Separate builders by networks (#50)

## 📝 Summary

1. Support multi-tenant setup split by networks
2. Admin API for builder creation now requires `network` field
3. Get Active Builders requests now returns only builders within the
same network
4. Internal endpoint v1 defaults to `production` network
5. Internal endpoint v2 takes network from url param


## ⛱ Motivation and Context

For ease of setup of staging networks which should not share orderflow
with the main builderNet env

## 📚 References

---

## ✅ I have run these commands

* [x] `make lint`
* [x] `make test`
* [x] `go mod tidy`

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: TymKh

Dockerfile

@@ -0,0 +1 @@
+docker/httpserver/Dockerfile

adapters/database/service.go

@@ -148,7 +148,7 @@ func (s *Service) GetActiveConfigForBuilder(ctx context.Context, builderName str
 	return config.Config, err
 }
 
-func (s *Service) GetActiveBuildersWithServiceCredentials(ctx context.Context) ([]domain.BuilderWithServices, error) {
+func (s *Service) GetActiveBuildersWithServiceCredentials(ctx context.Context, network string) ([]domain.BuilderWithServices, error) {
 	rows, err := s.DB.QueryContext(ctx, `
         SELECT 
             b.name,
@@ -161,10 +161,10 @@ func (s *Service) GetActiveBuildersWithServiceCredentials(ctx context.Context) (
         LEFT JOIN 
             service_credential_registrations scr ON b.name = scr.builder_name
         WHERE 
-            b.is_active = true AND (scr.is_active = true OR scr.is_active IS NULL)
+            b.is_active = true AND (scr.is_active = true OR scr.is_active IS NULL) AND b.network = $1
         ORDER BY 
             b.name, scr.service
-    `)
+    `, network)
 	if err != nil {
 		return nil, err
 	}
@@ -256,9 +256,9 @@ func (s *Service) AddBuilder(ctx context.Context, builder domain.Builder) error
 		return err
 	}
 	_, err = s.DB.ExecContext(ctx, `
-		INSERT INTO builders (name, ip_address, is_active)
-		VALUES ($1, $2, $3)
-	`, builder.Name, bIP, builder.IsActive)
+		INSERT INTO builders (name, ip_address, is_active, network)
+		VALUES ($1, $2, $3, $4)
+	`, builder.Name, bIP, builder.IsActive, builder.Network)
 	return err
 }
 

adapters/database/service_test.go

@@ -19,16 +19,21 @@ func TestGetBuilder(t *testing.T) {
 	if err != nil {
 		t.Errorf("NewDatabaseService() = %v; want nil", err)
 	}
+	_, err = serv.DB.Exec("TRUNCATE TABLE public.builders CASCADE")
+	require.NoError(t, err)
+	_, err = serv.DB.Exec("TRUNCATE TABLE public.measurements_whitelist CASCADE")
+	require.NoError(t, err)
+
 	t.Run("GetBuilder2", func(t *testing.T) {
 		t.Run("should return a builder", func(t *testing.T) {
-			_, err := serv.DB.Exec("INSERT INTO public.builders (name, ip_address, is_active, created_at, updated_at) VALUES ('flashbots-builder', '192.168.1.1', true, '2024-10-11 13:05:56.845615 +00:00', '2024-10-11 13:05:56.845615 +00:00');")
+			_, err := serv.DB.Exec("INSERT INTO public.builders (name, ip_address, is_active, created_at, updated_at, network) VALUES ('flashbots-builder', '192.168.1.1', true, '2024-10-11 13:05:56.845615 +00:00', '2024-10-11 13:05:56.845615 +00:00', 'production');")
 			require.NoError(t, err)
 			whitelist, err := serv.GetBuilderByIP(net.ParseIP("192.168.1.1"))
 			require.NoError(t, err)
 			require.Equal(t, whitelist.Name, "flashbots-builder")
 		})
 		t.Run("get all active builders", func(t *testing.T) {
-			whitelist, err := serv.GetActiveBuildersWithServiceCredentials(context.Background())
+			whitelist, err := serv.GetActiveBuildersWithServiceCredentials(context.Background(), domain.ProductionNetwork)
 			require.Nil(t, err)
 			require.Lenf(t, whitelist, 1, "expected 1 builder, got %d", len(whitelist))
 			require.Equal(t, whitelist[0].Builder.Name, "flashbots-builder")
@@ -44,9 +49,9 @@ func TestGetBuilder(t *testing.T) {
 }
 
