Merge pull request #18 from logos-co/test-data-confidentiality

Test/data confidentiality
2026-01-05 06:33:11 +00:00 · 2025-06-04 09:40:06 +08:00 · 2025-06-04 09:40:06 +08:00 · ed65b67a31
commit ed65b67a31
parent 12e25787a0 2638314877
9 changed files with 135 additions and 17 deletions
--- a/cluster_config/scripts/run_customized_node.sh
+++ b/cluster_config/scripts/run_customized_node.sh
@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+export CFG_FILE_PATH="/etc/nomos/config.yaml" \
+       CFG_SERVER_ADDR="http://cfgsync:4400" \
+       CFG_HOST_IP=$(hostname -i) \
+       CFG_HOST_IDENTIFIER="validator-$(hostname -i)" \
+       LOG_LEVEL="INFO" \
+       RISC0_DEV_MODE=true
+
+exec /usr/bin/nomos-node /etc/nomos/config.yaml
--- a/requirements.txt
+++ b/requirements.txt
@ -33,11 +33,12 @@ python-dotenv==1.0.1
 pytest-dependency==0.6.0
 PyYAML==6.0.1
 requests==2.31.0
+ruamel.yaml==0.17.21
 setuptools==70.0.0
 tenacity==8.2.3
 typeguard==4.1.5
 typing-inspect==0.9.0
-typing_extensions==4.9.0
+typing_extensions>=4.10
 urllib3==2.2.2
 virtualenv==20.25.0
 Jinja2~=3.1.5
--- a/src/client/nomos_cli.py
+++ b/src/client/nomos_cli.py
@ -30,7 +30,7 @@ class NomosCli:
        self._volumes = nomos_cli[command]["volumes"]
        self._entrypoint = nomos_cli[command]["entrypoint"]

-        container_name = "nomos-cli-" + generate_log_prefix()
+        container_name = "nomos-cli_" + generate_log_prefix()
        self._log_path = os.path.join(DOCKER_LOG_DIR, f"{container_name}__{self._image_name.replace('/', '_')}.log")
        self._docker_manager = DockerManager(self._image_name)
        self._container_name = container_name
--- a/src/client/proxy_client.py
+++ b/src/client/proxy_client.py
@ -25,7 +25,7 @@ class ProxyClient:
        self._volumes = http_proxy[command]["volumes"]
        self._entrypoint = http_proxy[command]["entrypoint"]

-        container_name = "proxy-client-" + generate_log_prefix()
+        container_name = "proxy-client_" + generate_log_prefix()
        self._log_path = os.path.join(DOCKER_LOG_DIR, f"{container_name}__{self._image_name.replace('/', '_')}.log")
        self._docker_manager = DockerManager(self._image_name)
        self._container_name = container_name
--- a/src/env_vars.py
+++ b/src/env_vars.py
@ -21,6 +21,7 @@ NOMOS_IMAGE = get_env_var("NOMOS_IMAGE", DEFAULT_NOMOS_IMAGE)
 DEFAULT_PROXY_IMAGE = "bitnami/configurable-http-proxy:latest"
 HTTP_PROXY_IMAGE = get_env_var("HTTP_PROXY_IMAGE", DEFAULT_PROXY_IMAGE)

+NOMOS_CUSTOM = "nomos_custom"
 NOMOS = "nomos"
 NOMOS_EXECUTOR = "nomos_executor"
 CFGSYNC = "cfgsync"
--- a/src/node/node_vars.py
+++ b/src/node/node_vars.py
@ -1,6 +1,12 @@
 from src.env_vars import NOMOS_IMAGE

