From 7c4fab896ba70714688e4c67a5837d205ccf192d Mon Sep 17 00:00:00 2001 From: atheesh Date: Wed, 15 May 2024 17:07:45 +0530 Subject: [PATCH] working POC --- api/cosmos/authz/v1beta1/tx.pulsar.go | 200 ++++++++++++++++++-------- proto/cosmos/authz/v1beta1/tx.proto | 3 + simapp/ante.go | 2 +- x/auth/ante/authz_rules_ante.go | 104 +++++++------- x/auth/ante/expected_keepers.go | 1 - x/authz/authorization_grant.go | 20 +++ x/authz/client/cli/tx.go | 17 +++ x/authz/keeper/keeper.go | 55 ++++++- x/authz/keeper/msg_server.go | 2 +- x/authz/msgs.go | 4 + x/authz/tx.pb.go | 120 +++++++++++----- 11 files changed, 370 insertions(+), 158 deletions(-) diff --git a/api/cosmos/authz/v1beta1/tx.pulsar.go b/api/cosmos/authz/v1beta1/tx.pulsar.go index 9b2af65e42c..4fc726a1e59 100644 --- a/api/cosmos/authz/v1beta1/tx.pulsar.go +++ b/api/cosmos/authz/v1beta1/tx.pulsar.go @@ -22,6 +22,7 @@ var ( fd_MsgGrant_granter protoreflect.FieldDescriptor fd_MsgGrant_grantee protoreflect.FieldDescriptor fd_MsgGrant_grant protoreflect.FieldDescriptor + fd_MsgGrant_rules protoreflect.FieldDescriptor ) func init() { @@ -30,6 +31,7 @@ func init() { fd_MsgGrant_granter = md_MsgGrant.Fields().ByName("granter") fd_MsgGrant_grantee = md_MsgGrant.Fields().ByName("grantee") fd_MsgGrant_grant = md_MsgGrant.Fields().ByName("grant") + fd_MsgGrant_rules = md_MsgGrant.Fields().ByName("rules") } var _ protoreflect.Message = (*fastReflection_MsgGrant)(nil) @@ -115,6 +117,12 @@ func (x *fastReflection_MsgGrant) Range(f func(protoreflect.FieldDescriptor, pro return } } + if len(x.Rules) != 0 { + value := protoreflect.ValueOfBytes(x.Rules) + if !f(fd_MsgGrant_rules, value) { + return + } + } } // Has reports whether a field is populated. @@ -136,6 +144,8 @@ func (x *fastReflection_MsgGrant) Has(fd protoreflect.FieldDescriptor) bool { return x.Grantee != "" case "cosmos.authz.v1beta1.MsgGrant.grant": return x.Grant != nil + case "cosmos.authz.v1beta1.MsgGrant.rules": + return len(x.Rules) != 0 default: if fd.IsExtension() { panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.authz.v1beta1.MsgGrant")) @@ -158,6 +168,8 @@ func (x *fastReflection_MsgGrant) Clear(fd protoreflect.FieldDescriptor) { x.Grantee = "" case "cosmos.authz.v1beta1.MsgGrant.grant": x.Grant = nil + case "cosmos.authz.v1beta1.MsgGrant.rules": + x.Rules = nil default: if fd.IsExtension() { panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.authz.v1beta1.MsgGrant")) @@ -183,6 +195,9 @@ func (x *fastReflection_MsgGrant) Get(descriptor protoreflect.FieldDescriptor) p case "cosmos.authz.v1beta1.MsgGrant.grant": value := x.Grant return protoreflect.ValueOfMessage(value.ProtoReflect()) + case "cosmos.authz.v1beta1.MsgGrant.rules": + value := x.Rules + return protoreflect.ValueOfBytes(value) default: if descriptor.IsExtension() { panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.authz.v1beta1.MsgGrant")) @@ -209,6 +224,8 @@ func (x *fastReflection_MsgGrant) Set(fd protoreflect.FieldDescriptor, value pro x.Grantee = value.Interface().(string) case "cosmos.authz.v1beta1.MsgGrant.grant": x.Grant = value.Message().Interface().(*Grant) + case "cosmos.authz.v1beta1.MsgGrant.rules": + x.Rules = value.Bytes() default: if fd.IsExtension() { panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.authz.v1beta1.MsgGrant")) @@ -238,6 +255,8 @@ func (x *fastReflection_MsgGrant) Mutable(fd protoreflect.FieldDescriptor) proto panic(fmt.Errorf("field granter of message cosmos.authz.v1beta1.MsgGrant is not mutable")) case "cosmos.authz.v1beta1.MsgGrant.grantee": panic(fmt.Errorf("field grantee of message cosmos.authz.v1beta1.MsgGrant is not mutable")) + case "cosmos.authz.v1beta1.MsgGrant.rules": + panic(fmt.Errorf("field rules of message cosmos.authz.v1beta1.MsgGrant is not mutable")) default: if fd.IsExtension() { panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.authz.v1beta1.MsgGrant")) @@ -258,6 +277,8 @@ func (x *fastReflection_MsgGrant) NewField(fd protoreflect.FieldDescriptor) prot case "cosmos.authz.v1beta1.MsgGrant.grant": m := new(Grant) return protoreflect.ValueOfMessage(m.ProtoReflect()) + case "cosmos.authz.v1beta1.MsgGrant.rules": + return protoreflect.ValueOfBytes(nil) default: if fd.IsExtension() { panic(fmt.Errorf("proto3 declared messages do not support extensions: cosmos.authz.v1beta1.MsgGrant")) @@ -339,6 +360,10 @@ func (x *fastReflection_MsgGrant) ProtoMethods() *protoiface.Methods { l = options.Size(x.Grant) n += 1 + l + runtime.Sov(uint64(l)) } + l = len(x.Rules) + if l > 0 { + n += 1 + l + runtime.Sov(uint64(l)) + } if x.unknownFields != nil { n += len(x.unknownFields) } @@ -368,6 +393,13 @@ func (x *fastReflection_MsgGrant) ProtoMethods() *protoiface.Methods { i -= len(x.unknownFields) copy(dAtA[i:], x.unknownFields) } + if len(x.Rules) > 0 { + i -= len(x.Rules) + copy(dAtA[i:], x.Rules) + i = runtime.EncodeVarint(dAtA, i, uint64(len(x.Rules))) + i-- + dAtA[i] = 0x22 + } if x.Grant != nil { encoded, err := options.Marshal(x.Grant) if err != nil { @@ -545,6 +577,40 @@ func (x *fastReflection_MsgGrant) ProtoMethods() *protoiface.Methods { return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, err } iNdEx = postIndex + case 4: + if wireType != 2 { + return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, runtime.ErrIntOverflow + } + if iNdEx >= l { + return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, runtime.ErrInvalidLength + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, runtime.ErrInvalidLength + } + if postIndex > l { + return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, io.ErrUnexpectedEOF + } + x.Rules = append(x.Rules[:0], dAtA[iNdEx:postIndex]...) + if x.Rules == nil { + x.Rules = []byte{} + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := runtime.Skip(dAtA[iNdEx:]) @@ -2903,6 +2969,8 @@ type MsgGrant struct { Granter string `protobuf:"bytes,1,opt,name=granter,proto3" json:"granter,omitempty"` Grantee string `protobuf:"bytes,2,opt,name=grantee,proto3" json:"grantee,omitempty"` Grant *Grant `protobuf:"bytes,3,opt,name=grant,proto3" json:"grant,omitempty"` + // rules are conditions to execute the grant. + Rules []byte `protobuf:"bytes,4,opt,name=rules,proto3" json:"rules,omitempty"` } func (x *MsgGrant) Reset() { @@ -2946,6 +3014,13 @@ func (x *MsgGrant) GetGrant() *Grant { return nil } +func (x *MsgGrant) GetRules() []byte { + if x != nil { + return x.Rules + } + return nil +} + // MsgGrantResponse defines the Msg/MsgGrant response type. type MsgGrantResponse struct { state protoimpl.MessageState @@ -3154,7 +3229,7 @@ var file_cosmos_authz_v1beta1_tx_proto_rawDesc = []byte{ 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2f, 0x6d, 0x73, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x73, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x11, 0x61, 0x6d, 0x69, 0x6e, 0x6f, 0x2f, 0x61, 0x6d, 0x69, 0x6e, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xd6, 0x01, 0x0a, 0x08, 0x4d, 0x73, 0x67, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x12, 0x32, 0x0a, 0x07, + 0xec, 0x01, 0x0a, 0x08, 0x4d, 0x73, 0x67, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x12, 0x32, 0x0a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x72, @@ -3165,67 +3240,68 @@ var file_cosmos_authz_v1beta1_tx_proto_rawDesc = []byte{ 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x42, 0x09, 0xc8, 0xde, 0x1f, 0x00, 0xa8, 0xe7, 0xb0, 0x2a, 0x01, 0x52, 0x05, 0x67, 0x72, 0x61, - 0x6e, 0x74, 0x3a, 0x24, 0x82, 0xe7, 0xb0, 0x2a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x72, - 0x8a, 0xe7, 0xb0, 0x2a, 0x13, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2f, - 0x4d, 0x73, 0x67, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x22, 0x12, 0x0a, 0x10, 0x4d, 0x73, 0x67, 0x47, - 0x72, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xa9, 0x01, 0x0a, - 0x07, 0x4d, 0x73, 0x67, 0x45, 0x78, 0x65, 0x63, 0x12, 0x32, 0x0a, 0x07, 0x67, 0x72, 0x61, 0x6e, - 0x74, 0x65, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, - 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, - 0x69, 0x6e, 0x67, 0x52, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x12, 0x45, 0x0a, 0x04, - 0x6d, 0x73, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, - 0x42, 0x1b, 0xca, 0xb4, 0x2d, 0x17, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x62, 0x61, 0x73, - 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x04, 0x6d, - 0x73, 0x67, 0x73, 0x3a, 0x23, 0x82, 0xe7, 0xb0, 0x2a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, - 0x65, 0x8a, 0xe7, 0xb0, 0x2a, 0x12, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2d, 0x73, 0x64, 0x6b, - 0x2f, 0x4d, 0x73, 0x67, 0x45, 0x78, 0x65, 0x63, 0x22, 0x2b, 0x0a, 0x0f, 0x4d, 0x73, 0x67, 0x45, - 0x78, 0x65, 0x63, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, - 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x07, 0x72, 0x65, - 0x73, 0x75, 0x6c, 0x74, 0x73, 0x22, 0xbc, 0x01, 0x0a, 0x09, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x76, - 0x6f, 0x6b, 0x65, 0x12, 0x32, 0x0a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, - 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, - 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x32, 0x0a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, - 0x65, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, - 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, - 0x6e, 0x67, 0x52, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x12, 0x20, 0x0a, 0x0c, 0x6d, - 0x73, 