 func TestAdminFlow(t *testing.T) {
-	//if os.Getenv("RUN_DB_TESTS") != "1" {
-	//	t.Skip("skipping test; RUN_DB_TESTS is not set to 1")
-	//}
+	if os.Getenv("RUN_DB_TESTS") != "1" {
+		t.Skip("skipping test; RUN_DB_TESTS is not set to 1")
+	}
 	dbService, err := NewDatabaseService("postgres://postgres:postgres@localhost:5432/postgres?sslmode=disable")
 	if err != nil {
 		t.Errorf("NewDatabaseService() = %v; want nil", err)
@@ -65,6 +70,7 @@ func TestAdminFlow(t *testing.T) {
 			builder := domain.Builder{
 				Name:      "test-builder",
 				IPAddress: net.ParseIP("127.0.0.1"),
+				Network:   domain.ProductionNetwork,
 				IsActive:  false,
 			}
 			err := dbService.AddBuilder(context.Background(), builder)
@@ -76,7 +82,7 @@ func TestAdminFlow(t *testing.T) {
 			require.NoError(t, err)
 		})
 		t.Run("get builders", func(t *testing.T) {
-			builders, err := dbService.GetActiveBuildersWithServiceCredentials(context.Background())
+			builders, err := dbService.GetActiveBuildersWithServiceCredentials(context.Background(), "")
 			require.NoError(t, err)
 			require.Len(t, builders, 0)
 		})
@@ -89,7 +95,7 @@ func TestAdminFlow(t *testing.T) {
 			require.NoError(t, err)
 		})
 		t.Run("get builders", func(t *testing.T) {
-			builders, err := dbService.GetActiveBuildersWithServiceCredentials(context.Background())
+			builders, err := dbService.GetActiveBuildersWithServiceCredentials(context.Background(), domain.ProductionNetwork)
 			require.NoError(t, err)
 			require.Len(t, builders, 1)
 			require.Equal(t, builders[0].Builder.Name, "test-builder")

adapters/database/types.go

@@ -44,6 +44,7 @@ type Builder struct {
 	Name         string      `db:"name"`
 	IPAddress    pgtype.Inet `db:"ip_address"`
 	IsActive     bool        `db:"is_active"`
+	Network      string      `db:"network"`
 	CreatedAt    time.Time   `db:"created_at"`
 	UpdatedAt    time.Time   `db:"updated_at"`
 	DeprecatedAt *time.Time  `db:"deprecated_at"`
@@ -57,6 +58,7 @@ func convertBuilderToDomain(builder Builder) (*domain.Builder, error) {
 		Name:      builder.Name,
 		IPAddress: builder.IPAddress.IPNet.IP,
 		IsActive:  builder.IsActive,
+		Network:   builder.Network,
 	}, nil
 }
 

application/service.go

@@ -11,7 +11,7 @@ import (
 
 type BuilderDataAccessor interface {
 	GetActiveMeasurements(ctx context.Context) ([]domain.Measurement, error)
-	GetActiveBuildersWithServiceCredentials(ctx context.Context) ([]domain.BuilderWithServices, error)
+	GetActiveBuildersWithServiceCredentials(ctx context.Context, network string) ([]domain.BuilderWithServices, error)
 	GetActiveMeasurementsByType(ctx context.Context, attestationType string) ([]domain.Measurement, error)
 	GetBuilderByIP(ip net.IP) (*domain.Builder, error)
 	GetActiveConfigForBuilder(ctx context.Context, builderName string) (json.RawMessage, error)
@@ -36,8 +36,8 @@ func (b *BuilderHub) GetAllowedMeasurements(ctx context.Context) ([]domain.Measu
 	return b.dataAccessor.GetActiveMeasurements(ctx)
 }
 
