Contract authz - redesign (CosmWasm#1077)

* Add contract authz proto

* Implement contract autorization

* Register contract authz

* Add contract-authz tests

* Consume gas for contract authz

* Add contract authz cli

* Update cli usage

* Model spike

* Add max funds limit

* Redesign authz model

* Start e2e test

* Full e2e test

* Test filter and limits

* Test accept

* Fix description

* No linter warning

Co-authored-by: Giancarlos Salas <me@giansalex.dev>

Makefile

@@ -149,8 +149,9 @@ test-sim-multi-seed-short: runsim
 ###############################################################################
 
 format-tools:
-	go install mvdan.cc/gofumpt@v0.3.1
+	go install mvdan.cc/gofumpt@v0.4.0
 	go install github.com/client9/misspell/cmd/misspell@v0.3.4
+	go install golang.org/x/tools/cmd/goimports@latest
 
 lint: format-tools
 	golangci-lint run --tests=false

app/test_helpers.go

@@ -363,7 +363,7 @@ func SignCheckDeliver(
 // ibc testing package causes checkState and deliverState to diverge in block time.
 func SignAndDeliver(
 	t *testing.T, txCfg client.TxConfig, app *bam.BaseApp, header tmproto.Header, msgs []sdk.Msg,
-	chainID string, accNums, accSeqs []uint64, expSimPass, expPass bool, priv ...cryptotypes.PrivKey,
+	chainID string, accNums, accSeqs []uint64, priv ...cryptotypes.PrivKey,
 ) (sdk.GasInfo, *sdk.Result, error) {
 	tx, err := helpers.GenTx(
 		txCfg,
@@ -381,14 +381,6 @@ func SignAndDeliver(
 	app.BeginBlock(abci.RequestBeginBlock{Header: header})
 	gInfo, res, err := app.Deliver(txCfg.TxEncoder(), tx)
 
-	if expPass {
-		require.NoError(t, err)
-		require.NotNil(t, res)
-	} else {
-		require.Error(t, err)
-		require.Nil(t, res)
-	}
-
 	app.EndBlock(abci.RequestEndBlock{})
 	app.Commit()
 

docs/proto/proto-docs.md

@@ -4,6 +4,17 @@
 
 ## Table of Contents
 
+- [cosmwasm/wasm/v1/authz.proto](#cosmwasm/wasm/v1/authz.proto)
+    - [AcceptedMessageKeysFilter](#cosmwasm.wasm.v1.AcceptedMessageKeysFilter)
+    - [AcceptedMessagesFilter](#cosmwasm.wasm.v1.AcceptedMessagesFilter)
+    - [AllowAllMessagesFilter](#cosmwasm.wasm.v1.AllowAllMessagesFilter)
+    - [CombinedLimit](#cosmwasm.wasm.v1.CombinedLimit)
+    - [ContractExecutionAuthorization](#cosmwasm.wasm.v1.ContractExecutionAuthorization)
+    - [ContractGrant](#cosmwasm.wasm.v1.ContractGrant)
+    - [ContractMigrationAuthorization](#cosmwasm.wasm.v1.ContractMigrationAuthorization)
+    - [MaxCallsLimit](#cosmwasm.wasm.v1.MaxCallsLimit)
+    - [MaxFundsLimit](#cosmwasm.wasm.v1.MaxFundsLimit)
+
 - [cosmwasm/wasm/v1/types.proto](#cosmwasm/wasm/v1/types.proto)
     - [AbsoluteTxPosition](#cosmwasm.wasm.v1.AbsoluteTxPosition)
     - [AccessConfig](#cosmwasm.wasm.v1.AccessConfig)
@@ -90,6 +101,168 @@
 
 
 
+<a name="cosmwasm/wasm/v1/authz.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## cosmwasm/wasm/v1/authz.proto
+
+
+
+<a name="cosmwasm.wasm.v1.AcceptedMessageKeysFilter"></a>
+
+### AcceptedMessageKeysFilter
+AcceptedMessageKeysFilter accept only the specific contract message keys in
+the json object to be executed.
+Since: wasmd 0.30
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `keys` | [string](#string) | repeated | Messages is the list of unique keys |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.AcceptedMessagesFilter"></a>
+
+### AcceptedMessagesFilter
+AcceptedMessagesFilter accept only the specific raw contract messages to be
+executed.
+Since: wasmd 0.30
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `messages` | [bytes](#bytes) | repeated | Messages is the list of raw contract messages |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.AllowAllMessagesFilter"></a>
+
+### AllowAllMessagesFilter
+AllowAllMessagesFilter is a wildcard to allow any type of contract payload
+message.
+Since: wasmd 0.30
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.CombinedLimit"></a>
+
+### CombinedLimit
+CombinedLimit defines the maximal amounts that can be sent to a contract and
+the maximal number of calls executable. Both need to remain >0 to be valid.
+Since: wasmd 0.30
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `calls_remaining` | [uint64](#uint64) |  | Remaining number that is decremented on each execution |
+| `amounts` | [cosmos.base.v1beta1.Coin](#cosmos.base.v1beta1.Coin) | repeated | Amounts is the maximal amount of tokens transferable to the contract. |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.ContractExecutionAuthorization"></a>
+
+### ContractExecutionAuthorization
+ContractExecutionAuthorization defines authorization for wasm execute.
+Since: wasmd 0.30
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `grants` | [ContractGrant](#cosmwasm.wasm.v1.ContractGrant) | repeated | Grants for contract executions |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.ContractGrant"></a>
+
+### ContractGrant
+ContractGrant a granted permission for a single contract
+Since: wasmd 0.30
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `contract` | [string](#string) |  | Contract is the bech32 address of the smart contract |
+| `limit` | [google.protobuf.Any](#google.protobuf.Any) |  | Limit defines execution limits that are enforced and updated when the grant is applied. When the limit lapsed the grant is removed. |
+| `filter` | [google.protobuf.Any](#google.protobuf.Any) |  | Filter define more fine-grained control on the message payload passed to the contract in the operation. When no filter applies on execution, the operation is prohibited. |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.ContractMigrationAuthorization"></a>
+
+### ContractMigrationAuthorization
+ContractMigrationAuthorization defines authorization for wasm contract
+migration. Since: wasmd 0.30
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `grants` | [ContractGrant](#cosmwasm.wasm.v1.ContractGrant) | repeated | Grants for contract migrations |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.MaxCallsLimit"></a>
+
+### MaxCallsLimit
+MaxCallsLimit limited number of calls to the contract. No funds transferable.
+Since: wasmd 0.30
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `remaining` | [uint64](#uint64) |  | Remaining number that is decremented on each execution |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.MaxFundsLimit"></a>
+
+### MaxFundsLimit
+MaxFundsLimit defines the maximal amounts that can be sent to the contract.
+Since: wasmd 0.30
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `amounts` | [cosmos.base.v1beta1.Coin](#cosmos.base.v1beta1.Coin) | repeated | Amounts is the maximal amount of tokens transferable to the contract. |
+
+
+
+
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+ <!-- end HasExtensions -->
+
+ <!-- end services -->
+
+
+
 <a name="cosmwasm/wasm/v1/types.proto"></a>
 <p align="right"><a href="#top">Top</a></p>
 

