Add gov API version 2024-07-01 (#6321)

CHANGELOG.md

@@ -12,6 +12,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 
 - The `cchost` configuration file now includes an `idle_connection_timeout` option. This controls how long the node will keep idle connections (for user TLS sessions) before automatically closing them. This may be set to `null` to restore the previous behaviour, where idle connections are never closed. By default connections will be closed after 60s of idle time.
+- New endpoints `GET /gov/service/javascript-modules` and `GET /gov/service/javascript-modules/{moduleName}` to retrieve the raw JS code of the currently installed app. Note that the `{moduleName}` path parameter will need to be URL-encoded to escape any `/` characters (eg - `/foo/bar.js` should become `%2Ffoo%2Fbar.js`).
+- New gov API version `2024-07-01`. This is near-identical to `2023-06-01-preview`, but additionally offers the new `javascript-modules` endpoints.
 
 ### Changed
 

CMakeLists.txt

@@ -577,14 +577,23 @@ configure_file(
   @ONLY
 )
 
-file(READ ${CCF_DIR}/doc/schemas/mccf/2023-06-01-preview/mccfgov.json
+file(READ ${CCF_DIR}/doc/schemas/gov/2023-06-01-preview/gov.json
      GOV_API_SCHEMA_2023_06_01_PREVIEW
 )
 set_property(
   DIRECTORY
   APPEND
   PROPERTY CMAKE_CONFIGURE_DEPENDS
-           ${CCF_DIR}/doc/schemas/mccf/2023-06-01-preview/mccfgov.json
+           ${CCF_DIR}/doc/schemas/gov/2023-06-01-preview/gov.json
+)
+file(READ ${CCF_DIR}/doc/schemas/gov/2024-07-01/gov.json
+     GOV_API_SCHEMA_2024_07_01
+)
+set_property(
+  DIRECTORY
+  APPEND
+  PROPERTY CMAKE_CONFIGURE_DEPENDS
+           ${CCF_DIR}/doc/schemas/gov/2024-07-01/gov.json
 )
 configure_file(
   ${CCF_DIR}/src/node/gov/api_schema.h.in ${CCF_DIR}/src/node/gov/api_schema.h
@@ -1160,19 +1169,19 @@ if(BUILD_TESTS)
 
     if(LONG_TESTS)
       set(ADDITIONAL_RECOVERY_ARGS --with-load)
-    endif()
 
-    add_e2e_test(
-      NAME recovery_test_cft_api_0
-      PYTHON_SCRIPT ${CMAKE_SOURCE_DIR}/tests/recovery.py
-      ADDITIONAL_ARGS ${ADDITIONAL_RECOVERY_ARGS} --gov-api-version "classic"
-    )
+      add_e2e_test(
+        NAME recovery_test_cft_api_0
+        PYTHON_SCRIPT ${CMAKE_SOURCE_DIR}/tests/recovery.py
+        ADDITIONAL_ARGS ${ADDITIONAL_RECOVERY_ARGS} --gov-api-version "classic"
+      )
+    endif()
 
     add_e2e_test(
       NAME recovery_test_cft_api_1
       PYTHON_SCRIPT ${CMAKE_SOURCE_DIR}/tests/recovery.py
       ADDITIONAL_ARGS ${ADDITIONAL_RECOVERY_ARGS} --gov-api-version
-                      "2023-06-01-preview"
+                      "2024-07-01"
     )
 
     add_e2e_test(
@@ -1384,7 +1393,7 @@ if(BUILD_TESTS)
     add_e2e_test(
       NAME membership_api_1
       PYTHON_SCRIPT ${CMAKE_SOURCE_DIR}/tests/membership.py
-      ADDITIONAL_ARGS --gov-api-version "2023-06-01-preview"
+      ADDITIONAL_ARGS --gov-api-version "2024-07-01"
     )
 
     set(PARTITIONS_TEST_ARGS

doc/build_apps/run_app.rst

@@ -91,7 +91,7 @@ This should look much like a standard HTTP server, with error codes for missing
     $ curl https://127.0.0.1:8000/app/not/a/real/resource -X GET --cacert service_cert.pem --cert user0_cert.pem --key user0_privk.pem -i
     HTTP/1.1 404 Not Found
 
-    $ curl https://127.0.0.1:8000/gov/members/proposals:create?api-version=2023-06-01-preview -X POST --cacert service_cert.pem --cert user0_cert.pem --key user0_privk.pem -i
+    $ curl https://127.0.0.1:8000/gov/members/proposals:create?api-version=2024-07-01 -X POST --cacert service_cert.pem --cert user0_cert.pem --key user0_privk.pem -i
     HTTP/1.1 403 Forbidden
 
