Add PodAdmin gateway - expose admin fns and veto #587

thomas-waite · 2022-03-15T16:37:40Z

Summary

Introduces a PodAdminGateway contract, which is set as the PodAdmin address for all deployed Orca pods.

It is introduced for three reasons:

Allow a given pod to have it's admin functionality exposed to several TribeRoles
Enable hierarchy amongst pods. There is a concept of a "specific admin role", the role for which is calculated deterministically. This allows higher ranking pods to be given a higher a special role to administer lower ranking pods
Enable pod proposals to be vetoed by higher ranking pods

The goal is for the pods to have the following TribeRoles with the following admin priviledges :

addMember(): GOVERNOR, POD_ADMIN and specific pod admins granted this granular role
removeMember(): GOVERNOR, POD_ADMIN, GUARDIAN and specific pod admins granted this granular role
veto(): GOVERNOR, POD_VETO_ADMIN, GUARDIAN and specific pod admins granted this role

contracts/pods/PodAdminGateway.sol

Joeysantoro · 2022-03-17T00:23:01Z

I think a much more scalable architecture would be to hash the podId with some salt like "ORCA_POD" and have that role be the "specific pod admin". We'd only need at most one of these roles per pod. Instead of giving ROLE_ADMIN the control over this, perhaps a better role would be "POD_ADMIN" which specifically can do all of these things. The POD_ADMIN should also be able to grant these role specific admins. So then we have the following admin priviledges for all pods:

AddMember(): GOVERNOR and POD_ADMIN and "specific pod admin"
RemoveMember(): above plus "GUARDIAN"

thomas-waite · 2022-03-21T16:42:27Z

I think a much more scalable architecture would be to hash the podId with some salt like "ORCA_POD" and have that role be the "specific pod admin". We'd only need at most one of these roles per pod. Instead of giving ROLE_ADMIN the control over this, perhaps a better role would be "POD_ADMIN" which specifically can do all of these things. The POD_ADMIN should also be able to grant these role specific admins. So then we have the following admin priviledges for all pods:

AddMember(): GOVERNOR and POD_ADMIN and "specific pod admin" RemoveMember(): above plus "GUARDIAN"

This makes sense and I like it, it's more scaleable as you say. Implementing

contracts/core/TribeRoles.sol

contracts/pods/PodAdminGateway.sol

thomas-waite added 4 commits March 15, 2022 15:41

feat: add multiPodAdmin contract

9731910

test: setup of MultiPodAdmin tests

500124e

test: test add pod member

421c45a

test: add remove admin test

515979a

thomas-waite requested a review from a team as a code owner March 15, 2022 16:37

thomas-waite self-assigned this Mar 15, 2022

thomas-waite changed the base branch from develop to feat-governance-upgrade March 15, 2022 16:38

thomas-waite added 9 commits March 16, 2022 14:27

refactor: transfer admin management to role rather than address

30d6bcf

test: migrate tests to role based management

34af7aa

refactor: delineate admin priviledges, make granular

f78f201

test: add admin priviledg delineation tests

d08dc86

Merge branch 'feat-governance-upgrade' into feat-multiple-pod-admins

103fc41

feat: add multipod admin into setup deploy script

f2eb757

refactor: add batch member add and remove fns

01e026b

refactor: update dao script to use multiPodAdmin

3c4bb5d

test: update e2e tests to use multiPodAdmin

d74b3b5

thomas-waite changed the title ~~Enable multiple pod admins~~ Enable multiple pod admins through a gateway Mar 16, 2022

refactor: rename to PodAdminGateway

7f9f80c

thomas-waite force-pushed the feat-multiple-pod-admins branch from ef1ca5d to 7f9f80c Compare March 16, 2022 20:20

thomas-waite mentioned this pull request Mar 16, 2022

Add Tribal Council and Optimistic Governance pods #582

Merged

ElliotFriedman reviewed Mar 16, 2022

View reviewed changes

contracts/pods/PodAdminGateway.sol Outdated Show resolved Hide resolved

ElliotFriedman reviewed Mar 16, 2022

View reviewed changes

contracts/pods/PodAdminGateway.sol Outdated Show resolved Hide resolved

ElliotFriedman reviewed Mar 16, 2022

View reviewed changes

contracts/pods/PodAdminGateway.sol Outdated Show resolved Hide resolved

ElliotFriedman reviewed Mar 16, 2022

View reviewed changes

contracts/pods/PodAdminGateway.sol Outdated Show resolved Hide resolved

thomas-waite added 5 commits March 17, 2022 19:48

refactor: consolidate into config, add veto controller option

2150be1

feat: add VetoController

0ff8999

test: setup tests for vetoController

d53d1ec

test: validate nominated VetoController can cancel on timelock

7a1f484

feat: add validate veto permission

890a7c1

thomas-waite added 4 commits March 18, 2022 15:35

feat: add pod veto admin role

800d9c5

refactor: adjust deploy script to include roles

4a180b5

refactor: minor fixes

1ee2708

refactor: update permission mapping

a334744

thomas-waite changed the title ~~Enable multiple pod admins through a gateway~~ 3) Enable multiple pod admins through a gateway Mar 21, 2022

thomas-waite added 3 commits March 21, 2022 15:31

Merge branch 'feat-role-arch-veto' into feat-multiple-pod-admins

cf53b56

fix: correct broken merge

7d8c13a

refactor: implement PR feedback, gas optimisations

2b86120

thomas-waite added 7 commits March 21, 2022 17:52

refactor: move to deterministic role based auth

a4f36d4

refactor: move to deterministic role model

4704306

test: migrate tests

1edaf07

refactor: put pod veto functionality on gateway

1052d17

refactor: improve access control

58e0b6b

refactor: update fip script

5be4401

refactor: permissions cleanup

916b9c3

thomas-waite changed the title ~~3) Enable multiple pod admins through a gateway~~ Add PodAdmin gateway - expose admin fns and veto Mar 22, 2022

thomas-waite added 2 commits March 22, 2022 16:11

feat: add pod admin transfer functionality

bb80e94

refactor: cleanup

82b1613

Joeysantoro reviewed Mar 22, 2022

View reviewed changes

contracts/core/TribeRoles.sol Show resolved Hide resolved

Joeysantoro reviewed Mar 22, 2022

View reviewed changes

contracts/pods/PodAdminGateway.sol Show resolved Hide resolved