Use separate governance custody in pcli, once more

penumbra-zone · Mar 23, 2024 · 4f5dd6e · 4f5dd6e
1 parent ac0a9a5
commit 4f5dd6e
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/crates/bin/pcli/src/main.rs b/crates/bin/pcli/src/main.rs
@@ -36,6 +36,7 @@ pub struct App {
     /// correctly, this can be unwrapped safely.
     pub view: Option<ViewServiceClient<BoxGrpcService>>,
     pub custody: CustodyServiceClient<BoxGrpcService>,
+    pub governance_custody: CustodyServiceClient<BoxGrpcService>,
     pub config: PcliConfig,
 }
 

diff --git a/crates/bin/pcli/src/network.rs b/crates/bin/pcli/src/network.rs
@@ -102,7 +102,10 @@ impl App {
             validator_vote: Some(validator_vote.into()),
             pre_authorizations: vec![],
         };
-        self.custody
+        // Use the separate governance custody service, if one is configured, to sign the validator
+        // vote. This allows the governance custody service to have a different key than the main
+        // custody, which is useful for validators who want to have a separate key for voting.
+        self.governance_custody // VERY IMPORTANT: use governance custody here!
             .authorize_validator_vote(request)
             .await?
             .into_inner()

diff --git a/crates/bin/pcli/src/opt.rs b/crates/bin/pcli/src/opt.rs
@@ -1,5 +1,5 @@
 use crate::{
-    config::{CustodyConfig, PcliConfig},
+    config::{CustodyConfig, GovernanceCustodyConfig, PcliConfig},
     terminal::ActualTerminal,
     App, Command,
 };
@@ -78,6 +78,30 @@ impl Opt {
             }
         };
 
+        // Build the governance custody service...
+        let governance_custody = match &config.governance_custody {
+            Some(separate_governance_custody) => match separate_governance_custody {
+                GovernanceCustodyConfig::SoftKms(config) => {
+                    tracing::info!(
+                        "using separate software KMS custody service for validator voting"
+                    );
+                    let soft_kms = SoftKms::new(config.clone());
+                    let custody_svc = CustodyServiceServer::new(soft_kms);
+                    CustodyServiceClient::new(box_grpc_svc::local(custody_svc))
+                }
+                GovernanceCustodyConfig::Threshold(config) => {
+                    tracing::info!(
+                        "using separate manual threshold custody service for validator voting"
+                    );
+                    let threshold_kms =
+                        penumbra_custody::threshold::Threshold::new(config.clone(), ActualTerminal);
+                    let custody_svc = CustodyServiceServer::new(threshold_kms);
+                    CustodyServiceClient::new(box_grpc_svc::local(custody_svc))
+                }
+            },
+            None => custody.clone(), // If no separate custody for validator voting, use the same one
+        };
+
         // ...and the view service...
         let view = match (self.cmd.offline(), &config.view_url) {
             // In offline mode, don't construct a view service at all.
@@ -110,6 +134,7 @@ impl Opt {
         let app = App {
             view,
             custody,
+            governance_custody,
             config,
         };
         Ok((app, self.cmd))