0x67, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x6d, 0x73, 0x67, 0x54, 0x79, 0x70, 0x65, 0x55, 0x72, 0x6c, 0x3a, 0x25, 0x82, - 0xe7, 0xb0, 0x2a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x72, 0x8a, 0xe7, 0xb0, 0x2a, 0x14, - 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x4d, 0x73, 0x67, 0x52, 0x65, - 0x76, 0x6f, 0x6b, 0x65, 0x22, 0x13, 0x0a, 0x11, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xff, 0x01, 0x0a, 0x03, 0x4d, 0x73, - 0x67, 0x12, 0x4f, 0x0a, 0x05, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x12, 0x1e, 0x2e, 0x63, 0x6f, 0x73, - 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x1a, 0x26, 0x2e, 0x63, 0x6f, 0x73, - 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x4c, 0x0a, 0x04, 0x45, 0x78, 0x65, 0x63, 0x12, 0x1d, 0x2e, 0x63, 0x6f, 0x73, - 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x45, 0x78, 0x65, 0x63, 0x1a, 0x25, 0x2e, 0x63, 0x6f, 0x73, 0x6d, - 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x4d, 0x73, 0x67, 0x45, 0x78, 0x65, 0x63, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x52, 0x0a, 0x06, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x12, 0x1f, 0x2e, 0x63, 0x6f, 0x73, - 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x1a, 0x27, 0x2e, 0x63, 0x6f, - 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x05, 0x80, 0xe7, 0xb0, 0x2a, 0x01, 0x42, 0xcd, 0x01, 0x0a, 0x18, - 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x07, 0x54, 0x78, 0x50, 0x72, 0x6f, 0x74, - 0x6f, 0x50, 0x01, 0x5a, 0x32, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x73, 0x64, 0x6b, 0x2e, 0x69, - 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2f, 0x61, 0x75, 0x74, - 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x61, 0x75, 0x74, 0x68, 0x7a, - 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x43, 0x41, 0x58, 0xaa, 0x02, 0x14, - 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x56, 0x31, 0x62, - 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x14, 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x5c, 0x41, 0x75, - 0x74, 0x68, 0x7a, 0x5c, 0x56, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x20, 0x43, 0x6f, - 0x73, 0x6d, 0x6f, 0x73, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x5c, 0x56, 0x31, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, - 0x16, 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x3a, 0x3a, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x3a, 0x3a, - 0x56, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0xc8, 0xe1, 0x1e, 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x3a, 0x24, 0x82, 0xe7, 0xb0, 0x2a, 0x07, 0x67, + 0x72, 0x61, 0x6e, 0x74, 0x65, 0x72, 0x8a, 0xe7, 0xb0, 0x2a, 0x13, 0x63, 0x6f, 0x73, 0x6d, 0x6f, + 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x4d, 0x73, 0x67, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x22, 0x12, + 0x0a, 0x10, 0x4d, 0x73, 0x67, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0xa9, 0x01, 0x0a, 0x07, 0x4d, 0x73, 0x67, 0x45, 0x78, 0x65, 0x63, 0x12, 0x32, + 0x0a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, + 0x65, 0x65, 0x12, 0x45, 0x0a, 0x04, 0x6d, 0x73, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x42, 0x1b, 0xca, 0xb4, 0x2d, 0x17, 0x63, 0x6f, 0x73, 0x6d, + 0x6f, 0x73, 0x2e, 0x62, 0x61, 0x73, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, + 0x4d, 0x73, 0x67, 0x52, 0x04, 0x6d, 0x73, 0x67, 0x73, 0x3a, 0x23, 0x82, 0xe7, 0xb0, 0x2a, 0x07, + 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x8a, 0xe7, 0xb0, 0x2a, 0x12, 0x63, 0x6f, 0x73, 0x6d, + 0x6f, 0x73, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x4d, 0x73, 0x67, 0x45, 0x78, 0x65, 0x63, 0x22, 0x2b, + 0x0a, 0x0f, 0x4d, 0x73, 0x67, 0x45, 0x78, 0x65, 0x63, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x0c, 0x52, 0x07, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x22, 0xbc, 0x01, 0x0a, 0x09, + 0x4d, 0x73, 0x67, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x12, 0x32, 0x0a, 0x07, 0x67, 0x72, 0x61, + 0x6e, 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, + 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, + 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x32, 0x0a, + 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, + 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, + 0x65, 0x12, 0x20, 0x0a, 0x0c, 0x6d, 0x73, 0x67, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x75, 0x72, + 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x73, 0x67, 0x54, 0x79, 0x70, 0x65, + 0x55, 0x72, 0x6c, 0x3a, 0x25, 0x82, 0xe7, 0xb0, 0x2a, 0x07, 0x67, 0x72, 0x61, 0x6e, 0x74, 0x65, + 0x72, 0x8a, 0xe7, 0xb0, 0x2a, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2d, 0x73, 0x64, 0x6b, + 0x2f, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x22, 