Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authz redesign: CLI implementation #1079

Merged
merged 41 commits into from
Nov 14, 2022
Merged

Authz redesign: CLI implementation #1079

Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
9ae2fd3
Add contract authz proto
giansalex Aug 27, 2022
1358502
Implement contract autorization
giansalex Aug 27, 2022
8f30357
Register contract authz
giansalex Aug 27, 2022
6dec6ad
Add contract-authz tests
giansalex Aug 28, 2022
1cb6bd0
Consume gas for contract authz
giansalex Aug 28, 2022
fa235fd
Add contract authz cli
giansalex Aug 28, 2022
14cedff
Update cli usage
giansalex Aug 28, 2022
46aba00
Model spike
alpe Sep 6, 2022
443dbf4
Add max funds limit
alpe Sep 14, 2022
8809e4f
Redesign authz model
alpe Nov 4, 2022
b1acbbd
Start e2e test
alpe Nov 4, 2022
2d92e12
Full e2e test
alpe Nov 5, 2022
3d69c2e
Add cli implementation for signle grant case
pinosu Nov 7, 2022
498c46f
Restore file to avoid merge conflicts
pinosu Nov 8, 2022
3eb6e2d
Test filter and limits
alpe Nov 8, 2022
f8b6403
Add allow-al-messages flag
pinosu Nov 8, 2022
bbe2086
Add cli implementation for signle grant case
pinosu Nov 7, 2022
28c1d94
Add allow-al-messages flag
pinosu Nov 8, 2022
84dd98c
Resolve rebase merge conflicts
pinosu Nov 8, 2022
5c45d27
Implement comments fixes
pinosu Nov 8, 2022
40bdb6c
Test accept
alpe Nov 8, 2022
5aed79c
Fix description
alpe Nov 8, 2022
cc8d9bd
No linter warning
alpe Nov 8, 2022
7a11526
Fix flags and add example command
pinosu Nov 9, 2022
04d3b12
Fix lint error
pinosu Nov 9, 2022
4724e4b
Fix limits cli
pinosu Nov 9, 2022
170b305
Add cli implementation for signle grant case
pinosu Nov 7, 2022
04987bc
Add allow-al-messages flag
pinosu Nov 8, 2022
f8dd749
Implement comments fixes
pinosu Nov 8, 2022
5b5ae89
Fix flags and add example command
pinosu Nov 9, 2022
00de894
Fix lint error
pinosu Nov 9, 2022
b5e6ee6
Fix limits cli
pinosu Nov 9, 2022
0797367
Rebase 966_grants_redesign
pinosu Nov 9, 2022
4ae3098
Add cli implementation for signle grant case
pinosu Nov 7, 2022
0e2f8eb
Add allow-al-messages flag
pinosu Nov 8, 2022
a69f603
Implement comments fixes
pinosu Nov 8, 2022
2faf404
Fix flags and add example command
pinosu Nov 9, 2022
6732176
Fix lint error
pinosu Nov 9, 2022
91cb542
Fix limits cli
pinosu Nov 9, 2022
902ad19
Rebase to main branch
pinosu Nov 11, 2022
0164d85
Fix comments
pinosu Nov 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
120 changes: 105 additions & 15 deletions x/wasm/client/cli/tx.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,15 @@ import (
"fmt"
"os"
"strconv"
"time"

"github.com/cosmos/cosmos-sdk/client"
"github.com/cosmos/cosmos-sdk/client/flags"
"github.com/cosmos/cosmos-sdk/client/tx"
sdk "github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
"github.com/cosmos/cosmos-sdk/version"
"github.com/cosmos/cosmos-sdk/x/authz"
"github.com/spf13/cobra"
flag "github.com/spf13/pflag"

Expand All @@ -32,9 +34,13 @@ const (
flagInstantiateByAddress = "instantiate-only-address"
flagInstantiateByAnyOfAddress = "instantiate-anyof-addresses"
flagUnpinCode = "unpin-code"
flagAllowedMsgs = "allow-msgs"
flagRunOnce = "run-once"
flagAllowedMsgKeys = "allow-msg-keys"
flagAllowedRawMsgs = "allow-raw-msgs"
flagExpiration = "expiration"
flagMaxCalls = "max-calls"
flagMaxFunds = "max-funds"
flagAllowAllMsgs = "allow-all-messages"
flagNoTokenTransfer = "no-token-transfer" //nolint:gosec
)

// GetTxCmd returns the transaction commands for this module
Expand Down Expand Up @@ -384,9 +390,17 @@ func parseExecuteArgs(contractAddr string, execMsg string, sender sdk.AccAddress

func GrantAuthorizationCmd() *cobra.Command {
cmd := &cobra.Command{
Use: "grant [grantee] [contract_addr_bech32] --allow-msgs [msg1,msg2,...]",
Use: "grant [grantee] [message_type=\"execution\"|\"migration\"] [contract_addr_bech32] --allow-raw-msgs [msg1,msg2,...] --allow-msg-keys [key1,key2,...] --allow-all-messages",
Short: "Grant authorization to an address",
Args: cobra.ExactArgs(2),
Long: fmt.Sprintf(`Grant authorization to an address.
Examples:
$ %s tx grant <grantee_addr> execution <contract_addr> --allow-all-messages --maxCalls 1 --no-token-transfer --expiration 1667979596