-func (b *BuilderHub) GetActiveBuilders(ctx context.Context) ([]domain.BuilderWithServices, error) {
-	return b.dataAccessor.GetActiveBuildersWithServiceCredentials(ctx)
+func (b *BuilderHub) GetActiveBuilders(ctx context.Context, network string) ([]domain.BuilderWithServices, error) {
+	return b.dataAccessor.GetActiveBuildersWithServiceCredentials(ctx, network)
 }
 
 func (b *BuilderHub) LogEvent(ctx context.Context, eventName, builderName, name string) error {

docs/api-docs/admin-api/Add new builder.bru

@@ -13,6 +13,7 @@ post {
 body:json {
   {
     "name": "{builder}",
-    "ip_address": "{ip_address}"
+    "ip_address": "{ip_address}",
+    "network": "{network}"
   }
 }

domain/types.go

@@ -14,6 +14,8 @@ var (
 	ErrInvalidMeasurement = errors.New("no such active measurement found")
 )
 
+const ProductionNetwork = "production"
+
 const EventGetConfig = "GetConfig"
 
 type Measurement struct {
@@ -38,6 +40,7 @@ type Builder struct {
 	Name      string `json:"name"`
 	IPAddress net.IP `json:"ip_address"`
 	IsActive  bool   `json:"is_active"`
+	Network   string `json:"network"`
 }
 
 type BuilderWithServices struct {

httpserver/e2e_test.go

@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"os"
+	"slices"
 	"testing"
 
 	"github.com/ethereum/go-ethereum/common"
@@ -24,9 +25,105 @@ func TestCreateMultipleBuilders(t *testing.T) {
 	}
 	s, _, _ := createServer(t)
 