0x13, 0x0a, 0x11, 0x4d, 0x73, + 0x67, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, + 0xff, 0x01, 0x0a, 0x03, 0x4d, 0x73, 0x67, 0x12, 0x4f, 0x0a, 0x05, 0x47, 0x72, 0x61, 0x6e, 0x74, + 0x12, 0x1e, 0x2e, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x47, 0x72, 0x61, 0x6e, 0x74, + 0x1a, 0x26, 0x2e, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x47, 0x72, 0x61, 0x6e, 0x74, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4c, 0x0a, 0x04, 0x45, 0x78, 0x65, 0x63, + 0x12, 0x1d, 0x2e, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x45, 0x78, 0x65, 0x63, 0x1a, + 0x25, 0x2e, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, + 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x45, 0x78, 0x65, 0x63, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x52, 0x0a, 0x06, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, + 0x12, 0x1f, 0x2e, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, + 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x76, 0x6f, 0x6b, + 0x65, 0x1a, 0x27, 0x2e, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, + 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x05, 0x80, 0xe7, 0xb0, 0x2a, + 0x01, 0x42, 0xcd, 0x01, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, + 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x07, + 0x54, 0x78, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x32, 0x63, 0x6f, 0x73, 0x6d, 0x6f, + 0x73, 0x73, 0x64, 0x6b, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6f, 0x73, 0x6d, + 0x6f, 0x73, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x3b, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, + 0x43, 0x41, 0x58, 0xaa, 0x02, 0x14, 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x75, 0x74, + 0x68, 0x7a, 0x2e, 0x56, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x14, 0x43, 0x6f, 0x73, + 0x6d, 0x6f, 0x73, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x5c, 0x56, 0x31, 0x62, 0x65, 0x74, 0x61, + 0x31, 0xe2, 0x02, 0x20, 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x7a, + 0x5c, 0x56, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x16, 0x43, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x3a, 0x3a, 0x41, + 0x75, 0x74, 0x68, 0x7a, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0xc8, 0xe1, 0x1e, + 0x00, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/cosmos/authz/v1beta1/tx.proto b/proto/cosmos/authz/v1beta1/tx.proto index a1abff0d6f0..858b582dcd0 100644 --- a/proto/cosmos/authz/v1beta1/tx.proto +++ b/proto/cosmos/authz/v1beta1/tx.proto @@ -42,6 +42,9 @@ message MsgGrant { string grantee = 2 [(cosmos_proto.scalar) = "cosmos.AddressString"]; cosmos.authz.v1beta1.Grant grant = 3 [(gogoproto.nullable) = false, (amino.dont_omitempty) = true]; + + // rules are conditions to execute the grant. + bytes rules = 4; } // MsgGrantResponse defines the Msg/MsgGrant response type. diff --git a/simapp/ante.go b/simapp/ante.go index f6409a2073e..11676d622c2 100644 --- a/simapp/ante.go +++ b/simapp/ante.go @@ -40,7 +40,7 @@ func NewAnteHandler(options HandlerOptions) (sdk.AnteHandler, error) { ante.NewValidateMemoDecorator(options.AccountKeeper), ante.NewConsumeGasForTxSizeDecorator(options.AccountKeeper), ante.NewDeductFeeDecorator(options.AccountKeeper, options.BankKeeper, options.FeegrantKeeper, options.TxFeeChecker), - ante.NewAuthzDecorator(options.AuthzKeeper), + ante.NewAuthzDecorator(options.AuthzKeeper, options.AccountKeeper), ante.NewSetPubKeyDecorator(options.AccountKeeper), // SetPubKeyDecorator must be called before all signature verification decorators ante.NewValidateSigCountDecorator(options.AccountKeeper), ante.NewSigGasConsumeDecorator(options.AccountKeeper, options.SigGasConsumer), diff --git a/x/auth/ante/authz_rules_ante.go b/x/auth/ante/authz_rules_ante.go index 74c81389959..8a15c49a264 100644 --- a/x/auth/ante/authz_rules_ante.go +++ b/x/auth/ante/authz_rules_ante.go @@ -1,7 +1,6 @@ package ante import ( - "fmt" "strings" errorsmod "cosmossdk.io/errors" @@ -12,13 +11,20 @@ import ( banktypes "github.com/cosmos/cosmos-sdk/x/bank/types" ) +const ( + AllowedRecipients = "allowed_recipients" + MaxAmount = "max_amount" +) + type AuthzDecorator struct { azk AuthzKeeper + ak AccountKeeper } -func NewAuthzDecorator(azk AuthzKeeper) AuthzDecorator { +func NewAuthzDecorator(azk AuthzKeeper, ak AccountKeeper) AuthzDecorator { return AuthzDecorator{ azk: azk, + ak: ak, } } @@ -41,11 +47,6 @@ func (azd AuthzDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, // Check if the message is an authorization message if authzMsg, ok := msg.