Ensure all public types are under CCF namespace (#6684)

CHANGELOG.md

@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [6.0.0-dev8]
+
+[6.0.0-dev8]: https://github.com/microsoft/CCF/releases/tag/6.0.0-dev8
+
+### Changed
+
+- All definitions in CCF's public headers are now under the `ccf::` namespace. Any application code which references any of these types directly (notably `StartupConfig`, `http_status`, `LoggerLevel`), they will now need to be prefixed with the `ccf::` namespace.
+
 ## [6.0.0-dev7]
 
 [6.0.0-dev7]: https://github.com/microsoft/CCF/releases/tag/6.0.0-dev7

include/ccf/ccf_deprecated.h

@@ -3,3 +3,7 @@
 #pragma once
 
 #define CCF_DEPRECATED(reason) [[deprecated(reason)]]
+
+// ci-checks exception - only defines a macro
+namespace ccf
+{}

include/ccf/ds/enum_formatter.h

@@ -27,3 +27,7 @@ struct formatter<E, std::enable_if_t<std::is_enum_v<E>, char>>
   }
 };
 FMT_END_NAMESPACE
+
+// ci-checks exception - defines a struct in the fmt namespace
+namespace ccf
+{}

include/ccf/ds/logger.h

@@ -344,9 +344,9 @@ namespace ccf::logger
 // This allows:
 // CCF_LOG_OUT(DEBUG, "foo") << "this " << "msg";
 #define CCF_LOG_OUT(LVL, TAG) \
-  ccf::logger::config::ok(LoggerLevel::LVL) && \
+  ccf::logger::config::ok(ccf::LoggerLevel::LVL) && \
     ccf::logger::Out() == \
-      ccf::logger::LogLine(LoggerLevel::LVL, TAG, __FILE__, __LINE__)
+      ccf::logger::LogLine(ccf::LoggerLevel::LVL, TAG, __FILE__, __LINE__)
 
 // To avoid repeating the (s, ...) args for every macro, we cheat with a curried
 // macro here by ending the macro with another macro name, which then accepts

include/ccf/ds/logger_level.h

@@ -2,12 +2,15 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-enum LoggerLevel
+namespace ccf
 {
-  TRACE,
-  DEBUG, // events useful for debugging
-  INFO, // important events that should be logged even in release mode
-  FAIL, // survivable failures that should always be logged
-  FATAL, // fatal errors that may be non-recoverable
-  MAX_LOG_LEVEL
-};
+  enum LoggerLevel
+  {
+    TRACE,
+    DEBUG, // events useful for debugging
+    INFO, // important events that should be logged even in release mode
+    FAIL, // survivable failures that should always be logged
+    FATAL, // fatal errors that may be non-recoverable
+    MAX_LOG_LEVEL
+  };
+}

include/ccf/http_status.h

@@ -4,15 +4,18 @@
 
 #include <llhttp/llhttp.h>
 
-using http_status = llhttp_status;
-
-/* Returns a string version of the HTTP status code. */
-static inline const char* http_status_str(http_status s)
+namespace ccf
 {
-  return llhttp_status_name(s);
-}
+  using http_status = llhttp_status;
 
-static inline bool is_http_status_client_error(http_status s)
-{
-  return s >= 400 && s < 500;
-}
+  /* Returns a string version of the HTTP status code. */
+  static inline const char* http_status_str(http_status s)
+  {
+    return llhttp_status_name(s);
+  }
+
+  static inline bool is_http_status_client_error(http_status s)
+  {
+    return s >= 400 && s < 500;
+  }
+}

include/ccf/json_handler.h

@@ -68,9 +68,9 @@ namespace ccf
     const nlohmann::json& result_payload);
 
   jsonhandler::JsonAdapterResponse make_error(
-    http_status status, const std::string& code, const std::string& msg);
+    ccf::http_status status, const std::string& code, const std::string& msg);
 
-  jsonhandler::JsonAdapterResponse make_redirect(http_status status);
+  jsonhandler::JsonAdapterResponse make_redirect(ccf::http_status status);
 
   using HandlerJsonParamsAndForward =
     std::function<jsonhandler::JsonAdapterResponse(

include/ccf/node/cose_signatures_config.h

@@ -18,4 +18,4 @@ namespace ccf
 
   DECLARE_JSON_TYPE(COSESignaturesConfig);
   DECLARE_JSON_REQUIRED_FIELDS(COSESignaturesConfig, issuer, subject);
-}
+}

include/ccf/node/node_configuration_interface.h

@@ -13,7 +13,7 @@ namespace ccf
 {
   struct NodeConfigurationState
   {
-    const StartupConfig& node_config;
+    const ccf::StartupConfig& node_config;
     std::map<NodeInfoNetwork::RpcInterfaceID, std::vector<std::regex>>
       rpc_interface_regexes;
     bool initialized = false;

include/ccf/node/startup_config.h

@@ -16,106 +16,109 @@
 #include <string>
 #include <vector>
 
-struct CCFConfig
+namespace ccf
 {
-  size_t worker_threads = 0;
-
-  // 2**24.5 as per RFC8446 Section 5.5
-  size_t node_to_node_message_limit = 23'726'566;
+  struct CCFConfig
+  {
+    size_t worker_threads = 0;
 
