Node onchain permissioning startup validation (#3765)

* rethrow IllegalStateException, and add extra logging

Signed-off-by: Sally MacFarlane <sally.macfarlane@consensys.net>

CHANGELOG.md

@@ -11,7 +11,9 @@
 - In the Besu EVM Library all references to SHA3 have been renamed to the more accurate name Kecack256, including class names and comment. [#3749](https://github.com/hyperledger/besu/pull/3749)
 
 ### Additions and Improvements
-- Onchain node permissioning - log the enodeURL that was previously only throwing an IllegalStateException during the isPermitted check [#3697](https://github.com/hyperledger/besu/pull/3697)
+- Onchain node permissioning 
+  - Log the enodeURL that was previously only throwing an IllegalStateException during the isPermitted check [#3697](https://github.com/hyperledger/besu/pull/3697),
+  - Fail startup if node permissioning smart contract version does not match [#3765](https://github.com/hyperledger/besu/pull/3765)
 - \[EXPERIMENTAL\] Add snapsync `--sync-mode="X_SNAP"` (only as client) [#3710](https://github.com/hyperledger/besu/pull/3710)
 - Adapt Fast sync, and Snap sync, to use finalized block, from consensus layer, as pivot after the Merge [#3506](https://github.com/hyperledger/besu/issues/3506)
 - Add IPC JSON-RPC interface (BSD/MacOS and Linux only) [#3695](https://github.com/hyperledger/besu/pull/3695)

ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/NodePermissioningControllerFactory.java

@@ -156,13 +156,20 @@ public class NodePermissioningControllerFactory {
       final SmartContractPermissioningConfiguration smartContractPermissioningConfig) {
     LOG.debug("Validating onchain node permissioning smart contract configuration");
 
+    // eliminate the sync status and other checks, so we can just check the smart contract function
+    final NodePermissioningController tempControllerCheckingSmartContractOnly =
+        new NodePermissioningController(
+            Optional.empty(), nodePermissioningController.getProviders(), Optional.empty());
+
     try {
       // the enodeURLs don't matter. We just want to check if a call to the smart contract succeeds
-      nodePermissioningController.isPermitted(
+      tempControllerCheckingSmartContractOnly.isPermitted(
           EnodeURLImpl.fromString(
               "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@10.3.58.6:30303"),
           EnodeURLImpl.fromString(
               "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@10.3.58.6:30303"));
+      LOG.debug(
+          "Successful validation of onchain node permissioning smart contract configuration!");
     } catch (Exception e) {
       final String msg =
           String.format(

ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/NodeSmartContractV2PermissioningController.java

@@ -70,8 +70,8 @@ public class NodeSmartContractV2PermissioningController
       LOG.trace("Permitted? {} for DNS {}", isIpToDNSEnodePermitted, ipToDNSEnode);
       return isIpToDNSEnodePermitted;
     } catch (final IllegalStateException illegalStateException) {
-      LOG.info("Unable to check permissions for enode {} ", enode, illegalStateException);
-      return false;
+      throw new IllegalStateException(
+          "Unable to check permissions for " + enode, illegalStateException);
     }
   }
 

ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/NodeSmartContractV2PermissioningControllerTest.java

@@ -16,6 +16,7 @@ package org.hyperledger.besu.ethereum.permissioning;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatIllegalStateException;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.mock;
@@ -84,16 +85,18 @@ public class NodeSmartContractV2PermissioningControllerTest {
   }
 
   @Test
-  public void nonExpectedCallOutputReturnsNotPermitted() {
-    final TransactionSimulatorResult nonExpectedTxSimulatorResult =
+  public void nonExpectedCallOutputThrowsIllegalState() {
+    final TransactionSimulatorResult txSimulatorResult =
         transactionSimulatorResult(Bytes.random(10), ValidationResult.valid());
 
     when(transactionSimulator.processAtHead(eq(callParams(SOURCE_ENODE_EXPECTED_PAYLOAD_IP))))
-        .thenReturn(Optional.of(nonExpectedTxSimulatorResult));
+        .thenReturn(Optional.of(txSimulatorResult));
 
-    boolean isPermitted =
-        permissioningController.checkSmartContractRules(SOURCE_ENODE_IPV4, DESTINATION_ENODE_IPV4);
-    assertThat(isPermitted).isFalse();
+    assertThatIllegalStateException()
+        .isThrownBy(
+            () ->
+                permissioningController.checkSmartContractRules(
+                    SOURCE_ENODE_IPV4, DESTINATION_ENODE_IPV4));
   }
 
   @Test