From d58542856bc3dcc5af1728cea081db73a6320e90 Mon Sep 17 00:00:00 2001 From: Jernej Kos Date: Wed, 10 Jun 2020 10:00:24 +0200 Subject: [PATCH] Disallow v0 entity/node/runtime descriptors --- .changelog/2992.breaking.md | 1 + go/common/entity/entity.go | 6 +++--- go/common/node/node.go | 2 +- go/registry/api/runtime.go | 2 +- go/upgrade/migrations/dummy.go | 1 + tests/fixture-data/consim/genesis.json | 4 ++-- 6 files changed, 9 insertions(+), 7 deletions(-) create mode 100644 .changelog/2992.breaking.md diff --git a/.changelog/2992.breaking.md b/.changelog/2992.breaking.md new file mode 100644 index 00000000000..5d448f464c9 --- /dev/null +++ b/.changelog/2992.breaking.md @@ -0,0 +1 @@ +Disallow v0 entity/node/runtime descriptors diff --git a/go/common/entity/entity.go b/go/common/entity/entity.go index 3a9ff7be035..0ed6352027b 100644 --- a/go/common/entity/entity.go +++ b/go/common/entity/entity.go @@ -34,7 +34,7 @@ const ( LatestEntityDescriptorVersion = 1 // Minimum and maximum descriptor versions that are allowed. - minEntityDescriptorVersion = 0 + minEntityDescriptorVersion = 1 maxEntityDescriptorVersion = LatestEntityDescriptorVersion ) @@ -52,11 +52,11 @@ type Entity struct { // nolint: maligned // Nodes is the vector of node identity keys owned by this entity, that // will sign the descriptor with the node signing key rather than the // entity signing key. - Nodes []signature.PublicKey `json:"nodes"` + Nodes []signature.PublicKey `json:"nodes,omitempty"` // AllowEntitySignedNodes is true iff nodes belonging to this entity // may be signed with the entity signing key. - AllowEntitySignedNodes bool `json:"allow_entity_signed_nodes"` + AllowEntitySignedNodes bool `json:"allow_entity_signed_nodes,omitempty"` } // ValidateBasic performs basic descriptor validity checks. diff --git a/go/common/node/node.go b/go/common/node/node.go index c7c6085c1bf..99d1f8213a4 100644 --- a/go/common/node/node.go +++ b/go/common/node/node.go @@ -39,7 +39,7 @@ const ( LatestNodeDescriptorVersion = 1 // Minimum and maximum descriptor versions that are allowed. - minNodeDescriptorVersion = 0 + minNodeDescriptorVersion = 1 maxNodeDescriptorVersion = LatestNodeDescriptorVersion ) diff --git a/go/registry/api/runtime.go b/go/registry/api/runtime.go index 7ccc5c14e16..f70c3ce8ac9 100644 --- a/go/registry/api/runtime.go +++ b/go/registry/api/runtime.go @@ -177,7 +177,7 @@ const ( LatestRuntimeDescriptorVersion = 1 // Minimum and maximum descriptor versions that are allowed. - minRuntimeDescriptorVersion = 0 + minRuntimeDescriptorVersion = 1 maxRuntimeDescriptorVersion = LatestRuntimeDescriptorVersion ) diff --git a/go/upgrade/migrations/dummy.go b/go/upgrade/migrations/dummy.go index 501e58824d6..f47f0ccec9b 100644 --- a/go/upgrade/migrations/dummy.go +++ b/go/upgrade/migrations/dummy.go @@ -30,6 +30,7 @@ var ( func init() { entitySigner = memory.NewTestSigner(testSigningSeed) + TestEntity.DescriptorVersion = entity.LatestEntityDescriptorVersion TestEntity.ID = entitySigner.Public() } diff --git a/tests/fixture-data/consim/genesis.json b/tests/fixture-data/consim/genesis.json index 05d6b5d58b5..1fafa423532 100644 --- a/tests/fixture-data/consim/genesis.json +++ b/tests/fixture-data/consim/genesis.json @@ -24,10 +24,10 @@ }, "entities": [ { - "untrusted_raw_value": "o2JpZFggTqUyj5Q+9vZtqu10yw6Zw7HEX3Ywe0JQA9vHyzY47TVlbm9kZXP2eBlhbGxvd19lbnRpdHlfc2lnbmVkX25vZGVz9Q==", + "untrusted_raw_value": "o2F2AWJpZFggTqUyj5Q+9vZtqu10yw6Zw7HEX3Ywe0JQA9vHyzY47TV4GWFsbG93X2VudGl0eV9zaWduZWRfbm9kZXP1", "signature": { "public_key": "TqUyj5Q+9vZtqu10yw6Zw7HEX3Ywe0JQA9vHyzY47TU=", - "signature": "5CnlsannKM749UmwEadxMJ6WTAQA4tffytgwUm8WLYdpcMEBXv9aK4qwATUrO5O3hJyob0uCRRX3MHk8o/qWDw==" + "signature": "CHTyRfJoYWxIbX6gmXvCrHg10tZHS6pwKuPdyhrw/5zrA5cnlYAzZwuhtL0j9a9le1mA23v9hRbKSai8XjqAAA==" } } ]