go/runtime/registry/host: Ignore key manager quote policy update feature

If the key manager policy and status update watcher started before the runtime active version was ready, it failed to fetch the runtime info and stopped. Therefore, the key manager status and quote policy were never updated, causing the key manager runtime client to reject incoming Noise session requests since the policy was not set.
oasisprotocol · Jul 4, 2024 · 7566543 · 7566543
1 parent 4009b8c
commit 7566543
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 20 deletions.
diff --git a/.changelog/5759.bugfix.md b/.changelog/5759.bugfix.md
@@ -0,0 +1,7 @@
+go/runtime/registry/host: Ignore key manager quote policy update feature
+
+If the key manager policy and status update watcher started before
+the runtime active version was ready, it failed to fetch the runtime
+info and stopped. Therefore, the key manager status and quote policy
+were never updated, causing the key manager runtime client to reject
+incoming Noise session requests since the policy was not set.
diff --git a/go/runtime/host/tests/tester.go b/go/runtime/host/tests/tester.go
@@ -91,7 +91,7 @@ func TestProvisioner(
 	}
 }
 
-func mockKeyManagerStatusRequest() (*protocol.Body, error) {
+func mockRuntimeKeyManagerStatusUpdateRequest() (*protocol.Body, error) {
 	// Generate a dummy key manager status for tests.
 	var keymanagerID common.Namespace
 	if err := keymanagerID.UnmarshalHex("c000000000000000fffffffffffffffffffffffffffffffffffffffffffffffe"); err != nil {
@@ -157,12 +157,12 @@ func testBasic(t *testing.T, cfg host.Config, p host.Provisioner) {
 	require.NoError(err, "Call")
 	require.NotNil(rsp.Empty, "runtime response to RuntimePingRequest should return an Empty body")
 
-	req, err := mockKeyManagerStatusRequest()
+	req, err := mockRuntimeKeyManagerStatusUpdateRequest()
 	require.NoError(err, "mockKeyManagerStatusRequest")
 
 	rsp, err = r.Call(ctx, req)
 	require.NoError(err, "KeyManagerStatusRequest Call")
-	require.NotNil(rsp.RuntimeKeyManagerStatusUpdateResponse, "runtime response to KeyManagerStatusRequest should return a RuntimeKeyManagerStatusUpdateResponse body")
+	require.NotNil(rsp.RuntimeKeyManagerStatusUpdateResponse, "runtime response to RuntimeKeyManagerStatusUpdate should return a RuntimeKeyManagerStatusUpdateResponse body")
 
 	// Request the runtime to stop.
 	r.Stop()

diff --git a/go/runtime/registry/host.go b/go/runtime/registry/host.go
@@ -663,39 +663,34 @@ func (n *runtimeHostNotifier) watchKmPolicyUpdates(ctx context.Context, kmRtID *
 	var (
 		statusUpdated      = true
 		quotePolicyUpdated = true
-		runtimeInfoUpdated = false
 	)
 
 	var (
 		st *secrets.Status
 		sc *node.SGXConstraints
 		vi *registry.VersionInfo
-		ri *protocol.RuntimeInfoResponse
 	)
 
 	for {
-		// Fetch runtime info so that we know which features the current runtime version supports.
-		if !runtimeInfoUpdated {
-			if ri, err = n.host.GetInfo(ctx); err != nil {
-				n.logger.Error("failed to fetch runtime info",
-					"err", err,
-				)
-				return
-			}
-			runtimeInfoUpdated = true
-		}
-
 		// Make sure that we actually have a new status.
 		if !statusUpdated && st != nil {
-			if err = n.updateKeyManagerStatus(ctx, st); err == nil {
+			if err = n.updateKeyManagerStatus(ctx, st); err != nil {
+				n.logger.Error("failed to update key manager status",
+					"err", err,
+				)
+			} else {
 				statusUpdated = true
 			}
 		}
 
 		// Make sure that we actually have a new quote policy and that the current runtime version
 		// supports quote policy updates.
-		if !quotePolicyUpdated && sc != nil && sc.Policy != nil && ri.Features.KeyManagerQuotePolicyUpdates {
-			if err = n.updateKeyManagerQuotePolicy(ctx, sc.Policy); err == nil {
+		if !quotePolicyUpdated && sc != nil && sc.Policy != nil {
+			if err = n.updateKeyManagerQuotePolicy(ctx, sc.Policy); err != nil {
+				n.logger.Error("failed to update key manager quote policy",
+					"err", err,
+				)
+			} else {
 				quotePolicyUpdated = true
 			}
 		}
@@ -756,7 +751,6 @@ func (n *runtimeHostNotifier) watchKmPolicyUpdates(ctx context.Context, kmRtID *
 
 			statusUpdated = false
 			quotePolicyUpdated = false
-			runtimeInfoUpdated = false
 		case <-retryTicker.C:
 			// Retry updates if some of them failed. When using CometBFT as a backend service
 			// the host will see the new state one block before the consensus verifier as the former