Add generic member_data to simplify operator governance

python/ccf/proposal_generator.py

@@ -178,7 +178,9 @@ def cli_proposal(func):
 
 
 @cli_proposal
-def new_member(member_cert_path: str, member_enc_pubk_path: str, **kwargs):
+def new_member(
+    member_cert_path: str, member_enc_pubk_path: str, member_data: Any = None, **kwargs
+):
     LOG.debug("Generating new_member proposal")
 
     # Read certs
@@ -193,7 +195,11 @@ def new_member(member_cert_path: str, member_enc_pubk_path: str, **kwargs):
 
     # Proposal object (request body for POST /gov/proposals) containing this member's info as parameter
     proposal = {
-        "parameter": {"cert": member_cert, "keyshare": member_keyshare_encryptor},
+        "parameter": {
+            "cert": member_cert,
+            "keyshare": member_keyshare_encryptor,
+            "member_data": member_data,
+        },
         "script": {"text": proposal_script_text},
     }
 
@@ -241,6 +247,12 @@ def retire_member(member_id: int, **kwargs):
     return build_proposal("retire_member", member_id, **kwargs)
 
 
+@cli_proposal
+def set_member_data(member_id: int, member_data: Any, **kwargs):
+    proposal_args = {"member_id": member_id, "member_data": member_data}
+    return build_proposal("set_member_data", proposal_args, **kwargs)
+
+
 @cli_proposal
 def new_user(user_cert_path: str, user_data: Any = None, **kwargs):
     user_info = {"cert": open(user_cert_path).read()}

src/apps/lua_generic/test/lua_generic_test.cpp

@@ -310,15 +310,24 @@ TEST_CASE("simple lua apps")
     auto get_ctx = enclave::make_rpc_context(user_session, packed);
     // expect to see 3 members in state active
     map<string, MemberInfo> expected = {
-      {"0", {active_members[0], dummy_key_share, MemberStatus::ACCEPTED}},
-      {"1", {active_members[1], dummy_key_share, MemberStatus::ACCEPTED}},
-      {"2", {active_members[2], dummy_key_share, MemberStatus::ACCEPTED}}};
+      {"0",
+       {active_members[0], dummy_key_share, nullptr, MemberStatus::ACCEPTED}},
+      {"1",
+       {active_members[1],
+        dummy_key_share,
+        "Some interesting member data",
+        MemberStatus::ACCEPTED}},
+      {"2",
+       {active_members[2],
+        dummy_key_share,
+        {{"structured", "data"}, {"nested", "here"}},
+        MemberStatus::ACCEPTED}}};
     check_success(frontend->process(get_ctx).value(), expected);
 
     // (2) try to write to members table
     const auto put_packed = make_pc(
       "put_member",
-      {{"k", 99}, {"v", MemberInfo{{}, {}, MemberStatus::ACCEPTED}}});
+      {{"k", 99}, {"v", MemberInfo{{}, {}, nullptr, MemberStatus::ACCEPTED}}});
     auto put_ctx = enclave::make_rpc_context(user_session, put_packed);
     check_error(
       frontend->process(put_ctx).value(), HTTP_STATUS_INTERNAL_SERVER_ERROR);

src/host/main.cpp

@@ -626,7 +626,9 @@ int main(int argc, char** argv)
     for (auto const& m_info : members_info)
     {
       ccf_config.genesis.members_info.emplace_back(
-        files::slurp(m_info.cert_file), files::slurp(m_info.keyshare_pub_file));
+        files::slurp(m_info.cert_file),
+        files::slurp(m_info.keyshare_pub_file),
+        nullptr);
     }
     ccf_config.genesis.gov_script = files::slurp_string(gov_script);
     ccf_config.genesis.recovery_threshold = recovery_threshold.value();

