Merge pull request #5571 from oasisprotocol/peternose/feature/churp-u…

…pgrade-handler go/upgrade/migrations: Prepare handler for version 24.0.0
oasisprotocol · Feb 27, 2024 · d1cf150 · d1cf150
2 parents a602ae1 + 950bfbc
commit d1cf150
Show file tree

Hide file tree

Showing 12 changed files with 194 additions and 192 deletions.
diff --git a/.changelog/5571.feature.md b/.changelog/5571.feature.md
@@ -0,0 +1,3 @@
+go/upgrade/migrations: Prepare handler for version 24.0.0
+
+The handler enables the key manager CHURP extension.
diff --git a/go/consensus/cometbft/apps/keymanager/churp/query.go b/go/consensus/cometbft/apps/keymanager/churp/query.go
@@ -8,8 +8,9 @@ import (
 	"github.com/oasisprotocol/oasis-core/go/keymanager/churp"
 )
 
-// Query is the key manager query interface.
+// Query is the key manager CHURP query interface.
 type Query interface {
+	ConsensusParameters(context.Context) (*churp.ConsensusParameters, error)
 	Status(context.Context, common.Namespace, uint8) (*churp.Status, error)
 	Statuses(context.Context, common.Namespace) ([]*churp.Status, error)
 	AllStatuses(context.Context) ([]*churp.Status, error)
@@ -19,18 +20,27 @@ type querier struct {
 	state *churpState.ImmutableState
 }
 
-func (kq *querier) Status(ctx context.Context, runtimeID common.Namespace, churpID uint8) (*churp.Status, error) {
-	return kq.state.Status(ctx, runtimeID, churpID)
+// ConsensusParameters implements Query.
+func (q *querier) ConsensusParameters(ctx context.Context) (*churp.ConsensusParameters, error) {
+	return q.state.ConsensusParameters(ctx)
 }
 
-func (kq *querier) Statuses(ctx context.Context, runtimeID common.Namespace) ([]*churp.Status, error) {
-	return kq.state.Statuses(ctx, runtimeID)
+// Status implements Query.
+func (q *querier) Status(ctx context.Context, runtimeID common.Namespace, churpID uint8) (*churp.Status, error) {
+	return q.state.Status(ctx, runtimeID, churpID)
 }
 
-func (kq *querier) AllStatuses(ctx context.Context) ([]*churp.Status, error) {
-	return kq.state.AllStatuses(ctx)
+// Statuses implements Query.
+func (q *querier) Statuses(ctx context.Context, runtimeID common.Namespace) ([]*churp.Status, error) {
+	return q.state.Statuses(ctx, runtimeID)
 }
 
+// AllStatuses implements Query.
+func (q *querier) AllStatuses(ctx context.Context) ([]*churp.Status, error) {
+	return q.state.AllStatuses(ctx)
+}
+
+// NewQuery creates a new key manager CHURP query.
 func NewQuery(state *churpState.ImmutableState) Query {
 	return &querier{state}
 }
diff --git a/go/consensus/cometbft/apps/keymanager/secrets/query.go b/go/consensus/cometbft/apps/keymanager/secrets/query.go
@@ -8,7 +8,7 @@ import (
 	"github.com/oasisprotocol/oasis-core/go/keymanager/secrets"
 )
 
-// Query is the key manager query interface.
+// Query is the key manager secrets query interface.
 type Query interface {
 	Status(context.Context, common.Namespace) (*secrets.Status, error)
 	Statuses(context.Context) ([]*secrets.Status, error)
@@ -21,24 +21,29 @@ type querier struct {
 	state *secretsState.ImmutableState
 }
 
-func (kq *querier) Status(ctx context.Context, runtimeID common.Namespace) (*secrets.Status, error) {
-	return kq.state.Status(ctx, runtimeID)
+// Status implements Query.
+func (q *querier) Status(ctx context.Context, runtimeID common.Namespace) (*secrets.Status, error) {
+	return q.state.Status(ctx, runtimeID)
 }
 
-func (kq *querier) Statuses(ctx context.Context) ([]*secrets.Status, error) {
-	return kq.state.Statuses(ctx)
+// Statuses implements Query.
+func (q *querier) Statuses(ctx context.Context) ([]*secrets.Status, error) {
+	return q.state.Statuses(ctx)
 }
 
-func (kq *querier) MasterSecret(ctx context.Context, runtimeID common.Namespace) (*secrets.SignedEncryptedMasterSecret, error) {
-	return kq.state.MasterSecret(ctx, runtimeID)
+// MasterSecret implements Query.
+func (q *querier) MasterSecret(ctx context.Context, runtimeID common.Namespace) (*secrets.SignedEncryptedMasterSecret, error) {
+	return q.state.MasterSecret(ctx, runtimeID)
 }
 
