From ee2f7a9b0987542e2253b29a0876e2621fa5adbd Mon Sep 17 00:00:00 2001 From: forcodedancing Date: Fri, 15 Sep 2023 17:57:19 -0600 Subject: [PATCH 1/7] chore: improve the validations of messages --- x/permission/types/types.go | 13 +++++++------ x/sp/types/message.go | 12 ++++++------ x/sp/types/message_test.go | 4 ++-- x/sp/types/util.go | 2 +- x/storage/types/message.go | 25 ++++++++++++++++++++++--- x/virtualgroup/types/message.go | 2 +- 6 files changed, 39 insertions(+), 19 deletions(-) diff --git a/x/permission/types/types.go b/x/permission/types/types.go index e9be026cd..8c641b492 100644 --- a/x/permission/types/types.go +++ b/x/permission/types/types.go @@ -26,12 +26,13 @@ var ( ACTION_UPDATE_BUCKET_INFO: true, ACTION_DELETE_BUCKET: true, - ACTION_CREATE_OBJECT: true, - ACTION_DELETE_OBJECT: true, - ACTION_GET_OBJECT: true, - ACTION_COPY_OBJECT: true, - ACTION_EXECUTE_OBJECT: true, - ACTION_LIST_OBJECT: true, + ACTION_CREATE_OBJECT: true, + ACTION_DELETE_OBJECT: true, + ACTION_GET_OBJECT: true, + ACTION_COPY_OBJECT: true, + ACTION_EXECUTE_OBJECT: true, + ACTION_LIST_OBJECT: true, + ACTION_UPDATE_OBJECT_INFO: true, ACTION_TYPE_ALL: true, } diff --git a/x/sp/types/message.go b/x/sp/types/message.go index 60a5b7409..e9ae11488 100644 --- a/x/sp/types/message.go +++ b/x/sp/types/message.go @@ -105,8 +105,9 @@ func (msg *MsgCreateStorageProvider) ValidateBasic() error { if _, err := sdk.AccAddressFromHexUnsafe(msg.GcAddress); err != nil { return errors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid gc address (%s)", err) } + //MaintenanceAddress is validated in msg server if !msg.Deposit.IsValid() || !msg.Deposit.Amount.IsPositive() { - return errors.Wrap(sdkerrors.ErrInvalidRequest, "invalid deposit amount") + return errors.Wrap(sdkerrors.ErrInvalidCoins, "invalid deposit amount") } if msg.Description == (Description{}) { return errors.Wrap(sdkerrors.ErrInvalidRequest, "empty description") @@ -114,11 +115,10 @@ func (msg *MsgCreateStorageProvider) ValidateBasic() error { if err := validateBlsKeyAndProof(msg.BlsKey, msg.BlsProof); err != nil { return err } - err := IsValidEndpointURL(msg.Endpoint) - if err != nil { + if err := ValidateEndpointURL(msg.Endpoint); err != nil { return errors.Wrapf(sdkerrors.ErrInvalidRequest, "invalid endpoint (%s)", err) } - if msg.ReadPrice.IsNegative() || msg.StorePrice.IsNegative() { + if msg.ReadPrice.IsNil() || msg.ReadPrice.IsNegative() || msg.StorePrice.IsNil() || msg.StorePrice.IsNegative() { return errors.Wrap(sdkerrors.ErrInvalidRequest, "invalid price") } return nil @@ -177,7 +177,7 @@ func (msg *MsgEditStorageProvider) ValidateBasic() error { } if len(msg.Endpoint) != 0 { - err = IsValidEndpointURL(msg.Endpoint) + err = ValidateEndpointURL(msg.Endpoint) if err != nil { return errors.Wrapf(sdkerrors.ErrInvalidRequest, "invalid endpoint (%s)", err) } @@ -369,7 +369,7 @@ func (msg *MsgUpdateStorageProviderStatus) ValidateBasic() error { return errors.Wrapf(sdkerrors.ErrInvalidRequest, "not allowed to update to status %s", msg.Status) } if msg.Status == STATUS_IN_MAINTENANCE && msg.Duration <= 0 { - return errors.Wrapf(sdkerrors.ErrInvalidRequest, "maintenanceDuration need to be set for %s", msg.Status) + return errors.Wrapf(sdkerrors.ErrInvalidRequest, "maintenance duration need to be set for %s", msg.Status) } return nil } diff --git a/x/sp/types/message_test.go b/x/sp/types/message_test.go index 0d71c20d9..8e67f7443 100644 --- a/x/sp/types/message_test.go +++ b/x/sp/types/message_test.go @@ -30,7 +30,7 @@ func TestMsgCreateStorageProvider_ValidateBasic(t *testing.T) { }{ {"basic", "a", "b", "c", "d", spAddr, spAddr, spAddr, spAddr, spAddr, spAddr, spAddr, blsPubKey, blsProof, coinPos, nil}, {"basic_empty", "a", "b", "c", "d", sdk.AccAddress{}, spAddr, spAddr, spAddr, spAddr, spAddr, spAddr, blsPubKey, blsProof, coinPos, sdkerrors.ErrInvalidAddress}, - {"zero deposit", "a", "b", "c", "d", spAddr, spAddr, spAddr, spAddr, spAddr, spAddr, spAddr, blsPubKey, blsProof, coinZero, nil}, + {"zero deposit", "a", "b", "c", "d", spAddr, spAddr, spAddr, spAddr, spAddr, spAddr, spAddr, blsPubKey, blsProof, coinZero, sdkerrors.ErrInvalidCoins}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -48,7 +48,7 @@ func TestMsgCreateStorageProvider_ValidateBasic(t *testing.T) { Endpoint: "http://127.0.0.1:9033", StorePrice: sdk.ZeroDec(), ReadPrice: sdk.ZeroDec(), - Deposit: coinPos, + Deposit: tt.deposit, } err := msg.ValidateBasic() if tt.err != nil { diff --git a/x/sp/types/util.go b/x/sp/types/util.go index 711dbbf50..956b9b104 100644 --- a/x/sp/types/util.go +++ b/x/sp/types/util.go @@ -7,7 +7,7 @@ import ( ) // Verify if input endpoint URL is valid. -func IsValidEndpointURL(endpointURL string) error { +func ValidateEndpointURL(endpointURL string) error { if endpointURL == "" { return errors.Wrap(ErrInvalidEndpointURL, "Endpoint url cannot be empty.") } diff --git a/x/storage/types/message.go b/x/storage/types/message.go index b6282a1ec..bf0563326 100644 --- a/x/storage/types/message.go +++ b/x/storage/types/message.go @@ -970,6 +970,11 @@ func (msg *MsgLeaveGroup) ValidateBasic() error { return errors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid creator address (%s)", err) } + _, err = sdk.AccAddressFromHexUnsafe(msg.GroupOwner) + if err != nil { + return errors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid group owner (%s)", err) + } + err = s3util.CheckValidGroupName(msg.GroupName) if err != nil { return err @@ -1158,6 +1163,10 @@ func (msg *MsgPutPolicy) ValidateBasic() error { return errors.Wrapf(gnfderrors.ErrInvalidGRN, "invalid greenfield resource name (%s)", err) } + if msg.Principal == nil { + return gnfderrors.ErrInvalidPrincipal.Wrapf("principal cannot be empty") + } + if msg.Principal.Type == permtypes.PRINCIPAL_TYPE_GNFD_GROUP && grn.ResourceType() == resource.RESOURCE_TYPE_GROUP { return gnfderrors.ErrInvalidPrincipal.Wrapf("Not allow grant group's permission to another group") } @@ -1218,9 +1227,19 @@ func (msg *MsgDeletePolicy) ValidateBasic() error { return errors.Wrapf(gnfderrors.ErrInvalidGRN, "invalid greenfield resource name (%s)", err) } + if msg.Principal == nil { + return gnfderrors.ErrInvalidPrincipal.Wrapf("principal cannot be empty") + } + if msg.Principal.Type == permtypes.PRINCIPAL_TYPE_GNFD_GROUP && grn.ResourceType() == resource.RESOURCE_TYPE_GROUP { return gnfderrors.ErrInvalidPrincipal.Wrapf("Not allow grant group's permission to another group") } + + err = msg.Principal.ValidateBasic() + if err != nil { + return err + } + return nil } @@ -1266,7 +1285,7 @@ func (msg *MsgMirrorBucket) ValidateBasic() error { return errors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid creator address (%s)", err) } - if msg.Id.GT(sdk.NewUint(0)) { + if !msg.Id.IsNil() && msg.Id.GT(sdk.NewUint(0)) { if msg.BucketName != "" { return errors.Wrap(gnfderrors.ErrInvalidBucketName, "Bucket name should be empty") } @@ -1324,7 +1343,7 @@ func (msg *MsgMirrorObject) ValidateBasic() error { return errors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid creator address (%s)", err) } - if msg.Id.GT(sdk.NewUint(0)) { + if !msg.Id.IsNil() && msg.Id.GT(sdk.NewUint(0)) { if msg.BucketName != "" { return errors.Wrap(gnfderrors.ErrInvalidBucketName, "Bucket name should be empty") } @@ -1389,7 +1408,7 @@ func (msg *MsgMirrorGroup) ValidateBasic() error { return errors.Wrapf(sdkerrors.ErrInvalidAddress, "invalid creator address (%s)", err) } - if msg.Id.GT(sdk.NewUint(0)) { + if !msg.Id.IsNil() && msg.Id.GT(sdk.NewUint(0)) { if msg.GroupName != "" { return errors.Wrap(gnfderrors.ErrInvalidGroupName, "Group name should be empty") } diff --git a/x/virtualgroup/types/message.go b/x/virtualgroup/types/message.go index 8bc75b594..d56114c3b 100644 --- a/x/virtualgroup/types/message.go +++ b/x/virtualgroup/types/message.go @@ -192,7 +192,7 @@ func (msg *MsgWithdraw) ValidateBasic() error { } if !msg.Withdraw.IsValid() || !msg.Withdraw.Amount.IsPositive() { - return errors.Wrap(sdkerrors.ErrInvalidRequest, "invalid or non-positive deposit amount") + return errors.Wrap(sdkerrors.ErrInvalidRequest, "invalid or non-positive withdraw amount") } return nil } From 936b6d1672dc140005cf738ddb29eb9fc2851d19 Mon Sep 17 00:00:00 2001 From: forcodedancing Date: Mon, 