is likely the best route forward.
There was a problem hiding this comment.
That sounds good to me. Very good point that a relayer operator concerned with latency would likely roll their own API node; if they choose not to, then one extra round trip is likely not going to make a difference to them.
| // only associated with primary network validation periods. If ACP-13 is implementated in the future | ||
| // (https://github.com/avalanche-foundation/ACPs/blob/main/ACPs/13-subnet-only-validators.md), it may | ||
| // become possible to reduce this to a single RPC request that returns both the subnet validators | ||
| // as well as their BLS public keys. | ||
| func (v *CanonicalValidatorClient) GetValidatorSet( |
There was a problem hiding this comment.
can we add to the top of this file the interface implementation check for ValidatorState?
| // Set the BLS keys of the result. | ||
| for _, primaryVdr := range primaryVdrs { | ||
| vdr, ok := res[primaryVdr.NodeID] | ||
| if !ok { |
There was a problem hiding this comment.
can we add documentation that if we have a validator taht we don't find it's public key in primary validator set we still include it for mapping, so it'd affect total stake weight, and need to check whether it has a public key
There was a problem hiding this comment.
Yep, I'll add it below. Worth noting that this case here is actually just if the "GetCurrentValidators" returns an unexpected node ID that wasn't included in the filter in the request body. I'll document that also.
|
outside of PR changes, but looking through the code brought me to https://github.com/ava-labs/awm-relayer/blob/main/relayer/message_relayer.go#L146. Is the comment about "not unique validators as represented by a BLS pubkey" outdated? Looks to me that avalanchego's |
nvm think that comment still applies, since we go through the nodes of each validator set. Might want to pick up this TODO at some point though, outside of PR scope. |
Co-authored-by: cam-schultz <[email protected]> Signed-off-by: Michael Kaplan <[email protected]>
…lic-api-for-get-validators
| res, err := v.client.GetValidatorsAt(ctx, subnetID, height) | ||
| if err != nil { | ||
| v.logger.Debug( | ||
| "P-chain RPC to getValidatorAt returned error. Falling back to getCurrentValidators", |
There was a problem hiding this comment.
should we include the error in log?
There was a problem hiding this comment.
Good call, added
| @@ -34,10 +39,82 @@ func (v *CanonicalValidatorClient) GetSubnetID(ctx context.Context, chainID ids. | |||
| return v.client.ValidatedBy(ctx, chainID) | |||
| } | |||
|
|
|||
| // Gets the current validator set of the given subnet ID, including the validators' BLS public keys. | |||
| // This implementation of GetValidatorSet currently makes two RPC requests, one to get the | |||
There was a problem hiding this comment.
does this need to be updated to getCurrentValidatorSet?
There was a problem hiding this comment.
Yep, updated the comment to remove the name entirely since getCurrentValidatorSet isn't a method in the interface being implemented.
There was a problem hiding this comment.
LGTM, left some nit questions. Also, is it a concern that the canonical_validator_client implements GetValidatorsAt(ctx, subnetID, height) by always querying with current height? I think we only use it when getting signatures so always use latest block height, but seems like we're changing the semantics of the method.
Yeah, |
…lic-api-for-get-validators
| ) | ||
|
|
||
| var _ validators.State = (*CanonicalValidatorClient)(nil) |
There was a problem hiding this comment.
nit: I think the syntax &CanonicalValidatorClient{} on the rhs is a bit cleaner, and it's also what we've used in other places in our repos.
There was a problem hiding this comment.
Sounds good to me. There was one other place in this repo that we were using the (*Type)(nil) syntax, so I updated it there as well 👍
| } | ||
|
|
||
| func NewCanonicalValidatorClient(client platformvm.Client) *CanonicalValidatorClient { | ||
| func NewCanonicalValidatorClient(logger logging.Logger, client platformvm.Client) *CanonicalValidatorClient { |
There was a problem hiding this comment.
Looks like the logger isn't being set in the object instantiation
There was a problem hiding this comment.
Yikes, my bad. Thanks for catching this.
|
I just ran these changes against the testnet subnets to confirm they're working as expected: |
Why this should be merged
These changes allow for the use of the public API endpoints (i.e.
https://api.avax.network) as thep-chain-api-urlconfiguration value of a relayer deployment. This should hopefully make standing up relayer instances easier because it no longer requires running a node that provides the full suite if AvalancheGo APIs.This PR also includes clean up of a mis-capitalized variable name, and well as an unnecessary call to initialize an unsigned warp message instance.
How this works
The public API endpoints do not support
GetValidatorsAtrequests because looking up validator sets at old block heights is a potentially expensive operation. For the purposes of the relayer, it only ever needs the current validator set of a subnet, which can be queried usingGetCurrentValidators, which is supported by the public API endpoints.GetCurrentValidatorshowever only includes the BLS public key of primary network validators. In order to still provide the subnet validator BLS public keys, two RPC requests are made: the first looking up the node IDs of the subnet validators for a given subnet, and then second looking up the BLS public keys associated with the primary network validation periods for those node IDs.How this was tested
Running a relayer instance locally using the public API endpoints at the
p-chain-api-urlvalue.How is this documented
Comments