-func (kq *querier) EphemeralSecret(ctx context.Context, runtimeID common.Namespace) (*secrets.SignedEncryptedEphemeralSecret, error) {
-	return kq.state.EphemeralSecret(ctx, runtimeID)
+// EphemeralSecret implements Query.
+func (q *querier) EphemeralSecret(ctx context.Context, runtimeID common.Namespace) (*secrets.SignedEncryptedEphemeralSecret, error) {
+	return q.state.EphemeralSecret(ctx, runtimeID)
 }
 
-func (kq *querier) Genesis(ctx context.Context) (*secrets.Genesis, error) {
-	statuses, err := kq.state.Statuses(ctx)
+// Genesis implements Query.
+func (q *querier) Genesis(ctx context.Context) (*secrets.Genesis, error) {
+	statuses, err := q.state.Statuses(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -52,6 +57,7 @@ func (kq *querier) Genesis(ctx context.Context) (*secrets.Genesis, error) {
 	return &gen, nil
 }
 
+// NewQuery creates a new key manager secrets query.
 func NewQuery(state *secretsState.ImmutableState) Query {
 	return &querier{state}
 }
diff --git a/go/consensus/cometbft/keymanager/churp/client.go b/go/consensus/cometbft/keymanager/churp/client.go
@@ -22,6 +22,16 @@ type ServiceClient struct {
 	statusNotifier *pubsub.Broker
 }
 
+// ConsensusParameters implements churp.Backend.
+func (sc *ServiceClient) ConsensusParameters(ctx context.Context, height int64) (*churp.ConsensusParameters, error) {
+	q, err := sc.querier.QueryAt(ctx, height)
+	if err != nil {
+		return nil, err
+	}
+
+	return q.Churp().ConsensusParameters(ctx)
+}
+
 // Status implements churp.Backend.
 func (sc *ServiceClient) Status(ctx context.Context, query *churp.StatusQuery) (*churp.Status, error) {
 	q, err := sc.querier.QueryAt(ctx, query.Height)

diff --git a/go/keymanager/churp/backend.go b/go/keymanager/churp/backend.go
@@ -9,8 +9,11 @@ import (
 
 // Backend is a CHURP management implementation.
 type Backend interface {
+	// ConsensusParameters returns the CHURP consensus parameters.
+	ConsensusParameters(context.Context, int64) (*ConsensusParameters, error)
+
 	// Status returns the CHURP status for the specified runtime and CHURP
-	// instance.
+	// scheme.
 	Status(context.Context, *StatusQuery) (*Status, error)
 
 	// Statuses returns the CHURP statuses for the specified runtime.

diff --git a/go/keymanager/churp/grpc.go b/go/keymanager/churp/grpc.go
@@ -14,11 +14,13 @@ var (
 	// serviceName is the gRPC service name.
 	serviceName = cmnGrpc.NewServiceName("KeyManager.Churp")
 
-	// methodGetStatus is the GetStatus method.
+	// methodConsensusParameters is the ConsensusParameters method.
+	methodConsensusParameters = serviceName.NewMethod("ConsensusParameters", int64(0))
+	// methodStatus is the Status method.
 	methodStatus = serviceName.NewMethod("Status", StatusQuery{})
-	// methodGetStatuses is the GetStatuses method.
+	// methodStatuses is the Statuses method.
 	methodStatuses = serviceName.NewMethod("Statuses", registry.NamespaceQuery{})
-	// methodGetStatuses is the GetStatuses method.
+	// methodAllStatuses is the AllStatuses method.
 	methodAllStatuses = serviceName.NewMethod("AllStatuses", int64(0))
 
 	// methodWatchStatuses is the WatchStatuses method.
@@ -29,6 +31,10 @@ var (
 		ServiceName: string(serviceName),
 		HandlerType: (*Backend)(nil),
 		Methods: []grpc.MethodDesc{
+			{
+				MethodName: methodConsensusParameters.ShortName(),
+				Handler:    handlerConsensusParameters,
+			},
 			{
 				MethodName: methodStatus.ShortName(),
 				Handler:    handlerStatus,
@@ -52,6 +58,29 @@ var (
 	}
 )
 
+func handlerConsensusParameters(
+	srv interface{},
+	ctx context.Context,
+	dec func(interface{}) error,
+	interceptor grpc.UnaryServerInterceptor,
+) (interface{}, error) {
+	var height int64
+	if err := dec(&height); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(Backend).ConsensusParameters(ctx, height)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: methodConsensusParameters.FullName(),
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(Backend).ConsensusParameters(ctx, req.(int64))
+	}
+	return interceptor(ctx, height, info, handler)
+}
+
 func handlerStatus(
 	srv interface{},
 	ctx context.Context,
@@ -156,6 +185,14 @@ type Client struct {
 	conn *grpc.ClientConn
 }
 
