implement x/authz module (#7629)

* WIP: Msg authorization module added * fixing errors * fixed errors * fixed module.go * Add msg_tests * fixes compile issues * fix test * fix test * Add msg types tests * Fix Getmsgs * fixed codec issue * Fix syntax issues * Fix keeper * fixed proto issues * Fix keeper tests * fixed router in keeper * Fix query proto * Fix cli txs * Add grpc query client implementation * Add grpc-keeper test * Add grpc query tests Add revoke and exec authorization cli commands * Fix linting issues * Fix cli query * fix lint errors * Add Genesis state * Fix query authorization * Review changes * Fix grant authorization handler * Add cli tests * Add cli tests * Fix genesis test * Fix issues * update module to use proto msg services * Add simultion tests * Fix lint * fix lint * WIP simulations * WIP simulations * add msg tests * Fix simulation * Fix errors * fix genesis import export * fix sim tests * fix sim * fix test * Register RegisterMsgServer * WIP * WIP * Update keeper test * change msg_authorization module name to authz * changed type conversion for serviceMsg * serviceMsg change to any * Fix issues * fix msg tests * fix errors * proto format * remove LegacyQuerierHandler * Use MsgServiceRouter * fix keeper-test * fix query authorizations * fix NewCmdSendAs * fix simtests * fix error * fix lint * fix lint * add tests for generic authorization * fix imports * format * Update error message * remove println * add query all grants * Add pagination for queries * format * fix lint * review changes * fix grpc tests * add pagination to cli query * review changes * replace panic with error * lint * fix errors * fix tests * remove gogoproto extensions * update function doc * review changes * fix errors * fix query flags * fix grpc query test * init service-msg * remove unsed field * add proto-codec for simulations * fix codec issue * update authz simulations * change msgauth to authz * add check for invalid msg-type * change expiration flag to Unix * doc * update module.go * fix sims * fix grant-authorization sims * fix error * fix error * add build flag * fix codec issue * rename * review changes * format * review changes * go.mod * refactor * proto-gen * Update x/authz/keeper/grpc_query_test.go Co-authored-by: Amaury <[email protected]> * Update x/authz/keeper/grpc_query_test.go Co-authored-by: Amaury <[email protected]> * Update x/authz/keeper/grpc_query_test.go Co-authored-by: Amaury <[email protected]> * Fix review comments * fix protogen * Follow Msg...Request style for msg requests * update comment * Fix error codes * fix review comment * improve msg validations * Handle error in casting msgs * rename actor => grantStoreKey * add godoc * add godoc * Fix simulations * Fix cli, cli_tests * Fix simulations * rename to GetOrRevokeAuthorization * Move events to keeper * Fix fmt * Update x/authz/client/cli/tx.go Co-authored-by: Amaury <[email protected]> * rename actor * fix lint Co-authored-by: atheesh <[email protected]> Co-authored-by: atheeshp <[email protected]> Co-authored-by: Amaury Martiny <[email protected]> Co-authored-by: MD Aleem <[email protected]> Co-authored-by: Anil Kumar Kammari <[email protected]>
cosmos · Jan 25, 2021 · c95de9c · c95de9c
1 parent bdd7fa9
commit c95de9c
Show file tree

