feat: use validated names for new variables in TEE session (#312)

Author: jbern0rd

gradle.properties

@@ -2,7 +2,7 @@
 version=9.1.0
 # x-release-please-end
 iexecCommonsPocoVersion=5.2.0
-iexecCommonVersion=9.1.0
+iexecCommonVersion=9.2.0
 
 nexusUser
 nexusPassword

src/main/java/com/iexec/sms/tee/session/base/SecretSessionBaseService.java

@@ -65,11 +65,11 @@ public class SecretSessionBaseService {
 
     static final String EMPTY_STRING_VALUE = "";
     static final BigInteger BULK_DATASET_VOLUME = BigInteger.TWO.pow(53).subtract(BigInteger.ONE);
-    static final String BULK_DATASET_PREFIX = "BULK_DATASET_";
-    static final String BULK_DATASET_URL_SUFFIX = "_URL";
-    static final String BULK_DATASET_CHECKSUM_SUFFIX = "_CHECKSUM";
-    static final String BULK_DATASET_KEY_SUFFIX = "_KEY";
-    static final String BULK_DATASET_FILENAME_SUFFIX = "_FILENAME";
+    static final String IEXEC_DATASET_PREFIX = "IEXEC_DATASET_";
+    static final String IEXEC_DATASET_URL_SUFFIX = "_URL";
+    static final String IEXEC_DATASET_CHECKSUM_SUFFIX = "_CHECKSUM";
+    static final String IEXEC_DATASET_KEY_SUFFIX = "_KEY";
+    static final String IEXEC_DATASET_FILENAME_SUFFIX = "_FILENAME";
     static final String IEXEC_APP_DEVELOPER_SECRET_PREFIX = "IEXEC_APP_DEVELOPER_SECRET_";
     static final String IEXEC_REQUESTER_SECRET_PREFIX = "IEXEC_REQUESTER_SECRET_";
 
@@ -193,22 +193,22 @@ private List<DatasetOrder> fetchDatasetOrders(final TaskDescription taskDescript
     private Map<String, Object> getBulkDatasetTokens(final int index,
                                                      final TaskDescription taskDescription,
                                                      final DatasetOrder datasetOrder) {
-        final String prefix = BULK_DATASET_PREFIX + (index + 1);
+        final String prefix = IEXEC_DATASET_PREFIX + (index + 1);
         final ChainDataset dataset = iexecHubService.getChainDataset(datasetOrder.getDataset()).orElse(null);
         if (isBulkDatasetOrderValid(taskDescription, datasetOrder) && dataset != null) {
             final String datasetKey = web3SecretService.getDecryptedValue(datasetOrder.getDataset()).orElse("");
             return Map.of(
-                    prefix + BULK_DATASET_URL_SUFFIX, dataset.getMultiaddr(),
-                    prefix + BULK_DATASET_CHECKSUM_SUFFIX, dataset.getChecksum(),
-                    prefix + BULK_DATASET_KEY_SUFFIX, datasetKey,
-                    prefix + BULK_DATASET_FILENAME_SUFFIX, datasetOrder.getDataset()
+                    prefix + IEXEC_DATASET_URL_SUFFIX, dataset.getMultiaddr(),
+                    prefix + IEXEC_DATASET_CHECKSUM_SUFFIX, dataset.getChecksum(),
+                    prefix + IEXEC_DATASET_KEY_SUFFIX, datasetKey,
+                    prefix + IEXEC_DATASET_FILENAME_SUFFIX, datasetOrder.getDataset()
             );
         } else {
             return Map.of(
-                    prefix + BULK_DATASET_URL_SUFFIX, EMPTY_STRING_VALUE,
-                    prefix + BULK_DATASET_CHECKSUM_SUFFIX, EMPTY_STRING_VALUE,
-                    prefix + BULK_DATASET_KEY_SUFFIX, EMPTY_STRING_VALUE,
-                    prefix + BULK_DATASET_FILENAME_SUFFIX, datasetOrder.getDataset()
+                    prefix + IEXEC_DATASET_URL_SUFFIX, EMPTY_STRING_VALUE,
+                    prefix + IEXEC_DATASET_CHECKSUM_SUFFIX, EMPTY_STRING_VALUE,
+                    prefix + IEXEC_DATASET_KEY_SUFFIX, EMPTY_STRING_VALUE,
+                    prefix + IEXEC_DATASET_FILENAME_SUFFIX, datasetOrder.getDataset()
             );
         }
     }
@@ -255,7 +255,7 @@ SecretEnclaveBase getPreComputeTokens(final TeeSessionRequest request, final Map
 
