fix: add storage item for feature control (#2382)

* fix: add storage item for feature control * [benchmarking bot] Auto commit generated weights files (#2384) Co-authored-by: felixfaisal <felixfaisal@users.noreply.github.com> * fix: update unit tests to not use feature control * refactor: remove feature * refactor: fix clippy warnings * fix: update the storage item and relevant scripts and tests * fix: update deploy.sh script * fix: update launch-local-docker * fix: update launch-local-standalone * refactor: change the extrinsic name * fix: update mock.rs * fix: ias-check tests * fix: update benchmarking setup * refactor: clippy fix * fix: update to use extrinsic only in rococo chain * fix: update launch-local-docker * fix: update launch-local-docker script * fix: update genesis instead of extrinsic * fix: update mock.rs for the genesis * fix: use flag only in rococo-dev * fix: remove extrinsic from launch script * fix: update standalone script * fix: remvoe ts extrinsic call from deploy * fix: remove unused code --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: felixfaisal <felixfaisal@users.noreply.github.com> Co-authored-by: Zhouhui Tian <125243011+zhouhuitian@users.noreply.github.com>
litentry · Jan 23, 2024 · b62e965 · b62e965
1 parent f2290ab
commit b62e965
Show file tree

Hide file tree

Showing 23 changed files with 401 additions and 257 deletions.
diff --git a/docker/pnpm-lock.yaml b/docker/pnpm-lock.yaml
diff --git a/node/src/chain_specs/litmus.rs b/node/src/chain_specs/litmus.rs
@@ -237,7 +237,11 @@ fn generate_genesis(
 		aura_ext: Default::default(),
 		parachain_system: Default::default(),
 		polkadot_xcm: PolkadotXcmConfig { safe_xcm_version: Some(SAFE_XCM_VERSION) },
-		teerex: TeerexConfig { allow_sgx_debug_mode: true, admin: None },
+		teerex: TeerexConfig {
+			allow_sgx_debug_mode: true,
+			admin: None,
+			skip_scheduled_enclave_check: true,
+		},
 		transaction_payment: Default::default(),
 		tokens: Default::default(),
 	}

diff --git a/node/src/chain_specs/rococo.rs b/node/src/chain_specs/rococo.rs
@@ -93,6 +93,7 @@ pub fn get_chain_spec_dev(is_standalone: bool) -> ChainSpec {
 				],
 				vec![get_account_id_from_seed::<sr25519::Public>("Alice")],
 				DEFAULT_PARA_ID.into(),
+				true,
 			)
 		},
 		Vec::new(),
@@ -165,6 +166,7 @@ fn get_chain_spec_from_genesis_info(
 				genesis_info_cloned.council,
 				genesis_info_cloned.technical_committee,
 				para_id,
+				false,
 			)
 		},
 		boot_nodes
@@ -194,6 +196,7 @@ fn generate_genesis(
 	council_members: Vec<AccountId>,
 	technical_committee_members: Vec<AccountId>,
 	id: ParaId,
+	skip_scheduled_enclave_check: bool,
 ) -> GenesisConfig {
 	GenesisConfig {
 		system: SystemConfig {
@@ -237,7 +240,11 @@ fn generate_genesis(
 		parachain_system: Default::default(),
 		polkadot_xcm: PolkadotXcmConfig { safe_xcm_version: Some(SAFE_XCM_VERSION) },
 		// use sudo key as genesis admin for teerex and VCMP
-		teerex: TeerexConfig { allow_sgx_debug_mode: true, admin: Some(root_key.clone()) },
+		teerex: TeerexConfig {
+			allow_sgx_debug_mode: true,
+			admin: Some(root_key.clone()),
+			skip_scheduled_enclave_check,
+		},
 		vc_management: VCManagementConfig { admin: Some(root_key) },
 		transaction_payment: Default::default(),
 		tokens: Default::default(),

