From 092d799633eae1fa0529820b79ff661e05c545aa Mon Sep 17 00:00:00 2001
From: Amaury Chamayou <amchamay@microsoft.com>
Date: Fri, 11 Dec 2020 11:09:53 +0000
Subject: [PATCH] Only store valid Code IDs (#2011)

---
 CHANGELOG.md                   |  1 +
 doc/audit/builtin_maps.rst     | 29 +++++++++++++++++++++++++++++
 doc/audit/builtin_tables.rst   |  4 ----
 doc/audit/index.rst            |  6 +++---
 doc/schemas/app_openapi.json   |  3 +--
 doc/schemas/gov_openapi.json   |  3 +--
 doc/schemas/node_openapi.json  |  3 +--
 python/utils/verify_quote.sh   |  2 +-
 src/node/code_id.h             |  6 ++----
 src/node/genesis_gen.h         |  2 +-
 src/node/quote.h               |  2 +-
 src/node/rpc/member_frontend.h |  4 ++--
 tests/code_update.py           |  7 +++----
 13 files changed, 46 insertions(+), 26 deletions(-)
 create mode 100644 doc/audit/builtin_maps.rst
 delete mode 100644 doc/audit/builtin_tables.rst

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37b3bc175..f0bb4ebbf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Changed
 
 - Error responses of built-in endpoints are now JSON and follow the OData schema (#1919).
+- Code ids are now deleted rather than marked as `RETIRED`. `ACTIVE` is replaced with the more precise `ALLOWED_TO_JOIN`. (#1996)
 
 ## [0.16.0]
 
diff --git a/doc/audit/builtin_maps.rst b/doc/audit/builtin_maps.rst
new file mode 100644
index 000000000..3f62fcb7b
--- /dev/null
+++ b/doc/audit/builtin_maps.rst
@@ -0,0 +1,29 @@
+Built-in Maps
+=============
+
+`public:ccf.gov.nodes.code_ids`
+-------------------------------
+
+This table contains all the versions of the code allowed to join the current network.
+
+Key
+~~~
+
+base64 string representation of MRENCLAVE
+
+Value
+~~~~~
+
+.. doxygenenum:: ccf::CodeStatus
+   :project: CCF
+
+Example
+~~~~~~~
+
+.. list-table::
+   :header-rows: 1
+
+   * - Code ID
+     - Status
+   * - `cae46d1...bb908b64e`
+     - `ALLOWED_TO_JOIN`
\ No newline at end of file
diff --git a/doc/audit/builtin_tables.rst b/doc/audit/builtin_tables.rst
deleted file mode 100644
index c7be258a3..000000000
--- a/doc/audit/builtin_tables.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-Built-in tables
-===============
-
-List and schema of all built-in tables.
\ No newline at end of file
diff --git a/doc/audit/index.rst b/doc/audit/index.rst
index b0626d6db..68c22d8ff 100644
--- a/doc/audit/index.rst
+++ b/doc/audit/index.rst
@@ -3,10 +3,10 @@ Audit
 
 .. panels::
 
-    :fa:`table` :doc:`builtin_tables`
-    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+    :fa:`table` :doc:`builtin_maps`
+    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-    Schema reference for built-in tables containing service state.
+    Schema reference for built-in maps containing service state.
 
     ---
 
diff --git a/doc/schemas/app_openapi.json b/doc/schemas/app_openapi.json
index 6fee1a39f..6c19dd8d4 100644
--- a/doc/schemas/app_openapi.json
+++ b/doc/schemas/app_openapi.json
@@ -14,8 +14,7 @@
       },
       "CodeStatus": {
         "enum": [
-          "ACCEPTED",
-          "RETIRED"
+          "ALLOWED_TO_JOIN"
         ]
       },
       "EndpointMetrics__Metric": {
diff --git a/doc/schemas/gov_openapi.json b/doc/schemas/gov_openapi.json
index e4e719d00..c2271305c 100644
--- a/doc/schemas/gov_openapi.json
+++ b/doc/schemas/gov_openapi.json
@@ -14,8 +14,7 @@
       },
       "CodeStatus": {
         "enum": [
-          "ACCEPTED",
-          "RETIRED"
+          "ALLOWED_TO_JOIN"
         ]
       },
       "EndpointMetrics__Metric": {
diff --git a/doc/schemas/node_openapi.json b/doc/schemas/node_openapi.json
index 363aeef1f..fd0284ab0 100644
--- a/doc/schemas/node_openapi.json
+++ b/doc/schemas/node_openapi.json
@@ -3,8 +3,7 @@
     "schemas": {
       "CodeStatus": {
         "enum": [
-          "ACCEPTED",
-          "RETIRED"
+          "ALLOWED_TO_JOIN"
         ]
       },
       "EndpointMetrics__Metric": {
diff --git a/python/utils/verify_quote.sh b/python/utils/verify_quote.sh
index b5891eb63..3cb2b457e 100755
--- a/python/utils/verify_quote.sh
+++ b/python/utils/verify_quote.sh
@@ -52,7 +52,7 @@ done
 if [ ${#trusted_mrenclaves[@]} -eq 0 ]; then
     for code_id in $(curl -sS --fail -X GET "${node_address}"/node/code "${@}" | jq .versions | jq -c ".[]"); do
         code_status=$(echo "${code_id}" | jq -r .status)
-        if [ "${code_status}" = "ACCEPTED" ]; then
+        if [ "${code_status}" = "ALLOWED_TO_JOIN" ]; then
             trusted_mrenclaves+=($(echo "${code_id}" | jq -r .digest))
         fi
     done
diff --git a/src/node/code_id.h b/src/node/code_id.h
index 6e291cc7f..0c18a25bd 100644
--- a/src/node/code_id.h
+++ b/src/node/code_id.h
@@ -12,12 +12,10 @@ namespace ccf
 {
   enum class CodeStatus
   {
-    ACCEPTED = 0,
-    RETIRED = 1,
+    ALLOWED_TO_JOIN = 0
   };
   DECLARE_JSON_ENUM(
-    CodeStatus,
-    {{CodeStatus::ACCEPTED, "ACCEPTED"}, {CodeStatus::RETIRED, "RETIRED"}});
+    CodeStatus, {{CodeStatus::ALLOWED_TO_JOIN, "ALLOWED_TO_JOIN"}});
 }
 
