Merge pull request #5079 from oasisprotocol/peternose/feature/km-poli…

…cy-status

go/worker/keymanager: Show current key manager policy in the node status

.changelog/5079.feature.md

@@ -0,0 +1 @@
+go/worker/keymanager: Show current key manager policy in the node status

go/worker/keymanager/api/api.go

@@ -6,6 +6,7 @@ import (
 	"github.com/libp2p/go-libp2p/core"
 
 	"github.com/oasisprotocol/oasis-core/go/common"
+	"github.com/oasisprotocol/oasis-core/go/keymanager/api"
 )
 
 // StatusState is the concise status state of the key manager worker.
@@ -97,4 +98,9 @@ type Status struct {
 	AccessList []RuntimeAccessList `json:"access_list"`
 	// PrivatePeers is a list of peers that are always allowed to call protected methods.
 	PrivatePeers []core.PeerID `json:"private_peers"`
+
+	// Policy is the key manager policy.
+	Policy *api.SignedPolicySGX `json:"signed_policy"`
+	// PolicyChecksum is the checksum of the key manager policy.
+	PolicyChecksum []byte `json:"policy_checksum"`
 }

go/worker/keymanager/status.go

@@ -70,5 +70,7 @@ func (w *Worker) GetStatus(ctx context.Context) (*api.Status, error) {
 		ClientRuntimes: rts,
 		AccessList:     al,
 		PrivatePeers:   ps,
+		Policy:         w.policy,
+		PolicyChecksum: w.policyChecksum,
 	}, nil
 }

go/worker/keymanager/worker.go

@@ -87,6 +87,9 @@ type Worker struct { // nolint: maligned
 	enclaveStatus *api.SignedInitResponse
 	backend       api.Backend
 
+	policy         *api.SignedPolicySGX
+	policyChecksum []byte
+
 	enabled     bool
 	mayGenerate bool
 }
@@ -338,11 +341,13 @@ func (w *Worker) updateStatus(status *api.Status, runtimeStatus *runtimeStatus)
 		return nil
 	})
 
-	// Cache the key manager enclave status.
+	// Cache the key manager enclave status and the currently active policy.
 	w.Lock()
 	defer w.Unlock()
 
 	w.enclaveStatus = &signedInitResp
+	w.policy = status.Policy
+	w.policyChecksum = signedInitResp.InitResponse.PolicyChecksum
 
 	return nil
 }