src/node/genesis_gen.h

@@ -87,7 +87,9 @@ namespace ccf
     }
 
     auto add_member(
-      const tls::Pem& member_cert, const tls::Pem& member_keyshare_pub)
+      const tls::Pem& member_cert,
+      const tls::Pem& member_keyshare_pub,
+      const nlohmann::json& member_data = nullptr)
     {
       auto [m, mc, v, ma, sig] = tx.get_view(
         tables.members,
@@ -110,7 +112,11 @@ namespace ccf
       const auto id = get_next_id(v, ValueIds::NEXT_MEMBER_ID);
       m->put(
         id,
-        MemberInfo(member_cert, member_keyshare_pub, MemberStatus::ACCEPTED));
+        MemberInfo(
+          member_cert,
+          member_keyshare_pub,
+          member_data,
+          MemberStatus::ACCEPTED));
       mc->put(member_cert_der, id);
 
       auto s = sig->get(0);
@@ -125,6 +131,11 @@ namespace ccf
       return id;
     }
 
+    auto add_member(const MemberPubInfo& info)
+    {
+      return add_member(info.cert, info.keyshare, info.member_data);
+    }
+
     void activate_member(MemberId member_id)
     {
       auto members = tx.get_view(tables.members);

src/node/members.h

@@ -37,24 +37,39 @@ namespace ccf
   {
     tls::Pem cert;
     tls::Pem keyshare;
+    nlohmann::json member_data = nullptr;
 
     MemberPubInfo() {}
 
-    MemberPubInfo(const tls::Pem& cert_, const tls::Pem& keyshare_) :
+    MemberPubInfo(
+      const tls::Pem& cert_,
+      const tls::Pem& keyshare_,
+      const nlohmann::json& member_data_) :
       cert(cert_),
-      keyshare(keyshare_)
+      keyshare(keyshare_),
+      member_data(member_data_)
     {}
 
     MemberPubInfo(
-      std::vector<uint8_t>&& cert_, std::vector<uint8_t>&& keyshare_) :
+      std::vector<uint8_t>&& cert_,
+      std::vector<uint8_t>&& keyshare_,
+      nlohmann::json&& member_data_) :
       cert(std::move(cert_)),
-      keyshare(std::move(keyshare_))
+      keyshare(std::move(keyshare_)),
+      member_data(std::move(member_data_))
     {}
 
-    MSGPACK_DEFINE(cert, keyshare);
+    bool operator==(const MemberPubInfo& rhs) const
+    {
+      return cert == rhs.cert && keyshare == rhs.keyshare &&
+        member_data == rhs.member_data;
+    }
+
+    MSGPACK_DEFINE(cert, keyshare, member_data);
   };
-  DECLARE_JSON_TYPE(MemberPubInfo)
+  DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(MemberPubInfo)
   DECLARE_JSON_REQUIRED_FIELDS(MemberPubInfo, cert, keyshare)
+  DECLARE_JSON_OPTIONAL_FIELDS(MemberPubInfo, member_data)
 
   struct MemberInfo : public MemberPubInfo
   {
@@ -63,21 +78,23 @@ namespace ccf
     MemberInfo() {}
 
     MemberInfo(
-      const tls::Pem& cert_, const tls::Pem& keyshare_, MemberStatus status_) :
-      MemberPubInfo(cert_, keyshare_),
+      const tls::Pem& cert_,
+      const tls::Pem& keyshare_,
+      const nlohmann::json& member_data_,
+      MemberStatus status_) :
+      MemberPubInfo(cert_, keyshare_, member_data_),
       status(status_)
     {}
 
     bool operator==(const MemberInfo& rhs) const
     {
-      return cert == rhs.cert && keyshare == rhs.keyshare &&
-        status == rhs.status;
+      return MemberPubInfo::operator==(rhs) && status == rhs.status;
     }
 
     MSGPACK_DEFINE(MSGPACK_BASE(MemberPubInfo), status);
   };
-  DECLARE_JSON_TYPE(MemberInfo)
-  DECLARE_JSON_REQUIRED_FIELDS(MemberInfo, cert, keyshare, status)
+  DECLARE_JSON_TYPE_WITH_BASE(MemberInfo, MemberPubInfo)
+  DECLARE_JSON_REQUIRED_FIELDS(MemberInfo, status)
   using Members = kv::Map<MemberId, MemberInfo>;
 
