recovery from key - store the parties being migrated in the local db for recovery in case of failure (#3201)

Signed-off-by: Nicu Reut <[email protected]>

Author: nicu-da

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/ValidatorReonboardingIntegrationTest.scala

@@ -1,14 +1,15 @@
 package org.lfdecentralizedtrust.splice.integration.tests
 
-import org.lfdecentralizedtrust.splice.config.ConfigTransforms.bumpUrl
-import org.lfdecentralizedtrust.splice.config.{
-  AuthTokenSourceConfig,
-  NetworkAppClientConfig,
-  ParticipantBootstrapDumpConfig,
-  ParticipantClientConfig,
-  SpliceConfig,
-}
+import com.digitalasset.canton.config.CantonRequireTypes.InstanceName
+import com.digitalasset.canton.config.RequireTypes.Port
+import com.digitalasset.canton.config.{DbConfig, FullClientConfig}
+import com.digitalasset.canton.data.CantonTimestamp
 import com.digitalasset.canton.logging.SuppressionRule
+import com.digitalasset.canton.topology.{ForceFlag, ParticipantId, PartyId}
+import com.typesafe.config.ConfigValueFactory
+import org.apache.pekko.http.scaladsl.model.Uri
+import org.lfdecentralizedtrust.splice.config.*
+import org.lfdecentralizedtrust.splice.config.ConfigTransforms.bumpUrl
 import org.lfdecentralizedtrust.splice.environment.RetryFor
 import org.lfdecentralizedtrust.splice.identities.NodeIdentitiesDump
 import org.lfdecentralizedtrust.splice.integration.EnvironmentDefinition
@@ -22,13 +23,8 @@ import org.lfdecentralizedtrust.splice.validator.config.{
   MigrateValidatorPartyConfig,
   ValidatorCantonIdentifierConfig,
 }
-import com.digitalasset.canton.config.CantonRequireTypes.InstanceName
-import com.digitalasset.canton.config.{DbConfig, FullClientConfig}
-import com.digitalasset.canton.config.RequireTypes.Port
-import com.digitalasset.canton.data.CantonTimestamp
-import com.digitalasset.canton.topology.{ForceFlag, ParticipantId, PartyId}
-import com.typesafe.config.ConfigValueFactory
-import org.apache.pekko.http.scaladsl.model.Uri
+import org.lfdecentralizedtrust.splice.validator.migration.ParticipantPartyMigrator
+import org.lfdecentralizedtrust.splice.validator.store.ValidatorConfigProvider
 import org.scalatest.time.{Minute, Span}
 import org.slf4j.event.Level
 
@@ -316,7 +312,11 @@ class ValidatorReonboardingIntegrationTest extends ValidatorReonboardingIntegrat
       "EXTRA_PARTICIPANT_ADMIN_USER" -> aliceValidatorLocalBackend.config.ledgerApiUser,
       "EXTRA_PARTICIPANT_DB" -> newParticipantDb,
     ) {
-      loggerFactory.assertLogsSeq(SuppressionRule.LevelAndAbove(Level.WARN))(
+      loggerFactory.assertLogsSeq(
+        SuppressionRule.forLogger[ParticipantPartyMigrator] || SuppressionRule
+          .forLogger[ValidatorConfigProvider] || SuppressionRule
+          .LevelAndAbove(Level.WARN)
+      )(
         {
           aliceValidatorLocalBackend.startSync()
         },
@@ -327,6 +327,16 @@ class ValidatorReonboardingIntegrationTest extends ValidatorReonboardingIntegrat
               "not be able to migrate due to an unsupported namespace"
             )
           }
+          forExactly(1, entries) {
+            _.message should include(
+              "Storing all the hosted parties (4) in the database to recover in case of failures"
+            )
+          }
+          forExactly(1, entries) {
+            _.message should include(
+              "Clearing parties that were migrated"
+            )
+          }
         },
       )
 
@@ -418,7 +428,7 @@ class ValidatorReonboardingWithPartiesToMigrateIntegrationTest
   // (which will fail unless we migrate all parties) despite migrating the operator party.
   // This can only work if there is no collision between the participant admin party and
   // the validator operator party.
-  override val aliceValidatorParticipantNameHint = s"${aliceValidatorPartyHint}-participant";
+  override val aliceValidatorParticipantNameHint = s"$aliceValidatorPartyHint-participant";
 