         if (taskDescription.isBulkRequest()) {
             final List<DatasetOrder> orders = fetchDatasetOrders(taskDescription);
-            tokens.put(BULK_SIZE.name(), orders.size());
+            tokens.put(IEXEC_BULK_SLICE_SIZE.name(), orders.size());
             for (int i = 0; i < orders.size(); i++) {
                 final DatasetOrder order = orders.get(i);
                 tokens.putAll(getBulkDatasetTokens(i, taskDescription, order));
@@ -278,6 +278,8 @@ SecretEnclaveBase getPreComputeTokens(final TeeSessionRequest request, final Map
             log.info("No dataset key needed for this task [taskId:{}]", taskId);
         }
         trustedEnv.addAll(List.of(
+                IEXEC_DEAL_ID.name(),
+                IEXEC_TASK_INDEX.name(),
                 IEXEC_TASK_ID.name(),
                 IEXEC_INPUT_FILES_FOLDER.name(),
                 IEXEC_INPUT_FILES_NUMBER.name()));
@@ -340,9 +342,9 @@ SecretEnclaveBase getAppTokens(final TeeSessionRequest request) throws TeeSessio
             final List<String> addresses = fetchDatasetOrders(taskDescription).stream()
                     .map(DatasetOrder::getDataset)
                     .toList();
-            tokens.put(BULK_SIZE.name(), addresses.size());
+            tokens.put(IEXEC_BULK_SLICE_SIZE.name(), addresses.size());
             for (int i = 0; i < addresses.size(); i++) {
-                tokens.put(BULK_DATASET_PREFIX + (i + 1) + BULK_DATASET_FILENAME_SUFFIX, addresses.get(i));
+                tokens.put(IEXEC_DATASET_PREFIX + (i + 1) + IEXEC_DATASET_FILENAME_SUFFIX, addresses.get(i));
             }
         }
 

src/test/java/com/iexec/sms/tee/session/TeeSessionTestUtils.java

@@ -38,7 +38,7 @@
 
 @Slf4j
 public class TeeSessionTestUtils {
-    public static final String TEST_DEAL_ID = "dealId";
+    public static final String DEAL_ID = "dealId";
     public static final String TASK_ID = "taskId";
     public static final String SESSION_ID = "sessionId";
     public static final String WORKER_ADDRESS = "workerAddress";
@@ -144,7 +144,7 @@ public static TaskDescription.TaskDescriptionBuilder createTaskDescription(final
         final String beneficiaryAddress = createEthereumAddress();
         final String workerpoolAddress = createEthereumAddress();
         return TaskDescription.builder()
-                .chainDealId(TEST_DEAL_ID)
+                .chainDealId(DEAL_ID)
                 .chainTaskId(TASK_ID)
                 .workerpoolOwner(workerpoolAddress)
                 .appUri(APP_URI)

src/test/java/com/iexec/sms/tee/session/base/SecretSessionBaseServiceTests.java

@@ -292,11 +292,11 @@ void shouldGetPreComputeBulkProcessingTokensForInvalidOrder() throws Exception {
         assertThat(enclaveBase.getName()).isEqualTo("pre-compute");
         assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT);
         assertThat(enclaveBase.getEnvironment()).containsAllEntriesOf(Map.ofEntries(
-                Map.entry("BULK_SIZE", 1),
-                Map.entry("BULK_DATASET_1_URL", ""),
-                Map.entry("BULK_DATASET_1_CHECKSUM", ""),
-                Map.entry("BULK_DATASET_1_KEY", ""),
-                Map.entry("BULK_DATASET_1_FILENAME", datasetAddress)
+                Map.entry("IEXEC_BULK_SLICE_SIZE", 1),
+                Map.entry("IEXEC_DATASET_1_URL", ""),
+                Map.entry("IEXEC_DATASET_1_CHECKSUM", ""),
+                Map.entry("IEXEC_DATASET_1_KEY", ""),
+                Map.entry("IEXEC_DATASET_1_FILENAME", datasetAddress)
         ));
     }
 
