Only store valid Code IDs (#2011)

2020-12-11 11:09:53 +00:00 · 2020-12-11 11:09:53 +00:00 · 092d799633
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed

 - Error responses of built-in endpoints are now JSON and follow the OData schema (#1919).
+- Code ids are now deleted rather than marked as `RETIRED`. `ACTIVE` is replaced with the more precise `ALLOWED_TO_JOIN`. (#1996)

 ## [0.16.0]

--- a/doc/audit/builtin_maps.rst
+++ b/doc/audit/builtin_maps.rst
@ -0,0 +1,29 @@
+Built-in Maps
+=============
+
+`public:ccf.gov.nodes.code_ids`
+-------------------------------
+
+This table contains all the versions of the code allowed to join the current network.
+
+Key
+~~~
+
+base64 string representation of MRENCLAVE
+
+Value
+~~~~~
+
+.. doxygenenum:: ccf::CodeStatus
+   :project: CCF
+
+Example
+~~~~~~~
+
+.. list-table::
+   :header-rows: 1
+
+   * - Code ID
+     - Status
+   * - `cae46d1...bb908b64e`
+     - `ALLOWED_TO_JOIN`
--- a/doc/audit/builtin_tables.rst
+++ b/doc/audit/builtin_tables.rst
@ -1,4 +0,0 @@
-Built-in tables
-===============
-
-List and schema of all built-in tables.
--- a/doc/audit/index.rst
+++ b/doc/audit/index.rst
@ -3,10 +3,10 @@ Audit

 .. panels::

-    :fa:`table` :doc:`builtin_tables`
-    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    :fa:`table` :doc:`builtin_maps`
+    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-    Schema reference for built-in tables containing service state.
+    Schema reference for built-in maps containing service state.

    ---

--- a/doc/schemas/app_openapi.json
+++ b/doc/schemas/app_openapi.json
@ -14,8 +14,7 @@
      },
      "CodeStatus": {
        "enum": [
-          "ACCEPTED",
-          "RETIRED"
+          "ALLOWED_TO_JOIN"
        ]
      },
      "EndpointMetrics__Metric": {
--- a/doc/schemas/gov_openapi.json
+++ b/doc/schemas/gov_openapi.json
@ -14,8 +14,7 @@
      },
      "CodeStatus": {
        "enum": [
-          "ACCEPTED",
-          "RETIRED"
+          "ALLOWED_TO_JOIN"
        ]
      },
      "EndpointMetrics__Metric": {
--- a/doc/schemas/node_openapi.json
+++ b/doc/schemas/node_openapi.json
@ -3,8 +3,7 @@
    "schemas": {
      "CodeStatus": {
        "enum": [
-          "ACCEPTED",
-          "RETIRED"
+          "ALLOWED_TO_JOIN"
        ]
      },
      "EndpointMetrics__Metric": {
--- a/python/utils/verify_quote.sh
+++ b/python/utils/verify_quote.sh
@ -52,7 +52,7 @@ done
 if [ ${#trusted_mrenclaves[@]} -eq 0 ]; then
    for code_id in $(curl -sS --fail -X GET "${node_address}"/node/code "${@}" | jq .versions | jq -c ".[]"); do
        code_status=$(echo "${code_id}" | jq -r .status)
-        if [ "${code_status}" = "ACCEPTED" ]; then
+        if [ "${code_status}" = "ALLOWED_TO_JOIN" ]; then
            trusted_mrenclaves+=($(echo "${code_id}" | jq -r .digest))
        fi
    done
--- a/src/node/code_id.h
+++ b/src/node/code_id.h
@ -12,12 +12,10 @@ namespace ccf
 {
  enum class CodeStatus
  {
-    ACCEPTED = 0,
-    RETIRED = 1,
+    ALLOWED_TO_JOIN = 0
  };
  DECLARE_JSON_ENUM(
-    CodeStatus,
-    {{CodeStatus::ACCEPTED, "ACCEPTED"}, {CodeStatus::RETIRED, "RETIRED"}});
+    CodeStatus, {{CodeStatus::ALLOWED_TO_JOIN, "ALLOWED_TO_JOIN"}});
 }

 MSGPACK_ADD_ENUM(ccf::CodeStatus);
--- a/src/node/genesis_gen.h
+++ b/src/node/genesis_gen.h
@ -433,7 +433,7 @@ namespace ccf
    void trust_node_code_id(CodeDigest& node_code_id)
    {
      auto codeid_view = tx.get_view(tables.node_code_ids);
-      codeid_view->put(node_code_id, CodeStatus::ACCEPTED);
+      codeid_view->put(node_code_id, CodeStatus::ALLOWED_TO_JOIN);
    }

    void add_key_share_info(const RecoverySharesInfo& key_share_info)
--- a/src/node/quote.h
+++ b/src/node/quote.h
@ -116,7 +116,7 @@ namespace ccf
        return QuoteVerificationResult::FAIL_VERIFY_CODE_ID_NOT_FOUND;
      }

-      if (code_id_status.value() != CodeStatus::ACCEPTED)
+      if (code_id_status.value() != CodeStatus::ALLOWED_TO_JOIN)
      {
        return QuoteVerificationResult::FAIL_VERIFY_CODE_ID_RETIRED;
      }
--- a/src/node/rpc/member_frontend.h
+++ b/src/node/rpc/member_frontend.h
@ -527,7 +527,7 @@ namespace ccf
          fmt::join(new_code_id, ""));
        return false;
      }
-      code_ids->put(new_code_id, CodeStatus::ACCEPTED);
+      code_ids->put(new_code_id, CodeStatus::ALLOWED_TO_JOIN);
      return true;
    }

@ -547,7 +547,7 @@ namespace ccf
          fmt::join(code_id, ""));
        return false;
      }
-      code_ids->put(code_id, CodeStatus::RETIRED);
+      code_ids->remove(code_id);
      return true;
    }

--- a/tests/code_update.py
+++ b/tests/code_update.py
@ -90,8 +90,8 @@ def test_update_all_nodes(network, args):
        versions = sorted(r.body.json()["versions"], key=lambda x: x["digest"])
        expected = sorted(
            [
-                {"digest": first_code_id, "status": "ACCEPTED"},
-                {"digest": new_code_id, "status": "ACCEPTED"},
+                {"digest": first_code_id, "status": "ALLOWED_TO_JOIN"},
+                {"digest": new_code_id, "status": "ALLOWED_TO_JOIN"},
            ],
            key=lambda x: x["digest"],
        )
@ -104,8 +104,7 @@ def test_update_all_nodes(network, args):
        versions = sorted(r.body.json()["versions"], key=lambda x: x["digest"])
        expected = sorted(
            [
-                {"digest": first_code_id, "status": "RETIRED"},
-                {"digest": new_code_id, "status": "ACCEPTED"},
+                {"digest": new_code_id, "status": "ALLOWED_TO_JOIN"},
            ],
            key=lambda x: x["digest"],
        )