refactor(ic-admin): Construct Registry client and keys using the canonical functions.#10734
refactor(ic-admin): Construct Registry client and keys using the canonical functions.#10734Bownairo wants to merge 1 commit into
Conversation
e68d415 to
1d5d51d
Compare
There was a problem hiding this comment.
This pull request changes code owned by the Governance team. Therefore, make sure that
you have considered the following (for Governance-owned code):
-
Update
unreleased_changelog.md(if there are behavior changes, even if they are
non-breaking). -
Are there BREAKING changes?
-
Is a data migration needed?
-
Security review?
How to Satisfy This Automatic Review
-
Go to the bottom of the pull request page.
-
Look for where it says this bot is requesting changes.
-
Click the three dots to the right.
-
Select "Dismiss review".
-
In the text entry box, respond to each of the numbered items in the previous
section, declare one of the following:
-
Done.
-
$REASON_WHY_NO_NEED. E.g. for
unreleased_changelog.md, "No
canister behavior changes.", or for item 2, "Existing APIs
behave as before.".
Brief Guide to "Externally Visible" Changes
"Externally visible behavior change" is very often due to some NEW canister API.
Changes to EXISTING APIs are more likely to be "breaking".
If these changes are breaking, make sure that clients know how to migrate, how to
maintain their continuity of operations.
If your changes are behind a feature flag, then, do NOT add entrie(s) to
unreleased_changelog.md in this PR! But rather, add entrie(s) later, in the PR
that enables these changes in production.
Reference(s)
For a more comprehensive checklist, see here.
GOVERNANCE_CHECKLIST_REMINDER_DEDUP
|
✅ No security or compliance issues detected. Reviewed everything up to 1d5d51d. Security Overview
Detected Code Changes
|
ic-admin
No canister behavior changes.
ic-admin|
I changed the title. PTAL. |
| if let Some(secret_key_path) = opts.secret_key_pem { | ||
| if let Some(secret_key_path) = &opts.secret_key_pem { | ||
| let contents = read_to_string(secret_key_path).expect("Could not read key file"); | ||
| let sig_keys = SigKeys::from_pem(&contents).expect("Failed to parse pem file"); | ||
| Sender::SigKeys(sig_keys) | ||
| } else if opts.use_hsm { | ||
| make_hsm_sender( | ||
| &opts.hsm_slot.expect( | ||
| opts.hsm_slot.as_ref().expect( | ||
| "HSM slot must also be provided for --use-hsm; use --hsm-slot or see --help.", | ||
| ), | ||
| &opts.hsm_key_id.expect( | ||
| opts.hsm_key_id.as_ref().expect( | ||
| "HSM key ID must also be provided for --use-hsm; use --key-id or see --help.", | ||
| ), | ||
| &opts.hsm_pin.expect( | ||
| opts.hsm_pin.as_ref().expect( |
There was a problem hiding this comment.
This changes seems to be orthogonal? Do you simply need to merge from master (or rebase)?
| nns_url, | ||
| )), | ||
| None, | ||
| fn get_api_boundary_node_ids(opts: Opts, nns_url: Vec<Url>) -> Vec<String> { |
There was a problem hiding this comment.
Could you pass Registry client itself? (As opposed to passing parameters needed to construct it.)
One thing I don't like about passing Opts is that you are passing "the whole hardware store" instead of just the one or two "nails" (verify_nns_resposnes, nns_public_key_pem_file) that you actually actually need/use. Passing Registry client avoids that.
Where possible, use helpers to avoid building
RegistryClientImpls and registry keys, directly.