Expose node public port correctly (#2035)

Author: achamayou

CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
 
 - Snapshots are generated by default on the current primary node, every `10,000` committed transaction (#2029).
+- Node information exposed in the API now correctly reports the public port when it differs from the local one. (#2001)
 - All `/gov` endpoints accept signature authentication again. Read-only `/gov` endpoints had been incorrectly changed in [0.16.1] to accept session certification authentication only (#2033).
 
 ## [0.16.1]

src/host/main.cpp

@@ -624,6 +624,10 @@ int main(int argc, char** argv)
         fmt::format("{}\n{}", rpc_address.hostname, rpc_address.port),
         rpc_address_file);
     }
+    if (public_rpc_address.port == "0")
+    {
+      public_rpc_address.port = rpc_address.port;
+    }
 
     // Initialise the enclave and create a CCF node in it
     const size_t certificate_size = 4096;
@@ -655,7 +659,8 @@ int main(int argc, char** argv)
                                     public_rpc_address.hostname,
                                     node_address.hostname,
                                     node_address.port,
-                                    rpc_address.port};
+                                    rpc_address.port,
+                                    public_rpc_address.port};
     ccf_config.domain = domain;
     ccf_config.snapshot_tx_interval = snapshot_tx_interval;
 

src/node/node_info_network.h

@@ -17,10 +17,11 @@ namespace ccf
     std::string nodehost;
     std::string nodeport;
     std::string rpcport;
+    std::string pubport;
 
-    MSGPACK_DEFINE(rpchost, pubhost, nodehost, nodeport, rpcport);
+    MSGPACK_DEFINE(rpchost, pubhost, nodehost, nodeport, rpcport, pubport);
   };
   DECLARE_JSON_TYPE(NodeInfoNetwork);
   DECLARE_JSON_REQUIRED_FIELDS(
-    NodeInfoNetwork, rpchost, pubhost, nodehost, nodeport, rpcport);
+    NodeInfoNetwork, rpchost, pubhost, nodehost, nodeport, rpcport, pubport);
 }

src/node/rpc/common_endpoint_registry.h

@@ -173,7 +173,7 @@ namespace ccf
             GetPrimaryInfo::Out out;
             out.primary_id = primary_id;
             out.primary_host = info->pubhost;
-            out.primary_port = info->rpcport;
+            out.primary_port = info->pubport;
             out.current_view = current_view;
             return make_success(out);
           }
@@ -202,7 +202,7 @@ namespace ccf
         nodes_view->foreach([&out](const NodeId& nid, const NodeInfo& ni) {
           if (ni.status == ccf::NodeStatus::TRUSTED)
           {
-            out.nodes.push_back({nid, ni.pubhost, ni.rpcport});
+            out.nodes.push_back({nid, ni.pubhost, ni.pubport});
           }
           return true;
         });
@@ -242,7 +242,7 @@ namespace ccf
         auto nodes_view =
           args.tx.template get_read_only_view<Nodes>(Tables::NODES);
         nodes_view->foreach([&in, &out](const NodeId& nid, const NodeInfo& ni) {
-          if (ni.rpchost == in.host && ni.rpcport == in.port)
+          if (ni.pubhost == in.host && ni.pubport == in.port)
           {
             if (ni.status != ccf::NodeStatus::RETIRED || in.retired)
             {

src/node/rpc/frontend.h

@@ -135,7 +135,7 @@ namespace ccf
           {
             ctx->set_response_header(
               http::headers::LOCATION,
-              fmt::format("{}:{}", info->pubhost, info->rpcport));
+              fmt::format("{}:{}", info->pubhost, info->pubport));
           }
         }
 

src/node/rpc/node_frontend.h

@@ -367,7 +367,7 @@ namespace ccf
               args.rpc_ctx->set_response_header(
                 "Location",
                 fmt::format(
-                  "https://{}:{}/node/primary", info->pubhost, info->rpcport));
+                  "https://{}:{}/node/primary", info->pubhost, info->pubport));
             }
           }
         }

tests/code_update.py

@@ -40,7 +40,7 @@ def test_verify_quotes(network, args):
         assert (
             infra.proc.ccall(
                 "verify_quote.sh",
-                f"https://{node.pubhost}:{node.rpc_port}",
+                f"https://{node.pubhost}:{node.pubport}",
                 "--cacert",
                 f"{cafile}",
                 log_output=True,

tests/e2e_logging.py

@@ -58,7 +58,7 @@ def test_illegal(network, args, verify=True):
     )
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     conn = context.wrap_socket(sock, server_side=False, server_hostname=primary.host)
-    conn.connect((primary.host, primary.rpc_port))
+    conn.connect((primary.host, primary.pubport))
     conn.sendall(b"NOTAVERB ")
     rv = conn.recv(1024)
     assert rv == b"", rv
@@ -593,7 +593,7 @@ def test_primary(network, args):
         assert r.status_code == http.HTTPStatus.PERMANENT_REDIRECT.value
         assert (
             r.headers["location"]
-            == f"https://{primary.pubhost}:{primary.rpc_port}/node/primary"
+            == f"https://{primary.pubhost}:{primary.pubport}/node/primary"
         )
     return network
 

tests/e2e_scenarios.py

@@ -76,9 +76,9 @@ def run(args):
 
     if args.network_only:
         LOG.info("Keeping network alive with the following nodes:")
-        LOG.info("  Primary = {}:{}".format(primary.pubhost, primary.rpc_port))
+        LOG.info("  Primary = {}:{}".format(primary.pubhost, primary.pubport))
         for i, f in enumerate(backups):
-            LOG.info("  Backup[{}] = {}:{}".format(i, f.pubhost, f.rpc_port))
+            LOG.info("  Backup[{}] = {}:{}".format(i, f.pubhost, f.pubport))
 
         input("Press Enter to shutdown...")
 

tests/governance.py

@@ -83,7 +83,7 @@ def test_quote(network, args, verify=True):
                 assert "Evidence verification succeeded (0)." in out
 
             node = network.nodes[quote["node_id"]]
-            node_cert = ssl.get_server_certificate((node.pubhost, node.rpc_port))
+            node_cert = ssl.get_server_certificate((node.pubhost, node.pubport))
             public_key = x509.load_pem_x509_certificate(
                 node_cert.encode(), default_backend()
             ).public_key()
@@ -198,7 +198,7 @@ def test_node_ids(network, args):
     nodes = network.find_nodes()
     for node in nodes:
         with node.client() as c:
-            r = c.get(f'/node/node/ids?host="{node.pubhost}"&port="{node.rpc_port}"')
+            r = c.get(f'/node/node/ids?host="{node.pubhost}"&port="{node.pubport}"')
             assert r.status_code == 200
             assert r.body.json()["nodes"] == [
                 {"node_id": node.node_id, "status": "TRUSTED"}