+func (c *Client) ConsensusParameters(ctx context.Context, height int64) (*ConsensusParameters, error) {
+	var resp ConsensusParameters
+	if err := c.conn.Invoke(ctx, methodConsensusParameters.FullName(), height, &resp); err != nil {
+		return nil, err
+	}
+	return &resp, nil
+}
+
 func (c *Client) Status(ctx context.Context, query *StatusQuery) (*Status, error) {
 	var resp Status
 	if err := c.conn.Invoke(ctx, methodStatus.FullName(), query, &resp); err != nil {

diff --git a/go/oasis-test-runner/oasis/network.go b/go/oasis-test-runner/oasis/network.go
@@ -174,6 +174,9 @@ type NetworkCfg struct { // nolint: maligned
 	// left empty. Nodes are started in the order in which they appear here (automatically created
 	// nodes are appended).
 	Nodes []string
+
+	// EnableKeyManagerCHURP is the enable key manager CHURP extension flag.
+	EnableKeyManagerCHURP bool `json:"enable_km_churp,omitempty"`
 }
 
 // SetMockEpoch force-enables the mock epoch time keeping.
@@ -778,7 +781,6 @@ func (net *Network) MakeGenesis() error {
 		"--" + genesis.CfgConsensusBackend, net.cfg.Consensus.Backend,
 		"--" + genesis.CfgConsensusTimeoutCommit, net.cfg.Consensus.Parameters.TimeoutCommit.String(),
 		"--" + genesis.CfgRegistryEnableRuntimeGovernanceModels, "entity,runtime",
-		"--" + genesis.CfgRegistryEnableKeyManagerCHURP, "true",
 		"--" + genesis.CfgRegistryDebugAllowUnroutableAddresses, "true",
 		"--" + genesis.CfgRegistryDebugAllowTestRuntimes, "true",
 		"--" + genesis.CfgSchedulerMaxValidatorsPerEntity, strconv.Itoa(len(net.Validators())),
@@ -789,6 +791,11 @@ func (net *Network) MakeGenesis() error {
 		"--" + genesis.CfgStakingTokenValueExponent, strconv.FormatUint(uint64(genesisTestHelpers.TestStakingTokenValueExponent), 10),
 		"--" + genesis.CfgBeaconBackend, net.cfg.Beacon.Backend,
 	}
+	if net.cfg.EnableKeyManagerCHURP {
+		args = append(args, []string{
+			"--" + genesis.CfgRegistryEnableKeyManagerCHURP, "true",
+		}...)
+	}
 	switch net.cfg.Beacon.Backend {
 	case beacon.BackendInsecure:
 		args = append(args, []string{

diff --git a/go/oasis-test-runner/scenario/e2e/scenario.go b/go/oasis-test-runner/scenario/e2e/scenario.go
@@ -135,10 +135,9 @@ func RegisterScenarios() error {
 		GenesisFile,
 		// Node upgrade tests.
 		NodeUpgradeDummy,
-		NodeUpgradeMaxAllowances,
-		NodeUpgradeV62,
 		NodeUpgradeEmpty,
 		NodeUpgradeCancel,
+		NodeUpgradeConsensus240,
 		// Debonding entries from genesis test.
 		Debond,
 		// Consensus state sync.

diff --git a/go/oasis-test-runner/scenario/e2e/upgrade.go b/go/oasis-test-runner/scenario/e2e/upgrade.go
@@ -8,6 +8,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"reflect"
 	"sync"
 	"time"
 
@@ -17,6 +18,7 @@ import (
 	"github.com/oasisprotocol/oasis-core/go/common/pubsub"
 	"github.com/oasisprotocol/oasis-core/go/common/version"
 	consensus "github.com/oasisprotocol/oasis-core/go/consensus/api"
+	"github.com/oasisprotocol/oasis-core/go/keymanager/churp"
 	"github.com/oasisprotocol/oasis-core/go/oasis-test-runner/env"
 	"github.com/oasisprotocol/oasis-core/go/oasis-test-runner/log"
 	"github.com/oasisprotocol/oasis-core/go/oasis-test-runner/oasis"
@@ -80,47 +82,44 @@ func (n *noOpUpgradeChecker) PostUpgradeFn(context.Context, *oasis.Controller) e
 	return nil
 }
 
