Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: simplify ADR-028 and address.Module #14017

Merged
merged 26 commits into from
Jan 16, 2023
Merged

Conversation

robert-zaremba
Copy link
Collaborator

@robert-zaremba robert-zaremba commented Nov 24, 2022

Description

Closes: #13910
Closes: #13782


Author Checklist

All items are required. Please add a note to the item if the item is not applicable and
please add links to any relevant follow up issues.

I have...

  • included the correct type prefix in the PR title
  • added ! to the type prefix if API or client breaking change
  • targeted the correct branch (see PR Targeting)
  • provided a link to the relevant issue or specification
  • followed the guidelines for building modules
  • included the necessary unit and integration tests
  • added a changelog entry to CHANGELOG.md
  • included comments for documenting Go code
  • updated the relevant documentation or specification
  • reviewed "Files changed" and left comments if necessary
  • confirmed all CI checks have passed

Reviewers Checklist

All items are required. Please add a note if the item is not applicable and please add
your handle next to the items reviewed if you only reviewed selected items.

I have...

  • confirmed the correct type prefix in the PR title
  • confirmed ! in the type prefix if API or client breaking change
  • confirmed all author checklist items have been addressed
  • reviewed state machine logic
  • reviewed API design and naming
  • reviewed documentation is accurate
  • reviewed tests and test coverage
  • manually tested (if applicable)

@robert-zaremba robert-zaremba added C:Types T: ADR An issue or PR relating to an architectural decision record labels Nov 24, 2022
@robert-zaremba robert-zaremba requested a review from a team as a code owner November 24, 2022 23:40
func Module(moduleName string, key []byte) []byte {
// is constructed from a module name and a sequence of derivation keys (at least one
// derivation key must be provided).
func Module(moduleName string, derivationKey []byte, derivationKeys ...[]byte) []byte {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking to "merge" derivationKey into derivationKeys, but then we would need to panic if someone will provide an empty list.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think as is is great, requires at least 1 derivationKey implicitly which is communicated to the caller.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any reason to require at least one derivation key for modules. This is inconsistent with what we've discussed for ADR 033. There is always the root module address with no derivation keys.

Suggested change
func Module(moduleName string, derivationKey []byte, derivationKeys ...[]byte) []byte {
func Module(moduleName string, derivationKeys ...[]byte) []byte {

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wouldn't this conflict with the existing authtypes.NewModuleAddress?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. That uses 20 byte addresses

Copy link
Contributor

@amaury1093 amaury1093 Dec 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My preference is to keep backwards compatibility of existing root module accounts.

func Module(moduleName string, derivationKeys ...[]byte) []byte {
  if len(derivationKeys) == 0 { return authtypes.NewModuleAddress() }
  else { /* do like current code with successive derivations */ }
}

so it's:

  • 20 byte address for root module accounts
  • 32 byte addresses for sub/derived module accounts

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we need to make decision.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

up

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Up again, I'm going to update this PR by implementing #14017 (comment) (which is what @AmauryM seconded: #14017 (comment))

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM

Copy link
Member

@julienrbrt julienrbrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lgtm!

docs/architecture/adr-028-public-key-addresses.md Outdated Show resolved Hide resolved
docs/architecture/adr-028-public-key-addresses.md Outdated Show resolved Hide resolved
docs/architecture/adr-028-public-key-addresses.md Outdated Show resolved Hide resolved
robert-zaremba and others added 2 commits November 25, 2022 12:00
Co-authored-by: Julien Robert <julien@rbrt.fr>
@robert-zaremba robert-zaremba added the backport/v0.47.x PR scheduled for inclusion in the v0.47's next stable release label Nov 25, 2022
@robert-zaremba
Copy link
Collaborator Author

Adding 0.47 backport.

types/address/hash.go Outdated Show resolved Hide resolved
Copy link
Collaborator

@odeke-em odeke-em left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this change @robert-zaremba, just some suggestions, please take a look. Thank you Julien for the co-review.

types/address/hash.go Outdated Show resolved Hide resolved
func Module(moduleName string, key []byte) []byte {
// is constructed from a module name and a sequence of derivation keys (at least one
// derivation key must be provided).
func Module(moduleName string, derivationKey []byte, derivationKeys ...[]byte) []byte {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think as is is great, requires at least 1 derivationKey implicitly which is communicated to the caller.

x/auth/types/credentials.go Outdated Show resolved Hide resolved
func Module(moduleName string, key []byte) []byte {
// is constructed from a module name and a sequence of derivation keys (at least one
// derivation key must be provided).
func Module(moduleName string, derivationKey []byte, derivationKeys ...[]byte) []byte {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any reason to require at least one derivation key for modules. This is inconsistent with what we've discussed for ADR 033. There is always the root module address with no derivation keys.