(*authztypes.MsgExec); ok { - rulesKeys, err := azd.azk.GetAuthzRulesKeys(ctx) - if err != nil { - return ctx, err - } - msgs, err := authzMsg.GetMessages() if err != nil { return ctx, err @@ -54,24 +55,10 @@ func (azd AuthzDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, for _, innerMsg := range msgs { switch innerMsgConverted := innerMsg.(type) { case *banktypes.MsgSend: - sendRuleKeysInterface, ok := rulesKeys["Send"] - if !ok { - fmt.Println("no rule keys") - continue - } - - granter, err := azd.azk.AddressCodec().StringToBytes(innerMsgConverted.FromAddress) - if err != nil { + isRulesBroken, err := azd.handleSendAuthzRules(ctx, innerMsgConverted, grantee) + if isRulesBroken { return ctx, err } - - _, rules := azd.azk.GetAuthzWithRules(ctx, grantee, granter, sdk.MsgTypeURL(&banktypes.MsgSend{})) - if rules != nil { - sendRulesKeys := sendRuleKeysInterface.([]string) - if checkSendAuthzRulesViolated(innerMsgConverted, rules, sendRulesKeys) { - return ctx, fmt.Errorf("authz rules are not meeting") - } - } } } } @@ -81,49 +68,56 @@ func (azd AuthzDecorator) AnteHandle(ctx sdk.Context, tx sdk.Tx, simulate bool, return next(ctx, tx, simulate) } -// checkSendAuthzRulesViolated returns true if the rules are voilated -func checkSendAuthzRulesViolated(msg *banktypes.MsgSend, sendAuthzRules map[string]interface{}, sendRulesKeys []string) bool { - for _, key := range sendRulesKeys { - - fmt.Printf("\">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\": %v\n", ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>") - fmt.Printf("sendAuthzRules: %v\n", sendAuthzRules) - if blockedAddrsStrInt, ok := sendAuthzRules["AllowRecipients"]; key == "AllowRecipients" && ok { - blockedAddrsStr := blockedAddrsStrInt.(string) - blockedAddrs := strings.Split(blockedAddrsStr, ",") - for _, blockedRecipient := range blockedAddrs { - if msg.ToAddress == blockedRecipient { - return true +// handleCheckSendAuthzRules returns true if the rules are voilated +func (azd AuthzDecorator) handleSendAuthzRules(ctx sdk.Context, msg *banktypes.MsgSend, grantee []byte) (bool, error) { + + granter, err := azd.ak.AddressCodec().StringToBytes(msg.FromAddress) + if err != nil { + return true, err + } + + _, rules := azd.azk.GetAuthzWithRules(ctx, grantee, granter, sdk.MsgTypeURL(&banktypes.MsgSend{})) + if rules != nil { + if allowedAddrs, ok := rules[AllowedRecipients]; ok { + allowedAddrsValue := allowedAddrs.(string) + allowedAddrs := strings.Split(allowedAddrsValue, ",") + isAllowed := false + for _, allowedRecipient := range allowedAddrs { + if msg.ToAddress == allowedRecipient { + isAllowed = true + break } } + + if !isAllowed { + return true, errorsmod.Wrap(sdkerrors.ErrTxDecode, "Recipient is not in the allowed list of the grant") + } } - if spendLimitInt, ok := sendAuthzRules["SpendLImit"]; key == "SpendLImit" && ok { - spendLimit := spendLimitInt.(string) + if spendLimitInterface, ok := rules[MaxAmount]; ok { + spendLimit := spendLimitInterface.(string) limit, err := sdk.ParseCoinsNormalized(spendLimit) if err != nil { - return true + return true, err } if !limit.IsAllGTE(msg.Amount) { - return true + return true, errorsmod.Wrap(sdkerrors.ErrTxDecode, "Amount exceeds the max_amount limit set by the granter") } - - return true } - } - return false + return false, nil } -func checkGenericAuthzRules(_ *authztypes.MsgGrant, authz *authztypes.GenericAuthorization, genericRules map[string]string) bool { - if msgsStr, ok := genericRules["blockedMessages"]; ok { - msgs := strings.Split(msgsStr, ",") - for _, v := range msgs { - if v == authz.Msg { - return true - } - } - } - - return false -} +// func checkGenericAuthzRules(_ *authztypes.MsgGrant, authz *authztypes.GenericAuthorization, genericRules map[string]string) bool { +// if msgsStr, ok := genericRules["blockedMessages"]; ok { +// msgs := strings.Split(msgsStr, ",") +// for _, v := range msgs { +// if v == authz.Msg { +// return true +// } +// } +// } + +// return false +// } diff --git a/x/auth/ante/expected_keepers.go b/x/auth/ante/expected_keepers.go index 5632a915daf..1478fc45a2a 100644 --- a/x/auth/ante/expected_keepers.go +++ b/x/auth/ante/expected_keepers.go @@ -29,5 +29,4 @@ type AuthzKeeper interface { GetAuthzOptions() map[string]map[string]string GetAuthzRulesKeys(ctx context.Context) (map[string]interface{}, error) GetAuthzWithRules(ctx context.Context, grantee, granter sdk.AccAddress, msgType string) (authz.Authorization, map[string]interface{}) - AddressCodec() address.Codec } diff --git a/x/authz/authorization_grant.go b/x/authz/authorization_grant.go index cb2088316fc..2b3efd6cbaa 100644 --- a/x/authz/authorization_grant.go +++ b/x/authz/authorization_grant.go @@ -32,6 +32,26 @@ func NewGrant(blockTime time.Time, a Authorization, expiration *time.Time) (Gran }, nil } +// NewGrantWithRules does the same as NewGrant but takes rules as extra arg. +func NewGrantWithRules(blockTime time.Time, a Authorization, expiration *time.Time, rules []byte) (Grant, error) { + if expiration != nil && !expiration.After(blockTime) { + return Grant{}, errorsmod.Wrapf(ErrInvalidExpirationTime, "expiration must be after the current block time (%v), got %v", blockTime.Format(time.RFC3339), expiration.Format(time.RFC3339)) + } + msg, ok := a.