diff --git a/pallets/identity-management/Cargo.toml b/pallets/identity-management/Cargo.toml
@@ -32,7 +32,7 @@ teerex-primitives = { path = "../../primitives/teerex", default-features = false
 [dev-dependencies]
 pallet-balances = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" }
 pallet-group = { path = "../../pallets/group" }
-pallet-teerex = { path = "../teerex", features = ["skip-scheduled-enclave-check"] }
+pallet-teerex = { path = "../teerex" }
 pallet-timestamp = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" }
 sp-io = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" }
 test-utils = { path = "../test-utils" }

diff --git a/pallets/identity-management/src/mock.rs b/pallets/identity-management/src/mock.rs
@@ -183,10 +183,15 @@ pub fn new_test_ext() -> sp_io::TestExternalities {
 		// add `5` to delegatee
 		let _ = IdentityManagement::add_delegatee(RuntimeOrigin::root(), eddie);
 		System::set_block_number(1);
-
 		use test_utils::ias::consts::{TEST8_CERT, TEST8_SIGNER_PUB, TEST8_TIMESTAMP, URL};
-		Timestamp::set_timestamp(TEST8_TIMESTAMP);
 		let teerex_signer: SystemAccountId = test_utils::get_signer(TEST8_SIGNER_PUB);
+		assert_ok!(Teerex::set_admin(RuntimeOrigin::root(), teerex_signer.clone()));
+		assert_ok!(Teerex::set_skip_scheduled_enclave_check(
+			RuntimeOrigin::signed(teerex_signer.clone()),
+			true
+		));
+
+		Timestamp::set_timestamp(TEST8_TIMESTAMP);
 		if !pallet_teerex::EnclaveIndex::<Test>::contains_key(teerex_signer.clone()) {
 			assert_ok!(Teerex::register_enclave(
 				RuntimeOrigin::signed(teerex_signer),

diff --git a/pallets/sidechain/src/mock.rs b/pallets/sidechain/src/mock.rs
@@ -17,7 +17,7 @@
 
 // Creating mock runtime here
 use crate as pallet_sidechain;
-use frame_support::{pallet_prelude::GenesisBuild, parameter_types};
+use frame_support::{assert_ok, pallet_prelude::GenesisBuild, parameter_types};
 use frame_system as system;
 use frame_system::EnsureRoot;
 use pallet_sidechain::Config;
@@ -158,10 +158,21 @@ pub fn new_test_ext() -> sp_io::TestExternalities {
 	}
 	.assimilate_storage(&mut t)
 	.unwrap();
-	let teerex_config = pallet_teerex::GenesisConfig { allow_sgx_debug_mode: true, admin: None };
+	let teerex_config = pallet_teerex::GenesisConfig {
+		allow_sgx_debug_mode: true,
+		admin: None,
+		skip_scheduled_enclave_check: true,
+	};
 	GenesisBuild::<Test>::assimilate_storage(&teerex_config, &mut t).unwrap();
 
 	let mut ext: sp_io::TestExternalities = t.into();
-	ext.execute_with(|| System::set_block_number(1));
+	ext.execute_with(|| {
+		System::set_block_number(1);
+		assert_ok!(Teerex::set_admin(RuntimeOrigin::root(), AccountKeyring::Alice.to_account_id()));
+		assert_ok!(Teerex::set_skip_scheduled_enclave_check(
+			RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()),
+			true
+		));
+	});
 	ext
 }
diff --git a/pallets/teeracle/Cargo.toml b/pallets/teeracle/Cargo.toml
@@ -44,7 +44,7 @@ test-utils = { path = "../test-utils" }
 timestamp = { package = "pallet-timestamp", git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
 
 # litentry
-pallet-teerex = { path = "../teerex", features = ["skip-scheduled-enclave-check"] }
+pallet-teerex = { path = "../teerex" }
 
 [features]
 default = ["std"]

diff --git a/pallets/teeracle/src/benchmarking.rs b/pallets/teeracle/src/benchmarking.rs
@@ -108,6 +108,11 @@ benchmarks! {
 			TEST4_MRENCLAVE,
 		).unwrap();
 
+		Teerex::<T>::set_skip_scheduled_enclave_check(
+			RawOrigin::Signed(signer.clone()).into(),
+			true
+		).unwrap();
+
 		// simply register the enclave before to make sure it already
 		// exists when running the benchmark
 		Teerex::<T>::register_enclave(

diff --git a/pallets/teeracle/src/mock.rs b/pallets/teeracle/src/mock.rs
@@ -15,7 +15,7 @@
 