Suggested change
func Module(moduleName string, derivationKey []byte, derivationKeys ...[]byte) []byte {
func Module(moduleName string, derivationKeys ...[]byte) []byte {

@aaronc
Copy link
Member

aaronc commented Dec 5, 2022

@AmauryM would be great to get your review of this too.

docs/architecture/adr-028-public-key-addresses.md Outdated Show resolved Hide resolved
docs/architecture/adr-028-public-key-addresses.md Outdated Show resolved Hide resolved
x/auth/types/credentials.go Outdated Show resolved Hide resolved
@robert-zaremba robert-zaremba requested a review from aaronc January 4, 2023 18:55
@robert-zaremba
Copy link
Collaborator Author

I'm fine with address.Module reverting to the pre-ADR 028 20-byte addresses (compatible with existing module accounts) when there are no derivation keys.

Personally, I would prefer to have only the "full" ADR-28 addresses for root module accounts. But simplification and compatibility is more important here.

@aaronc
Copy link
Member

aaronc commented Jan 4, 2023

I'm fine with address.Module reverting to the pre-ADR 028 20-byte addresses (compatible with existing module accounts) when there are no derivation keys.

Personally, I would prefer to have only the "full" ADR-28 addresses for root module accounts. But simplification and compatibility is more important here.

For security purposes? All root accounts should be initialized on startup

@robert-zaremba
Copy link
Collaborator Author

For security purposes?

Mostly for having one general solution (with clear domains - what ADR-028 is mostly about).

I think security is OK here, because we have that module name hash. The concern is if someone is doing something weird and creating a module name which is a hash and could collide with an existing public key hash. Or generates multiple module accounts rather than deriving.

x/auth/types/credentials.go Outdated Show resolved Hide resolved
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 9, 2023

[Cosmos SDK] Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
No Duplication information No Duplication information

Copy link
Member

@aaronc aaronc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to give my pre-approval on this now but I think we should sort out what to do for the root module hash. Maybe on the next community call as you mentioned @robert-zaremba

Co-authored-by: Aaron Craelius <aaron@regen.network>
@julienrbrt
Copy link
Member

I believe it closes #13782 too right?

@julienrbrt
Copy link
Member

Can we add a changelog? Then, given the discussion from the community call, we can add automerge.

@julienrbrt julienrbrt added the A:automerge Automatically merge PR once all prerequisites pass. label Jan 12, 2023
Copy link
Contributor

@adu-crypto adu-crypto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems a little late to see this pr since it would be merged soon.
After reading through the pr, I think this is mainly talking about the derivation of module type accounts. But I got some questions about the change and would appreciate it if anyone could explain to me:

  1. Could this possibly bring any consensus-breaking change?
  2. what are the main benefits of this new pattern of module account derivation change


```go
func Module(moduleName string, key []byte) []byte{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so currently we are not using this function to generate root module account, instead we are using authtypes.NewModuleAddress(modulenName), right?

Copy link
Member

@julienrbrt julienrbrt Jan 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exactly, now authtypes.NewModuleAddress(modulenName) falls back to address.Module now, but, the behavior stays the same as authtypes.NewModuleAddress(modulenName): https://github.com/cosmos/cosmos-sdk/pull/14017/files#diff-6cfded83a08be06034f746e83ffa6bbd6c35430cd8ac05015e6bd942c7da1030R73-R76

@julienrbrt julienrbrt enabled auto-merge (squash) January 16, 2023 13:27
@julienrbrt julienrbrt merged commit fd3bac0 into main Jan 16, 2023
@julienrbrt julienrbrt deleted the robert/update-adr28 branch January 16, 2023 13:49
mergify bot pushed a commit that referenced this pull request Jan 16, 2023
Co-authored-by: Julien Robert <julien@rbrt.fr>
Co-authored-by: Aleksandr Bezobchuk <alexanderbez@users.noreply.github.com>
Co-authored-by: Amaury <1293565+amaurym@users.noreply.github.com>
Co-authored-by: Aaron Craelius <aaron@regen.network>
Co-authored-by: Marko <marbar3778@yahoo.com>
(cherry picked from commit fd3bac0)

# Conflicts:
#	CHANGELOG.md
alexanderbez pushed a commit that referenced this pull request Jan 16, 2023
Co-authored-by: Robert Zaremba <robert@zaremba.ch>
Co-authored-by: Julien Robert <julien@rbrt.fr>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A:automerge Automatically merge PR once all prerequisites pass. backport/v0.47.x PR scheduled for inclusion in the v0.47's next stable release C:Types C:x/auth C:x/group T: ADR An issue or PR relating to an architectural decision record Type: ADR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Simplify ADR-28 ModuleAccount addresses don't follow ADR-028
9 participants