-	createBuilder(t, s, "test-builder-1", "127.0.0.1")
-	createBuilder(t, s, "test-builder-2", "127.0.0.2")
-	createBuilder(t, s, "test-builder-3", "127.0.0.3")
+	createBuilder(t, s, "test-builder-1", "127.0.0.1", domain.ProductionNetwork)
+	createBuilder(t, s, "test-builder-2", "127.0.0.2", domain.ProductionNetwork)
+	createBuilder(t, s, "test-builder-3", "127.0.0.3", domain.ProductionNetwork)
+}
+
+func TestCreateMultipleNetworkBuilders(t *testing.T) {
+	if os.Getenv("RUN_DB_TESTS") != "1" {
+		t.Skip("skipping test; RUN_DB_TESTS is not set to 1")
+	}
+	s, _, _ := createServer(t)
+
+	createBuilder(t, s, "production-1", "127.0.0.1", domain.ProductionNetwork)
+	createBuilder(t, s, "production-2", "127.0.0.2", domain.ProductionNetwork)
+	createBuilder(t, s, "production-3", "127.0.0.3", domain.ProductionNetwork)
+
+	createBuilder(t, s, "test-1", "127.0.1.1", "test-network")
+	createBuilder(t, s, "test-2", "127.0.1.2", "test-network")
+	createBuilder(t, s, "test-3", "127.0.1.3", "test-network")
+	createBuilder(t, s, "test-4", "127.0.1.4", "test-network")
+
+	measurement := ports.Measurement{
+		Name:            "test-measurement-1",
+		AttestationType: "test-attestation-type-1",
+		Measurements: map[string]domain.SingleMeasurement{
+			"8": {
+				Expected: "0000000000000000000000000000000000000000000000000000000000000000",
+			},
+			"11": {
+				Expected: "efa43e0beff151b0f251c4abf48152382b1452b4414dbd737b4127de05ca31f7",
+			},
+		},
+	}
+	createMeasurement(t, s, measurement)
+
+	t.Run("NoAuthV1", func(t *testing.T) {
+		var resp []ports.BuilderWithServiceCreds
+		sc, _ := execRequestNoAuth(t, s.GetInternalRouter(), http.MethodGet, "/api/internal/l1-builder/v1/builders", nil, &resp)
+		require.Equal(t, http.StatusOK, sc)
+		require.Len(t, resp, 3)
+		validNames := []string{"production-1", "production-2", "production-3"}
+		for _, b := range resp {
+			if !slices.Contains(validNames, b.Name) {
+				require.Fail(t, "Builder not found")
+			}
+		}
+	})
+
+	t.Run("NoAuthV2 Networked", func(t *testing.T) {
+		var resp []ports.BuilderWithServiceCreds
+		sc, _ := execRequestNoAuth(t, s.GetInternalRouter(), http.MethodGet, fmt.Sprintf("/api/internal/l1-builder/v2/network/%s/builders", domain.ProductionNetwork), nil, &resp)
+		require.Equal(t, http.StatusOK, sc)
+		require.Len(t, resp, 3)
+		validNames := []string{"production-1", "production-2", "production-3"}
+		for _, b := range resp {
+			if !slices.Contains(validNames, b.Name) {
+				require.Fail(t, "Builder not found")
+			}
+		}
+	})
+
+	t.Run("NoAuthV2 Networked other network", func(t *testing.T) {
+		var resp []ports.BuilderWithServiceCreds
+		sc, _ := execRequestNoAuth(t, s.GetInternalRouter(), http.MethodGet, fmt.Sprintf("/api/internal/l1-builder/v2/network/%s/builders", "test-network"), nil, &resp)
+		require.Equal(t, http.StatusOK, sc)
+		require.Len(t, resp, 4)
+		validNames := []string{"test-1", "test-2", "test-3", "test-4"}
+		for _, b := range resp {
+			if !slices.Contains(validNames, b.Name) {
+				require.Fail(t, "Builder not found")
+			}
+		}
+	})
+
+	t.Run("Auth active builders prod", func(t *testing.T) {
+		resp := make([]ports.BuilderWithServiceCreds, 0)
+		status, _ := execRequestAuth(t, s.GetRouter(), http.MethodGet, "/api/l1-builder/v1/builders", nil, &resp, measurement.AttestationType, map[string]string{"8": "0000000000000000000000000000000000000000000000000000000000000000", "11": "efa43e0beff151b0f251c4abf48152382b1452b4414dbd737b4127de05ca31f7"}, "127.0.0.1")
+		require.Equal(t, http.StatusOK, status)
+		require.Len(t, resp, 3)
+		validNames := []string{"production-1", "production-2", "production-3"}
+		for _, b := range resp {
+			if !slices.Contains(validNames, b.Name) {
+				require.Fail(t, "Builder not found")
+			}
+		}
+	})
+
+	t.Run("Auth active builders other network", func(t *testing.T) {
+		resp := make([]ports.BuilderWithServiceCreds, 0)
+		status, _ := execRequestAuth(t, s.GetRouter(), http.MethodGet, "/api/l1-builder/v1/builders", nil, &resp, measurement.AttestationType, map[string]string{"8": "0000000000000000000000000000000000000000000000000000000000000000", "11": "efa43e0beff151b0f251c4abf48152382b1452b4414dbd737b4127de05ca31f7"}, "127.0.1.1")
+		require.Equal(t, http.StatusOK, status)
+		require.Len(t, resp, 4)
+		validNames := []string{"test-1", "test-2", "test-3", "test-4"}
+		for _, b := range resp {
+			if !slices.Contains(validNames, b.Name) {
+				require.Fail(t, "Builder not found")
+			}
+		}
+	})
+
 }
 