@@ -335,11 +335,11 @@ void shouldGetPreComputeBulkProcessingTokensForValidOrder() throws Exception {
         assertThat(enclaveBase.getName()).isEqualTo("pre-compute");
         assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT);
         assertThat(enclaveBase.getEnvironment()).containsAllEntriesOf(Map.ofEntries(
-                Map.entry("BULK_SIZE", 1),
-                Map.entry("BULK_DATASET_1_URL", DATASET_URL),
-                Map.entry("BULK_DATASET_1_CHECKSUM", DATASET_CHECKSUM),
-                Map.entry("BULK_DATASET_1_KEY", DATASET_KEY),
-                Map.entry("BULK_DATASET_1_FILENAME", datasetAddress)
+                Map.entry("IEXEC_BULK_SLICE_SIZE", 1),
+                Map.entry("IEXEC_DATASET_1_URL", DATASET_URL),
+                Map.entry("IEXEC_DATASET_1_CHECKSUM", DATASET_CHECKSUM),
+                Map.entry("IEXEC_DATASET_1_KEY", DATASET_KEY),
+                Map.entry("IEXEC_DATASET_1_FILENAME", datasetAddress)
         ));
     }
 
@@ -358,7 +358,7 @@ void shouldNotGetBulkProcessingPreComputeTokens() throws Exception {
         );
         assertThat(enclaveBase.getName()).isEqualTo("pre-compute");
         assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT);
-        assertThat(enclaveBase.getEnvironment()).contains(Map.entry("BULK_SIZE", 0));
+        assertThat(enclaveBase.getEnvironment()).contains(Map.entry("IEXEC_BULK_SLICE_SIZE", 0));
     }
 
     @Test
@@ -379,6 +379,8 @@ void shouldGetPreComputeTokensWithDataset() throws Exception {
         assertThat(enclaveBase.getName()).isEqualTo("pre-compute");
         assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT);
         final Map<String, Object> expectedTokens = Map.ofEntries(
+                Map.entry("IEXEC_DEAL_ID", DEAL_ID),
+                Map.entry("IEXEC_TASK_INDEX", "0"),
                 Map.entry("IEXEC_TASK_ID", TASK_ID),
                 Map.entry("IEXEC_PRE_COMPUTE_OUT", "/iexec_in"),
                 Map.entry("IS_DATASET_REQUIRED", true),
@@ -402,6 +404,11 @@ void shouldGetPreComputeTokensWithoutDataset() throws Exception {
                 .iexecInputFiles(List.of(INPUT_FILE_URL_1, INPUT_FILE_URL_2))
                 .build();
         final TaskDescription taskDescription = TaskDescription.builder()
+                .chainDealId(DEAL_ID)
+                .datasetAddress(BytesUtils.EMPTY_ADDRESS)
+                .botSize(1)
+                .botFirstIndex(0)
+                .botIndex(0)
                 .chainTaskId(TASK_ID)
                 .dealParams(dealParams)
                 .build();
@@ -422,16 +429,18 @@ void shouldGetPreComputeTokensWithoutDataset() throws Exception {
         );
         assertThat(enclaveBase.getName()).isEqualTo("pre-compute");
         assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT);
-        final Map<String, Object> expectedTokens = Map.of(
-                "IEXEC_TASK_ID", TASK_ID,
-                "IEXEC_PRE_COMPUTE_OUT", "/iexec_in",
-                "IS_DATASET_REQUIRED", false,
-                "IEXEC_INPUT_FILES_FOLDER", "/iexec_in",
-                "IEXEC_INPUT_FILES_NUMBER", "2",
-                "IEXEC_INPUT_FILE_URL_1", INPUT_FILE_URL_1,
-                "IEXEC_INPUT_FILE_URL_2", INPUT_FILE_URL_2,
-                "SIGN_WORKER_ADDRESS", WORKER_ADDRESS,
-                "SIGN_TEE_CHALLENGE_PRIVATE_KEY", challenge.getCredentials().getPrivateKey()
+        final Map<String, Object> expectedTokens = Map.ofEntries(
+                Map.entry("IEXEC_DEAL_ID", DEAL_ID),
+                Map.entry("IEXEC_TASK_INDEX", "0"),
+                Map.entry("IEXEC_TASK_ID", TASK_ID),
+                Map.entry("IEXEC_PRE_COMPUTE_OUT", "/iexec_in"),
+                Map.entry("IS_DATASET_REQUIRED", false),
+                Map.entry("IEXEC_INPUT_FILES_FOLDER", "/iexec_in"),
+                Map.entry("IEXEC_INPUT_FILES_NUMBER", "2"),
+                Map.entry("IEXEC_INPUT_FILE_URL_1", INPUT_FILE_URL_1),
+                Map.entry("IEXEC_INPUT_FILE_URL_2", INPUT_FILE_URL_2),
+                Map.entry("SIGN_WORKER_ADDRESS", WORKER_ADDRESS),
+                Map.entry("SIGN_TEE_CHALLENGE_PRIVATE_KEY", challenge.getCredentials().getPrivateKey())
         );
 
