Merge pull request #3548 from oasisprotocol/andrej/feature/adr4-part1

Modify runtime descriptors to support ADR 0004
oasisprotocol · Jan 13, 2021 · 897b681 · 897b681
2 parents cd82b14 + ca84d78
commit 897b681
Show file tree

Hide file tree

Showing 38 changed files with 987 additions and 448 deletions.
diff --git a/.changelog/3450.breaking.2.md b/.changelog/3450.breaking.2.md
@@ -0,0 +1,10 @@
+Remove `SignedRuntime`
+
+As part of the work on [ADR 0004], support for signed runtime descriptors
+has been removed, since they are no longer required.
+All methods that used to take signed runtime descriptors now take
+non-signed runtime descriptors instead.
+This also affects the genesis file, use the `oasis-node debug fix-genesis`
+command to convert a genesis file from the old format to the new one.
+
+[ADR 0004]: docs/adr/0004-runtime-governance.md
diff --git a/.changelog/3450.breaking.md b/.changelog/3450.breaking.md
@@ -0,0 +1,6 @@
+Modify runtime descriptors to support ADR 0004
+
+As described in [ADR 0004], the runtime descriptors are modified to
+enable runtime governance.
+
+[ADR 0004]: docs/adr/0004-runtime-governance.md
diff --git a/.changelog/3450.internal.md b/.changelog/3450.internal.md
@@ -0,0 +1 @@
+Add `GetEntityNodes()` query to registry state
diff --git a/docs/consensus/genesis.md b/docs/consensus/genesis.md
@@ -53,7 +53,7 @@ launch, see: [Genesis File Overview].
 {% endhint %}
 
 [Genesis File Overview]:
-  https://docs.oasis.dev/general/pre-mainnet/genesis-file
+  https://docs.oasis.dev/general/mainnet/genesis-file
 
 ### Canonical Form
 

diff --git a/docs/consensus/registry.md b/docs/consensus/registry.md
@@ -51,12 +51,25 @@ offline and having entities as separate resources enables that.
 
 A [runtime] is effectively a replicated application with shared state. The
 registry resource describes a runtime's operational parameters, including its
-identifier, kind, admission policy, committee scheduling, storage etc. For a
-full description of the runtime descriptor see [the `Runtime` structure].
+identifier, kind, admission policy, committee scheduling, storage, governance
+model, etc. For a full description of the runtime descriptor see
+[the `Runtime` structure].
 
-Currently only the owning entity is allowed to make any modifications to the
-runtime. There are plans to enable runtimes to update their own descriptors in
-the future to enable runtimes to be self-governing.
+<!-- markdownlint-disable no-space-in-emphasis -->
+The chosen governance model indicates how the runtime descriptor can be updated
+in the future.
+
+There are currently three supported governance models:
+
+* **Entity governance** where the runtime owner is the only one who can update
+  the runtime descriptor via `registry.RegisterRuntime` method calls.
+
+* **Runtime-defined governance** where the runtime itself is the only one who
+  can update the runtime descriptor by emitting a runtime message.
+
+* **Consensus layer governance** where only the consensus layer itself can
+  update the runtime descriptor through network governance.
+<!-- markdownlint-enable no-space-in-emphasis -->
 