(proto.Message) + if !ok { + return Grant{}, sdkerrors.ErrPackAny.Wrapf("cannot proto marshal %T", a) + } + any, err := cdctypes.NewAnyWithValue(msg) + if err != nil { + return Grant{}, err + } + return Grant{ + Expiration: expiration, + Authorization: any, + Rules: rules, + }, nil +} + var _ cdctypes.UnpackInterfacesMessage = &Grant{} // UnpackInterfaces implements UnpackInterfacesMessage.UnpackInterfaces diff --git a/x/authz/client/cli/tx.go b/x/authz/client/cli/tx.go index 78151eaa3d5..80da44d113a 100644 --- a/x/authz/client/cli/tx.go +++ b/x/authz/client/cli/tx.go @@ -3,6 +3,7 @@ package cli import ( "errors" "fmt" + "os" "strings" "time" @@ -32,6 +33,7 @@ const ( delegate = "delegate" redelegate = "redelegate" unbond = "unbond" + FlagAuthzRules = "authz-rules" ) // GetTxCmd returns the transaction commands for this module @@ -203,6 +205,20 @@ Examples: return err } + rules, err := cmd.Flags().GetString(FlagAuthzRules) + if err != nil { + return err + } + + if rules != "" { + contents, err := os.ReadFile(rules) + if err != nil { + return err + } + + msg.SetAuthzRules(contents) + } + return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg) }, } @@ -213,6 +229,7 @@ Examples: cmd.Flags().StringSlice(FlagDenyValidators, []string{}, "Deny validators addresses separated by ,") cmd.Flags().StringSlice(FlagAllowList, []string{}, "Allowed addresses grantee is allowed to send funds separated by ,") cmd.Flags().Int64(FlagExpiration, 0, "Expire time as Unix timestamp. Set zero (0) for no expiry. Default is 0.") + cmd.Flags().String(FlagAuthzRules, "", "Rules are conditions to be satisfied when the grant is executed") return cmd } diff --git a/x/authz/keeper/keeper.go b/x/authz/keeper/keeper.go index d1567f6bebf..68990079cdb 100644 --- a/x/authz/keeper/keeper.go +++ b/x/authz/keeper/keeper.go @@ -110,9 +110,13 @@ func (k Keeper) GetAuthzRulesKeys(ctx context.Context) (map[string]interface{}, return nil, err } + // rules := map[string]interface{}{ + // "Send": []string{"AllowRecipients", "SpendLImit"}, + // "Stake": []string{"DelegateLimit"}, + // } rules := map[string]interface{}{ - "Send": []string{"AllowRecipients", "SpendLImit"}, - "Stake": []string{"DelegateLimit"}, + // "Send": []string{"AllowRecipients", "SpendLImit"}, + // "Stake": []string{"DelegateLimit"}, } return rules, nil @@ -283,6 +287,53 @@ func (k Keeper) SaveGrant(ctx context.Context, grantee, granter sdk.AccAddress, }) } +// SaveGrantWithRules method does the same as SaveGrant method but stores rules. +func (k Keeper) SaveGrantWithRules(ctx context.Context, grantee, granter sdk.AccAddress, authorization authz.Authorization, expiration *time.Time, rules []byte) error { + sdkCtx := sdk.UnwrapSDKContext(ctx) + msgType := authorization.MsgTypeURL() + store := k.storeService.OpenKVStore(ctx) + skey := grantStoreKey(grantee, granter, msgType) + + grant, err := authz.NewGrantWithRules(sdkCtx.BlockTime(), authorization, expiration, rules) + if err != nil { + return err + } + + var oldExp *time.Time + if oldGrant, found := k.getGrant(ctx, skey); found { + oldExp = oldGrant.Expiration + } + + if oldExp != nil && (expiration == nil || !oldExp.Equal(*expiration)) { + if err = k.removeFromGrantQueue(ctx, skey, granter, grantee, *oldExp); err != nil { + return err + } + } + + // If the expiration didn't change, then we don't remove it and we should not insert again + if expiration != nil && (oldExp == nil || !oldExp.Equal(*expiration)) { + if err = k.insertIntoGrantQueue(ctx, granter, grantee, msgType, *expiration); err != nil { + return err + } + } + + bz, err := k.cdc.Marshal(&grant) + if err != nil { + return err + } + + err = store.Set(skey, bz) + if err != nil { + return err + } + + return sdkCtx.EventManager().EmitTypedEvent(&authz.EventGrant{ + MsgTypeUrl: authorization.MsgTypeURL(), + Granter: granter.String(), + Grantee: grantee.String(), + }) +} + // DeleteGrant revokes any authorization for the provided message type granted to the grantee // by the granter. func (k Keeper) DeleteGrant(ctx context.Context, grantee, granter sdk.AccAddress, msgType string) error { diff --git a/x/authz/keeper/msg_server.go b/x/authz/keeper/msg_server.go index b6755a9f843..80a7ffc05ca 100644 --- a/x/authz/keeper/msg_server.go +++ b/x/authz/keeper/msg_server.go @@ -52,7 +52,7 @@ func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGra return nil, sdkerrors.ErrInvalidType.Wrapf("%s doesn't exist.", t) } - err = k.SaveGrant(ctx, grantee, granter, authorization, msg.Grant.Expiration) + err = k.SaveGrantWithRules(ctx, grantee, granter, authorization, msg.Grant.Expiration, msg.Rules) if err != nil { return nil, err } diff --git a/x/authz/msgs.go b/x/authz/msgs.go index 1721c6c5347..bfdef2a7b6e 100644 --- a/x/authz/msgs.go +++ b/x/authz/msgs.go @@ -33,6 +33,10 @@ func NewMsgGrant(granter, grantee sdk.AccAddress, a Authorization, expiration *t return m, nil } +func (msg *MsgGrant) SetAuthzRules(rules []byte) { + msg.Rules = rules +} + // GetAuthorization returns the cache value from the MsgGrant.Authorization if present. func (msg *MsgGrant) GetAuthorization() (Authorization, error) { return msg.Grant.GetAuthorization() diff --git a/x/authz/tx.pb.go b/x/authz/tx.pb.go index efbb15db7cc..ead6fd14538 100644 --- a/x/authz/tx.pb.go +++ b/x/authz/tx.pb.go @@ -38,6 +38,8 @@ type MsgGrant struct { Granter string `protobuf:"bytes,1,opt,name=granter,proto3" json:"granter,omitempty"` Grantee string `protobuf:"bytes,2,opt,name=grantee,proto3" json:"grantee,omitempty"` Grant Grant `protobuf:"bytes,3,opt,name=grant,proto3" json:"grant"` + // rules are conditions to execute the grant. + Rules []byte `protobuf:"bytes,4,opt,name=rules,proto3" json:"rules,omitempty"` } func (m *MsgGrant) Reset() { *m = MsgGrant{} } @@ -282,42 +284,43 @@ func init() { func init() { proto.RegisterFile("cosmos/authz/v1beta1/tx.proto", fileDescriptor_3ceddab7d8589ad1) } var fileDescriptor_3ceddab7d8589ad1 = []byte{ - // 555 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x54, 0xbf, 0x6e, 0x13, 0x4f, - 0x10, 0xf6, 0xc6, 0x71, 0xfc, 0xf3, 0x26, 0xd2, 0x8f, 0x5c, 0x2c, 0x71, 0xb9, 0x28, 0x97, 0xd3, - 0x91, 0x80, 0x65, 0xe4, 0x5d, 0xd9, 0x74, 0x16, 0x4d, 0x2c, 0x45, 0x34, 0x58, 0x48, 0x07, 0x34, - 0x34, 0xd6, 0xd9, 0x5e, 0x36, 0x56, 0x7c, 0xb7, 0xd6, 0xed, 0xd9, 0xb2, 0xa9, 0x10, 0x25, 0x15, - 0x8f, 0x01, 0x9d, 0x8b, 0x94, 0x3c, 0x80, 0x45, 0x15, 0x51, 0x20, 0x2a, 0x04, 0x76, 0xe1, 0xc7, - 0x00, 0xdd, 0xfe, 0x31, 0x0e, 0x72, 0x42, 0x2a, 0x9a, 0xbb, 0x99, 0xf9, 0xbe, 0xd9, 0x9d, 0x6f, - 0x66, 0xb4, 0x70, 0xbf, 0xc5, 0x78, 0xc0, 0x38, 0xf6, 0xfb, 0xf1, 0xe9, 0x2b, 0x3c, 0x28, 0x37, - 0x49, 0xec, 0x97, 0x71, 0x3c, 0x44, 0xbd, 0x88, 0xc5, 0xcc, 0xc8, 0x4b, 0x18, 0x09, 0x18, 0x29, - 0xd8, 0xda, 0x95, 0xd1, 0x86, 0xe0, 0x60, 0x45, 0x11, 0x8e, 0x95, 0xa7, 0x8c, 0x32, 0x19, 0x4f, - 0x2c, 0x15, 0xdd, 0xa5, 0x8c, 0xd1, 0x2e, 0xc1, 0xc2, 0x6b, 0xf6, 0x5f, 0x62, 0x3f, 0x1c, 0x29, - 0xc8, 0x59, 0x59, 0x80, 0xbc, 0x4f, 0x32, 0x6e, 0x2b, 0x46, 0xc0, 0x29, 0x1e, 0x94, 0x93, 0x9f, - 0x02, 0xb6, 0xfd, 0xa0, 0x13, 0x32, 0x2c, 0xbe, 0x32, 0xe4, 0x7e, 0x01, 0xf0, 0xbf, 0x3a, 0xa7, - 0x8f, 0x22, 0x3f, 0x8c, 0x8d, 0x0a, 0xcc, 0xd2, 0xc4, 0x20, 0x91, 0x09, 0x1c, 0x50, 0xc8, 0xd5, - 0xcc, 0xcf, 0xe7, 0x25, 0xad, 0xe8, 0xb8, 0xdd, 0x8e, 0x08, 0xe7, 0x4f, 0xe3, 0xa8, 0x13, 0x52, - 0x4f, 0x13, 0x7f, 0xe7, 0x10, 0x73, 0xed, 0x66, 0x39, 0xc4, 0x78, 0x08, 0x33, 0xc2, 0x34, 0xd3, - 0x0e, 0x28, 0x6c, 0x56, 0xf6, 0xd0, 0xaa, 0xa6, 0x21, 0x51, 0x53, 0x2d, 0x37, 0xf9, 0x76, 0x90, - 0x7a, 0x3f, 0x1f, 0x17, 0x81, 0x27, 0x93, 0xaa, 0x87, 0x6f, 0xe6, 0xe3, 0xa2, 0xbe, 0xff, 0xed, - 0x7c, 0x5c, 0xdc, 0x91, 0xe9, 0x25, 0xde, 0x3e, 0xc3, 0x5a, 0x8b, 0x6b, 0xc0, 0x5b, 0xda, 0xf6, - 0x08, 0xef, 0xb1, 0x90, 0x13, 0xf7, 0x03, 0x80, 0xd9, 0x3a, 0xa7, 0x27, 0x43, 0xd2, 0x5a, 0xae, - 0x1b, 0xdc, 0xb4, 0xee, 0x13, 0xb8, 0x1e, 0x70, 0xca, 0xcd, 0x35, 0x27, 0x5d, 0xd8, 0xac, 0xe4, - 0x91, 0x1c, 0x12, 0xd2, 0x43, 0x42, 0xc7, 0xe1, 0xa8, 0xb6, 0xf7, 0xe9, 0xbc, 0xa4, 0x06, 0x80, - 0x9a, 0x3e, 0x27, 0x0b, 0x39, 0x75, 0x4e, 0x3d, 0x91, 0x5e, 0xbd, 0xb3, 0x24, 0x80, 0x24, 0x02, - 0x8c, 0xcb, 0x02, 0x92, 0xfa, 0xdc, 0xfb, 0xf0, 0x7f, 0x65, 0xea, 0xf2, 0x0d, 0x13, 0x66, 0x23, - 0xc2, 0xfb, 0xdd, 0x98, 0x9b, 0xc0, 0x49, 0x17, 0xb6, 0x3c, 0xed, 0xba, 0x1f, 0x01, 0xcc, 0x25, - 0xe7, 0x93, 0x01, 0x3b, 0x23, 0xff, 0x6c, 0x8c, 0x0e, 0xdc, 0x0a, 0x38, 0x6d, 0xc4, 0xa3, 0x1e, - 0x69, 0xf4, 0xa3, 0xae, 0x98, 0x66, 0xce, 0x83, 0x01, 0xa7, 0xcf, 0x46, 0x3d, 0xf2, 0x3c, 0xea, - 0x56, 0x8f, 0xfe, 0x1c, 0x55, 0xfe, 0xb2, 0x52, 0x59, 0xb0, 0xbb, 0x03, 0xb7, 0x17, 0x8e, 0x56, - 0x5b, 0xf9, 0x09, 0x60, 0xba, 0xce, 0xa9, 0xf1, 0x04, 0x66, 0xe4, 0x76, 0xda, 0xab, 0xd7, 0x44, - 0x4f, 0xd9, 0xba, 0x7b, 0x3d, 0xbe, 0x68, 0xe3, 0x63, 0xb8, 0x2e, 0x36, 0x60, 0xff, 0x4a, 0x7e, - 0x02, 0x5b, 0x47, 0xd7, 0xc2, 0x8b, 0xd3, 0x3c, 0xb8, 0xa1, 0xda, 0x7e, 0x70, 0x65, 0x82, 0x24, - 0x58, 0xf7, 0xfe, 0x42, 0xd0, 0x67, 0x5a, 0x99, 0xd7, 0xc9, 0xbe, 0xd7, 0x6a, 0x93, 0x1f, 0x76, - 0x6a, 0x32, 0xb5, 0xc1, 0xc5, 0xd4, 0x06, 0xdf, 0xa7, 0x36, 0x78, 0x37, 0xb3, 0x53, 