Disable snapshot read endpoints by-default, require a per-interface opt-in to enable new `OperatorFeature` #7440

eddyashton · 2025-11-06T14:43:47Z

This has a bunch of knock-on effects. The related diffs may not all be strictly required, I've lost track, but they lead to a cleaner API (for things like "create a new node" in the Python infra) and I think for backporting purposes they all land together.

…e_serving_interfaces

src/node/rpc/file_serving_handlers.h

Copilot

Pull Request Overview

This PR refactors the network interface configuration system and adds opt-in feature gating for snapshot-serving endpoints to prevent public DoS attacks. The changes introduce a new FILE_SERVING_RPC_INTERFACE with FileAccess feature enabled by default, and modify the test infrastructure to use a more fluent API pattern for configuring nodes.

Key changes:

Introduces opt-in feature gating for endpoints, specifically for file access/snapshot serving
Refactors RPCInterface.from_args() to apply_args() and adds HostSpec.with_args() for better composability
Adds a dedicated file-serving interface to all nodes by default with FileAccess feature enabled
Moves snapshot-serving handlers from node_frontend.h to new file_serving_handlers.h file

Reviewed Changes

Copilot reviewed 32 out of 32 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
tests/infra/interfaces.py	Refactors interface configuration with `apply_args()` and `with_args()` methods, adds FILE_SERVING_RPC_INTERFACE
tests/infra/e2e_args.py	Simplifies nodes() function to use HostSpec.with_args()
tests/infra/node.py	Improves interface lookup with error handling
tests/infra/network.py	Updates create_node() to accept optional host parameter
tests/e2e_operations.py	Updates snapshot access tests to use FILE_SERVING_RPC_INTERFACE
src/node/rpc/file_serving_handlers.h	New file containing extracted snapshot-serving handlers with feature gating
src/node/rpc/frontend.h	Adds feature checking logic for endpoints
src/endpoints/endpoint.cpp	Adds require_optin_feature() method
include/ccf/endpoint.h	Defines OptInFeatures and adds required_optin_features field
doc/host_config_schema/cchost_config.json	Documents enabled_optin_features configuration option

Comments suppressed due to low confidence (1)

tests/infra/basicperf.py:213

Call to function nodes with too few arguments; should be no fewer than 2.

    hosts = args.nodes or infra.e2e_args.nodes(1)

src/node/rpc/file_serving_handlers.h

tests/infra/node.py

tests/infra/basicperf.py

tests/infra/network.py

src/node/rpc/frontend.h

tests/e2e_operations.py

tests/infra/interfaces.py

tests/infra/network.py

Co-authored-by: Copilot <[email protected]>

…e more test

…e_serving_interfaces

src/node/rpc/file_serving_handlers.h

eddyashton added 15 commits October 31, 2025 14:52

Move /snapshot handlers to a separate file

faacfa4

WIP: Add RiskyFeatures property to Endpoint

5e59f98

Better naming, more plumbing, actual usage

75a45ce

Bodged band-aid for test

9b11958

Bump API

7748f61

Infra gives every node a file serving interface by default

eba9603

Format

f206851

Change API for interfaces.py, simplify node creation

757354a

run_join_old_snapshot in subdir, with correctly configured nodes

7aef20b

Less localhost, more test-specific subdirs

1dd30c9

Fix partitions_test

187d7a7

CHANGELOG, docs, TODO cleanup

1deda4f

A little formatting

3b6f74e

Merge branch 'main' of https://github.com/microsoft/CCF into gate_fil…

595e74e

…e_serving_interfaces

A lot of plumbing. Worth it? Unclear

55674d1

eddyashton requested a review from a team as a code owner November 6, 2025 14:43

Copilot AI review requested due to automatic review settings November 6, 2025 14:43