-  ccf::ds::SizeString historical_cache_soft_limit = {"512MB"};
+    // 2**24.5 as per RFC8446 Section 5.5
+    size_t node_to_node_message_limit = 23'726'566;
 
-  ccf::consensus::Configuration consensus = {};
-  ccf::NodeInfoNetwork network = {};
+    ccf::ds::SizeString historical_cache_soft_limit = {"512MB"};
 
-  struct NodeCertificateInfo
-  {
-    std::string subject_name = "CN=CCF Node";
-    std::vector<std::string> subject_alt_names = {};
-    ccf::crypto::CurveID curve_id = ccf::crypto::CurveID::SECP384R1;
-    size_t initial_validity_days = 1;
+    ccf::consensus::Configuration consensus = {};
+    ccf::NodeInfoNetwork network = {};
 
-    bool operator==(const NodeCertificateInfo&) const = default;
-  };
-  NodeCertificateInfo node_certificate = {};
+    struct NodeCertificateInfo
+    {
+      std::string subject_name = "CN=CCF Node";
+      std::vector<std::string> subject_alt_names = {};
+      ccf::crypto::CurveID curve_id = ccf::crypto::CurveID::SECP384R1;
+      size_t initial_validity_days = 1;
 
-  struct LedgerSignatures
-  {
-    size_t tx_count = 5000;
-    ccf::ds::TimeString delay = {"1000ms"};
+      bool operator==(const NodeCertificateInfo&) const = default;
+    };
+    NodeCertificateInfo node_certificate = {};
 
-    bool operator==(const LedgerSignatures&) const = default;
-  };
-  LedgerSignatures ledger_signatures = {};
+    struct LedgerSignatures
+    {
+      size_t tx_count = 5000;
+      ccf::ds::TimeString delay = {"1000ms"};
 
-  struct JWT
-  {
-    ccf::ds::TimeString key_refresh_interval = {"30min"};
+      bool operator==(const LedgerSignatures&) const = default;
+    };
+    LedgerSignatures ledger_signatures = {};
 
-    bool operator==(const JWT&) const = default;
-  };
-  JWT jwt = {};
+    struct JWT
+    {
+      ccf::ds::TimeString key_refresh_interval = {"30min"};
 
-  struct Attestation
-  {
-    ccf::pal::snp::EndorsementsServers snp_endorsements_servers = {};
-    std::optional<std::string> snp_security_policy_file = std::nullopt;
-    std::optional<std::string> snp_uvm_endorsements_file = std::nullopt;
+      bool operator==(const JWT&) const = default;
+    };
+    JWT jwt = {};
 
-    struct Environment
+    struct Attestation
     {
-      std::optional<std::string> security_policy = std::nullopt;
-      std::optional<std::string> uvm_endorsements = std::nullopt;
+      ccf::pal::snp::EndorsementsServers snp_endorsements_servers = {};
+      std::optional<std::string> snp_security_policy_file = std::nullopt;
+      std::optional<std::string> snp_uvm_endorsements_file = std::nullopt;
 
-      bool operator==(const Environment&) const = default;
-    };
-    Environment environment = {};
+      struct Environment
+      {
+        std::optional<std::string> security_policy = std::nullopt;
+        std::optional<std::string> uvm_endorsements = std::nullopt;
 
-    bool operator==(const Attestation&) const = default;
+        bool operator==(const Environment&) const = default;
+      };
+      Environment environment = {};
+
+      bool operator==(const Attestation&) const = default;
+    };
+    Attestation attestation = {};
   };
-  Attestation attestation = {};
-};
 
-struct StartupConfig : CCFConfig
-{
-  StartupConfig() = default;
-  StartupConfig(const CCFConfig& common_base) : CCFConfig(common_base) {}
+  struct StartupConfig : CCFConfig
+  {
+    StartupConfig() = default;
+    StartupConfig(const CCFConfig& common_base) : CCFConfig(common_base) {}
 
