op-wheel: add option to provide jwt secret as argument rather than file path (#11568)

* op-wheel: add option to provide jwt secret as argument rather than file path * op-wheel: handle empty var, define precedence in CLI doc, error handling on JWT secret parsing --------- Co-authored-by: protolambda <proto@protolambda.com>

op-wheel: add option to provide jwt secret as argument rather than file path (#11568)
* op-wheel: add option to provide jwt secret as argument rather than file path * op-wheel: handle empty var, define precedence in CLI doc, error handling on JWT secret parsing --------- Co-authored-by: protolambda <proto@protolambda.com>
33e925d3 · Sebastian Stammler · GitHub · 93361d0d · 33e925d3
Commit 33e925d3 authored Aug 22, 2024 by Sebastian Stammler Committed by GitHub Aug 22, 2024
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 7 deletions

commands.go op-wheel/commands.go +33 -7

No files found.
--- a/op-wheel/commands.go
+++ b/op-wheel/commands.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"math/big"
@@ -59,12 +60,16 @@ var (
 		Value:    "http://localhost:8551/",
 		EnvVars:  prefixEnvVars("ENGINE"),
 	}
+	EngineJWT = &cli.StringFlag{
+		Name:    "engine.jwt-secret",
+		Usage:   "JWT secret used to authenticate Engine API communication with. Takes precedence over engine.jwt-secret-path.",
+		EnvVars: prefixEnvVars("ENGINE_JWT_SECRET"),
+	}
 	EngineJWTPath = &cli.StringFlag{
-		Name:      "engine.jwt-secret",
+		Name:      "engine.jwt-secret-path",
 		Usage:     "Path to JWT secret file used to authenticate Engine API communication with.",
-		Required:  true,
 		TakesFile: true,
-		EnvVars:   prefixEnvVars("ENGINE_JWT_SECRET"),
+		EnvVars:   prefixEnvVars("ENGINE_JWT_SECRET_PATH"),
 	}
 	EngineOpenEndpoint = &cli.StringFlag{
 		Name:    "engine.open",
@@ -116,7 +121,7 @@ var (

 func withEngineFlags(flags ...cli.Flag) []cli.Flag {
 	return append(append(flags,
-		EngineEndpoint, EngineJWTPath, EngineOpenEndpoint, EngineVersion),
+		EngineEndpoint, EngineJWT, EngineJWTPath, EngineOpenEndpoint, EngineVersion),
 		oplog.CLIFlags(envVarPrefix)...)
 }

@@ -177,16 +182,37 @@ func initLogger(ctx *cli.Context) log.Logger {
 }

 func initEngineRPC(ctx *cli.Context, lgr log.Logger) (client.RPC, error) {
-	jwtData, err := os.ReadFile(ctx.String(EngineJWTPath.Name))
+	jwtString := ctx.String(EngineJWT.Name) // no IsSet check; allow empty value to be overridden
+	if jwtString == "" {
+		if ctx.IsSet(EngineJWTPath.Name) {
+			jwtData, err := os.ReadFile(ctx.String(EngineJWTPath.Name))
+			if err != nil {
+				return nil, fmt.Errorf("failed to read jwt: %w", err)
+			}
+			jwtString = string(jwtData)
+		} else {
+			return nil, errors.New("neither JWT secret string nor path provided")
+		}
+	}
+	secret, err := parseJWTSecret(jwtString)
 	if err != nil {
-		return nil, fmt.Errorf("failed to read jwt: %w", err)
+		return nil, err
 	}
-	secret := common.HexToHash(strings.TrimSpace(string(jwtData)))
 	endpoint := ctx.String(EngineEndpoint.Name)
 	return client.NewRPC(ctx.Context, lgr, endpoint,
 		client.WithGethRPCOptions(rpc.WithHTTPAuth(node.NewJWTAuth(secret))))
 }

+func parseJWTSecret(v string) (common.Hash, error) {
+	v = strings.TrimSpace(v)
+	v = "0x" + strings.TrimPrefix(v, "0x") // ensure prefix is there
+	var out common.Hash
+	if err := out.UnmarshalText([]byte(v)); err != nil {
+		return common.Hash{}, fmt.Errorf("failed to parse JWT secret: %w", err)
+	}
+	return out, nil
+}
+
 func initVersionProvider(ctx *cli.Context, lgr log.Logger) (sources.EngineVersionProvider, error) {
 	// static configuration takes precedent, if set
 	if ctx.IsSet(EngineVersion.Name) {