18 Sep 2023 15:25:25 +0800 Subject: [PATCH 2/7] add runtime check --- app/upgrade.go | 16 +++++++++ deployment/localup/localup.sh | 1 + e2e/tests/permission_test.go | 10 ++++-- go.mod | 2 +- go.sum | 4 +-- x/permission/types/types.go | 64 ++++++++++++++++++++++++++++------- x/storage/types/message.go | 26 +++++++++++--- 7 files changed, 100 insertions(+), 23 deletions(-) diff --git a/app/upgrade.go b/app/upgrade.go index bc26d3f41..ff5f5a06a 100644 --- a/app/upgrade.go +++ b/app/upgrade.go @@ -19,6 +19,7 @@ func (app *App) RegisterUpgradeHandlers(chainID string, serverCfg *serverconfig. // Register the upgrade handlers here app.registerNagquUpgradeHandler() + app.registerXxxxxUpgradeHandler() // app.register...() // ... return nil @@ -61,6 +62,21 @@ func (app *App) registerNagquUpgradeHandler() { } mm.SetConsensusVersion(2) return nil + }) +} +func (app *App) registerXxxxxUpgradeHandler() { + // Register the upgrade handler + app.UpgradeKeeper.SetUpgradeHandler(upgradetypes.Xxxxx, + func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { + app.Logger().Info("upgrade to ", plan.Name) + return app.mm.RunMigrations(ctx, app.configurator, fromVM) + }) + + // Register the upgrade initializer + app.UpgradeKeeper.SetUpgradeInitializer(upgradetypes.Xxxxx, + func() error { + app.Logger().Info("Init Xxxxx upgrade") + return nil }) } diff --git a/deployment/localup/localup.sh b/deployment/localup/localup.sh index cd765bb61..76e80038d 100644 --- a/deployment/localup/localup.sh +++ b/deployment/localup/localup.sh @@ -171,6 +171,7 @@ function generate_genesis() { #sed -i -e "s/\"community_tax\": \"0.020000000000000000\"/\"community_tax\": \"0\"/g" ${workspace}/.local/validator${i}/config/genesis.json sed -i -e "s/log_level = \"info\"/\log_level= \"debug\"/g" ${workspace}/.local/validator${i}/config/config.toml echo -e '[[upgrade]]\nname = "Nagqu"\nheight = 20\ninfo = ""' >> ${workspace}/.local/validator${i}/config/app.toml + echo -e '[[upgrade]]\nname = "Xxxxx"\nheight = 20\ninfo = ""' >> ${workspace}/.local/validator${i}/config/app.toml done # enable swagger API for validator0 diff --git a/e2e/tests/permission_test.go b/e2e/tests/permission_test.go index 7e3dafedd..5252b61db 100644 --- a/e2e/tests/permission_test.go +++ b/e2e/tests/permission_test.go @@ -251,14 +251,18 @@ func (s *StorageTestSuite) TestCreateObjectByOthers() { s.Require().Equal(verifyPermResp.Effect, types.EFFECT_DENY) s.T().Logf("resp: %s, rep %s", verifyPermReq.String(), verifyPermResp.String()) - // Put bucket policy - statement := &types.Statement{ + // Put object policy + statement1 := &types.Statement{ Actions: []types.ActionType{types.ACTION_CREATE_OBJECT}, Effect: types.EFFECT_ALLOW, } + statement2 := &types.Statement{ + Actions: []types.ActionType{types.ACTION_UPDATE_OBJECT_INFO}, + Effect: types.EFFECT_ALLOW, + } principal := types.NewPrincipalWithAccount(user[1].GetAddr()) msgPutPolicy := storagetypes.NewMsgPutPolicy(user[0].GetAddr(), types2.NewBucketGRN(bucketName).String(), - principal, []*types.Statement{statement}, nil) + principal, []*types.Statement{statement1, statement2}, nil) s.SendTxBlock(user[0], msgPutPolicy) // verify permission diff --git a/go.mod b/go.mod index 9528ccc47..212052a84 100644 --- a/go.mod +++ b/go.mod @@ -178,7 +178,7 @@ replace ( github.com/cometbft/cometbft => github.com/bnb-chain/greenfield-cometbft v1.0.0 github.com/cometbft/cometbft-db => github.com/bnb-chain/greenfield-cometbft-db v0.8.1-alpha.1 github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23/go v0.8.0 - github.com/cosmos/cosmos-sdk => github.com/bnb-chain/greenfield-cosmos-sdk v1.0.1 + github.com/cosmos/cosmos-sdk => github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918062228-f66797bea5a1 github.com/cosmos/iavl => github.com/bnb-chain/greenfield-iavl v0.20.1 github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 ) diff --git a/go.sum b/go.sum index 85901e7ce..706096dd2 100644 --- a/go.sum +++ b/go.sum @@ -163,8 +163,6 @@ github.com/bnb-chain/greenfield-cometbft v1.0.0 h1:0r6hOJWD/+es0gxP/exKuN/krgXAr github.com/bnb-chain/greenfield-cometbft v1.0.0/go.mod