 Logging App Commands

doc/governance/accept_recovery.rst

@@ -35,7 +35,7 @@ A member proposes to recover the network and other members can vote on the propo
       --signing-key member1_privk.pem \
       --signing-cert member1_cert.pem \
       --content transition_service_to_open.json \
-    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -53,7 +53,7 @@ A member proposes to recover the network and other members can vote on the propo
       --signing-key member1_privk.pem \
       --signing-cert member1_cert.pem \
       --content vote_accept.json \
-    | curl https://<ccf-node-address>/gov/members/proposals/1b7cae1585077104e99e1860ad740efe28ebd498dbf9988e0e7b299e720c5377/ballots/d5d7d5fed6f839028456641ad5c3df18ce963bd329bd8a21df16ccdbdbba1eb1:submit?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/1b7cae1585077104e99e1860ad740efe28ebd498dbf9988e0e7b299e720c5377/ballots/d5d7d5fed6f839028456641ad5c3df18ce963bd329bd8a21df16ccdbdbba1eb1:submit?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -71,7 +71,7 @@ A member proposes to recover the network and other members can vote on the propo
       --signing-key member2_privk.pem \
       --signing-cert member2_cert.pem \
       --content vote_accept.json
-    | curl https://<ccf-node-address>/gov/members/proposals/1b7cae1585077104e99e1860ad740efe28ebd498dbf9988e0e7b299e720c5377/ballots/e306e3a6eead2f4a3854302b41c3015bf12db9535ac0be1b8cf6584f84bca92b:submit?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/1b7cae1585077104e99e1860ad740efe28ebd498dbf9988e0e7b299e720c5377/ballots/e306e3a6eead2f4a3854302b41c3015bf12db9535ac0be1b8cf6584f84bca92b:submit?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -104,7 +104,7 @@ The recovery share retrieval, decryption and submission steps can be convenientl
     $ submit_recovery_share.sh https://<ccf-node-address> \
       --member-enc-privk member0_enc_privk.pem \
       --cert member0_cert.pem \ 
-      --api-version 2023-06-01-preview \
+      --api-version 2024-07-01 \
       --key member0_privk.pem \
       --cacert service_cert.pem
     HTTP/1.1 200 OK
@@ -115,7 +115,7 @@ The recovery share retrieval, decryption and submission steps can be convenientl
     $ submit_recovery_share.sh https://<ccf-node-address> \
       --member-enc-privk member1_enc_privk.pem \
       --cert member1_cert.pem \
-      --api-version 2023-06-01-preview \
+      --api-version 2024-07-01 \
       --key member1_privk.pem \
       --cacert service_cert.pem
     HTTP/1.1 200 OK

doc/governance/adding_member.rst

@@ -64,7 +64,7 @@ First, the new member should update and retrieve the latest state digest via the
       --signing-key new_member_privk.pem \
       --signing-cert new_member_cert.pem \
       --content empty_file \ # Note that passing an empty file is required
-    | curl https://<ccf-node-address>/gov/members/state-digests/7f46110b62ccbbd5f18b4c9bda876024399fd538133f8c26d4bfe5a9d80e59e6:update?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/state-digests/7f46110b62ccbbd5f18b4c9bda876024399fd538133f8c26d4bfe5a9d80e59e6:update?api-version=2024-07-01 \
       -X POST \
       --cacert service_cert.pem \
       --key new_member_privk.pem \
@@ -86,7 +86,7 @@ Then, the new member should sign the state digest returned by :http:POST:`/gov/m
       --signing-key new_member_privk.pem \
       --signing-cert new_member_cert.pem \
       --content request.json \
-    | curl https://<ccf-node-address>/gov/members/state-digests/7f46110b62ccbbd5f18b4c9bda876024399fd538133f8c26d4bfe5a9d80e59e6:ack?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/state-digests/7f46110b62ccbbd5f18b4c9bda876024399fd538133f8c26d4bfe5a9d80e59e6:ack?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -95,7 +95,7 @@ Once the command completes, the new member becomes active and can take part in g
 