$ %s tx grant <grantee_addr> execution <contract_addr> --allow-all-messages --maxFunds 100000uwasm --expiration 1667979596

$ %s tx grant <grantee_addr> execution <contract_addr> --allow-all-messages --maxCalls 5 --maxFunds 100000uwasm --expiration 1667979596
`, version.AppName, version.AppName, version.AppName),
Args: cobra.ExactArgs(3),
RunE: func(cmd *cobra.Command, args []string) error {
clientCtx, err := client.GetClientTxContext(cmd)
if err != nil {
Expand All @@ -398,17 +412,27 @@ func GrantAuthorizationCmd() *cobra.Command {
return err
}

contract, err := sdk.AccAddressFromBech32(args[1])
contract, err := sdk.AccAddressFromBech32(args[2])
if err != nil {
return err
}

msgKeys, err := cmd.Flags().GetStringSlice(flagAllowedMsgKeys)
if err != nil {
return err
}

msgs, err := cmd.Flags().GetStringSlice(flagAllowedMsgs)
rawMsgs, err := cmd.Flags().GetStringSlice(flagAllowedRawMsgs)
if err != nil {
return err
}

once, err := cmd.Flags().GetBool(flagRunOnce)
maxFundsStr, err := cmd.Flags().GetString(flagMaxFunds)
if err != nil {
return fmt.Errorf("max funds: %s", err)
}

maxCalls, err := cmd.Flags().GetUint64(flagMaxCalls)
if err != nil {
return err
}
Expand All @@ -420,18 +444,84 @@ func GrantAuthorizationCmd() *cobra.Command {
if exp == 0 {
return errors.New("expiration must be set")
}
_ = clientCtx
_ = grantee
_ = msgs
_ = once
_ = contract

return errors.New("not implemented")
allowAllMsgs, err := cmd.Flags().GetBool(flagAllowAllMsgs)
if err != nil {
return err
}

noTokenTransfer, err := cmd.Flags().GetBool(flagNoTokenTransfer)
if err != nil {
return err
}

var limit types.ContractAuthzLimitX
switch {
case maxFundsStr != "" && maxCalls != 0 && !noTokenTransfer:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good check

maxFunds, err := sdk.ParseCoinsNormalized(maxFundsStr)
if err != nil {
return fmt.Errorf("max funds: %s", err)
}
limit = types.NewCombinedLimit(maxCalls, maxFunds...)
case maxFundsStr != "" && maxCalls == 0 && !noTokenTransfer:
maxFunds, err := sdk.ParseCoinsNormalized(maxFundsStr)
if err != nil {
return fmt.Errorf("max funds: %s", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

}
limit = types.NewMaxFundsLimit(maxFunds...)
case maxCalls != 0 && noTokenTransfer && maxFundsStr == "":
limit = types.NewMaxCallsLimit(maxCalls)
default:
return errors.New("invalid limit setup")
}

var filter types.ContractAuthzFilterX
switch {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Filters are mutual exclusive within one grant. Better fail fast if more than one is set.

case allowAllMsgs && len(msgKeys) != 0 || allowAllMsgs && len(rawMsgs) != 0 || len(msgKeys) != 0 && len(rawMsgs) != 0:
return errors.New("cannot set more than one filter within one grant")
case allowAllMsgs:
filter = types.NewAllowAllMessagesFilter()
case len(msgKeys) != 0:
filter = types.NewAcceptedMessageKeysFilter(msgKeys...)
case len(rawMsgs) != 0:
msgs := make([]types.RawContractMessage, len(rawMsgs))
for i, msg := range rawMsgs {
msgs[i] = types.RawContractMessage(msg)
}
filter = types.NewAcceptedMessagesFilter(msgs...)
default:
return errors.New("invalid filter setup")
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The third option is to set the concrete json message(s) (byte equal).


grant, err := types.NewContractGrant(contract, limit, filter)
if err != nil {
return err
}

var authorization authz.Authorization
switch args[1] {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 this works

case "execution":
authorization = types.NewContractExecutionAuthorization(*grant)
case "migration":
authorization = types.NewContractMigrationAuthorization(*grant)
default:
return fmt.Errorf("%s authorization type not supported", args[1])
}

grantMsg, err := authz.NewMsgGrant(clientCtx.GetFromAddress(), grantee, authorization, time.Unix(0, exp))
if err != nil {
return err
}
return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), grantMsg)
},
}
flags.AddTxFlagsToCmd(cmd)
cmd.Flags().StringSlice(flagAllowedMsgs, []string{}, "Allowed msgs")
cmd.Flags().Bool(flagRunOnce, false, "Allow to execute only once")
cmd.Flags().StringSlice(flagAllowedMsgKeys, []string{}, "Allowed msg keys")
cmd.Flags().StringSlice(flagAllowedRawMsgs, []string{}, "Allowed raw msgs")
cmd.Flags().Uint64(flagMaxCalls, 0, "Maximal number of calls to the contract")
cmd.Flags().String(flagMaxFunds, "", "Maximal amount of tokens transferable to the contract.")
cmd.Flags().Int64(flagExpiration, 0, "The Unix timestamp.")
cmd.Flags().Bool(flagAllowAllMsgs, false, "Allow all messages")
cmd.Flags().Bool(flagNoTokenTransfer, false, "Don't allow token transfer")
return cmd
}