h1:f35mk/r5ab6yvzlqEWZt68LfUje68sYgMpVlt2CUYMk= github.com/bnb-chain/greenfield-cometbft-db v0.8.1-alpha.1 h1:XcWulGacHVRiSCx90Q8Y//ajOrLNBQWR/KDB89dy3cU= github.com/bnb-chain/greenfield-cometbft-db v0.8.1-alpha.1/go.mod h1:ey1CiK4bYo1RBNJLRiVbYr5CMdSxci9S/AZRINLtppI= -github.com/bnb-chain/greenfield-cosmos-sdk v1.0.1 h1:8RZRfFyY9JdRLApcz+KADXO1Qd2sps6wXT74UAmaMmM= -github.com/bnb-chain/greenfield-cosmos-sdk v1.0.1/go.mod h1:y3hDhQhil5hMIhwBTpu07RZBF30ZITkoE+GHhVZChtY= github.com/bnb-chain/greenfield-cosmos-sdk/api v0.0.0-20230816082903-b48770f5e210 h1:GHPbV2bC+gmuO6/sG0Tm8oGal3KKSRlyE+zPscDjlA8= github.com/bnb-chain/greenfield-cosmos-sdk/api v0.0.0-20230816082903-b48770f5e210/go.mod h1:vhsZxXE9tYJeYB5JR4hPhd6Pc/uPf7j1T8IJ7p9FdeM= github.com/bnb-chain/greenfield-cosmos-sdk/math v0.0.0-20230816082903-b48770f5e210 h1:FLVOn4+OVbsKi2+YJX5kmD27/4dRu4FW7xCXFhzDO5s= @@ -370,6 +368,8 @@ github.com/fjl/memsize v0.0.0-20190710130421-bcb5799ab5e5/go.mod h1:VvhXpOYNQvB+ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= +github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918062228-f66797bea5a1 h1:UHVhaT7PI9wXgzrzlK+gl7YxuSFokYMyqWWHOut/104= +github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918062228-f66797bea5a1/go.mod h1:y3hDhQhil5hMIhwBTpu07RZBF30ZITkoE+GHhVZChtY= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= diff --git a/x/permission/types/types.go b/x/permission/types/types.go index 8c641b492..589a99fa6 100644 --- a/x/permission/types/types.go +++ b/x/permission/types/types.go @@ -5,6 +5,8 @@ import ( "time" "cosmossdk.io/math" + sdk "github.com/cosmos/cosmos-sdk/types" + upgradetypes "github.com/cosmos/cosmos-sdk/x/upgrade/types" gnfd "github.com/bnb-chain/greenfield/types" "github.com/bnb-chain/greenfield/types/common" @@ -26,6 +28,19 @@ var ( ACTION_UPDATE_BUCKET_INFO: true, ACTION_DELETE_BUCKET: true, + ACTION_CREATE_OBJECT: true, + ACTION_DELETE_OBJECT: true, + ACTION_GET_OBJECT: true, + ACTION_COPY_OBJECT: true, + ACTION_EXECUTE_OBJECT: true, + ACTION_LIST_OBJECT: true, + + ACTION_TYPE_ALL: true, + } + BucketAllowedActionsAfterXxxxx = map[ActionType]bool{ + ACTION_UPDATE_BUCKET_INFO: true, + ACTION_DELETE_BUCKET: true, + ACTION_CREATE_OBJECT: true, ACTION_DELETE_OBJECT: true, ACTION_GET_OBJECT: true, @@ -168,15 +183,18 @@ func (s *Statement) ValidateBasic(resType resource.ResourceType) error { case resource.RESOURCE_TYPE_UNSPECIFIED: return ErrInvalidStatement.Wrap("Please specify the ResourceType explicitly. Not allowed set RESOURCE_TYPE_UNSPECIFIED") case resource.RESOURCE_TYPE_BUCKET: - containsCreateObject := false - for _, a := range s.Actions { - if !BucketAllowedActions[a] { - return ErrInvalidStatement.Wrapf("%s not allowed to be used on bucket.", a.String()) - } - if a == ACTION_CREATE_OBJECT { - containsCreateObject = true - } - } + //containsCreateObject := false + //for _, a := range s.Actions { + // if !BucketAllowedActions[a] { + // return ErrInvalidStatement.Wrapf("%s not allowed to be used on bucket.", a.String()) + // } + // if a == ACTION_CREATE_OBJECT { + // containsCreateObject = true + // } + //} + //if !containsCreateObject && s.LimitSize != nil { + // return ErrInvalidStatement.Wrap("The LimitSize option can only be used with CreateObject actions at the bucket level. .") + //} for _, r := range s.Resources { var grn gnfd.GRN err := grn.ParseFromString(r, true) @@ -184,10 +202,6 @@ func (s *Statement) ValidateBasic(resType resource.ResourceType) error { return ErrInvalidStatement.Wrapf("GRN parse from string failed, err: %s", err) } } - - if !containsCreateObject && s.LimitSize != nil { - return ErrInvalidStatement.Wrap("The LimitSize option can only be used with CreateObject actions at the bucket level. .") - } case resource.RESOURCE_TYPE_OBJECT: for _, a := range s.Actions { if !ObjectAllowedActions[a] { @@ -239,3 +253,27 @@ func (s *Statement) ValidateAfterNagqu(resType resource.ResourceType) error { } return nil } + +func (s *Statement) ValidateRuntime(ctx sdk.Context, resType resource.ResourceType) error { + var bucketAllowedActions map[ActionType]bool + if ctx.IsUpgraded(upgradetypes.Xxxxx) { + bucketAllowedActions = BucketAllowedActionsAfterXxxxx + } else { + bucketAllowedActions = BucketAllowedActions + } + if resType == resource.RESOURCE_TYPE_BUCKET { + containsCreateObject := false + for _, a := range s.Actions { + if !bucketAllowedActions[a] { + return ErrInvalidStatement.Wrapf("%s not allowed to be used on bucket.", a.String()) + } + if a == ACTION_CREATE_OBJECT { + containsCreateObject = true + } + } + if !containsCreateObject && s.LimitSize != nil { + return ErrInvalidStatement.Wrap("The LimitSize option can only be used with CreateObject actions at the bucket level. .") + } + } + return nil +} diff --git a/x/storage/types/message.go b/x/storage/types/message.go index bf0563326..ff8c1300c 100644 --- a/x/storage/types/message.go +++ b/x/storage/types/message.go @@ -8,6 +8,7 @@ import ( "cosmossdk.io/errors" sdk "github.com/cosmos/cosmos-sdk/types" sdkerrors "github.com/cosmos/cosmos-sdk/types/errors" + upgradetypes "github.com/cosmos/cosmos-sdk/x/upgrade/types" "github.com/cosmos/gogoproto/proto" grn2 "github.com/bnb-chain/greenfield/types" @@ -1186,6 +1187,19 @@ func (msg *MsgPutPolicy) ValidateBasic() error { return nil } +func (msg *MsgPutPolicy) ValidateRuntime(ctx sdk.Context) error { + var grn grn2.GRN + _ = grn.ParseFromString(msg.Resource, true) // no error after ValidateBasic + for _, s := range msg.Statements { + err := s.ValidateRuntime(ctx, grn.ResourceType()) + if err != nil { + return err + } + } + + return nil +} + func NewMsgDeletePolicy(operator sdk.AccAddress, resource string, principal *permtypes.Principal) *MsgDeletePolicy { return &MsgDeletePolicy{ Operator: operator.String(), @@ -1235,11 +1249,15 @@ func (msg *MsgDeletePolicy) ValidateBasic() error { return gnfderrors.ErrInvalidPrincipal.Wrapf("Not allow grant group's permission to another group") } - err = msg.Principal.ValidateBasic() - if err != nil { - return err - } + return nil +} +func (msg *MsgDeletePolicy) ValidateRuntime(ctx sdk.Context) error { + if ctx.IsUpgraded(upgradetypes.Xxxxx) { + if err := msg.Principal.ValidateBasic(); err != nil { + return err + } + } return nil } From 29193c04270b29d6bc1ad38024fcd77bc9a10ef0 Mon Sep 17 00:00:00 2001 From: forcodedancing Date: Mon, 18 Sep 2023 15:52:19 +0800 Subject: [PATCH 3/7] add runtime check --- x/storage/types/message.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/x/storage/types/message.go b/x/storage/types/message.go index ff8c1300c..11c3620e8 100644 --- a/x/storage/types/message.go +++ b/x/storage/types/message.go @@ -1188,12 +1188,14 @@ func (msg *MsgPutPolicy) ValidateBasic() error { } func (msg *MsgPutPolicy) ValidateRuntime(ctx sdk.Context) error { - var grn grn2.GRN - _ = grn.ParseFromString(msg.Resource, true) // no error after ValidateBasic - for _, s := range msg.Statements { - err := s.ValidateRuntime(ctx, grn.ResourceType()) - if err != nil { - return err + if ctx.IsUpgraded(upgradetypes.Xxxxx) { + var grn grn2.GRN + _ = grn.ParseFromString(msg.Resource, true) // no error after ValidateBasic + for _, s := range msg.Statements { + err := s.ValidateRuntime(ctx, grn.ResourceType()) + if err != nil { + return err + } } } From b13a1e9e16a30896c1e1fd55d92d5a77ee4244ae Mon Sep 17 00:00:00 2001 From: forcodedancing Date: Mon, 18 Sep 2023 17:15:41 -0600 Subject: [PATCH 4/7] add upgrade name --- app/upgrade.go | 10 +++++----- deployment/localup/localup.sh | 2 +- go.mod | 2 +- go.sum | 4 ++-- x/permission/types/types.go | 6 +++--- x/storage/types/message.go | 17 +++++++---------- 6 files changed, 19 insertions(+), 22 deletions(-) diff --git a/app/upgrade.go b/app/upgrade.go index ff5f5a06a..8132af82a 100644 --- a/app/upgrade.go +++ b/app/upgrade.go @@ -19,7 +19,7 @@ func (app *App) RegisterUpgradeHandlers(chainID string, serverCfg *serverconfig. // Register the upgrade handlers here app.registerNagquUpgradeHandler() - app.registerXxxxxUpgradeHandler() + app.registerPampasUpgradeHandler() // app.register...