0x17, 0x33, - 0x3b, 0xf5, 0x75, 0x66, 0xa7, 0x5e, 0x1c, 0xd2, 0x4e, 0x7c, 0xda, 0x6f, 0xa2, 0x16, 0x0b, 0xd4, - 0x8b, 0x82, 0x97, 0x9a, 0x3b, 0x94, 0x2f, 0x42, 0x73, 0x43, 0x2c, 0xe7, 0x83, 0x5f, 0x01, 0x00, - 0x00, 0xff, 0xff, 0x13, 0x38, 0x6d, 0x34, 0xb7, 0x04, 0x00, 0x00, + // 569 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x54, 0x41, 0x6f, 0x12, 0x5f, + 0x10, 0xe7, 0x15, 0x28, 0x7f, 0x5e, 0x49, 0xfe, 0x76, 0x4b, 0xe2, 0x76, 0x9b, 0x6e, 0x37, 0x6b, + 0xab, 0x04, 0xc3, 0x6e, 0xc0, 0x1b, 0xf1, 0x52, 0x92, 0xc6, 0x8b, 0xc4, 0x64, 0xd5, 0x8b, 0x17, + 0xb2, 0xc0, 0xf3, 0x95, 0x94, 0xdd, 0x47, 0x76, 0x76, 0x09, 0x78, 0x32, 0x1e, 0x3d, 0xf9, 0x31, + 0xf4, 0xc6, 0xa1, 0x47, 0x3f, 0x00, 0xf1, 0xd4, 0x78, 0xf2, 0x64, 0x14, 0x0e, 0x5c, 0xfc, 0x0e, + 0x9a, 0x7d, 0x6f, 0x1f, 0x52, 0x43, 0x6b, 0x4f, 0x5e, 0x60, 0x66, 0x7e, 0xbf, 0x19, 0xe6, 0x37, + 0x33, 0x3c, 0xbc, 0xdf, 0x61, 0xe0, 0x31, 0xb0, 0xdd, 0x28, 0x3c, 0x7d, 0x65, 0x0f, 0xab, 0x6d, + 0x12, 0xba, 0x55, 0x3b, 0x1c, 0x59, 0x83, 0x80, 0x85, 0x4c, 0x29, 0x0a, 0xd8, 0xe2, 0xb0, 0x95, + 0xc0, 0xda, 0xae, 0x88, 0xb6, 0x38, 0xc7, 0x4e, 0x28, 0xdc, 0xd1, 0x8a, 0x94, 0x51, 0x26, 0xe2, + 0xb1, 0x95, 0x44, 0x77, 0x29, 0x63, 0xb4, 0x4f, 0x6c, 0xee, 0xb5, 0xa3, 0x97, 0xb6, 0xeb, 0x8f, + 0x13, 0xc8, 0x58, 0xdb, 0x80, 0xf8, 0x3d, 0xc1, 0xb8, 0x9d, 0x30, 0x3c, 0xa0, 0xf6, 0xb0, 0x1a, + 0x7f, 0x25, 0xc0, 0xb6, 0xeb, 0xf5, 0x7c, 0x66, 0xf3, 0x4f, 0x11, 0x32, 0x7f, 0x20, 0xfc, 0x5f, + 0x13, 0xe8, 0xa3, 0xc0, 0xf5, 0x43, 0xa5, 0x86, 0x73, 0x34, 0x36, 0x48, 0xa0, 0x22, 0x03, 0x95, + 0xf2, 0x0d, 0xf5, 0xf3, 0x79, 0x45, 0x2a, 0x3a, 0xee, 0x76, 0x03, 0x02, 0xf0, 0x34, 0x0c, 0x7a, + 0x3e, 0x75, 0x24, 0xf1, 0x77, 0x0e, 0x51, 0x37, 0x6e, 0x96, 0x43, 0x94, 0x87, 0x38, 0xcb, 0x4d, + 0x35, 0x6d, 0xa0, 0xd2, 0x56, 0x6d, 0xcf, 0x5a, 0x37, 0x34, 0x8b, 0xf7, 0xd4, 0xc8, 0x4f, 0xbf, + 0x1e, 0xa4, 0xde, 0x2f, 0x26, 0x65, 0xe4, 0x88, 0x24, 0xa5, 0x88, 0xb3, 0x41, 0xd4, 0x27, 0xa0, + 0x66, 0x0c, 0x54, 0x2a, 0x38, 0xc2, 0xa9, 0x1f, 0xbe, 0x59, 0x4c, 0xca, 0xb2, 0xab, 0xb7, 0x8b, + 0x49, 0x79, 0x47, 0x14, 0xad, 0x40, 0xf7, 0xcc, 0x96, 0x0a, 0x4d, 0x05, 0xdf, 0x92, 0xb6, 0x43, + 0x60, 0xc0, 0x7c, 0x20, 0xe6, 0x07, 0x84, 0x73, 0x4d, 0xa0, 0x27, 0x23, 0xd2, 0x59, 0x55, 0x83, + 0x6e, 0xaa, 0xe6, 0x04, 0x67, 0x3c, 0xa0, 0xa0, 0x6e, 0x18, 0xe9, 0xd2, 0x56, 0xad, 0x68, 0x89, + 0xd5, 0x59, 0x72, 0x75, 0xd6, 0xb1, 0x3f, 0x6e, 0xec, 0x7d, 0x3a, 0xaf, 0x24, 0x6b, 0xb1, 0xda, + 0x2e, 0x90, 0xa5, 0xc8, 0x26, 0x50, 0x87, 0xa7, 0xd7, 0xef, 0xac, 0x08, 0x20, 0xb1, 0x00, 0xe5, + 0xb2, 0x80, 0xb8, 0x3f, 0xf3, 0x3e, 0xfe, 0x3f, 0x31, 0x65, 0xfb, 0x8a, 0x8a, 0x73, 0x01, 0x81, + 0xa8, 0x1f, 0x82, 0x8a, 0x8c, 0x74, 0xa9, 0xe0, 0x48, 0xd7, 0xfc, 0x88, 0x70, 0x3e, 0xae, 0x4f, + 0x86, 0xec, 0x8c, 0xfc, 0xb3, 0xe5, 0x1a, 0xb8, 0xe0, 0x01, 0x6d, 0x85, 0xe3, 0x01, 0x69, 0x45, + 0x41, 0x9f, 0xef, 0x38, 0xef, 0x60, 0x0f, 0xe8, 0xb3, 0xf1, 0x80, 0x3c, 0x0f, 0xfa, 0xf5, 0xa3, + 0x3f, 0x57, 0x55, 0xbc, 0xac, 0x54, 0x34, 0x6c, 0xee, 0xe0, 0xed, 0xa5, 0x23, 0xd5, 0xd6, 0x7e, + 0x22, 0x9c, 0x6e, 0x02, 0x55, 0x9e, 0xe0, 0xac, 0xb8, 0x59, 0x7d, 0xfd, 0xf1, 0xc8, 0x2d, 0x6b, + 0x77, 0xaf, 0xc7, 0x97, 0x63, 0x7c, 0x8c, 0x33, 0xfc, 0x02, 0xf6, 0xaf, 0xe4, 0xc7, 0xb0, 0x76, + 0x74, 0x2d, 0xbc, 0xac, 0xe6, 0xe0, 0xcd, 0x64, 0xec, 0x07, 0x57, 0x26, 0x08, 0x82, 0x76, 0xef, + 0x2f, 0x04, 0x59, 0x53, 0xcb, 0xbe, 0x8e, 0xff, 0x05, 0x8d, 0xc6, 0xf4, 0xbb, 0x9e, 0x9a, 0xce, + 0x74, 0x74, 0x31, 0xd3, 0xd1, 0xb7, 0x99, 0x8e, 0xde, 0xcd, 0xf5, 0xd4, 0xc5, 0x5c, 0x4f, 0x7d, + 0x99, 0xeb, 0xa9, 0x17, 0x87, 0xb4, 0x17, 0x9e, 0x46, 0x6d, 0xab, 0xc3, 0xbc, 0xe4, 0x9d, 0xb1, + 0x57, 0x86, 0x3b, 0x12, 0xef, 0x44, 0x7b, 0x93, 0x1f, 0xe7, 0x83, 0x5f, 0x01, 0x00, 0x00, 0xff, + 0xff, 0x05, 0x07, 0xc6, 0x37, 0xcd, 0x04, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -510,6 +513,13 @@ func (m *MsgGrant) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.Rules) > 0 { + i -= len(m.Rules) + copy(dAtA[i:], m.Rules) + i = encodeVarintTx(dAtA, i, uint64(len(m.Rules))) + i-- + dAtA[i] = 0x22 + } { size, err := m.Grant.MarshalToSizedBuffer(dAtA[:i]) if err != nil { @@ -730,6 +740,10 @@ func (m *MsgGrant) Size() (n int) { } l = m.Grant.Size() n += 1 + l + sovTx(uint64(l)) + l = len(m.Rules) + if l > 0 { + n += 1 + l + sovTx(uint64(l)) + } return n } @@ -938,6 +952,40 @@ func (m *MsgGrant) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTx + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthTx + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthTx + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Rules = append(m.Rules[:0], dAtA[iNdEx:postIndex]...) + if m.Rules == nil { + m.Rules = []byte{} + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipTx(dAtA[iNdEx:])