 */
 use crate as pallet_teeracle;
-use frame_support::{pallet_prelude::GenesisBuild, parameter_types};
+use frame_support::{assert_ok, pallet_prelude::GenesisBuild, parameter_types};
 use frame_system as system;
 use frame_system::EnsureRoot;
 use pallet_teeracle::Config;
@@ -156,10 +156,21 @@ pub fn new_test_ext() -> sp_io::TestExternalities {
 	}
 	.assimilate_storage(&mut t)
 	.unwrap();
-	let teerex_config = pallet_teerex::GenesisConfig { allow_sgx_debug_mode: true, admin: None };
+	let teerex_config = pallet_teerex::GenesisConfig {
+		allow_sgx_debug_mode: true,
+		admin: None,
+		skip_scheduled_enclave_check: true,
+	};
 	GenesisBuild::<Test>::assimilate_storage(&teerex_config, &mut t).unwrap();
 
 	let mut ext: sp_io::TestExternalities = t.into();
-	ext.execute_with(|| System::set_block_number(1));
+	ext.execute_with(|| {
+		System::set_block_number(1);
+		assert_ok!(Teerex::set_admin(RuntimeOrigin::root(), AccountKeyring::Alice.to_account_id()));
+		assert_ok!(Teerex::set_skip_scheduled_enclave_check(
+			RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()),
+			true
+		));
+	});
 	ext
 }
diff --git a/pallets/teerex/Cargo.toml b/pallets/teerex/Cargo.toml
@@ -70,7 +70,5 @@ runtime-benchmarks = [
 ]
 # allow workers to register without remote attestation for dev purposes
 skip-ias-check = []
-# allow workers to register without checking the scheduled enclave, should only used in dev/tests
-skip-scheduled-enclave-check = []
 
 try-runtime = ["frame-support/try-runtime"]
diff --git a/pallets/teerex/src/lib.rs b/pallets/teerex/src/lib.rs
@@ -105,6 +105,8 @@ pub mod pallet {
 			new_mrenclave: MrEnclave,
 		},
 		RegisteredEnclaveLimitSet(u64),
+		/// Flag used only in dev to skip scheduled check
+		SkipScheduledEnclaveCheck(bool),
 	}
 
 	#[pallet::storage]
@@ -132,6 +134,10 @@ pub mod pallet {
 	#[pallet::getter(fn enclave_count)]
 	pub type EnclaveCount<T: Config> = StorageValue<_, u64, ValueQuery>;
 
+	#[pallet::storage]
+	#[pallet::getter(fn is_skip_scheduled_enclave)]
+	pub type SkipScheduledEnclaveCheck<T: Config> = StorageValue<_, bool, ValueQuery>;
+
 	#[pallet::storage]
 	#[pallet::getter(fn quoting_enclave)]
 	pub type QuotingEnclaveRegistry<T: Config> = StorageValue<_, QuotingEnclave, ValueQuery>;
@@ -185,19 +191,21 @@ pub mod pallet {
 	pub struct GenesisConfig<T: Config> {
 		pub allow_sgx_debug_mode: bool,
 		pub admin: Option<T::AccountId>,
+		pub skip_scheduled_enclave_check: bool,
 	}
 
 	#[cfg(feature = "std")]
 	impl<T: Config> Default for GenesisConfig<T> {
 		fn default() -> Self {
-			Self { allow_sgx_debug_mode: false, admin: None }
+			Self { allow_sgx_debug_mode: false, admin: None, skip_scheduled_enclave_check: false }
 		}
 	}
 
