support full google secret manager names

DEPLOYMENT_GUIDE.md

@@ -26,13 +26,15 @@ This guide will walk you through the process of deploying wPOKT Validators on Go
 
 4. Update the MintController Smart Contract on the Ethereum network with the Ethereum addresses of the N validators. The MintController Smart Contract will utilize these addresses to validate signatures from the deployed validators during the bridging process.
 
-### Step 4: Store Private Keys in Secret Manager
+### Step 4: Store Secrets in Secret Manager
 
 1. Add all the Ethereum and Pocket private keys to the Secret Manager on GCP. Ensure you securely store these keys as they are crucial for your validator's operation.
 
-2. Note down the names of all the secrets created in Secret Manager. You will use these secret names during the deployment process.
+2. Also add the MongoDB URI with read-and-write permissions to the Secret Manager. This URI will be used to connect to the MongoDB cluster.
 
-3. Additionally, consider storing copies of the private keys in other secure places for additional redundancy and security. You might want to use hardware wallets, cold storage devices, or other secure offline storage methods to safeguard your validator's private keys.
+3. Note down the names of all the secrets created in Secret Manager. You will use these secret names during the deployment process.
+
+4. Additionally, consider storing copies of the private keys in other secure places for additional redundancy and security. You might want to use hardware wallets, cold storage devices, or other secure offline storage methods to safeguard your validator's private keys.
 
 ### Step 5: Optional - Create Service Accounts and Separate Key Pairs
 
@@ -44,15 +46,13 @@ This guide will walk you through the process of deploying wPOKT Validators on Go
 
 1. Create a VM template on GCP's "Compute Engine" that includes the docker image for the wPOKT Validator and valid environment variables.
 
-2. Set the following environment variables:
-
-    - MongoDB URI with read-and-write permissions: Provide the URI to access the MongoDB cluster with read-and-write permissions.
+2. Set the default environment variables for:
 
-    - Ethereum network configuration: Use the valid Ethereum private key secret name from Secret Manager, Ethereum RPC URL, and chain ID.
+    - Ethereum network configuration
 
-    - Pocket network configuration: Utilize the valid Pocket private key secret name from Secret Manager, Pocket RPC URL, chain ID, and the generated Pocket multisig address.
+    - Pocket network configuration
 
-    - Google Cloud Project ID: Add the project ID for your GCP project to ensure proper authentication and billing.
+    - Google secret manager configuration
 
 Refer to the sample `config.sample.yml` or `sample.env` files for reference on how to structure the environment variables.
 

Dockerfile

@@ -46,7 +46,7 @@ ENV POKT_MULTISIG_PUBLIC_KEYS ${POKT_MULTISIG_PUBLIC_KEYS}
 
 # google secret manager
 ENV GOOGLE_SECRET_MANAGER_ENABLED ${GOOGLE_SECRET_MANAGER_ENABLED}
-ENV GOOGLE_PROJECT_ID ${GOOGLE_PROJECT_ID}
+ENV GOOGLE_MONGO_SECRET_NAME ${GOOGLE_MONGO_SECRET_NAME}
 ENV GOOGLE_POKT_SECRET_NAME ${GOOGLE_POKT_SECRET_NAME}
 ENV GOOGLE_ETH_SECRET_NAME ${GOOGLE_ETH_SECRET_NAME}
 

README.md

@@ -69,14 +69,14 @@ The wPOKT Validator can be configured in the following ways:
     ETH_PRIVATE_KEY="your_eth_private_key" ETH_RPC_URL="your_eth_rpc_url" ... go run .
     ```
 
-If both a config file and an env file are provided, the `config.yml` file will be loaded first, and then the env file will be read. Any falsy values in the config will be updated with corresponding values from the env file.
+If both a config file and an env file are provided, the config file will be loaded first, followed by the env file. Non-empty values from the env file or provided through environment variables will take precedence over the corresponding values from the config file.
 
 ### Using Docker Compose
 
-You can also run the wPOKT Validator using `docker-compose` with the provided `.env` file. Execute the following command in the project directory:
+You can also run the wPOKT Validator using `docker-compose`. Execute the following command in the project directory:
 
 ```bash
-docker-compose --env-file .env up
+docker-compose --env-file .env up --build
 ```
 
