chore: Add new cli for IDGraph clean (#3115)

Co-authored-by: higherordertech <higherordertech>

tee-worker/common/core-primitives/stf-primitives/src/error.rs

@@ -74,6 +74,9 @@ pub enum StfError {
 	InvalidStorageDiff,
 	#[codec(index = 27)]
 	InvalidMetadata,
+	#[codec(index = 28)]
+	#[display(fmt = "CleaningIDGraphsFailed: {:?}", _0)]
+	CleanIDGraphsFailed(ErrorDetail),
 }
 
 impl From<IMPError> for StfError {

tee-worker/common/litentry/pallets/identity-management/src/lib.rs

@@ -255,6 +255,19 @@ pub mod pallet {
 
 			Ok(())
 		}
+
+		// Clean all id_graph related storage
+		#[pallet::call_index(6)]
+		#[pallet::weight({15_000_000})]
+		pub fn clean_id_graphs(origin: OriginFor<T>) -> DispatchResult {
+			T::ManageOrigin::ensure_origin(origin)?;
+
+			Self::clear_id_graphs();
+			Self::clear_id_graph_lens();
+			Self::clear_linked_identities();
+
+			Ok(())
+		}
 	}
 
 	impl<T: Config> Pallet<T> {
@@ -324,5 +337,37 @@ pub mod pallet {
 			debug!("IDGraph stats: {:?}", stats);
 			Some(stats)
 		}
+
+		fn clear_id_graphs() {
+			// Retrieve all the outer and inner keys from the storage by collecting tuples of (outer_key, inner_key)
+			let keys: Vec<(Identity, Identity)> = IDGraphs::<T>::iter()
+				.map(|(outer_key, inner_key, _)| (outer_key, inner_key))
+				.collect();
+
+			// Iterate through all the key pairs (outer_key, inner_key) and remove the corresponding entries from storage
+			for (outer_key, inner_key) in keys {
+				IDGraphs::<T>::remove(outer_key, inner_key);
+			}
+		}
+
+		fn clear_id_graph_lens() {
+			// Retrieve all the keys from the storage
+			let keys: Vec<Identity> = IDGraphLens::<T>::iter_keys().collect();
+
+			// Iterate through each key and remove the entry
+			for key in keys {
+				IDGraphLens::<T>::remove(key);
+			}
+		}
+
+		fn clear_linked_identities() {
+			// Retrieve all the keys from the storage
+			let keys: Vec<Identity> = LinkedIdentities::<T>::iter_keys().collect();
+
+			// Iterate through each key and remove the entry
+			for key in keys {
+				LinkedIdentities::<T>::remove(key);
+			}
+		}
 	}
 }

tee-worker/identity/app-libs/stf/src/trusted_call.rs

@@ -136,6 +136,9 @@ pub enum TrustedCall {
 	send_erroneous_parentchain_call(Identity),
 	#[codec(index = 24)]
 	maybe_create_id_graph(Identity, Identity),
+	#[cfg(feature = "development")]
+	#[codec(index = 25)]
+	clean_id_graphs(Identity),
 
 	// original integritee trusted calls, starting from index 50
 	#[codec(index = 50)]
@@ -224,6 +227,8 @@ impl TrustedCall {
 			#[cfg(feature = "development")]
 			Self::remove_identity(sender_identity, ..) => sender_identity,
 			Self::request_batch_vc(sender_identity, ..) => sender_identity,
+			#[cfg(feature = "development")]
+			Self::clean_id_graphs(sender_identity) => sender_identity,
 		}
 	}
 
@@ -871,6 +876,23 @@ where
 					Err(e) => warn!("maybe_create_id_graph NOK: {:?}", e),
 				};
 
+				Ok(TrustedCallResult::Empty)
+			},
+			#[cfg(feature = "development")]
+			TrustedCall::clean_id_graphs(signer) => {
+				debug!("clean_id_graphs");
+
+				let account = signer.to_account_id().ok_or(Self::Error::InvalidAccount)?;
+				use crate::helpers::ensure_enclave_signer_or_alice;
+				ensure!(
+					ensure_enclave_signer_or_alice(&account),
+					StfError::CleanIDGraphsFailed(ErrorDetail::UnauthorizedSigner)
+				);
+
+				IMTCall::clean_id_graphs {}
+					.dispatch_bypass_filter(ita_sgx_runtime::RuntimeOrigin::root())
+					.map_err(|e| StfError::CleanIDGraphsFailed(e.into()))?;
+
 				Ok(TrustedCallResult::Empty)
 			},
 		}

tee-worker/identity/cli/src/trusted_base_cli/commands/litentry/clean_id_graphs.rs