 	#[pallet::genesis_build]
 	impl<T: Config> GenesisBuild<T> for GenesisConfig<T> {
 		fn build(&self) {
 			AllowSGXDebugMode::<T>::put(self.allow_sgx_debug_mode);
+			SkipScheduledEnclaveCheck::<T>::put(self.skip_scheduled_enclave_check);
 			if let Some(ref admin) = self.admin {
 				Admin::<T>::put(admin);
 			}
@@ -282,11 +290,15 @@ pub mod pallet {
 			// TODO: imagine this fn is not called for the first time (e.g. when worker restarts),
 			//       should we check the current sidechain_blocknumber >= registered
 			// sidechain_blocknumber?
-			#[cfg(not(feature = "skip-scheduled-enclave-check"))]
-			ensure!(
-				ScheduledEnclave::<T>::iter_values().any(|m| m == enclave.mr_enclave),
-				Error::<T>::EnclaveNotInSchedule
-			);
+			// Dev setup -> SkipScheduledEnclave Extrinsic -> Does it make sense to set in dev
+			// setup?
+			let schedule_enclave = SkipScheduledEnclaveCheck::<T>::get();
+			if !schedule_enclave {
+				ensure!(
+					ScheduledEnclave::<T>::iter_values().any(|m| m == enclave.mr_enclave),
+					Error::<T>::EnclaveNotInSchedule
+				);
+			}
 
 			Self::add_enclave(&sender, &enclave)?;
 			Self::deposit_event(Event::AddedEnclave(sender, worker_url));
@@ -637,6 +649,23 @@ pub mod pallet {
 			// Do not pay a fee
 			Ok(Pays::No.into())
 		}
+
+		/// This extrinsic is used to set ScheduleEnclave storage item
+		/// This storage item is used to perform feature control during register_enclave
+		/// Can only be called by the Teerex Admin
+		#[pallet::call_index(31)]
+		#[pallet::weight((195_000_000, DispatchClass::Normal, Pays::No))]
+		pub fn set_skip_scheduled_enclave_check(
+			origin: OriginFor<T>,
+			should_skip: bool,
+		) -> DispatchResultWithPostInfo {
+			let sender = ensure_signed(origin)?;
+			ensure!(Some(sender) == Self::admin(), Error::<T>::RequireAdmin);
+
+			<SkipScheduledEnclaveCheck<T>>::set(should_skip);
+			Self::deposit_event(Event::SkipScheduledEnclaveCheck(should_skip));
+			Ok(Pays::No.into())
+		}
 	}
 
 	#[pallet::error]

diff --git a/pallets/teerex/src/mock.rs b/pallets/teerex/src/mock.rs
@@ -19,6 +19,7 @@
 // Creating mock runtime here
 use crate as pallet_teerex;
 use frame_support::{
+	assert_ok,
 	pallet_prelude::GenesisBuild,
 	parameter_types,
 	traits::{OnFinalize, OnInitialize},
@@ -153,14 +154,22 @@ pub fn new_test_ext() -> sp_io::TestExternalities {
 	}
 	.assimilate_storage(&mut t)
 	.unwrap();
-	let teerex_config = crate::GenesisConfig {
+	let teerex_config: pallet_teerex::GenesisConfig<Test> = crate::GenesisConfig {
 		allow_sgx_debug_mode: true,
 		admin: Some(AccountKeyring::Alice.to_account_id()),
+		skip_scheduled_enclave_check: true,
 	};
 	GenesisBuild::<Test>::assimilate_storage(&teerex_config, &mut t).unwrap();
 
 	let mut ext: sp_io::TestExternalities = t.into();
-	ext.execute_with(|| System::set_block_number(1));
+	ext.execute_with(|| {
+		System::set_block_number(1);
+		assert_ok!(Teerex::set_admin(RuntimeOrigin::root(), AccountKeyring::Alice.to_account_id()));
+		assert_ok!(Teerex::set_skip_scheduled_enclave_check(
+			RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()),
+			true
+		));
+	});
 	ext
 }
 
@@ -173,11 +182,22 @@ pub fn new_test_production_ext() -> sp_io::TestExternalities {
 	.assimilate_storage(&mut t)
 	.unwrap();
 