 .. code-block:: bash
 
-    $ curl https://<ccf-node-address>/gov/service/members/7f46110b62ccbbd5f18b4c9bda876024399fd538133f8c26d4bfe5a9d80e59e6?api-version=2023-06-01-preview?api-version=2023-06-01-preview --silent | jq
+    $ curl https://<ccf-node-address>/gov/service/members/7f46110b62ccbbd5f18b4c9bda876024399fd538133f8c26d4bfe5a9d80e59e6?api-version=2024-07-01 --silent | jq
     {
         "memberId": "7f46110b62ccbbd5f18b4c9bda876024399fd538133f8c26d4bfe5a9d80e59e6",
         "certificate": <...>,

doc/governance/common_member_operations.rst

@@ -61,7 +61,7 @@ To limit the scope of key compromise, members of the consortium can refresh the
       --signing-key member1_privk.pem \
       --signing-cert member1_cert.pem \
       --content trigger_ledger_rekey.json \
-    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -79,7 +79,7 @@ To limit the scope of key compromise, members of the consortium can refresh the
       --signing-key member2_privk.pem \
       --signing-cert member2_cert.pem \
       --content vote_accept_1.json \
-    | curl https://<ccf-node-address>/gov/members/proposals/2f739d154b8cddacd7fc6d03cc8d4d20626e477ec4b1af10a74c670bb38bed5e/ballots/fe6ed012e8184f28afb48d0d58dca7f461dc997c43179acf97362dc0b76ddeb7:submit?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/2f739d154b8cddacd7fc6d03cc8d4d20626e477ec4b1af10a74c670bb38bed5e/ballots/fe6ed012e8184f28afb48d0d58dca7f461dc997c43179acf97362dc0b76ddeb7:submit?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -97,7 +97,7 @@ To limit the scope of key compromise, members of the consortium can refresh the
       --signing-key member3_privk.pem \
       --signing-cert member3_cert.pem \
       --content vote_accept_1.json \
-    | curl https://<ccf-node-address>/gov/members/proposals/2f739d154b8cddacd7fc6d03cc8d4d20626e477ec4b1af10a74c670bb38bed5e/ballots/75b86775f1253c308f4e9aeddf912d40b8d77db9eaa9a0f0026f581920d5e9b8:submit?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/2f739d154b8cddacd7fc6d03cc8d4d20626e477ec4b1af10a74c670bb38bed5e/ballots/75b86775f1253c308f4e9aeddf912d40b8d77db9eaa9a0f0026f581920d5e9b8:submit?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"

doc/governance/gov_api_schemas/2023-06-01-preview.rst

@@ -5,5 +5,5 @@ This API is available by passing the query parameter ``api-version=2023-06-01-pr
 
 This is available from CCF 5.0.0-dev3.
 
-.. openapi:: ../../schemas/mccf/2023-06-01-preview/mccfgov.json
+.. openapi:: ../../schemas/gov/2023-06-01-preview/gov.json
 

doc/governance/gov_api_schemas/2024-07-01.rst

@@ -0,0 +1,8 @@
+2024-07-01
+==========
+
+This API is available by passing the query parameter ``api-version=2024-07-01`` to endpoints under the ``/gov`` prefix.
+
+This is available from CCF 5.0.0-rc1.
+
+.. openapi:: ../../schemas/gov/2024-07-01/gov.json

doc/governance/gov_api_schemas/classic.rst

@@ -1,5 +1,5 @@
-Classic API
-===========
+Classic API (Deprecated)
+========================
 
 Available in CCF versions before 5.0.0.
 

doc/governance/hsm_keys.rst

@@ -121,7 +121,7 @@ Like ``ccf_cose_sign1``, the output can be sent directly to the service via curl
       --content proposal.json \
       --signing-cert $IDENTITY_CERT_NAME.pem \
       --signature signature \
-    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"

doc/governance/member_rpc_api.rst

@@ -7,6 +7,7 @@ Multiple API versions are available, with the versions supported by the current
 
 .. toctree::
 
+   gov_api_schemas/2024-07-01
    gov_api_schemas/2023-06-01-preview
    gov_api_schemas/classic
    gov_api_schemas/upgrading_from_classic

doc/governance/open_network.rst

@@ -35,7 +35,7 @@ Then, the certificates of trusted users should be registered in CCF via the memb
       --signing-key member0_privk.pem \
       --signing-cert member0_cert.pem \
       --content set_user.json \
-    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -64,7 +64,7 @@ Other members are then allowed to vote for the proposal, using the proposal id r
       --signing-key member0_privk.pem \
       --signing-cert member0_cert.pem \
       --content vote_accept.json \
-    | curl https://<ccf-node-address>/gov/members/proposals/f665047e3d1eb184a7b7921944a8ab543cfff117aab5b6358dc87f9e70278253/ballots/2af6cb6c0af07818186f7ef7151061174c3cb74b4a4c30a04a434f0c2b00a8c0:submit?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/f665047e3d1eb184a7b7921944a8ab543cfff117aab5b6358dc87f9e70278253/ballots/2af6cb6c0af07818186f7ef7151061174c3cb74b4a4c30a04a434f0c2b00a8c0:submit?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -84,7 +84,7 @@ Other members are then allowed to vote for the proposal, using the proposal id r
       --signing-key member1_privk.pem \
       --signing-cert member1_cert.pem \
       --content vote_accept.json \
-    | curl https://<ccf-node-address>/gov/members/proposals/f665047e3d1eb184a7b7921944a8ab543cfff117aab5b6358dc87f9e70278253/ballots/75b86775f1253c308f4e9aeddf912d40b8d77db9eaa9a0f0026f581920d5e9b8:submit?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/f665047e3d1eb184a7b7921944a8ab543cfff117aab5b6358dc87f9e70278253/ballots/75b86775f1253c308f4e9aeddf912d40b8d77db9eaa9a0f0026f581920d5e9b8:submit?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -177,7 +177,7 @@ Once users are added to the opening network, members should create a proposal to
       --signing-key member0_privk.pem \
       --signing-cert member0_cert.pem \
       --content transition_service_to_open.json
-    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"