 ## Valid Memo
@@ -94,7 +94,7 @@ Transactions with memos not conforming to this format will not be processed by t
 
 ## Docker Image
 
-The wPOKT Validator is also available as a Docker image hosted on Docker Hub. You can run the validator in a Docker container using the following command:
+The wPOKT Validator is also available as a Docker image hosted on [Docker Hub](https://hub.docker.com/r/dan13ram/wpokt-validator). You can run the validator in a Docker container using the following command:
 
 ```bash
 docker run -d --env-file .env docker.io/dan13ram/wpokt-validator:latest

app/env.go

@@ -127,7 +127,7 @@ func readConfigFromENV(envFile string) {
 	if os.Getenv("POKT_VAULT_ADDRESS") != "" {
 		Config.Pocket.VaultAddress = os.Getenv("POKT_VAULT_ADDRESS")
 	}
-	if Config.Pocket.MultisigPublicKeys == nil || len(Config.Pocket.MultisigPublicKeys) == 0 {
+	if os.Getenv("POKT_MULTISIG_PUBLIC_KEYS") != "" {
 		multisigPublicKeys := os.Getenv("POKT_MULTISIG_PUBLIC_KEYS")
 		Config.Pocket.MultisigPublicKeys = strings.Split(multisigPublicKeys, ",")
 	}
@@ -241,7 +241,7 @@ func readConfigFromENV(envFile string) {
 	}
 
 	// health check
-	if Config.HealthCheck.IntervalSecs == 0 {
+	if os.Getenv("HEALTH_CHECK_INTERVAL_SECS") != "" {
 		intervalSecs, err := strconv.ParseInt(os.Getenv("HEALTH_CHECK_INTERVAL_SECS"), 10, 64)
 		if err != nil {
 			log.Warn("[ENV] Error parsing HEALTH_CHECK_INTERVAL_SECS: ", err.Error())
@@ -251,7 +251,7 @@ func readConfigFromENV(envFile string) {
 	}
 
 	// logging
-	if Config.Logger.Level == "" {
+	if os.Getenv("LOG_LEVEL") != "" {
 		logLevel := os.Getenv("LOG_LEVEL")
 		if logLevel == "" {
 			log.Warn("[ENV] Setting LogLevel to debug")
@@ -262,24 +262,21 @@ func readConfigFromENV(envFile string) {
 	}
 
 	// google secret manager
-	if Config.GoogleSecretManager.Enabled == false && os.Getenv("GOOGLE_SECRET_MANAGER_ENABLED") != "" {
+	if os.Getenv("GOOGLE_SECRET_MANAGER_ENABLED") != "" {
 		enabled, err := strconv.ParseBool(os.Getenv("GOOGLE_SECRET_MANAGER_ENABLED"))
 		if err != nil {
 			log.Warn("[ENV] Error parsing GOOGLE_SECRET_MANAGER_ENABLED: ", err.Error())
 		} else {
 			Config.GoogleSecretManager.Enabled = enabled
 		}
 	}
-	if Config.GoogleSecretManager.ProjectId == "" {
-		Config.GoogleSecretManager.ProjectId = os.Getenv("GOOGLE_PROJECT_ID")
-	}
-	if Config.GoogleSecretManager.MongoSecretName == "" {
+	if os.Getenv("GOOGLE_MONGO_SECRET_NAME") != "" {
 		Config.GoogleSecretManager.MongoSecretName = os.Getenv("GOOGLE_MONGO_SECRET_NAME")
 	}
-	if Config.GoogleSecretManager.PoktSecretName == "" {
+	if os.Getenv("GOOGLE_POKT_SECRET_NAME") != "" {
 		Config.GoogleSecretManager.PoktSecretName = os.Getenv("GOOGLE_POKT_SECRET_NAME")
 	}
-	if Config.GoogleSecretManager.EthSecretName == "" {
+	if os.Getenv("GOOGLE_ETH_SECRET_NAME") != "" {
 		Config.GoogleSecretManager.EthSecretName = os.Getenv("GOOGLE_ETH_SECRET_NAME")
 	}
 

app/gsm.go

@@ -2,7 +2,6 @@ package app
 
 import (
 	"context"
-	"fmt"
 
 	secretmanager "cloud.google.com/go/secretmanager/apiv1"
 	"cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
@@ -11,7 +10,7 @@ import (
 
 func accessSecretVersion(client *secretmanager.Client, name string) (string, error) {
 	req := &secretmanagerpb.AccessSecretVersionRequest{
-		Name: fmt.Sprintf("projects/%s/secrets/%s/versions/latest", Config.GoogleSecretManager.ProjectId, name),
+		Name: name,
 	}
 
 	result, err := client.AccessSecretVersion(context.Background(), req)
@@ -30,10 +29,6 @@ func readKeysFromGSM() {
 		return
 	}
 
-	if Config.GoogleSecretManager.ProjectId == "" {
-		log.Fatalf("[GSM] ProjectId is empty")
-	}
-
 	ctx := context.Background()
 	client, err := secretmanager.NewClient(ctx)
 	if err != nil {

config.sample.yml

@@ -63,7 +63,6 @@ logger:
 
 google_secret_manager:
   enabled: false
-  project_id: ""
-  mongo_secret_name: ""
+  mongo_secret_name: "" # projects/<project-id>/secrets/<secret-name>/versions/latest
   pokt_secret_name: ""
   eth_secret_name: ""

docker-compose.yml

@@ -35,7 +35,7 @@ services:
 
       # google secret manager
       GOOGLE_SECRET_MANAGER_ENABLED: ${GOOGLE_SECRET_MANAGER_ENABLED}
-      GOOGLE_PROJECT_ID: ${GOOGLE_PROJECT_ID}
+      GOOGLE_MONGO_SECRET_NAME: ${GOOGLE_MONGO_SECRET_NAME}
       GOOGLE_POKT_SECRET_NAME: ${GOOGLE_POKT_SECRET_NAME}
       GOOGLE_ETH_SECRET_NAME: ${GOOGLE_ETH_SECRET_NAME}
 

models/config.go

@@ -17,7 +17,6 @@ type Config struct {
 
 type GoogleSecretManagerConfig struct {
 	Enabled         bool   `yaml:"enabled" json:"enabled"`
-	ProjectId       string `yaml:"project_id" json:"project_id"`
 	MongoSecretName string `yaml:"mongo_secret_name" json:"mongo_secret_name"`
 	PoktSecretName  string `yaml:"pokt_secret_name" json:"pokt_secret_name"`
 	EthSecretName   string `yaml:"eth_secret_name" json:"eth_secret_name"`

sample.env

@@ -29,8 +29,7 @@ COMPOSE_PROJECT_NAME=
 # google secret manager
 GOOGLE_APPLICATION_CREDENTIALS= # only for local development
 GOOGLE_SECRET_MANAGER_ENABLED=
-GOOGLE_PROJECT_ID=
-GOOGLE_MONGO_SECRET_NAME=
+GOOGLE_MONGO_SECRET_NAME=projects/<project-id>/secrets/<secret-name>/versions/latest
 GOOGLE_POKT_SECRET_NAME=
 GOOGLE_ETH_SECRET_NAME=