   /** Records a signed signature containing the last state digest and the next

src/node/rpc/member_frontend.h

@@ -110,6 +110,15 @@ namespace ccf
     MemberTsr(NetworkTables& network) : TxScriptRunner(network) {}
   };
 
+  struct SetMemberData
+  {
+    MemberId member_id;
+    nlohmann::json member_data = nullptr;
+  };
+  DECLARE_JSON_TYPE_WITH_OPTIONAL_FIELDS(SetMemberData)
+  DECLARE_JSON_REQUIRED_FIELDS(SetMemberData, member_id)
+  DECLARE_JSON_OPTIONAL_FIELDS(SetMemberData, member_data)
+
   struct SetUserData
   {
     UserId user_id;
@@ -287,7 +296,7 @@ namespace ccf
          [this](ObjectId, kv::Tx& tx, const nlohmann::json& args) {
            const auto parsed = args.get<MemberPubInfo>();
            GenesisGenerator g(this->network, tx);
-           g.add_member(parsed.cert, parsed.keyshare);
+           g.add_member(parsed);
 
            return true;
          }},
@@ -321,6 +330,24 @@ namespace ccf
              }
            }
 
+           return true;
+         }},
+        {"set_member_data",
+         [this](ObjectId proposal_id, kv::Tx& tx, const nlohmann::json& args) {
+           const auto parsed = args.get<SetMemberData>();
+           auto members_view = tx.get_view(this->network.members);
+           auto member_info = members_view->get(parsed.member_id);
+           if (!member_info.has_value())
+           {
+             LOG_FAIL_FMT(
+               "Proposal {}: {} is not a valid member ID",
+               proposal_id,
+               parsed.member_id);
+             return false;
+           }
+
+           member_info->member_data = parsed.member_data;
+           members_view->put(parsed.member_id, member_info.value());
            return true;
          }},
         {"new_user",
@@ -1308,9 +1335,9 @@ namespace ccf
         g.init_values();
         g.create_service(in.network_cert);
 
-        for (auto& [cert, k_encryption_key] : in.members_info)
+        for (const auto& info : in.members_info)
         {
-          g.add_member(cert, k_encryption_key);
+          g.add_member(info);
         }
 
         g.set_recovery_threshold(in.recovery_threshold);

src/node/rpc/test/member_voting_test.cpp

@@ -1283,7 +1283,15 @@ DOCTEST_TEST_CASE("Add and remove user via proposed calls")
   }
 }
 
-DOCTEST_TEST_CASE("Passing members ballot with operator")
+nlohmann::json operator_member_data()
+{
+  auto md = nlohmann::json::object();
+  md["is_operator"] = true;
+  return md;
+}
+
+DOCTEST_TEST_CASE(
+  "Passing members ballot with operator" * doctest::test_suite("operator"))
 {
   // Members pass a ballot with a constitution that includes an operator
   // Operator votes, but is _not_ taken into consideration
@@ -1294,9 +1302,10 @@ DOCTEST_TEST_CASE("Passing members ballot with operator")
   gen.init_values();
   gen.create_service({});
 
-  // Operating member, as set in operator_gov.lua
+  // Operating member, as indicated by member data
   const auto operator_cert = get_cert(0, kp);
-  const auto operator_id = gen.add_member(operator_cert, {});
+  const auto operator_id =
+    gen.add_member(operator_cert, {}, operator_member_data());
   gen.activate_member(operator_id);
 
   // Non-operating members
@@ -1393,7 +1402,7 @@ DOCTEST_TEST_CASE("Passing members ballot with operator")
   }
 }
 
-DOCTEST_TEST_CASE("Passing operator vote")
+DOCTEST_TEST_CASE("Passing operator vote" * doctest::test_suite("operator"))
 {
   // Operator issues a proposal that only requires its own vote
   // and gets it through without member votes
@@ -1409,9 +1418,10 @@ DOCTEST_TEST_CASE("Passing operator vote")
   ni.cert = new_ca;
   gen.add_node(ni);
 
