search

microsoft / CCF

Confidential Consortium Framework
https://microsoft.github.io/CCF/
Apache License 2.0
786 stars 215 forks source link

Change CCF Infra to allow different constitution modes for Sandbox script #5044

Open julioalex-rezende opened 1 year ago

julioalex-rezende commented 1 year ago

Sandbox script in CCF Infra has a limitation that relies on the default constitution (Vote has to be accepted by the majority). If Unanimity is required for a specific app, changing how votes are handled in constitution breaks the sandbox script.

To Reproduce

File: constitution/resolve.js

  // current version:
  // A majority of members can accept a proposal.
  if (memberVoteCount > Math.floor(activeMemberCount / 2)) {
    return "Accepted";
  }

  // new version: replace the code above for the code below
  // A proposal in Data-Reconciliation constitution must be approved by ALL members
  if (memberVoteCount == activeMemberCount) {
    return "Accepted";
  }

Stack trace for failure: 

%> make start-host
Setting up Python environment...
Python environment successfully setup
[17:01:51.697] Virtual mode enabled
[17:01:51.697] Starting 1 CCF node...
Traceback (most recent call last):
  File "/opt/ccf_virtual/bin/start_network.py", line 215, in <module>
    run(args)
  File "/opt/ccf_virtual/bin/start_network.py", line 88, in run
    network.start_and_open(args)
  File "/opt/ccf_virtual/bin/infra/network.py", line 515, in start_and_open
    self.open(args)
  File "/opt/ccf_virtual/bin/infra/network.py", line 482, in open
    self.consortium.set_js_app_from_dir(
  File "/opt/ccf_virtual/bin/infra/consortium.py", line 516, in set_js_app_from_dir
    return self.vote_using_majority(remote_node, proposal, careful_vote, timeout=30)
  File "/opt/ccf_virtual/bin/infra/consortium.py", line 316, in vote_using_majority
    raise infra.proposal.ProposalNotAccepted(proposal)
infra.proposal.ProposalNotAccepted

From a conversation with Amaury:

That is a known limitation of the sandbox script, it assumes the default constitution. Some small changes are fine, but changes that impact voting will probably have this result. Without having a way to communicate to the infra code what the constitution implements (very difficult, since it's arbitrary code), this isn't really possible. With that said, in this particular case, having the infra vote with all its created members on startup is a relatively small change, and would be backwards compatible.

There could be a moderately small PR, patching (and renaming) https://github.com/microsoft/CCF/blob/c37ecccfa73a2e60fe862c817e29c195a7c85659/tests/infra/consortium.py#L272 to take an enum Majority|Unanimity, and then some passing of arguments down from sandbox to the consortium (tedious but not difficult)

julioalex-rezende commented 1 year ago

Opening this for CCF team to consider whether it's worth doing or just close it. This was captured while working on the Data-Reconciliation App Sample.