         assertThat(enclaveBase.getEnvironment()).containsExactlyInAnyOrderEntriesOf(expectedTokens);
@@ -456,8 +465,8 @@ void shouldGetAppComputeBulkProcessingTokens() throws TeeSessionGenerationExcept
         assertThat(enclaveBase.getName()).isEqualTo("app");
         assertThat(enclaveBase.getMrenclave()).isEqualTo(APP_FINGERPRINT);
         assertThat(enclaveBase.getEnvironment()).containsAllEntriesOf(Map.ofEntries(
-                Map.entry("BULK_SIZE", 1),
-                Map.entry("BULK_DATASET_1_FILENAME", datasetAddress)
+                Map.entry("IEXEC_BULK_SLICE_SIZE", 1),
+                Map.entry("IEXEC_DATASET_1_FILENAME", datasetAddress)
         ));
     }
 
@@ -478,6 +487,8 @@ void shouldGetAppTokensForAdvancedTaskDescription() throws TeeSessionGenerationE
         assertThat(enclaveBase.getName()).isEqualTo("app");
         assertThat(enclaveBase.getMrenclave()).isEqualTo(APP_FINGERPRINT);
         final Map<String, Object> expectedTokens = Map.ofEntries(
+                Map.entry("IEXEC_DEAL_ID", DEAL_ID),
+                Map.entry("IEXEC_TASK_INDEX", "0"),
                 Map.entry("IEXEC_TASK_ID", TASK_ID),
                 Map.entry("IEXEC_IN", "/iexec_in"),
                 Map.entry("IEXEC_OUT", "/iexec_out"),
@@ -510,6 +521,7 @@ void shouldGetTokensWithEmptyAppComputeSecretWhenSecretsDoNotExist() throws TeeS
                 .iexecSecrets(Map.of())
                 .build();
         final TaskDescription taskDescription = TaskDescription.builder()
+                .chainDealId(DEAL_ID)
                 .chainTaskId(TASK_ID)
                 .appUri(APP_URI)
                 .appAddress(appAddress)
@@ -533,6 +545,8 @@ void shouldGetTokensWithEmptyAppComputeSecretWhenSecretsDoNotExist() throws TeeS
         assertThat(enclaveBase.getName()).isEqualTo("app");
         assertThat(enclaveBase.getMrenclave()).isEqualTo(APP_FINGERPRINT);
         final Map<String, Object> expectedTokens = Map.ofEntries(
+                Map.entry("IEXEC_DEAL_ID", DEAL_ID),
+                Map.entry("IEXEC_TASK_INDEX", "0"),
                 Map.entry("IEXEC_TASK_ID", TASK_ID),
                 Map.entry("IEXEC_IN", "/iexec_in"),
                 Map.entry("IEXEC_OUT", "/iexec_out"),