Gov authorization propagation for sub-messages #1482
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alpe
changed the title
alpe
commented
Jul 4, 2023
| @@ -54,7 +54,10 @@ func NewKeeper( | |||
| gasRegister: NewDefaultWasmGasRegister(), | |||
| maxQueryStackSize: types.DefaultMaxQueryStackSize, | |||
| acceptedAccountTypes: defaultAcceptedAccountTypes, | |||
| authority: authority, | |||
| propagateGovAuthorization: map[types.AuthorizationPolicyAction]struct{}{ | |||
| types.AuthZActionInstantiate: {}, | |||
There was a problem hiding this comment.
Setting the default: sub-message propagation only for instantiate
alpe
commented
Jul 4, 2023
| @@ -161,6 +161,20 @@ func WithAcceptedAccountTypesOnContractInstantiation(accts ...authtypes.AccountI | |||
| }) | |||
| } | |||
|
|
|||
| // WitGovSubMsgAuthZPropagated overwrites the default gov authorization policy for sub-messages | |||
| func WitGovSubMsgAuthZPropagated(entries ...types.AuthorizationPolicyAction) Option { | |||
There was a problem hiding this comment.
Constructor option to modify defaults
alpe
commented
Jul 4, 2023
| return GovAuthorizationPolicy{} | ||
| return newGovAuthorizationPolicy(m.keeper.propagateGovAuthorization) | ||
| } | ||
| if policy, ok := types.SubMsgAuthzPolicy(ctx); ok { |
There was a problem hiding this comment.
Reads policy from context when set
alpe
commented
Jul 4, 2023
| @@ -356,6 +350,7 @@ func (k Keeper) instantiate( | |||
| sdk.NewAttribute(types.AttributeKeyCodeID, strconv.FormatUint(codeID, 10)), | |||
| )) | |||
|
|
|||
| ctx = types.WithSubMsgAuthzPolicy(ctx, authPolicy.SubMessageAuthorizationPolicy(types.AuthZActionInstantiate)) | |||
There was a problem hiding this comment.
Pass sub-message policy with context
Codecov Report
@@ Coverage Diff @@
## main #1482 +/- ##
==========================================
+ Coverage 57.86% 57.98% +0.11%
==========================================
Files 63 64 +1
Lines 8344 8401 +57
==========================================
+ Hits 4828 4871 +43
- Misses 3112 3126 +14
Partials 404 404
|
pinosu
reviewed
Jul 5, 2023
| @@ -550,3 +557,157 @@ func TestDispatchSubMsgConditionalReplyOn(t *testing.T) { | |||
| }) | |||
| } | |||
| } | |||
|
|
|||
| func TestInstantiateGovSubMsgAuthzPropagated(t *testing.T) { | |||
| mockWasmVM := &wasmtesting.MockWasmer{} | |||
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #1207
I have focused on instantiate and migrate to propagate to sub-messages.
Instantiateis enabled by default as this comes with low risk compared to propagatingmigrategov permissions.This can be enabled/ disabled via the
WitGovSubMsgAuthZPropagatedoption in the app setup.The
sudocall though does not include gov permission propagation for security reasons. It can be enabled for native Go calls by passing anAutorizationPolicywith thesdk.Context. I have addedWithSubMsgAuthzPolicyto support this.