 func TestCreateMultipleMeasurements(t *testing.T) {
@@ -70,7 +167,7 @@ func TestAuthInteractionFlow(t *testing.T) {
 
 	builderName := "test_builder_1"
 	ip := "127.0.0.1"
-	createBuilder(t, s, builderName, ip)
+	createBuilder(t, s, builderName, ip, domain.ProductionNetwork)
 	measurement := ports.Measurement{
 		Name:            "test-measurement-1",
 		AttestationType: "test-attestation-type-1",
@@ -131,10 +228,11 @@ func TestAuthInteractionFlow(t *testing.T) {
 }
 
 // createBuilder emulates admin flow to provision a builder
-func createBuilder(t *testing.T, s *Server, builderName, ip string) {
+func createBuilder(t *testing.T, s *Server, builderName, ip, network string) {
 	builder := ports.Builder{
 		Name:      builderName,
 		IPAddress: ip,
+		Network:   network,
 	}
 	t.Run("CreateBuilder", func(t *testing.T) {
 		sc, _ := execRequestNoAuth(t, s.GetAdminRouter(), http.MethodPost, "/api/admin/v1/builders", builder, nil)
@@ -161,7 +259,7 @@ func createBuilder(t *testing.T, s *Server, builderName, ip string) {
 	t.Run("CheckBuilder", func(t *testing.T) {
 		// Check if the builder is created
 		var resp []ports.BuilderWithServiceCreds
-		sc, _ := execRequestNoAuth(t, s.GetInternalRouter(), http.MethodGet, "/api/internal/l1-builder/v1/builders", nil, &resp)
+		sc, _ := execRequestNoAuth(t, s.GetInternalRouter(), http.MethodGet, fmt.Sprintf("/api/internal/l1-builder/v2/network/%s/builders", network), nil, &resp)
 		require.Equal(t, http.StatusOK, sc)
 		// require.Len(t, resp, 1)
 		for _, b := range resp {

httpserver/server.go

@@ -97,6 +97,7 @@ func (srv *Server) GetRouter() http.Handler {
 	mux.Get("/api/l1-builder/v1/builders", srv.appHandler.GetActiveBuilders)
 	mux.Post("/api/l1-builder/v1/register_credentials/{service}", srv.appHandler.RegisterCredentials)
 	mux.Get("/api/internal/l1-builder/v1/builders", srv.appHandler.GetActiveBuildersNoAuth)
+	mux.Get("/api/internal/l1-builder/v2/network/{network}/builders", srv.appHandler.GetActiveBuildersNoAuthNetworked)
 	if srv.cfg.EnablePprof {
 		srv.log.Info("pprof API enabled")
 		mux.Mount("/debug", middleware.Profiler())
@@ -133,6 +134,7 @@ func (srv *Server) GetInternalRouter() http.Handler {
 
 	mux.Get("/api/l1-builder/v1/measurements", srv.appHandler.GetAllowedMeasurements)
 	mux.Get("/api/internal/l1-builder/v1/builders", srv.appHandler.GetActiveBuildersNoAuth)
+	mux.Get("/api/internal/l1-builder/v2/network/{network}/builders", srv.appHandler.GetActiveBuildersNoAuthNetworked)
 
 	return mux
 }

ports/admin_handler.go

@@ -125,6 +125,12 @@ func (s *AdminHandler) AddBuilder(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusBadRequest)
 		return
 	}
+	if builder.Network == "" {
+		s.log.Error("network field is required")
+		w.WriteHeader(http.StatusBadRequest)
+		_, _ = w.Write([]byte("network field is required"))
+		return
+	}
 	dBuilder, err := toDomainBuilder(builder, false)
 	if err != nil {
 		s.log.Error("Failed to convert builder to domain builder", "err", err)