re-add explicit authorized key

oxheadalpha · Dec 16, 2023 · f74ce19 · f74ce19
1 parent ae4fd48
commit f74ce19
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 22 deletions.
diff --git a/charts/tezos/values.yaml b/charts/tezos/values.yaml
@@ -168,6 +168,11 @@ should_generate_unsafe_deterministic_data: false
 #                            Don't also set `bake_using_accounts`.
 #    - `bake_using_accounts`: List of account names that should be used for baking.
 #                            Don't also set `bake_using_account`.
+#    - `authorized_keys`: List of account names that should be used as keys to
+#                         authenticate a baker to a signer.
+#                         When a baker uses a remote signer that requires
+#                         authentication, the relevant key from this list
+#                         will be used to sign every signature request.
 #    - `config`: Same as the outer statefulset level `config`. It overrides the
 #                statefulset level.
 #    - `is_bootstrap_node`: Boolean for is this node a bootstrap peer.
@@ -470,6 +475,9 @@ expected_proof_of_work: 26
 #   # The name of the account who's public key will be set downstream in
 #   # config.json at `network.genesis_parameters.values.genesis_pubkey`.
 #   activation_account_name: baker0
+#   # if activation account is on a remote signer requiring authorization,
+#   # put authorized key account here
+#   activation_account_authorized_key: authorizedKey0
 #
 ## To join a public network you may set `chain_name` in one of two ways:
 ## - Specify the name of the network which must be recognized by the

diff --git a/utils/config-generator.py b/utils/config-generator.py
@@ -336,20 +336,6 @@ def fill_in_missing_keys(all_accounts):
             account_values["type"] = "secret"
 
 
-def authorized_key_for(account_name):
-    """
-    If `account_name` has a remote signer and this remote signer
-    requires an authorized key, returns it.
-    """
-    for signer_val in OCTEZ_SIGNERS.values():
-        if account_name in signer_val["accounts"]:
-            return (
-                signer_val["authorized_keys"][0]
-                if signer_val["authorized_keys"]
-                else None
-            )
-    return
-
 
 def expose_secret_key(account_name):
     """
@@ -361,10 +347,9 @@ def expose_secret_key(account_name):
     as is the case in Octez client's "secret_keys" file.
     """
     if MY_POD_TYPE == "activating":
-        activation_account = NETWORK_CONFIG["activation_account_name"]
         return account_name in [
-            activation_account,
-            authorized_key_for(activation_account),
+            NETWORK_CONFIG["activation_account_name"],
+            NETWORK_CONFIG["activation_account_authorized_key"]
         ]
 
     if MY_POD_TYPE == "signing":
@@ -377,12 +362,9 @@ def expose_secret_key(account_name):
         return account_name == os.environ["INJECTOR_ACCOUNT"]
 
     if MY_POD_TYPE in ["node", "baker"]:
-        baking_account = MY_POD_CONFIG.get("bake_using_account", "")
-        if account_name in [baking_account, authorized_key_for(baking_account)]:
+        if account_name in MY_POD_CONFIG.get("authorized_keys", {}):
             return True
-        for baking_account in MY_POD_CONFIG.get("bake_using_accounts", {}):
-            if account_name in [baking_account, authorized_key_for(baking_account)]:
-                return True
+        return account_name in MY_POD_CONFIG.get("bake_using_accounts", {})
 
     return False