 nomos_nodes = {
+    "nomos_custom": {
+        "image": NOMOS_IMAGE,
+        "volumes": ["cluster_config:/etc/nomos", "./kzgrs/kzgrs_test_params:/kzgrs_test_params:z"],
+        "ports": ["3000/udp", "18080/tcp"],
+        "entrypoint": "/etc/nomos/scripts/run_customized_node.sh",
+    },
    "nomos": {
        "image": NOMOS_IMAGE,
        "volumes": ["cluster_config:/etc/nomos", "./kzgrs/kzgrs_test_params:/kzgrs_test_params:z"],
--- a/src/node/nomos_node.py
+++ b/src/node/nomos_node.py
@ -1,6 +1,9 @@
+import io
 import os
+import tarfile

 from src.data_storage import DS
+from src.libs.common import generate_log_prefix
 from src.libs.custom_logger import get_custom_logger
 from tenacity import retry, stop_after_delay, wait_fixed

@ -31,7 +34,8 @@ class NomosNode:
        self._entrypoint = nomos_nodes[node_type]["entrypoint"]
        self._node_type = node_type

-        self._log_path = os.path.join(DOCKER_LOG_DIR, f"{container_name}__{self._image_name.replace('/', '_')}.log")
+        log_prefix = generate_log_prefix()
+        self._log_path = os.path.join(DOCKER_LOG_DIR, f"{container_name}_{log_prefix}__{self._image_name.replace('/', '_')}.log")
        self._docker_manager = DockerManager(self._image_name)
        self._container_name = container_name
        self._container = None
@ -112,7 +116,11 @@ class NomosNode:
            logger.info("REST service is ready !!")

        if self.is_nomos():
-            check_ready()
+            try:
+                check_ready()
+            except Exception as ex:
+                logger.error(f"REST service did not become ready in time: {ex}")
+                raise

    def is_nomos(self):
        return "nomos" in self._container_name
@ -126,6 +134,9 @@ class NomosNode:
    def name(self):
        return self._container_name

+    def get_archive(self, path):
+        return self._container.get_archive(path)
+
    def api_port(self):
        return self._tcp_port

@ -152,6 +163,21 @@ class NomosNode:
        else:
            logger.debug("No keyword matches found in the logs.")

+    def extract_config(self, target_file):
+        # Copy the config file from first node
+        stream, _stat = self.get_archive("/config.yaml")
+
+        # Join stream into bytes and load into a memory buffer
+        tar_bytes = io.BytesIO(b"".join(stream))
+
+        # Extract and write only the actual config file
+        with tarfile.open(fileobj=tar_bytes) as tar:
+            member = tar.getmembers()[0]
+            file_obj = tar.extractfile(member)
+            if file_obj:
+                with open(f"{target_file}", "wb") as f:
+                    f.write(file_obj.read())
+
    def send_dispersal_request(self, data):
        return self._api.da_disperse_data(data)

--- a/src/steps/common.py
+++ b/src/steps/common.py
@ -65,12 +65,7 @@ class StepsCommon:
        self.node3 = NomosNode(NOMOS_EXECUTOR, "nomos_node_1")
        self.main_nodes.extend([self.node1, self.node2, self.node3])
        start_nodes(self.main_nodes)
-
-        try:
-            ensure_nodes_ready(self.main_nodes[1:])
-        except Exception as ex:
-            logger.error(f"REST service did not become ready in time: {ex}")
-            raise
+        ensure_nodes_ready(self.main_nodes[1:])

        delay(CONSENSUS_SLOT_TIME)

@ -90,12 +85,7 @@ class StepsCommon:
        self.node5 = NomosNode(NOMOS_EXECUTOR, "nomos_node_3")
        self.main_nodes.extend([self.node1, self.node2, self.node3, self.node4, self.node5])
        start_nodes(self.main_nodes)
-
-        try:
-            ensure_nodes_ready(self.main_nodes[1:])
-        except Exception as ex:
-            logger.error(f"REST service did not become ready in time: {ex}")
-            raise
+        ensure_nodes_ready(self.main_nodes[1:])

        delay(CONSENSUS_SLOT_TIME)