proto/cosmwasm/wasm/v1/authz.proto

@@ -0,0 +1,109 @@
+syntax = "proto3";
+package cosmwasm.wasm.v1;
+
+import "gogoproto/gogo.proto";
+import "cosmos_proto/cosmos.proto";
+import "cosmos/base/v1beta1/coin.proto";
+import "google/protobuf/any.proto";
+
+option go_package = "github.com/CosmWasm/wasmd/x/wasm/types";
+option (gogoproto.goproto_getters_all) = false;
+
+// ContractExecutionAuthorization defines authorization for wasm execute.
+// Since: wasmd 0.30
+message ContractExecutionAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  // Grants for contract executions
+  repeated ContractGrant grants = 1 [ (gogoproto.nullable) = false ];
+}
+
+// ContractMigrationAuthorization defines authorization for wasm contract
+// migration. Since: wasmd 0.30
+message ContractMigrationAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  // Grants for contract migrations
+  repeated ContractGrant grants = 1 [ (gogoproto.nullable) = false ];
+}
+
+// ContractGrant a granted permission for a single contract
+// Since: wasmd 0.30
+message ContractGrant {
+  // Contract is the bech32 address of the smart contract
+  string contract = 1;
+
+  // Limit defines execution limits that are enforced and updated when the grant
+  // is applied. When the limit lapsed the grant is removed.
+  google.protobuf.Any limit = 2
+      [ (cosmos_proto.accepts_interface) = "ContractAuthzLimitX" ];
+
+  // Filter define more fine-grained control on the message payload passed
+  // to the contract in the operation. When no filter applies on execution, the
+  // operation is prohibited.
+  google.protobuf.Any filter = 3
+      [ (cosmos_proto.accepts_interface) = "ContractAuthzFilterX" ];
+}
+
+// MaxCallsLimit limited number of calls to the contract. No funds transferable.
+// Since: wasmd 0.30
+message MaxCallsLimit {
+  option (cosmos_proto.implements_interface) = "ContractAuthzLimitX";
+
+  // Remaining number that is decremented on each execution
+  uint64 remaining = 1;
+}
+
+// MaxFundsLimit defines the maximal amounts that can be sent to the contract.
+// Since: wasmd 0.30
+message MaxFundsLimit {
+  option (cosmos_proto.implements_interface) = "ContractAuthzLimitX";
+
+  // Amounts is the maximal amount of tokens transferable to the contract.
+  repeated cosmos.base.v1beta1.Coin amounts = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins"
+  ];
+}
+
+// CombinedLimit defines the maximal amounts that can be sent to a contract and
+// the maximal number of calls executable. Both need to remain >0 to be valid.
+// Since: wasmd 0.30
+message CombinedLimit {
+  option (cosmos_proto.implements_interface) = "ContractAuthzLimitX";
+
+  // Remaining number that is decremented on each execution
+  uint64 calls_remaining = 1;
+  // Amounts is the maximal amount of tokens transferable to the contract.
+  repeated cosmos.base.v1beta1.Coin amounts = 2 [
+    (gogoproto.nullable) = false,
+    (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins"
+  ];
+}
+
+// AllowAllMessagesFilter is a wildcard to allow any type of contract payload
+// message.
+// Since: wasmd 0.30
+message AllowAllMessagesFilter {
+  option (cosmos_proto.implements_interface) = "ContractAuthzFilterX";
+}
+
+// AcceptedMessageKeysFilter accept only the specific contract message keys in
+// the json object to be executed.
+// Since: wasmd 0.30
+message AcceptedMessageKeysFilter {
+  option (cosmos_proto.implements_interface) = "ContractAuthzFilterX";
+
+  // Messages is the list of unique keys
+  repeated string keys = 1;
+}
+
+// AcceptedMessagesFilter accept only the specific raw contract messages to be
+// executed.
+// Since: wasmd 0.30
+message AcceptedMessagesFilter {
+  option (cosmos_proto.implements_interface) = "ContractAuthzFilterX";
+
+  // Messages is the list of raw contract messages
+  repeated bytes messages = 1 [ (gogoproto.casttype) = "RawContractMessage" ];
+}

tests/e2e/README.md

@@ -0,0 +1,3 @@
+# End To End Testing - e2e
+
+Scenario tests that run against on or multiple chain instances.