   // we bootstrap from dump so we can predict the party IDs
   val testDumpDir: Path = Paths.get("apps/app/src/test/resources/dumps")
@@ -459,7 +469,7 @@ class ValidatorReonboardingWithPartiesToMigrateIntegrationTest
         testResourcesPath / "standalone-participant-extra-no-auth.conf",
       ),
       Seq.empty,
-      "alice-participant",
+      "alice-reonboard-from-key-database",
       "EXTRA_PARTICIPANT_ADMIN_USER" -> aliceValidatorLocalBackend.config.ledgerApiUser,
       "EXTRA_PARTICIPANT_DB" -> oldParticipantDb,
     ) {

apps/common/src/main/scala/org/lfdecentralizedtrust/splice/environment/TopologyAdminConnection.scala

@@ -1384,8 +1384,8 @@ abstract class TopologyAdminConnection(
     runCmd(VaultAdminCommands.ImportKeyPair(ByteString.copyFrom(keyPair), name, password = None))
   }
 
-  private def listSynchronizerTrustCertificate(synchronizerId: SynchronizerId, member: Member)(
-      implicit tc: TraceContext
+  def listSynchronizerTrustCertificate(synchronizerId: SynchronizerId, member: Member)(implicit
+      tc: TraceContext
   ): Future[Seq[TopologyResult[SynchronizerTrustCertificate]]] =
     runCmd(
       TopologyAdminCommands.Read.ListSynchronizerTrustCertificate(

apps/common/src/main/scala/org/lfdecentralizedtrust/splice/util/FutureUnlessShutdownUtil.scala

@@ -22,6 +22,7 @@ object FutureUnlessShutdownUtil {
   )(implicit ec: ExecutionContext): OptionT[Future, A] = {
     OptionT(futureUnlessShutdownToFuture(f.value))
   }
+
   implicit class FutureUnlessShutdownOps[A](val f: FutureUnlessShutdown[A]) extends AnyVal {
     def toFuture(implicit ec: ExecutionContext): Future[A] =
       f.failOnShutdownToAbortException("Splice unsafe shutdown future")

apps/common/src/test/scala/org/lfdecentralizedtrust/splice/util/SpliceRateLimiterTest.scala

@@ -10,7 +10,6 @@ import org.apache.pekko.stream.Materializer
 import org.apache.pekko.stream.scaladsl.{Sink, Source}
 import org.apache.pekko.stream.testkit.StreamSpec
 import org.lfdecentralizedtrust.splice.admin.api.client.commands.HttpCommandException
-import org.lfdecentralizedtrust.splice.util.{SpliceRateLimitMetrics, SpliceRateLimiter}
 import org.lfdecentralizedtrust.splice.util.SpliceRateLimiterTest.runRateLimited
 
 import scala.concurrent.Future

apps/validator/src/main/scala/org/lfdecentralizedtrust/splice/validator/ValidatorApp.scala

