Merge pull request #634 from oasisprotocol/matevz/feat/rofl-init-reset

Add `oasis rofl init --reset`, cleanup TDX leftovers in SGX manifest

Author: matevz

build/rofl/manifest.go

@@ -167,7 +167,7 @@ func (m *Manifest) Validate() error {
 		return fmt.Errorf("unsupported app kind: %s", m.Kind)
 	}
 
-	if err := m.Resources.Validate(); err != nil {
+	if err := m.Resources.Validate(m.TEE); err != nil {
 		return fmt.Errorf("bad resources config: %w", err)
 	}
 
@@ -443,13 +443,18 @@ type ResourcesConfig struct {
 }
 
 // Validate validates the resources configuration for correctness.
-func (r *ResourcesConfig) Validate() error {
+func (r *ResourcesConfig) Validate(tee string) error {
 	if r.Memory < 16 {
 		return fmt.Errorf("memory size must be at least 16M")
 	}
 	if r.CPUCount < 1 {
 		return fmt.Errorf("vCPU count must be at least 1")
 	}
+
+	if tee == TEETypeSGX && r.Storage != nil {
+		return fmt.Errorf("SGX apps do not support disk storage")
+	}
+
 	if r.Storage != nil {
 		err := r.Storage.Validate()
 		if err != nil {

cmd/rofl/mgmt.go

@@ -41,6 +41,7 @@ var (
 
 	appTEE  string
 	appKind string
+	reset   bool
 
 	//go:embed init_artifacts/compose.yaml
 	initArtifactCompose []byte
@@ -64,38 +65,59 @@ var (
 			err = os.Chdir(appPath)
 			cobra.CheckErr(err)
 
-			// Fail in case there is an existing manifest.
-			if buildRofl.ManifestExists() {
-				cobra.CheckErr("refusing to overwrite existing manifest")
-			}
+			var manifest *buildRofl.Manifest
+			if !reset {
+				// Fail in case there is an existing manifest.
+				if buildRofl.ManifestExists() {
+					cobra.CheckErr("Refusing to overwrite existing manifest.\nHint: To reset existing ROFL manifest, pass --reset flag.")
+				}
 
-			// Create a default manifest without any deployments.
-			// TODO: Extract author and repository from Git configuration if available.
-			manifest := buildRofl.Manifest{
-				Name:    appName,
-				Version: "0.1.0",
-				TEE:     appTEE,
-				Kind:    appKind,
-				Resources: buildRofl.ResourcesConfig{
-					Memory:   512,
-					CPUCount: 1,
-					Storage: &buildRofl.StorageConfig{
-						Kind: buildRofl.StorageKindDiskPersistent,
-						Size: 512,
+				fmt.Printf("Creating a new app with default policy...\n")
+
+				// Create a default manifest without any deployments.
+				manifest = &buildRofl.Manifest{
+					Name:    appName,
+					Version: "0.1.0",
+					TEE:     appTEE,
+					Kind:    appKind,
+					Resources: buildRofl.ResourcesConfig{
+						Memory:   512,
+						CPUCount: 1,
 					},
-				},
+				}
+			} else {
+				manifest, err = buildRofl.LoadManifest()
+				cobra.CheckErr(err)
+
+				fmt.Printf("\n")
+				if !common.GetAnswerYes() {
+					common.Confirm("Reset existing app manifest file by removing all configured ROFL deployments, secrets and policies", "not resetting")
+				}
+
+				manifest.Name = appName
+				manifest.Deployments = make(map[string]*buildRofl.Deployment)
 			}
+
+			// TODO: Extract author and repository from Git configuration if available.
+
 			err = manifest.Validate()
 			cobra.CheckErr(err)
 
-			fmt.Printf("Creating a new ROFL app with default policy...\n")
 			fmt.Printf("Name:     %s\n", manifest.Name)
 			fmt.Printf("Version:  %s\n", manifest.Version)
 			fmt.Printf("TEE:      %s\n", manifest.TEE)
 			fmt.Printf("Kind:     %s\n", manifest.Kind)
 
 			switch manifest.TEE {
 			case buildRofl.TEETypeTDX:
+				// TDX requires storage settings.
+				if !reset {
+					manifest.Resources.Storage = &buildRofl.StorageConfig{
+						Kind: buildRofl.StorageKindDiskPersistent,
+						Size: 512,
+					}
+				}
+
 				switch appKind {
 				case buildRofl.AppKindRaw:
 					artifacts := buildRofl.LatestBasicArtifacts // Copy.
@@ -221,6 +243,12 @@ var (
 					debugMode = params.DebugAllowTestRuntimes
 				}
 
+				// For TDX assign empty quote policies by default.
+				var tdxQuotePolicy *pcs.TdxQuotePolicy
+				if manifest.TEE == buildRofl.TEETypeTDX {
+					tdxQuotePolicy = &pcs.TdxQuotePolicy{}
+				}
+
 				// Generate manifest and a default policy which does not accept any enclaves.
 				deployment = &buildRofl.Deployment{
 					Network:  npa.NetworkName,
@@ -232,7 +260,7 @@ var (
 							PCS: &pcs.QuotePolicy{
 								TCBValidityPeriod:          30,
 								MinTCBEvaluationDataNumber: 18,
-								TDX:                        &pcs.TdxQuotePolicy{},
+								TDX:                        tdxQuotePolicy,
 							},
 						},
 						Endorsements: []rofl.AllowedEndorsement{
@@ -828,6 +856,8 @@ func detectOrCreateComposeFile() string {
 func init() {
 	initCmd.Flags().StringVar(&appTEE, "tee", "tdx", "TEE kind [tdx, sgx]")
 	initCmd.Flags().StringVar(&appKind, "kind", "container", "ROFL app kind [container, raw]")
+	initCmd.Flags().BoolVar(&reset, "reset", false, "reset the existing ROFL manifest")
+	initCmd.Flags().AddFlagSet(common.AnswerYesFlag)
 
 	createCmd.Flags().AddFlagSet(common.SelectorFlags)
 	createCmd.Flags().AddFlagSet(common.RuntimeTxFlags)

docs/rofl.md

@@ -18,17 +18,20 @@ OFfchain Logic (ROFL)][rofl] apps:
 
 ## Initialize a new ROFL app manifest {#init}
 
-The `rofl init` command will prepare a new ROFL app manifest in the given
-directory (defaults to the current directory). The manifest is a YAML file named
+The `rofl init` command will prepare a new ROFL manifest in the given directory
+(defaults to the current directory). The manifest is a YAML file named
 `rofl.yaml` which defines the versions of all components, upgrade policies, etc.
 needed to manage, build and deploy the ROFL app.
 
 ![code shell](../examples/rofl/init.in.static)
 
 ![code](../examples/rofl/init.out.static)
 
-Note that by default the manifest will not contain any deployments. In order to
-create deployments, use `rofl create`.
+You can create a new ROFL manifest file based on the existing one by passing
+`--reset` flag. This is useful if you want to make your own deployment of
+the existing ROFL project. It will remove information on previous user-specific
+deployments but keep information such as the minimum CPU, memory and storage
+requirements.
 
 ## Create a new ROFL app on the network {#create}