Hide file tree

Showing 54 changed files with 9,360 additions and 375 deletions.
diff --git a/docs/core/proto-docs.md b/docs/core/proto-docs.md
diff --git a/proto/cosmos/authz/v1beta1/authz.proto b/proto/cosmos/authz/v1beta1/authz.proto
@@ -0,0 +1,37 @@
+syntax = "proto3";
+package cosmos.authz.v1beta1;
+
+import "cosmos/base/v1beta1/coin.proto";
+import "cosmos_proto/cosmos.proto";
+import "google/protobuf/timestamp.proto";
+import "gogoproto/gogo.proto";
+import "google/protobuf/any.proto";
+
+option go_package = "github.com/cosmos/cosmos-sdk/x/authz/types";
+
+// SendAuthorization allows the grantee to spend up to spend_limit coins from
+// the granter's account.
+message SendAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  repeated cosmos.base.v1beta1.Coin spend_limit = 1
+      [(gogoproto.nullable) = false, (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins"];
+}
+
+// GenericAuthorization gives the grantee unrestricted permissions to execute
+// the provided method on behalf of the granter's account.
+message GenericAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  // method name to grant unrestricted permissions to execute
+  // Note: MethodName() is already a method on `GenericAuthorization` type,
+  // we need some custom naming here so using `MessageName`
+  string method_name = 1 [(gogoproto.customname) = "MessageName"];
+}
+
+// AuthorizationGrant gives permissions to execute
+// the provide method with expiration time.
+message AuthorizationGrant {
+  google.protobuf.Any       authorization = 1 [(cosmos_proto.accepts_interface) = "Authorization"];
+  google.protobuf.Timestamp expiration    = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+}
diff --git a/proto/cosmos/authz/v1beta1/genesis.proto b/proto/cosmos/authz/v1beta1/genesis.proto
@@ -0,0 +1,24 @@
+syntax = "proto3";
+package cosmos.authz.v1beta1;
+
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/any.proto";
+import "gogoproto/gogo.proto";
+import "cosmos_proto/cosmos.proto";
+import "cosmos/authz/v1beta1/tx.proto";
+
+option go_package = "github.com/cosmos/cosmos-sdk/x/authz/types";
+
+// GenesisState defines the authz module's genesis state.
+message GenesisState {
+  repeated GrantAuthorization authorization = 1 [(gogoproto.nullable) = false];
+}
+
+// GrantAuthorization defines the GenesisState/GrantAuthorization type.
+message GrantAuthorization {
+  string granter = 1;
+  string grantee = 2;
+
+  google.protobuf.Any       authorization = 3 [(cosmos_proto.accepts_interface) = "Authorization"];
+  google.protobuf.Timestamp expiration    = 4 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true];
+}
diff --git a/proto/cosmos/authz/v1beta1/query.proto b/proto/cosmos/authz/v1beta1/query.proto
@@ -0,0 +1,54 @@
+syntax = "proto3";
+package cosmos.authz.v1beta1;
+
+import "gogoproto/gogo.proto";
+import "google/protobuf/any.proto";
+import "google/api/annotations.proto";
+import "cosmos_proto/cosmos.proto";
+import "cosmos/base/query/v1beta1/pagination.proto";
+import "cosmos/authz/v1beta1/authz.proto";
+
+option go_package = "github.com/cosmos/cosmos-sdk/x/authz/types";
+
+// Query defines the gRPC querier service.
+service Query {
+  // Returns any `Authorization` (or `nil`), with the expiration time, granted to the grantee by the granter for the
+  // provided msg type.
+  rpc Authorization(QueryAuthorizationRequest) returns (QueryAuthorizationResponse) {
+    option (google.api.http).get = "/cosmos/authz/v1beta1/granters/{granter}/grantees/{grantee}/grant";
+  }
+
+  // Returns list of `Authorization`, granted to the grantee by the granter.
+  rpc Authorizations(QueryAuthorizationsRequest) returns (QueryAuthorizationsResponse) {
+    option (google.api.http).get = "/cosmos/authz/v1beta1/granters/{granter}/grantees/{grantee}/grants";
+  }
+}
+
+// QueryAuthorizationRequest is the request type for the Query/Authorization RPC method.
+message QueryAuthorizationRequest {
+  string granter     = 1;
+  string grantee     = 2;
+  string method_name = 3;
+}
+
+// QueryAuthorizationResponse is the response type for the Query/Authorization RPC method.
+message QueryAuthorizationResponse {