@@ -6,13 +6,36 @@ package org.lfdecentralizedtrust.splice.validator
 import cats.implicits.{catsSyntaxApplicativeByValue as _, *}
 import com.daml.grpc.adapter.ExecutionSequencerFactory
 import com.daml.ledger.javaapi.data.User
+import com.digitalasset.canton.SynchronizerAlias
+import com.digitalasset.canton.concurrent.FutureSupervisor
+import com.digitalasset.canton.config.CantonRequireTypes.InstanceName
+import com.digitalasset.canton.config.ProcessingTimeout
+import com.digitalasset.canton.config.RequireTypes.NonNegativeLong
+import com.digitalasset.canton.data.CantonTimestamp
+import com.digitalasset.canton.ledger.api.util.DurationConversion
+import com.digitalasset.canton.lifecycle.LifeCycle
+import com.digitalasset.canton.logging.{NamedLoggerFactory, TracedLogger}
+import com.digitalasset.canton.resource.{DbStorage, Storage}
+import com.digitalasset.canton.time.Clock
+import com.digitalasset.canton.topology.{PartyId, SynchronizerId}
+import com.digitalasset.canton.tracing.{TraceContext, TracerProvider}
+import com.digitalasset.canton.util.MonadUtil
+import com.google.protobuf.ByteString
+import io.grpc.Status
+import io.opentelemetry.api.trace.Tracer
+import org.apache.pekko.actor.ActorSystem
+import org.apache.pekko.http.cors.scaladsl.CorsDirectives.*
+import org.apache.pekko.http.cors.scaladsl.settings.CorsSettings
+import org.apache.pekko.http.scaladsl.model.HttpMethods
+import org.apache.pekko.http.scaladsl.server.Directives.*
+import org.apache.pekko.http.scaladsl.server.directives.BasicDirectives
 import org.lfdecentralizedtrust.splice.admin.api.TraceContextDirectives.withTraceContext
 import org.lfdecentralizedtrust.splice.admin.http.{AdminRoutes, HttpErrorHandler}
+import org.lfdecentralizedtrust.splice.auth.*
 import org.lfdecentralizedtrust.splice.automation.{
   DomainParamsAutomationService,
   DomainTimeAutomationService,
 }
-import org.lfdecentralizedtrust.splice.auth.*
 import org.lfdecentralizedtrust.splice.config.{NetworkAppClientConfig, SharedSpliceAppParameters}
 import org.lfdecentralizedtrust.splice.environment.*
 import org.lfdecentralizedtrust.splice.environment.ledger.api.DedupDuration
@@ -31,80 +54,48 @@ import org.lfdecentralizedtrust.splice.migration.{
   ParticipantUsersDataRestorer,
 }
 import org.lfdecentralizedtrust.splice.scan.admin.api.client
+import org.lfdecentralizedtrust.splice.scan.admin.api.client.BftScanConnection.BftScanClientConfig
 import org.lfdecentralizedtrust.splice.scan.admin.api.client.{
   BftScanConnection,
   MinimalScanConnection,
   SingleScanConnection,
 }
-import org.lfdecentralizedtrust.splice.scan.admin.api.client.BftScanConnection.BftScanClientConfig
 import org.lfdecentralizedtrust.splice.scan.config.ScanAppClientConfig
-import org.lfdecentralizedtrust.splice.setup.{
-  NodeInitializer,
-  ParticipantInitializer,
-  ParticipantPartyMigrator,
-}
-import org.lfdecentralizedtrust.splice.store.{AppStoreWithIngestion, HistoryMetrics, UpdateHistory}
+import org.lfdecentralizedtrust.splice.setup.{NodeInitializer, ParticipantInitializer}
+import org.lfdecentralizedtrust.splice.store.AppStoreWithIngestion.SpliceLedgerConnectionPriority
 import org.lfdecentralizedtrust.splice.store.MultiDomainAcsStore.QueryResult
-import org.lfdecentralizedtrust.splice.util.{
-  AmuletConfigSchedule,
-  BackupDump,
-  HasHealth,
-  PackageVetting,
-  SpliceCircuitBreaker,
-}
+import org.lfdecentralizedtrust.splice.store.UpdateHistory.BackfillingRequirement
+import org.lfdecentralizedtrust.splice.store.{AppStoreWithIngestion, HistoryMetrics, UpdateHistory}
+import org.lfdecentralizedtrust.splice.util.*
 import org.lfdecentralizedtrust.splice.validator.admin.http.*
 import org.lfdecentralizedtrust.splice.validator.automation.{
   ValidatorAutomationService,
   ValidatorPackageVettingTrigger,
 }
-import org.lfdecentralizedtrust.splice.validator.config.{
-  AppInstance,
-  MigrateValidatorPartyConfig,
-  ValidatorAppBackendConfig,
-  ValidatorCantonIdentifierConfig,
-  ValidatorOnboardingConfig,
-}
+import org.lfdecentralizedtrust.splice.validator.config.*
 import org.lfdecentralizedtrust.splice.validator.domain.DomainConnector
 import org.lfdecentralizedtrust.splice.validator.metrics.ValidatorAppMetrics
-import org.lfdecentralizedtrust.splice.validator.migration.DomainMigrationDump
-import org.lfdecentralizedtrust.splice.validator.store.ValidatorStore
+import org.lfdecentralizedtrust.splice.validator.migration.{
+  DomainMigrationDump,
+  ParticipantPartyMigrator,
+}
+import org.lfdecentralizedtrust.splice.validator.store.{
+  ValidatorConfigProvider,
+  ValidatorInternalStore,
+  ValidatorStore,
+}
 import org.lfdecentralizedtrust.splice.validator.util.ValidatorUtil
-import org.lfdecentralizedtrust.splice.wallet.{ExternalPartyWalletManager, UserWalletManager}
 import org.lfdecentralizedtrust.splice.wallet.admin.http.{
   HttpExternalWalletHandler,
   HttpWalletHandler,
 }
 import org.lfdecentralizedtrust.splice.wallet.automation.UserWalletAutomationService
 import org.lfdecentralizedtrust.splice.wallet.util.ValidatorTopupConfig
-import org.lfdecentralizedtrust.tokenstandard.metadata.v1.Resource as TokenStandardMetadataResource
-import org.lfdecentralizedtrust.tokenstandard.transferinstruction.v1.Resource as TokenStandardTransferInstructionResource
+import org.lfdecentralizedtrust.splice.wallet.{ExternalPartyWalletManager, UserWalletManager}
 import org.lfdecentralizedtrust.tokenstandard.allocation.v1.Resource as TokenStandardAllocationResource
 import org.lfdecentralizedtrust.tokenstandard.allocationinstruction.v1.Resource as TokenStandardAllocationInstructionResource
-import com.digitalasset.canton.concurrent.FutureSupervisor
-import com.digitalasset.canton.config.CantonRequireTypes.InstanceName
-import com.digitalasset.canton.config.ProcessingTimeout
-import com.digitalasset.canton.config.RequireTypes.NonNegativeLong
-import com.digitalasset.canton.data.CantonTimestamp
-import com.digitalasset.canton.ledger.api.util.DurationConversion
-import com.digitalasset.canton.lifecycle.LifeCycle
-import com.digitalasset.canton.logging.{NamedLoggerFactory, TracedLogger}
-import com.digitalasset.canton.resource.{DbStorage, Storage}
-import com.digitalasset.canton.time.Clock
-import com.digitalasset.canton.topology.{PartyId, SynchronizerId}
-import com.digitalasset.canton.tracing.{TraceContext, TracerProvider}
-import com.digitalasset.canton.util.MonadUtil
-import com.digitalasset.canton.SynchronizerAlias
-import io.grpc.Status
-import io.opentelemetry.api.trace.Tracer
-import org.apache.pekko.actor.ActorSystem
-import org.apache.pekko.http.cors.scaladsl.CorsDirectives.*
-import org.apache.pekko.http.cors.scaladsl.settings.CorsSettings
-import org.apache.pekko.http.scaladsl.model.HttpMethods
-import org.apache.pekko.http.scaladsl.server.Directives.*
-import org.apache.pekko.http.scaladsl.server.directives.BasicDirectives
-import com.google.protobuf.ByteString
-import org.lfdecentralizedtrust.splice.store.AppStoreWithIngestion.SpliceLedgerConnectionPriority
-import org.lfdecentralizedtrust.splice.store.UpdateHistory.BackfillingRequirement
+import org.lfdecentralizedtrust.tokenstandard.metadata.v1.Resource as TokenStandardMetadataResource
+import org.lfdecentralizedtrust.tokenstandard.transferinstruction.v1.Resource as TokenStandardTransferInstructionResource
 