() // ... return nil @@ -65,18 +65,18 @@ func (app *App) registerNagquUpgradeHandler() { }) } -func (app *App) registerXxxxxUpgradeHandler() { +func (app *App) registerPampasUpgradeHandler() { // Register the upgrade handler - app.UpgradeKeeper.SetUpgradeHandler(upgradetypes.Xxxxx, + app.UpgradeKeeper.SetUpgradeHandler(upgradetypes.Pampas, func(ctx sdk.Context, plan upgradetypes.Plan, fromVM module.VersionMap) (module.VersionMap, error) { app.Logger().Info("upgrade to ", plan.Name) return app.mm.RunMigrations(ctx, app.configurator, fromVM) }) // Register the upgrade initializer - app.UpgradeKeeper.SetUpgradeInitializer(upgradetypes.Xxxxx, + app.UpgradeKeeper.SetUpgradeInitializer(upgradetypes.Pampas, func() error { - app.Logger().Info("Init Xxxxx upgrade") + app.Logger().Info("Init Pampas upgrade") return nil }) } diff --git a/deployment/localup/localup.sh b/deployment/localup/localup.sh index 76e80038d..70543e018 100644 --- a/deployment/localup/localup.sh +++ b/deployment/localup/localup.sh @@ -171,7 +171,7 @@ function generate_genesis() { #sed -i -e "s/\"community_tax\": \"0.020000000000000000\"/\"community_tax\": \"0\"/g" ${workspace}/.local/validator${i}/config/genesis.json sed -i -e "s/log_level = \"info\"/\log_level= \"debug\"/g" ${workspace}/.local/validator${i}/config/config.toml echo -e '[[upgrade]]\nname = "Nagqu"\nheight = 20\ninfo = ""' >> ${workspace}/.local/validator${i}/config/app.toml - echo -e '[[upgrade]]\nname = "Xxxxx"\nheight = 20\ninfo = ""' >> ${workspace}/.local/validator${i}/config/app.toml + echo -e '[[upgrade]]\nname = "Pampas"\nheight = 20\ninfo = ""' >> ${workspace}/.local/validator${i}/config/app.toml done # enable swagger API for validator0 diff --git a/go.mod b/go.mod index 212052a84..01889cf22 100644 --- a/go.mod +++ b/go.mod @@ -178,7 +178,7 @@ replace ( github.com/cometbft/cometbft => github.com/bnb-chain/greenfield-cometbft v1.0.0 github.com/cometbft/cometbft-db => github.com/bnb-chain/greenfield-cometbft-db v0.8.1-alpha.1 github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23/go v0.8.0 - github.com/cosmos/cosmos-sdk => github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918062228-f66797bea5a1 + github.com/cosmos/cosmos-sdk => github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918080629-546708eba818 github.com/cosmos/iavl => github.com/bnb-chain/greenfield-iavl v0.20.1 github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 ) diff --git a/go.sum b/go.sum index 706096dd2..520965704 100644 --- a/go.sum +++ b/go.sum @@ -368,8 +368,8 @@ github.com/fjl/memsize v0.0.0-20190710130421-bcb5799ab5e5/go.mod h1:VvhXpOYNQvB+ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918062228-f66797bea5a1 h1:UHVhaT7PI9wXgzrzlK+gl7YxuSFokYMyqWWHOut/104= -github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918062228-f66797bea5a1/go.mod h1:y3hDhQhil5hMIhwBTpu07RZBF30ZITkoE+GHhVZChtY= +github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918080629-546708eba818 h1:HyAROtp8xHuuzZzJTXfwVm0c+qTJs3ahPFtEpJFs5lM= +github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918080629-546708eba818/go.mod h1:y3hDhQhil5hMIhwBTpu07RZBF30ZITkoE+GHhVZChtY= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= diff --git a/x/permission/types/types.go b/x/permission/types/types.go index 589a99fa6..aef1ac5a6 100644 --- a/x/permission/types/types.go +++ b/x/permission/types/types.go @@ -37,7 +37,7 @@ var ( ACTION_TYPE_ALL: true, } - BucketAllowedActionsAfterXxxxx = map[ActionType]bool{ + BucketAllowedActionsAfterPampas = map[ActionType]bool{ ACTION_UPDATE_BUCKET_INFO: true, ACTION_DELETE_BUCKET: true, @@ -256,8 +256,8 @@ func (s *Statement) ValidateAfterNagqu(resType resource.ResourceType) error { func (s *Statement) ValidateRuntime(ctx sdk.Context, resType resource.ResourceType) error { var bucketAllowedActions map[ActionType]bool - if ctx.IsUpgraded(upgradetypes.Xxxxx) { - bucketAllowedActions = BucketAllowedActionsAfterXxxxx + if ctx.IsUpgraded(upgradetypes.Pampas) { + bucketAllowedActions = BucketAllowedActionsAfterPampas } else { bucketAllowedActions = BucketAllowedActions } diff --git a/x/storage/types/message.go b/x/storage/types/message.go index 11c3620e8..1ffb6c133 100644 --- a/x/storage/types/message.go +++ b/x/storage/types/message.go @@ -1188,17 +1188,14 @@ func (msg *MsgPutPolicy) ValidateBasic() error { } func (msg *MsgPutPolicy) ValidateRuntime(ctx sdk.Context) error { - if ctx.IsUpgraded(upgradetypes.Xxxxx) { - var grn grn2.GRN - _ = grn.ParseFromString(msg.Resource, true) // no error after ValidateBasic - for _, s := range msg.Statements { - err := s.ValidateRuntime(ctx, grn.ResourceType()) - if err != nil { - return err - } + var grn grn2.GRN + _ = grn.ParseFromString(msg.Resource, true) // no error after ValidateBasic + for _, s := range msg.Statements { + err := s.ValidateRuntime(ctx, grn.ResourceType()) + if err != nil { + return err } } - return nil } @@ -1255,7 +1252,7 @@ func (msg *MsgDeletePolicy) ValidateBasic() error { } func (msg *MsgDeletePolicy) ValidateRuntime(ctx sdk.Context) error { - if ctx.IsUpgraded(upgradetypes.Xxxxx) { + if ctx.IsUpgraded(upgradetypes.Pampas) { if err := msg.Principal.ValidateBasic(); err != nil { return err } From d6f0094f3c0b877d1a1623c36315353eed605702 Mon Sep 17 00:00:00 2001 From: forcodedancing Date: Wed, 20 Sep 2023 15:23:36 +0800 Subject: [PATCH 5/7] fix review comments --- x/permission/types/types.go | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/x/permission/types/types.go b/x/permission/types/types.go index aef1ac5a6..894ab76f3 100644 --- a/x/permission/types/types.go +++ b/x/permission/types/types.go @@ -183,18 +183,6 @@ func (s *Statement) ValidateBasic(resType resource.ResourceType) error { case resource.RESOURCE_TYPE_UNSPECIFIED: return ErrInvalidStatement.Wrap("Please specify the ResourceType explicitly. Not allowed set RESOURCE_TYPE_UNSPECIFIED") case resource.RESOURCE_TYPE_BUCKET: - //containsCreateObject := false - //for _, a := range s.Actions { - // if !BucketAllowedActions[a] { - // return ErrInvalidStatement.Wrapf("%s not allowed to be used on bucket.", a.String()) - // } - // if a == ACTION_CREATE_OBJECT { - // containsCreateObject = true - // } - //} - //if !containsCreateObject && s.LimitSize != nil { - // return ErrInvalidStatement.Wrap("The LimitSize option can only be used with CreateObject actions at the bucket level. .") - //} for _, r := range s.Resources { var grn gnfd.GRN err := grn.ParseFromString(r, true) From 92bcef09567bcbe2215db8905d8a19287f24e873 Mon Sep 17 00:00:00 2001 From: forcodedancing Date: Tue, 17 Oct 2023 20:59:00 +0800 Subject: [PATCH 6/7] refine codes --- go.mod | 2 +- go.sum | 4 ++-- x/permission/types/types.go | 44 +++++++++++++++------------------- x/storage/keeper/msg_server.go | 7 ------ 4 files changed, 22 insertions(+), 35 deletions(-) diff --git a/go.mod b/go.mod index 01889cf22..4fffd0a5a 100644 --- a/go.mod +++ b/go.mod @@ -178,7 +178,7 @@ replace ( github.com/cometbft/cometbft => github.com/bnb-chain/greenfield-cometbft v1.0.0 github.com/cometbft/cometbft-db => github.com/bnb-chain/greenfield-cometbft-db v0.8.1-alpha.1 github.com/confio/ics23/go => github.com/cosmos/cosmos-sdk/ics23/go v0.8.0 - github.com/cosmos/cosmos-sdk => github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918080629-546708eba818 + github.com/cosmos/cosmos-sdk => github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20231016120649-fcdced9e012e github.com/cosmos/iavl => github.com/bnb-chain/greenfield-iavl v0.20.1 github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7 ) diff --git a/go.sum b/go.sum index 520965704..081c8024e 100644 --- a/go.sum +++ b/go.sum @@ -368,8 +368,8 @@ github.com/fjl/memsize v0.0.0-20190710130421-bcb5799ab5e5/go.mod h1:VvhXpOYNQvB+ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/flynn/noise v1.0.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= -github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918080629-546708eba818 h1:HyAROtp8xHuuzZzJTXfwVm0c+qTJs3ahPFtEpJFs5lM= -github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20230918080629-546708eba818/go.mod h1:y3hDhQhil5hMIhwBTpu07RZBF30ZITkoE+GHhVZChtY= +github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20231016120649-fcdced9e012e h1:nHk7ex6a2iwYl/L5ZpffJSlWC81+2IVyw5q9S1dsnKU= +github.com/forcodedancing/greenfield-cosmos-sdk v0.2.1-0.20231016120649-fcdced9e012e/go.mod h1:BGVMW9gRFKGzCwK/8CmDGe3sK9r9QujL1Uz2FMMM+/s= github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/francoispqt/gojay