@ -118,3 +108,7 @@ class StepsCommon:
            default_target = [f"http://{self.main_nodes[1 + i % 2].name()}:18080"]
            proxy_client.run(input_values=default_target)
            self.client_nodes.append(proxy_client)
+
+    @pytest.fixture(params=["setup_2_node_cluster", "setup_4_node_cluster"])
+    def setup_cluster_variant(self, request):
+        return request.getfixturevalue(request.param)
--- a/tests/data_confidentiality/test_data_confidentiality.py
+++ b/tests/data_confidentiality/test_data_confidentiality.py
@ -0,0 +1,78 @@
+import io
+import json
+import tarfile
+
+import pytest
+from ruamel.yaml import YAML
+
+from src.client.nomos_cli import NomosCli
+from src.env_vars import CONSENSUS_SLOT_TIME, NOMOS_CUSTOM
+from src.libs.common import delay, to_app_id, to_index
+from src.libs.custom_logger import get_custom_logger
+from src.node.nomos_node import NomosNode
+from src.steps.da import StepsDataAvailability
+from src.test_data import DATA_TO_DISPERSE
+
+logger = get_custom_logger(__name__)
+
+
+def modify_key_value(file_path, yaml_key_paths):
+    yaml = YAML()
+    yaml.preserve_quotes = True
+
+    with open(file_path, "r") as f:
+        data = yaml.load(f)
+
+    for yaml_key_path in yaml_key_paths:
+        keys = yaml_key_path.split(".")
+        ref = data
+        for key in keys[:-1]:
+            if key not in ref:
+                raise KeyError(f"Key '{key}' not found in path '{'.'.join(keys)}'")
+            ref = ref[key]
+
+        final_key = keys[-1]
+        if final_key not in ref:
+            raise KeyError(f"Key '{final_key}' not found in path '{'.'.join(keys)}'")
+
+        old_value = ref[final_key]
+        # Swap last two characters
+        ref[final_key] = old_value[:-2] + old_value[-1] + old_value[-2]
+
+    with open(file_path, "w") as f:
+        yaml.dump(data, f)
+
+
+class TestDataConfidentiality(StepsDataAvailability):
+    main_nodes = []
+
+    @pytest.mark.usefixtures("setup_cluster_variant")
+    def test_unauthorized_node_cannot_receive_dispersed_data(self):
+        self.disperse_data(DATA_TO_DISPERSE[1], to_app_id(1), to_index(0))
+        delay(CONSENSUS_SLOT_TIME)
+        rcv_data = self.get_data_range(self.node2, to_app_id(1), to_index(0), to_index(5))
+        rcv_data_json = json.dumps(rcv_data)
+
+        decoded_data = NomosCli(command="reconstruct").run(input_values=[rcv_data_json], decode_only=True)
+
+        assert DATA_TO_DISPERSE[1] == decoded_data, "Retrieved data are not same with original data"
+
+        self.node2.extract_config("./cluster_config/config.yaml")
+        self.node2.stop()
+
+        # Change the private key -> PeerId of the nomos_node_0. This would create a stranger to existing membership list.
+        yaml_key_paths = ["network.backend.node_key", "blend.backend.node_key", "da_network.backend.node_key"]
+        modify_key_value("./cluster_config/config.yaml", yaml_key_paths)
+
+        # Start new node with the same hostname and configuration as first node
+        self.nodeX = NomosNode(NOMOS_CUSTOM, "nomos_node_0")
+        self.nodeX.start()
+        self.nodeX.ensure_ready()
+
+        # Confirm new node haven't received any dispersed data as it is not on membership list.
+        self.disperse_data(DATA_TO_DISPERSE[2], to_app_id(2), to_index(0))
+        delay(CONSENSUS_SLOT_TIME)
+        try:
+            _rcv_data = self.get_data_range(self.nodeX, to_app_id(2), to_index(0), to_index(5))
+        except AssertionError as ae:
+            assert "Get data range response is empty" in str(ae), "Get data range response should be empty"