-  std::string startup_host_time;
-  size_t snapshot_tx_interval = 10'000;
+    std::string startup_host_time;
+    size_t snapshot_tx_interval = 10'000;
 
-  // Only if starting or recovering
-  size_t initial_service_certificate_validity_days = 1;
-  std::string service_subject_name = "CN=CCF Service";
-  ccf::COSESignaturesConfig cose_signatures;
+    // Only if starting or recovering
+    size_t initial_service_certificate_validity_days = 1;
+    std::string service_subject_name = "CN=CCF Service";
+    ccf::COSESignaturesConfig cose_signatures;
 
-  nlohmann::json service_data = nullptr;
+    nlohmann::json service_data = nullptr;
 
-  nlohmann::json node_data = nullptr;
+    nlohmann::json node_data = nullptr;
 
-  struct Start
-  {
-    std::vector<ccf::NewMember> members;
-    std::string constitution;
-    ccf::ServiceConfiguration service_configuration;
+    struct Start
+    {
+      std::vector<ccf::NewMember> members;
+      std::string constitution;
+      ccf::ServiceConfiguration service_configuration;
 
-    bool operator==(const Start& other) const = default;
-  };
-  Start start = {};
+      bool operator==(const Start& other) const = default;
+    };
+    Start start = {};
 
-  struct Join
-  {
-    ccf::NodeInfoNetwork::NetAddress target_rpc_address;
-    ccf::ds::TimeString retry_timeout = {"1000ms"};
-    std::vector<uint8_t> service_cert = {};
-    bool follow_redirect = true;
-  };
-  Join join = {};
+    struct Join
+    {
+      ccf::NodeInfoNetwork::NetAddress target_rpc_address;
+      ccf::ds::TimeString retry_timeout = {"1000ms"};
+      std::vector<uint8_t> service_cert = {};
+      bool follow_redirect = true;
+    };
+    Join join = {};
 
-  struct Recover
-  {
-    std::optional<std::vector<uint8_t>> previous_service_identity =
-      std::nullopt;
+    struct Recover
+    {
+      std::optional<std::vector<uint8_t>> previous_service_identity =
+        std::nullopt;
+    };
+    Recover recover = {};
   };
-  Recover recover = {};
-};
+}

include/ccf/service/consensus_type.h

@@ -2,8 +2,16 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-enum ConsensusType
+#include "ccf/ds/json.h"
+
+namespace ccf
 {
-  CFT = 0,
-  BFT = 1
-};
+  enum ConsensusType
+  {
+    CFT = 0,
+    BFT = 1
+  };
+
+  DECLARE_JSON_ENUM(
+    ConsensusType, {{ConsensusType::CFT, "CFT"}, {ConsensusType::BFT, "BFT"}})
+}

include/ccf/service/reconfiguration_type.h

@@ -2,8 +2,18 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-enum ReconfigurationType
+#include "ccf/ds/json.h"
+
+namespace ccf
 {
-  ONE_TRANSACTION = 0,
-  TWO_TRANSACTION = 1
-};
+  enum ReconfigurationType
+  {
+    ONE_TRANSACTION = 0,
+    TWO_TRANSACTION = 1
+  };
+
+  DECLARE_JSON_ENUM(
+    ReconfigurationType,
+    {{ReconfigurationType::ONE_TRANSACTION, "OneTransaction"},
+     {ReconfigurationType::TWO_TRANSACTION, "TwoTransaction"}})
+}

include/ccf/tx.h

@@ -2,7 +2,6 @@
 // Licensed under the Apache 2.0 License.
 #pragma once
 
-#include "ccf/ccf_assert.h"
 #include "ccf/crypto/sha256_hash.h"
 #include "ccf/tx_id.h"
 

python/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ccf"
-version = "6.0.0-dev7"
+version = "6.0.0-dev8"
 authors = [
   { name="CCF Team", email="CCF-Sec@microsoft.com" },
 ]

scripts/ci-checks.sh

@@ -49,7 +49,20 @@ if [[ -n "$violations" ]]; then
   echo "$violations"
   exit 1
 else
-  echo "No public header violations"
+  echo "No public-private include violations"
+fi
+endgroup
+
+group "Public header namespaces"
+# Enforce that all public headers namespace their exports
+# NB: This only greps for a namespace definition in each file, doesn't precisely enforce that no types escape that namespace - mistakes are possible
+violations=$(find "$ROOT_DIR/include/ccf" -type f -name "*.h" -print0 | xargs --null grep -L "namespace ccf" | sort || true)
+if [[ -n "$violations" ]]; then
+  echo "Public headers missing ccf namespace:"
+  echo "$violations"
+  exit 1
+else
+  echo "No public header namespace violations"
 fi
 endgroup