v1.2.13/go.mod h1:ehT5mTG4ua4581f1++1WLG0vPdaA9HaiDsoyrBGkyDY= diff --git a/x/permission/types/types.go b/x/permission/types/types.go index 894ab76f3..1f187534d 100644 --- a/x/permission/types/types.go +++ b/x/permission/types/types.go @@ -214,35 +214,29 @@ func (s *Statement) ValidateBasic(resType resource.ResourceType) error { return nil } -func (s *Statement) ValidateAfterNagqu(resType resource.ResourceType) error { - if s.Effect == EFFECT_UNSPECIFIED { - return ErrInvalidStatement.Wrap("Please specify the Effect explicitly. Not allowed set EFFECT_UNSPECIFIED") - } - switch resType { - case resource.RESOURCE_TYPE_UNSPECIFIED: - return ErrInvalidStatement.Wrap("Please specify the ResourceType explicitly. Not allowed set RESOURCE_TYPE_UNSPECIFIED") - case resource.RESOURCE_TYPE_BUCKET: - for _, r := range s.Resources { - _, err := regexp.Compile(r) - if err != nil { - return ErrInvalidStatement.Wrapf("The Resources regexp compile failed, err: %s", err) +func (s *Statement) ValidateRuntime(ctx sdk.Context, resType resource.ResourceType) error { + if ctx.IsUpgraded(upgradetypes.Nagqu) { + switch resType { + case resource.RESOURCE_TYPE_BUCKET: + for _, r := range s.Resources { + _, err := regexp.Compile(r) + if err != nil { + return ErrInvalidStatement.Wrapf("The Resources regexp compile failed, err: %s", err) + } } + case resource.RESOURCE_TYPE_OBJECT: + if s.Resources != nil { + return ErrInvalidStatement.Wrap("The Resources option can only be used at the bucket level. ") + } + case resource.RESOURCE_TYPE_GROUP: + if s.Resources != nil { + return ErrInvalidStatement.Wrap("The Resources option can only be used at the bucket level. ") + } + default: + return ErrInvalidStatement.Wrap("unknown resource type.") } - case resource.RESOURCE_TYPE_OBJECT: - if s.Resources != nil { - return ErrInvalidStatement.Wrap("The Resources option can only be used at the bucket level. ") - } - case resource.RESOURCE_TYPE_GROUP: - if s.Resources != nil { - return ErrInvalidStatement.Wrap("The Resources option can only be used at the bucket level. ") - } - default: - return ErrInvalidStatement.Wrap("unknown resource type.") } - return nil -} -func (s *Statement) ValidateRuntime(ctx sdk.Context, resType resource.ResourceType) error { var bucketAllowedActions map[ActionType]bool if ctx.IsUpgraded(upgradetypes.Pampas) { bucketAllowedActions = BucketAllowedActionsAfterPampas diff --git a/x/storage/keeper/msg_server.go b/x/storage/keeper/msg_server.go index 84b444088..6f7773afa 100644 --- a/x/storage/keeper/msg_server.go +++ b/x/storage/keeper/msg_server.go @@ -8,7 +8,6 @@ import ( "cosmossdk.io/math" sdk "github.com/cosmos/cosmos-sdk/types" govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" - upgradetypes "github.com/cosmos/cosmos-sdk/x/upgrade/types" types2 "github.com/bnb-chain/greenfield/types" gnfderrors "github.com/bnb-chain/greenfield/types/errors" @@ -370,12 +369,6 @@ func (k msgServer) PutPolicy(goCtx context.Context, msg *types.MsgPutPolicy) (*t if s.ExpirationTime != nil && s.ExpirationTime.Before(ctx.BlockTime()) { return nil, permtypes.ErrPermissionExpired.Wrapf("The specified statement expiration time is less than the current block time, block time: %s", ctx.BlockTime().String()) } - if ctx.IsUpgraded(upgradetypes.Nagqu) { - err := s.ValidateAfterNagqu(grn.ResourceType()) - if err != nil { - return nil, err - } - } } policy := &permtypes.Policy{ From 83fe0900f60781c9cc58d0e83f4c87ab4203c6ca Mon Sep 17 00:00:00 2001 From: forcodedancing Date: Tue, 17 Oct 2023 21:07:39 +0800 Subject: [PATCH 7/7] refine codes --- x/storage/keeper/msg_server.go | 1 + 1 file changed, 1 insertion(+) diff --git a/x/storage/keeper/msg_server.go b/x/storage/keeper/msg_server.go index 6f7773afa..397ac2b83 100644 --- a/x/storage/keeper/msg_server.go +++ b/x/storage/keeper/msg_server.go @@ -8,6 +8,7 @@ import ( "cosmossdk.io/math" sdk "github.com/cosmos/cosmos-sdk/types" govtypes "github.com/cosmos/cosmos-sdk/x/gov/types" + upgradetypes "github.com/cosmos/cosmos-sdk/x/upgrade/types" types2 "github.com/bnb-chain/greenfield/types" gnfderrors "github.com/bnb-chain/greenfield/types/errors"