@@ -0,0 +1,48 @@
+// Copyright 2020-2024 Trust Computing GmbH.
+// This file is part of Litentry.
+//
+// Litentry is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Litentry is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Litentry.  If not, see <https://www.gnu.org/licenses/>.
+
+use crate::{
+	get_layer_two_nonce,
+	trusted_cli::TrustedCli,
+	trusted_command_utils::{get_identifiers, get_pair_from_str},
+	trusted_operation::perform_trusted_operation,
+	Cli, CliResult, CliResultOk,
+};
+use clap::Parser;
+use ita_stf::{Index, TrustedCall};
+use itp_stf_primitives::{traits::TrustedCallSigning, types::KeyPair};
+use sp_core::Pair;
+
+// usage exmaple:
+//
+// ./bin/litentry-cli trusted --mrenclave <mrenclave> --direct clean-id-graphs
+
+#[derive(Parser)]
+pub struct CleanIDGraphsCommand {}
+
+impl CleanIDGraphsCommand {
+	pub(crate) fn run(&self, cli: &Cli, trusted_cli: &TrustedCli) -> CliResult {
+		let alice = get_pair_from_str(trusted_cli, "//Alice", cli);
+
+		let (mrenclave, shard) = get_identifiers(trusted_cli, cli);
+		let nonce = get_layer_two_nonce!(alice, cli, trusted_cli);
+
+		let top = TrustedCall::clean_id_graphs(alice.public().into())
+			.sign(&KeyPair::Sr25519(Box::new(alice)), nonce, &mrenclave, &shard)
+			.into_trusted_operation(trusted_cli.direct);
+		Ok(perform_trusted_operation::<()>(cli, trusted_cli, &top).map(|_| CliResultOk::None)?)
+	}
+}

tee-worker/identity/cli/src/trusted_base_cli/commands/litentry/mod.rs

@@ -14,6 +14,8 @@
 // You should have received a copy of the GNU General Public License
 // along with Litentry.  If not, see <https://www.gnu.org/licenses/>.
 
+#[cfg(feature = "development")]
+pub mod clean_id_graphs;
 pub mod get_storage;
 pub mod id_graph;
 pub mod link_identity;

tee-worker/identity/cli/src/trusted_base_cli/mod.rs

@@ -15,6 +15,8 @@
 
 */
 
+#[cfg(feature = "development")]
+use crate::trusted_base_cli::commands::litentry::clean_id_graphs::CleanIDGraphsCommand;
 #[cfg(feature = "development")]
 use crate::trusted_base_cli::commands::litentry::remove_identity::RemoveIdentityCommand;
 use crate::{
@@ -86,6 +88,10 @@ pub enum TrustedBaseCommand {
 	/// Remove Identity from the prime identity
 	#[cfg(feature = "development")]
 	RemoveIdentity(RemoveIdentityCommand),
+
+	// Remove all id_graph from storage
+	#[cfg(feature = "development")]
+	CleanIDGraphs(CleanIDGraphsCommand),
 }
 
 impl TrustedBaseCommand {
@@ -106,6 +112,8 @@ impl TrustedBaseCommand {
 			TrustedBaseCommand::RequestVc(cmd) => cmd.run(cli, trusted_cli),
 			#[cfg(feature = "development")]
 			TrustedBaseCommand::RemoveIdentity(cmd) => cmd.run(cli, trusted_cli),
+			#[cfg(feature = "development")]
+			TrustedBaseCommand::CleanIDGraphs(cmd) => cmd.run(cli, trusted_cli),
 		}
 	}
 }

tee-worker/identity/client-api/parachain-api/prepare-build/interfaces/trusted_operations/definitions.ts

@@ -58,6 +58,13 @@ export default {
                 // this trusted call can only be requested directly by root or enclave_signer_account
                 link_identity_callback:
                     "(LitentryIdentity, LitentryIdentity, LitentryIdentity, Vec<Web3Network>, Option<RequestAesKey>, H256)",
+
+                __Unused_21: "Null",
+                __Unused_22: "Null",
+                __Unused_23: "Null",
+                __Unused_24: "Null",
+
+                clean_id_graphs: "(LitentryIdentity)",
             },
         },
         TrustedOperationStatus: {