+  // authorization is a authorization granted for grantee by granter.
+  cosmos.authz.v1beta1.AuthorizationGrant authorization = 1;
+}
+
+// QueryAuthorizationsRequest is the request type for the Query/Authorizations RPC method.
+message QueryAuthorizationsRequest {
+  string granter = 1;
+  string grantee = 2;
+  // pagination defines an pagination for the request.
+  cosmos.base.query.v1beta1.PageRequest pagination = 3;
+}
+
+// QueryAuthorizationsResponse is the response type for the Query/Authorizations RPC method.
+message QueryAuthorizationsResponse {
+  // authorizations is a list of grants granted for grantee by granter.
+  repeated cosmos.authz.v1beta1.AuthorizationGrant authorizations = 1;
+  // pagination defines an pagination for the response.
+  cosmos.base.query.v1beta1.PageResponse pagination = 2;
+}
diff --git a/proto/cosmos/authz/v1beta1/tx.proto b/proto/cosmos/authz/v1beta1/tx.proto
@@ -0,0 +1,62 @@
+syntax = "proto3";
+package cosmos.authz.v1beta1;
+
+import "cosmos_proto/cosmos.proto";
+import "gogoproto/gogo.proto";
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/any.proto";
+import "cosmos/base/abci/v1beta1/abci.proto";
+option go_package = "github.com/cosmos/cosmos-sdk/x/authz/types";
+
+// Msg defines the authz Msg service.
+service Msg {
+  // GrantAuthorization grants the provided authorization to the grantee on the granter's
+  // account with the provided expiration time.
+  rpc GrantAuthorization(MsgGrantAuthorizationRequest) returns (MsgGrantAuthorizationResponse);
+
+  // ExecAuthorized attempts to execute the provided messages using
+  // authorizations granted to the grantee. Each message should have only
+  // one signer corresponding to the granter of the authorization.
+  rpc ExecAuthorized(MsgExecAuthorizedRequest) returns (MsgExecAuthorizedResponse);
+
+  // RevokeAuthorization revokes any authorization corresponding to the provided method name on the
+  // granter's account that has been granted to the grantee.
+  rpc RevokeAuthorization(MsgRevokeAuthorizationRequest) returns (MsgRevokeAuthorizationResponse);
+}
+
+// MsgGrantAuthorizationRequest grants the provided authorization to the grantee on the granter's
+// account with the provided expiration time.
+message MsgGrantAuthorizationRequest {
+  string granter = 1;
+  string grantee = 2;
+
+  google.protobuf.Any       authorization = 3 [(cosmos_proto.accepts_interface) = "Authorization"];
+  google.protobuf.Timestamp expiration    = 4 [(gogoproto.nullable) = false, (gogoproto.stdtime) = true];
+}
+
+// MsgExecAuthorizedResponse defines the Msg/MsgExecAuthorizedResponse response type.
+message MsgExecAuthorizedResponse {
+  cosmos.base.abci.v1beta1.Result result = 1;
+}
+
+// MsgExecAuthorizedRequest attempts to execute the provided messages using
+// authorizations granted to the grantee. Each message should have only
+// one signer corresponding to the granter of the authorization.
+message MsgExecAuthorizedRequest {
+  string   grantee                  = 1;
+  repeated google.protobuf.Any msgs = 2;
+}
+
+// MsgGrantAuthorizationResponse defines the Msg/MsgGrantAuthorization response type.
+message MsgGrantAuthorizationResponse {}
+
+// MsgRevokeAuthorizationRequest revokes any authorization with the provided sdk.Msg type on the
+// granter's account with that has been granted to the grantee.
+message MsgRevokeAuthorizationRequest {
+  string granter     = 1;
+  string grantee     = 2;
+  string method_name = 3;
+}
+
+// MsgRevokeAuthorizationResponse defines the Msg/MsgRevokeAuthorizationResponse response type.
+message MsgRevokeAuthorizationResponse {}
diff --git a/simapp/app.go b/simapp/app.go
@@ -44,6 +44,7 @@ import (
 	"github.com/cosmos/cosmos-sdk/x/capability"
 	capabilitykeeper "github.com/cosmos/cosmos-sdk/x/capability/keeper"
 	capabilitytypes "github.com/cosmos/cosmos-sdk/x/capability/types"
+
 	"github.com/cosmos/cosmos-sdk/x/crisis"
 	crisiskeeper "github.com/cosmos/cosmos-sdk/x/crisis/keeper"
 	crisistypes "github.com/cosmos/cosmos-sdk/x/crisis/types"
@@ -87,6 +88,10 @@ import (
 	upgradekeeper "github.com/cosmos/cosmos-sdk/x/upgrade/keeper"
 	upgradetypes "github.com/cosmos/cosmos-sdk/x/upgrade/types"
 