-  // Operating member, as set in operator_gov.lua
+  // Operating member, as indicated by member data
   const auto operator_cert = get_cert(0, kp);
-  const auto operator_id = gen.add_member(operator_cert, {});
+  const auto operator_id =
+    gen.add_member(operator_cert, {}, operator_member_data());
   gen.activate_member(operator_id);
 
   // Non-operating members
@@ -1424,6 +1434,9 @@ DOCTEST_TEST_CASE("Passing operator vote")
     members[id] = cert;
   }
 
+  // Set a recovery threshold (otherwise retiring a member throws)
+  gen.set_recovery_threshold(1);
+
   set_whitelists(gen);
   gen.set_gov_scripts(
     lua::Interpreter().invoke<json>(operator_gov_script_file));
@@ -1478,9 +1491,60 @@ DOCTEST_TEST_CASE("Passing operator vote")
     DOCTEST_CHECK(proposer_vote != votes.end());
     DOCTEST_CHECK(proposer_vote->second == vote_for);
   }
+
+  auto new_operator_kp = tls::make_key_pair();
+  const auto new_operator_cert = get_cert(42, new_operator_kp);
+
+  {
+    DOCTEST_INFO("Operator adds another operator");
+    Propose::In proposal;
+    proposal.script = std::string(R"xxx(
+      local tables, member_info = ...
+      return Calls:call("new_member", member_info)
+    )xxx");
+
+    proposal.parameter["cert"] = new_operator_cert;
+    proposal.parameter["keyshare"] = dummy_key_share;
+    proposal.parameter["member_data"] = operator_member_data();
+
+    const auto propose = create_signed_request(proposal, "proposals", kp);
+    const auto r = parse_response_body<Propose::Out>(
+      frontend_process(frontend, propose, operator_cert));
+
+    DOCTEST_CHECK(r.state == ProposalState::ACCEPTED);
+
+    {
+      DOCTEST_INFO("New operator acks to become active");
+      const auto state_digest_req =
+        create_request(nullptr, "ack/update_state_digest");
+      const auto ack = parse_response_body<StateDigest>(
+        frontend_process(frontend, state_digest_req, new_operator_cert));
+
+      StateDigest params;
+      params.state_digest = ack.state_digest;
+      const auto ack_req =
+        create_signed_request(params, "ack", new_operator_kp);
+      const auto resp = frontend_process(frontend, ack_req, new_operator_cert);
+    }
+  }
+
+  {
+    DOCTEST_INFO("New operator retires original operator");
+    Propose::In proposal;
+    proposal.script = fmt::format(
+      R"xxx(return Calls:call("retire_member", {}))xxx", operator_id);
+
+    const auto propose =
+      create_signed_request(proposal, "proposals", new_operator_kp);
+    const auto r = parse_response_body<Propose::Out>(
+      frontend_process(frontend, propose, new_operator_cert));
+
+    DOCTEST_CHECK(r.state == ProposalState::ACCEPTED);
+  }
 }
 
-DOCTEST_TEST_CASE("Members passing an operator vote")
+DOCTEST_TEST_CASE(
+  "Members passing an operator vote" * doctest::test_suite("operator"))
 {
   // Operator proposes a vote, but does not vote for it
   // A majority of members pass the vote
@@ -1496,9 +1560,10 @@ DOCTEST_TEST_CASE("Members passing an operator vote")
   ni.cert = new_ca;
   gen.add_node(ni);
 
-  // Operating member, as set in operator_gov.lua
+  // Operating member, as indicated by member data
   const auto operator_cert = get_cert(0, kp);
-  const auto operator_id = gen.add_member(operator_cert, {});
+  const auto operator_id =
+    gen.add_member(operator_cert, {}, operator_member_data());
   gen.activate_member(operator_id);
 
   // Non-operating members