 MSGPACK_ADD_ENUM(ccf::CodeStatus);
diff --git a/src/node/genesis_gen.h b/src/node/genesis_gen.h
index ba41fb9e1..43c169dff 100644
--- a/src/node/genesis_gen.h
+++ b/src/node/genesis_gen.h
@@ -433,7 +433,7 @@ namespace ccf
     void trust_node_code_id(CodeDigest& node_code_id)
     {
       auto codeid_view = tx.get_view(tables.node_code_ids);
-      codeid_view->put(node_code_id, CodeStatus::ACCEPTED);
+      codeid_view->put(node_code_id, CodeStatus::ALLOWED_TO_JOIN);
     }
 
     void add_key_share_info(const RecoverySharesInfo& key_share_info)
diff --git a/src/node/quote.h b/src/node/quote.h
index 0a0eb0e09..19a4ce086 100644
--- a/src/node/quote.h
+++ b/src/node/quote.h
@@ -116,7 +116,7 @@ namespace ccf
         return QuoteVerificationResult::FAIL_VERIFY_CODE_ID_NOT_FOUND;
       }
 
-      if (code_id_status.value() != CodeStatus::ACCEPTED)
+      if (code_id_status.value() != CodeStatus::ALLOWED_TO_JOIN)
       {
         return QuoteVerificationResult::FAIL_VERIFY_CODE_ID_RETIRED;
       }
diff --git a/src/node/rpc/member_frontend.h b/src/node/rpc/member_frontend.h
index 8ca2ace57..4495af10f 100644
--- a/src/node/rpc/member_frontend.h
+++ b/src/node/rpc/member_frontend.h
@@ -527,7 +527,7 @@ namespace ccf
           fmt::join(new_code_id, ""));
         return false;
       }
-      code_ids->put(new_code_id, CodeStatus::ACCEPTED);
+      code_ids->put(new_code_id, CodeStatus::ALLOWED_TO_JOIN);
       return true;
     }
 
@@ -547,7 +547,7 @@ namespace ccf
           fmt::join(code_id, ""));
         return false;
       }
-      code_ids->put(code_id, CodeStatus::RETIRED);
+      code_ids->remove(code_id);
       return true;
     }
 
diff --git a/tests/code_update.py b/tests/code_update.py
index fbcc6cd26..57f31c550 100644
--- a/tests/code_update.py
+++ b/tests/code_update.py
@@ -90,8 +90,8 @@ def test_update_all_nodes(network, args):
         versions = sorted(r.body.json()["versions"], key=lambda x: x["digest"])
         expected = sorted(
             [
-                {"digest": first_code_id, "status": "ACCEPTED"},
-                {"digest": new_code_id, "status": "ACCEPTED"},
+                {"digest": first_code_id, "status": "ALLOWED_TO_JOIN"},
+                {"digest": new_code_id, "status": "ALLOWED_TO_JOIN"},
             ],
             key=lambda x: x["digest"],
         )
@@ -104,8 +104,7 @@ def test_update_all_nodes(network, args):
         versions = sorted(r.body.json()["versions"], key=lambda x: x["digest"])
         expected = sorted(
             [
-                {"digest": first_code_id, "status": "RETIRED"},
-                {"digest": new_code_id, "status": "ACCEPTED"},
+                {"digest": new_code_id, "status": "ALLOWED_TO_JOIN"},
             ],
             key=lambda x: x["digest"],
         )