+	authz "github.com/cosmos/cosmos-sdk/x/authz"
+	authzkeeper "github.com/cosmos/cosmos-sdk/x/authz/keeper"
+	authztypes "github.com/cosmos/cosmos-sdk/x/authz/types"
+
 	// unnamed import of statik for swagger UI support
 	_ "github.com/cosmos/cosmos-sdk/client/docs/statik"
 )
@@ -118,6 +123,7 @@ var (
 		upgrade.AppModuleBasic{},
 		evidence.AppModuleBasic{},
 		transfer.AppModuleBasic{},
+		authz.AppModuleBasic{},
 		vesting.AppModuleBasic{},
 	)
 
@@ -171,6 +177,7 @@ type SimApp struct {
 	CrisisKeeper     crisiskeeper.Keeper
 	UpgradeKeeper    upgradekeeper.Keeper
 	ParamsKeeper     paramskeeper.Keeper
+	AuthzKeeper      authzkeeper.Keeper
 	IBCKeeper        *ibckeeper.Keeper // IBC Keeper must be a pointer in the app, so we can SetRouter on it correctly
 	EvidenceKeeper   evidencekeeper.Keeper
 	TransferKeeper   ibctransferkeeper.Keeper
@@ -217,6 +224,7 @@ func NewSimApp(
 		minttypes.StoreKey, distrtypes.StoreKey, slashingtypes.StoreKey,
 		govtypes.StoreKey, paramstypes.StoreKey, ibchost.StoreKey, upgradetypes.StoreKey,
 		evidencetypes.StoreKey, ibctransfertypes.StoreKey, capabilitytypes.StoreKey,
+		authztypes.StoreKey,
 	)
 	tkeys := sdk.NewTransientStoreKeys(paramstypes.TStoreKey)
 	memKeys := sdk.NewMemoryStoreKeys(capabilitytypes.MemStoreKey)
@@ -282,6 +290,8 @@ func NewSimApp(
 		appCodec, keys[ibchost.StoreKey], app.GetSubspace(ibchost.ModuleName), app.StakingKeeper, scopedIBCKeeper,
 	)
 
+	app.AuthzKeeper = authzkeeper.NewKeeper(keys[authztypes.StoreKey], appCodec, app.BaseApp.MsgServiceRouter())
+
 	// register the proposal types
 	govRouter := govtypes.NewRouter()
 	govRouter.AddRoute(govtypes.RouterKey, govtypes.ProposalHandler).
@@ -346,6 +356,7 @@ func NewSimApp(
 		evidence.NewAppModule(app.EvidenceKeeper),
 		ibc.NewAppModule(app.IBCKeeper),
 		params.NewAppModule(app.ParamsKeeper),
+		authz.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry),
 		transferModule,
 	)
 
@@ -367,7 +378,7 @@ func NewSimApp(
 	app.mm.SetOrderInitGenesis(
 		capabilitytypes.ModuleName, authtypes.ModuleName, banktypes.ModuleName, distrtypes.ModuleName, stakingtypes.ModuleName,
 		slashingtypes.ModuleName, govtypes.ModuleName, minttypes.ModuleName, crisistypes.ModuleName,
-		ibchost.ModuleName, genutiltypes.ModuleName, evidencetypes.ModuleName, ibctransfertypes.ModuleName,
+		ibchost.ModuleName, genutiltypes.ModuleName, evidencetypes.ModuleName, authztypes.ModuleName, ibctransfertypes.ModuleName,
 	)
 
 	app.mm.RegisterInvariants(&app.CrisisKeeper)
@@ -392,6 +403,7 @@ func NewSimApp(
 		slashing.NewAppModule(appCodec, app.SlashingKeeper, app.AccountKeeper, app.BankKeeper, app.StakingKeeper),
 		params.NewAppModule(app.ParamsKeeper),
 		evidence.NewAppModule(app.EvidenceKeeper),
+		authz.NewAppModule(appCodec, app.AuthzKeeper, app.AccountKeeper, app.BankKeeper, app.interfaceRegistry),
 		ibc.NewAppModule(app.IBCKeeper),
 		transferModule,
 	)

diff --git a/simapp/sim_test.go b/simapp/sim_test.go
@@ -19,6 +19,7 @@ import (
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	simtypes "github.com/cosmos/cosmos-sdk/types/simulation"
 	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
+	authztypes "github.com/cosmos/cosmos-sdk/x/authz/types"
 	banktypes "github.com/cosmos/cosmos-sdk/x/bank/types"
 	capabilitytypes "github.com/cosmos/cosmos-sdk/x/capability/types"
 	distrtypes "github.com/cosmos/cosmos-sdk/x/distribution/types"
@@ -177,6 +178,7 @@ func TestAppImportExport(t *testing.T) {
 		{app.keys[capabilitytypes.StoreKey], newApp.keys[capabilitytypes.StoreKey], [][]byte{}},
 		{app.keys[ibchost.StoreKey], newApp.keys[ibchost.StoreKey], [][]byte{}},
 		{app.keys[ibctransfertypes.StoreKey], newApp.keys[ibctransfertypes.StoreKey], [][]byte{}},
+		{app.keys[authztypes.StoreKey], newApp.keys[authztypes.StoreKey], [][]byte{}},
 	}
 