 import scala.concurrent.{ExecutionContextExecutor, Future}
 import scala.util.{Failure, Success}
@@ -334,10 +325,15 @@ class ValidatorApp(
                   .getOrElse(
                     BaseLedgerConnection.sanitizeUserIdToPartyString(config.ledgerApiUser)
                   )
+                val configProvider = new ValidatorConfigProvider(
+                  ValidatorInternalStore(storage, loggerFactory),
+                  loggerFactory,
+                )
                 val participantPartyMigrator = new ParticipantPartyMigrator(
                   connection,
                   participantAdminConnection,
                   config.domains.global.alias,
+                  configProvider,
                   loggerFactory,
                 )
                 appInitStep("Migrating party data") {
@@ -823,6 +819,10 @@ class ValidatorApp(
         readOnlyLedgerConnection,
         loggerFactory,
       )
+      configProvider = new ValidatorConfigProvider(
+        ValidatorInternalStore(storage, loggerFactory),
+        loggerFactory,
+      )
       walletManagerOpt =
         if (config.enableWallet) {
           val externalPartyWalletManager = new ExternalPartyWalletManager(
@@ -1213,6 +1213,7 @@ class ValidatorApp(
         domainTimeAutomationService,
         domainParamsAutomationService,
         store,
+        configProvider,
         automation,
         walletManagerOpt,
         timeouts,
@@ -1234,6 +1235,7 @@ object ValidatorApp {
       domainTimeAutomationService: DomainTimeAutomationService,
       domainParamsAutomationService: DomainParamsAutomationService,
       store: ValidatorStore,
+      configProvider: ValidatorConfigProvider,
       automation: ValidatorAutomationService,
       walletManager: Option[UserWalletManager],
       timeouts: ProcessingTimeout,