-type upgradeV62Checker struct{}
+type upgrade240Checker struct{}
+
+func (c *upgrade240Checker) PreUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error {
+	// Check registry parameters.
+	registryParams, err := ctrl.Registry.ConsensusParameters(ctx, consensus.HeightLatest)
+	if err != nil {
+		return fmt.Errorf("can't get registry consensus parameters: %w", err)
+	}
+	if registryParams.EnableKeyManagerCHURP {
+		return fmt.Errorf("key manager CHURP extension is enabled")
+	}
+
+	// Check CHURP parameters.
+	_, err = ctrl.Keymanager.Churp().ConsensusParameters(ctx, consensus.HeightLatest)
+	if err == nil {
+		return fmt.Errorf("key manager CHURP consensus parameters shouldn't be set: %w", err)
+	}
 
-func (n *upgradeV62Checker) PreUpgradeFn(context.Context, *oasis.Controller) error {
 	return nil
 }
 
-func (n *upgradeV62Checker) PostUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error {
+func (c *upgrade240Checker) PostUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error {
 	// Check updated registry parameters.
 	registryParams, err := ctrl.Registry.ConsensusParameters(ctx, consensus.HeightLatest)
 	if err != nil {
 		return fmt.Errorf("can't get registry consensus parameters: %w", err)
 	}
-	if registryParams.TEEFeatures == nil {
-		return fmt.Errorf("TEE features are unset")
-	}
-	if !registryParams.TEEFeatures.SGX.PCS {
-		return fmt.Errorf("PCS SGX TEE feature is disabled")
-	}
-	if !registryParams.TEEFeatures.FreshnessProofs {
-		return fmt.Errorf("freshness proofs TEE feature is disabled")
-	}
-	if !registryParams.TEEFeatures.SGX.SignedAttestations {
-		return fmt.Errorf("signed attestations TEE feature is disabled")
-	}
-	if registryParams.TEEFeatures.SGX.DefaultMaxAttestationAge != 1200 {
-		return fmt.Errorf("default max attestation age is not set correctly")
-	}
-	if registryParams.GasCosts[registry.GasOpProveFreshness] != registry.DefaultGasCosts[registry.GasOpProveFreshness] {
-		return fmt.Errorf("default gas cost for freshness proofs is not set")
-	}
-	if registryParams.MaxRuntimeDeployments != 5 {
-		return fmt.Errorf("maximum number of runtime deployments is not set correctly")
+	if !registryParams.EnableKeyManagerCHURP {
+		return fmt.Errorf("key manager CHURP extension is disabled")
 	}
 
-	// Check updated governance parameters.
-	govParams, err := ctrl.Governance.ConsensusParameters(ctx, consensus.HeightLatest)
+	// Check updated CHURP parameters.
+	churpParams, err := ctrl.Keymanager.Churp().ConsensusParameters(ctx, consensus.HeightLatest)
 	if err != nil {
-		return fmt.Errorf("can't get governance consensus parameters: %w", err)
+		return fmt.Errorf("can't get key manager CHURP consensus parameters: %w", err)
 	}
-	if !govParams.EnableChangeParametersProposal {
-		return fmt.Errorf("change parameters proposal is disabled")
+	if !reflect.DeepEqual(*churpParams, churp.DefaultConsensusParameters) {
+		return fmt.Errorf("key manager CHURP consensus parameters are not default")
 	}
 
 	return nil
@@ -129,12 +128,10 @@ func (n *upgradeV62Checker) PostUpgradeFn(ctx context.Context, ctrl *oasis.Contr
 var (
 	// NodeUpgradeDummy is the node upgrade dummy scenario.
 	NodeUpgradeDummy scenario.Scenario = newNodeUpgradeImpl(migrations.DummyUpgradeHandler, &dummyUpgradeChecker{})
-	// NodeUpgradeMaxAllowances is the node upgrade max allowances scenario.
-	NodeUpgradeMaxAllowances scenario.Scenario = newNodeUpgradeImpl(migrations.ConsensusMaxAllowances16Handler, &noOpUpgradeChecker{})
-	// NodeUpgradeV62 is the node consensus V61 migration scenario.
-	NodeUpgradeV62 scenario.Scenario = newNodeUpgradeImpl(migrations.ConsensusV62, &upgradeV62Checker{})
 	// NodeUpgradeEmpty is the empty node upgrade scenario.
 	NodeUpgradeEmpty scenario.Scenario = newNodeUpgradeImpl(migrations.EmptyHandler, &noOpUpgradeChecker{})
+	// NodeUpgradeConsensus240 is the node upgrade scenario for migrating to consensus 24.0.
+	NodeUpgradeConsensus240 scenario.Scenario = newNodeUpgradeImpl(migrations.Consensus240, &upgrade240Checker{})
 
 	malformedDescriptor = []byte(`{
 		"v": 1,