-	let teerex_config = crate::GenesisConfig { allow_sgx_debug_mode: false, admin: None };
+	let teerex_config = crate::GenesisConfig {
+		allow_sgx_debug_mode: false,
+		admin: None,
+		skip_scheduled_enclave_check: true,
+	};
 	GenesisBuild::<Test>::assimilate_storage(&teerex_config, &mut t).unwrap();
 
 	let mut ext: sp_io::TestExternalities = t.into();
-	ext.execute_with(|| System::set_block_number(1));
+	ext.execute_with(|| {
+		System::set_block_number(1);
+		assert_ok!(Teerex::set_admin(RuntimeOrigin::root(), AccountKeyring::Alice.to_account_id()));
+		assert_ok!(Teerex::set_skip_scheduled_enclave_check(
+			RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()),
+			true
+		));
+	});
 	ext
 }
 

diff --git a/pallets/teerex/src/tests/mod.rs b/pallets/teerex/src/tests/mod.rs
@@ -16,5 +16,5 @@
 */
 #[cfg(feature = "skip-ias-check")]
 mod skip_ias_check_tests;
-#[cfg(all(not(feature = "skip-ias-check"), feature = "skip-scheduled-enclave-check"))]
+#[cfg(all(not(feature = "skip-ias-check")))]
 mod test_cases;
diff --git a/pallets/teerex/src/tests/skip_ias_check_tests.rs b/pallets/teerex/src/tests/skip_ias_check_tests.rs
@@ -35,7 +35,6 @@ fn test_enclave() -> Enclave<AccountId, Vec<u8>> {
 }
 
 #[test]
-#[cfg(feature = "skip-scheduled-enclave-check")]
 fn register_enclave_with_empty_mrenclave_works() {
 	new_test_ext().execute_with(|| {
 		assert_ok!(Teerex::register_enclave(
@@ -52,7 +51,6 @@ fn register_enclave_with_empty_mrenclave_works() {
 }
 
 #[test]
-#[cfg(feature = "skip-scheduled-enclave-check")]
 fn register_enclave_with_mrenclave_works() {
 	new_test_ext().execute_with(|| {
 		assert_ok!(Teerex::register_enclave(
@@ -71,7 +69,6 @@ fn register_enclave_with_mrenclave_works() {
 }
 
 #[test]
-#[cfg(feature = "skip-scheduled-enclave-check")]
 fn register_enclave_with_faulty_mrenclave_inserts_default() {
 	new_test_ext().execute_with(|| {
 		assert_ok!(Teerex::register_enclave(
@@ -88,7 +85,6 @@ fn register_enclave_with_faulty_mrenclave_inserts_default() {
 }
 
 #[test]
-#[cfg(feature = "skip-scheduled-enclave-check")]
 fn register_enclave_with_empty_url_inserts_default() {
 	new_test_ext().execute_with(|| {
 		assert_ok!(Teerex::register_enclave(
@@ -107,7 +103,6 @@ fn register_enclave_with_empty_url_inserts_default() {
 }
 
 #[test]
-#[cfg(not(feature = "skip-scheduled-enclave-check"))]
 fn register_enclave_with_scheduled_enclave_works() {
 	new_test_ext().execute_with(|| {
 		assert_ok!(Teerex::update_scheduled_enclave(
@@ -126,11 +121,14 @@ fn register_enclave_with_scheduled_enclave_works() {
 }
 
 #[test]
-#[cfg(not(feature = "skip-scheduled-enclave-check"))]
 fn register_enclave_without_scheduled_enclave_fails() {
 	use crate::Error;
 	use frame_support::assert_noop;
 	new_test_ext().execute_with(|| {
+		assert_ok!(Teerex::set_skip_scheduled_enclave_check(
+			RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()),
+			false
+		));
 		assert_noop!(
 			Teerex::register_enclave(
 				RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()),

diff --git a/pallets/teerex/src/tests/test_cases.rs b/pallets/teerex/src/tests/test_cases.rs
@@ -1116,7 +1116,9 @@ fn can_set_registered_enclave_limit_to_equal_actual_registered_enclaves_count()
 			new_limit
 		));
 		System::assert_last_event(TeerexEvent::RegisteredEnclaveLimitSet(new_limit).into());
-		assert_eq!(System::events().len(), 1)
+		// Note: There are going to be 3 events in total, We are setting the admin and setting the
+		// skip_scheduled_enclave_check flag, which emits 2 events in total.
+		assert_eq!(System::events().len(), 3)
 	});
 }