oasis_runtime_sdk/modules/rofl/
policy.rs

1use crate::core::{
2    common::{
3        crypto::signature::PublicKey,
4        sgx::{EnclaveIdentity, QuotePolicy},
5    },
6    consensus::beacon::EpochTime,
7};
8
9/// Per-application ROFL policy.
10#[derive(Clone, Debug, PartialEq, Eq, Default, cbor::Encode, cbor::Decode)]
11pub struct AppAuthPolicy {
12    /// Quote policy.
13    pub quotes: QuotePolicy,
14    /// The set of allowed enclave identities.
15    pub enclaves: Vec<EnclaveIdentity>,
16    /// The set of allowed endorsements.
17    pub endorsements: Vec<AllowedEndorsement>,
18    /// Gas fee payment policy.
19    pub fees: FeePolicy,
20    /// Maximum number of future epochs for which one can register.
21    pub max_expiration: EpochTime,
22}
23
24/// An allowed endorsement policy.
25#[derive(Clone, Debug, PartialEq, Eq, cbor::Encode, cbor::Decode)]
26#[cbor(no_default)]
27pub enum AllowedEndorsement {
28    /// Any node can endorse the enclave.
29    #[cbor(rename = "any", as_struct)]
30    Any,
31    /// Compute node for the current runtime can endorse the enclave.
32    #[cbor(rename = "role_compute", as_struct)]
33    ComputeRole,
34    /// Observer node for the current runtime can endorse the enclave.
35    #[cbor(rename = "role_observer", as_struct)]
36    ObserverRole,
37    /// Registered node from a specific entity can endorse the enclave.
38    #[cbor(rename = "entity")]
39    Entity(PublicKey),
40    /// Specific node can endorse the enclave.
41    #[cbor(rename = "node")]
42    Node(PublicKey),
43}
44
45/// Gas fee payment policy.
46#[derive(Clone, Debug, Default, PartialEq, Eq, cbor::Encode, cbor::Decode)]
47#[repr(u8)]
48pub enum FeePolicy {
49    /// Application enclave pays the gas fees.
50    InstancePays = 1,
51    /// Endorsing node pays the gas fees.
52    #[default]
53    EndorsingNodePays = 2,
54}