 	for _, skp := range storeKeysPrefixes {

diff --git a/types/errors/errors.go b/types/errors/errors.go
@@ -135,6 +135,9 @@ var (
 	// supported.
 	ErrNotSupported = Register(RootCodespace, 37, "feature not supported")
 
+	// ErrNotFound defines an error when requested entity doesn't exist in the state.
+	ErrNotFound = Register(RootCodespace, 38, "not found")
+
 	// ErrPanic is only set when we recover from a panic, so we know to
 	// redact potentially sensitive system info
 	ErrPanic = Register(UndefinedCodespace, 111222, "panic")

diff --git a/types/msgservice/service_msg_client.go b/types/msgservice/service_msg_client.go
@@ -0,0 +1,50 @@
+package msgservice
+
+import (
+	"context"
+	"fmt"
+
+	gogogrpc "github.com/gogo/protobuf/grpc"
+	grpc "google.golang.org/grpc"
+
+	sdk "github.com/cosmos/cosmos-sdk/types"
+)
+
+var _ gogogrpc.ClientConn = &ServiceMsgClientConn{}
+
+// ServiceMsgClientConn is an instance of grpc.ClientConn that is used to test building
+// transactions with MsgClient's. It is intended to be replaced by the work in
+// https://github.com/cosmos/cosmos-sdk/issues/7541 when that is ready.
+type ServiceMsgClientConn struct {
+	msgs []sdk.Msg
+}
+
+// Invoke implements the grpc ClientConn.Invoke method
+func (t *ServiceMsgClientConn) Invoke(_ context.Context, method string, args, _ interface{}, _ ...grpc.CallOption) error {
+	req, ok := args.(sdk.MsgRequest)
+	if !ok {
+		return fmt.Errorf("%T should implement %T", args, (*sdk.MsgRequest)(nil))
+	}
+
+	err := req.ValidateBasic()
+	if err != nil {
+		return err
+	}
+
+	t.msgs = append(t.msgs, sdk.ServiceMsg{
+		MethodName: method,
+		Request:    req,
+	})
+
+	return nil
+}
+
+// NewStream implements the grpc ClientConn.NewStream method
+func (t *ServiceMsgClientConn) NewStream(context.Context, *grpc.StreamDesc, string, ...grpc.CallOption) (grpc.ClientStream, error) {
+	return nil, fmt.Errorf("not supported")
+}
+
+// GetMsgs returns ServiceMsgClientConn.msgs
+func (t *ServiceMsgClientConn) GetMsgs() []sdk.Msg {
+	return t.msgs
+}
diff --git a/types/simulation/types.go b/types/simulation/types.go
@@ -2,7 +2,9 @@ package simulation
 
 import (
 	"encoding/json"
+	"fmt"
 	"math/rand"
+	"reflect"
 	"time"
 
 	"github.com/cosmos/cosmos-sdk/baseapp"
@@ -75,7 +77,16 @@ func NewOperationMsgBasic(route, name, comment string, ok bool, msg []byte) Oper
 }
 
 // NewOperationMsg - create a new operation message from sdk.Msg
-func NewOperationMsg(msg sdk.Msg, ok bool, comment string) OperationMsg {
+func NewOperationMsg(msg sdk.Msg, ok bool, comment string, cdc *codec.ProtoCodec) OperationMsg {
+	if reflect.TypeOf(msg) == reflect.TypeOf(sdk.ServiceMsg{}) {
+		srvMsg, ok := msg.(sdk.ServiceMsg)
+		if !ok {
+			panic(fmt.Sprintf("Expecting %T to implement sdk.ServiceMsg", msg))
+		}
+		bz := cdc.MustMarshalJSON(srvMsg.Request)
+
+		return NewOperationMsgBasic(srvMsg.MethodName, srvMsg.MethodName, comment, ok, bz)
+	}
 	return NewOperationMsgBasic(msg.Route(), msg.Type(), comment, ok, msg.GetSignBytes())
 }