doc/governance/proposals.rst

@@ -280,7 +280,7 @@ For example, ``member1`` may submit a proposal to add a new member (``member4``)
       --signing-key member1_privk.pem \
       --signing-cert member1_cert.pem \
       --content add_member.json \
-    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals:create?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -315,7 +315,7 @@ Here a new proposal has successfully been created, and nobody has yet voted for
       --signing-key member1_privk.pem \
       --signing-cert member1_cert.pem \
       --content vote_accept.json \
-    | curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd/ballots/52af2620fa1b005a93d55d7d819a249ee2cb79f5262f54e8db794c5281a0ce73:submit?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd/ballots/52af2620fa1b005a93d55d7d819a249ee2cb79f5262f54e8db794c5281a0ce73:submit?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -334,7 +334,7 @@ Here a new proposal has successfully been created, and nobody has yet voted for
       --signing-key member2_privk.pem \
       --signing-cert member2_cert.pem \
       --content vote_reject.json \
-    | curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd/ballots/fe6ed012e8184f28afb48d0d58dca7f461dc997c43179acf97362dc0b76ddeb7:submit?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd/ballots/fe6ed012e8184f28afb48d0d58dca7f461dc997c43179acf97362dc0b76ddeb7:submit?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -353,7 +353,7 @@ Here a new proposal has successfully been created, and nobody has yet voted for
       --signing-key member3_privk.pem \
       --signing-cert member3_cert.pem \
       --content vote_accept.json \
-    | curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd/ballots/75b86775f1253c308f4e9aeddf912d40b8d77db9eaa9a0f0026f581920d5e9b8:submit?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd/ballots/75b86775f1253c308f4e9aeddf912d40b8d77db9eaa9a0f0026f581920d5e9b8:submit?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"
@@ -377,7 +377,7 @@ The details of pending proposals, can be queried from the service by calling :ht
 
 .. code-block:: bash
 
-    $ curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd?api-version=2023-06-01-preview --cacert service_cert.pem -X GET
+    $ curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd?api-version=2024-07-01 --cacert service_cert.pem -X GET
     {
       "ballotCount": 3,
       "finalVotes": {
@@ -403,7 +403,7 @@ At any stage during the voting process, before the proposal is accepted, the pro
       --ccf-gov-msg-proposal_id d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd \
       --signing-key member1_privk.pem \
       --signing-cert member1_cert.pem \
-    | curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd:withdraw?api-version=2023-06-01-preview \
+    | curl https://<ccf-node-address>/gov/members/proposals/d4ec2de82267f97d3d1b464020af0bd3241f1bedf769f0fee73cd00f08e9c7fd:withdraw?api-version=2024-07-01 \
       --cacert service_cert.pem \
       --data-binary @- \
       -H "content-type: application/cose"

doc/schemas/mccf/2023-06-01-preview/examples/ServiceState_GetJoinPolicies.json → doc/schemas/gov/2023-06-01-preview/examples/ServiceState_GetJoinPolicies.json

@@ -30,4 +30,4 @@
       }
     }
   }
-}
+}

doc/schemas/gov/2023-06-01-preview/examples/ServiceState_GetJwkInfo.json

@@ -0,0 +1,29 @@
+{
+  "title": "ServiceState_GetJwkInfo",
+  "operationId": "ServiceState_GetJwkInfo",
+  "parameters": {
+    "api-version": "2023-06-01-preview"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "issuers": {
+          "idprovider.myservice.example.com": {
+            "keyFilter": "All",
+            "autoRefresh": true,
+            "caCertBundleName": "MyIdProviderCa"
+          }
+        },
+        "caCertBundles": {
+          "MyIdProviderCa": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n"
+        },
+        "keys": {
+          "idprovider_kida": {
+            "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
+            "issuer": "idprovider.myservice.example.com"
+          }
+        }
+      }
+    }
+  }
+}