 <!-- markdownlint-disable line-length -->
 [runtime]: ../runtime/index.md
@@ -209,16 +222,18 @@ runtime transaction can be generated using [`NewRegisterRuntimeTx`].
 registry.RegisterRuntime
 ```
 
-The body of a register runtime transaction must be a [`SignedRuntime`]
-structure, which is a [signed envelope] containing a [`Runtime`] descriptor.
+The body of a register runtime transaction must be a [`Runtime`] descriptor.
 The signer of the transaction MUST be the owning entity key.
 
-Registering a runtime may require sufficient stake in the owning entity's
-[escrow account].
+Registering a runtime may require sufficient stake in either the owning
+entity's (when entity governance is used) or the runtime's (when runtime
+governance is used) [escrow account].
+
+Changing the governance model from entity governance to runtime governance is
+allowed. Any other governance model changes are not allowed.
 
 <!-- markdownlint-disable line-length -->
 [`NewRegisterRuntimeTx`]: https://pkg.go.dev/github.com/oasisprotocol/oasis-core/go/registry/api?tab=doc#NewRegisterRuntimeTx
-[`SignedRuntime`]: https://pkg.go.dev/github.com/oasisprotocol/oasis-core/go/registry/api?tab=doc#SignedRuntime
 [`Runtime`]: https://pkg.go.dev/github.com/oasisprotocol/oasis-core/go/registry/api?tab=doc#Runtime
 <!-- markdownlint-enable line-length -->
 

diff --git a/go/consensus/tendermint/apps/keymanager/genesis.go b/go/consensus/tendermint/apps/keymanager/genesis.go
@@ -30,8 +30,8 @@ func (app *keymanagerApplication) InitChain(ctx *tmapi.Context, request types.Re
 	// list.
 	regSt := doc.Registry
 	rtMap := make(map[common.Namespace]*registry.Runtime)
-	for _, v := range regSt.Runtimes {
-		rt, err := registry.VerifyRegisterRuntimeArgs(&regSt.Parameters, ctx.Logger(), v, true, false)
+	for _, rt := range regSt.Runtimes {
+		err := registry.VerifyRuntime(&regSt.Parameters, ctx.Logger(), rt, true, false)
 		if err != nil {
 			ctx.Logger().Error("InitChain: Invalid runtime",
 				"err", err,

diff --git a/go/consensus/tendermint/apps/registry/genesis.go b/go/consensus/tendermint/apps/registry/genesis.go
@@ -46,47 +46,43 @@ func (app *registryApplication) InitChain(ctx *abciAPI.Context, request types.Re
 	}
 	// Register runtimes. First key manager and then compute runtime(s).
 	for _, k := range []registry.RuntimeKind{registry.KindKeyManager, registry.KindCompute} {
-		for i, v := range st.Runtimes {
-			if v == nil {
+		for i, rt := range st.Runtimes {
+			if rt == nil {
 				return fmt.Errorf("registry: genesis runtime index %d is nil", i)
 			}
-			rt, err := registry.VerifyRegisterRuntimeArgs(&st.Parameters, ctx.Logger(), v, ctx.IsInitChain(), false)
+			err := registry.VerifyRuntime(&st.Parameters, ctx.Logger(), rt, ctx.IsInitChain(), false)
 			if err != nil {
 				return err
 			}
 			if rt.Kind != k {
 				continue
 			}
 			ctx.Logger().Debug("InitChain: Registering genesis runtime",
-				"runtime_owner", v.Signature.PublicKey,
+				"runtime_id", rt.ID,
 			)
-			if err := app.registerRuntime(ctx, state, v); err != nil {
+			if err := app.registerRuntime(ctx, state, rt); err != nil {
 				ctx.Logger().Error("InitChain: failed to register runtime",
 					"err", err,
-					"runtime", v,
+					"runtime_id", rt.ID,
 				)
 				return fmt.Errorf("registry: genesis runtime registration failure: %w", err)
 			}
 		}
 	}
-	for i, v := range st.SuspendedRuntimes {
-		if v == nil {
+	for i, rt := range st.SuspendedRuntimes {
+		if rt == nil {
 			return fmt.Errorf("registry: genesis suspended runtime index %d is nil", i)
 		}
 		ctx.Logger().Debug("InitChain: Registering genesis suspended runtime",
-			"runtime_owner", v.Signature.PublicKey,
+			"runtime_id", rt.ID,
 		)
-		if err := app.registerRuntime(ctx, state, v); err != nil {
+		if err := app.registerRuntime(ctx, state, rt); err != nil {
 			ctx.Logger().Error("InitChain: failed to register runtime",
 				"err", err,
-				"runtime", v,
+				"runtime_id", rt.ID,
 			)
 			return fmt.Errorf("registry: genesis suspended runtime registration failure: %w", err)
 		}
-		var rt registry.Runtime
-		if err := cbor.Unmarshal(v.Blob, &rt); err != nil {
-			return fmt.Errorf("registry: malformed genesis suspended runtime: %w", err)
-		}
 		if err := state.SuspendRuntime(ctx, rt.ID); err != nil {
 			return fmt.Errorf("registry: failed to suspend runtime at genesis: %w", err)
 		}
@@ -130,7 +126,7 @@ func (rq *registryQuerier) Genesis(ctx context.Context) (*registry.Genesis, erro
 	if err != nil {
 		return nil, err
 	}
-	signedRuntimes, err := rq.state.SignedRuntimes(ctx)
+	runtimes, err := rq.state.Runtimes(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -177,7 +173,7 @@ func (rq *registryQuerier) Genesis(ctx context.Context) (*registry.Genesis, erro
 	gen := registry.Genesis{
 		Parameters:        *params,
 		Entities:          signedEntities,
-		Runtimes:          signedRuntimes,
+		Runtimes:          runtimes,
 		SuspendedRuntimes: suspendedRuntimes,
 		Nodes:             validatorNodes,
 		NodeStatuses:      nodeStatuses,

diff --git a/go/consensus/tendermint/apps/registry/registry.go b/go/consensus/tendermint/apps/registry/registry.go
@@ -95,12 +95,11 @@ func (app *registryApplication) ExecuteTx(ctx *api.Context, tx *transaction.Tran
 
 		return app.unfreezeNode(ctx, state, &unfreeze)
 	case registry.MethodRegisterRuntime:
-		var sigRt registry.SignedRuntime
-		if err := cbor.Unmarshal(tx.Body, &sigRt); err != nil {
+		var rt registry.Runtime
+		if err := cbor.Unmarshal(tx.Body, &rt); err != nil {
 			return err
 		}
-
-		return app.registerRuntime(ctx, state, &sigRt)
+		return app.registerRuntime(ctx, state, &rt)
 	default:
 		return registry.ErrInvalidArgument
 	}