Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

permission for framework #14605

Open
wants to merge 1 commit into
base: 09-09-add_perimission_checks_to_object
Choose a base branch
from
Open

permission for framework #14605

wants to merge 1 commit into from
+1,372 −299

Conversation

runtian-zhou
Copy link
Contributor

@runtian-zhou runtian-zhou commented Sep 12, 2024
edited
Loading

Description

Implement checks for all framework related privilege operations.

Type of Change

  • New feature
  • Bug fix
  • Breaking change
  • Performance improvement
  • Refactoring
  • Dependency update
  • Documentation update
  • Tests

Which Components or Systems Does This Change Impact?

  • Validator Node
  • Full Node (API, Indexer, etc.)
  • Move/Aptos Virtual Machine
  • Aptos Framework
  • Aptos CLI/SDK
  • Developer Infrastructure
  • Other (specify)

How Has This Been Tested?

Added relevant tests.

Key Areas to Review

Whether there's any priviledged operation need to be gated.

Checklist

  • I have read and followed the CONTRIBUTING doc
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I identified and added all stakeholders and component owners affected by this change as reviewers
  • I tested both happy and unhappy path of the functionality
  • I have made corresponding changes to the documentation

@trunk-io Trunk.io
Copy link

trunk-io bot commented Sep 12, 2024
edited
Loading

⏱️ 2h 55m total CI duration on this PR
Slowest 15 Jobs Cumulative Duration Recent Runs
rust-move-unit-coverage 20m 🟩
rust-move-unit-coverage 19m 🟩
rust-move-unit-coverage 18m 🟩
rust-move-unit-coverage 14m 🟩
rust-cargo-deny 12m 🟩🟩🟩🟩🟩 (+1 more)
general-lints 11m 🟩🟩🟩🟩🟩 (+1 more)
rust-move-unit-coverage 10m 🟩
rust-move-tests 10m 🟥
rust-move-tests 9m 🟥
rust-move-tests 9m 🟥
rust-move-tests 9m 🟥
rust-move-unit-coverage 9m 🟩
rust-move-tests 9m 🟥
check-dynamic-deps 7m 🟩🟩🟩🟩🟩 (+1 more)
rust-move-tests 3m 🟥

🚨 1 job on the last run was significantly faster/slower than expected

Job Duration vs 7d avg Delta
rust-cargo-deny 4m 2m +126%

settingsfeedbackdocs ⋅ learn more about trunk.io

This was referenced Sep 12, 2024
Open
Open
Open
@runtian-zhou Graphite App
Copy link
Contributor Author

runtian-zhou commented Sep 12, 2024
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Sep 12, 2024
Open
Open
@codecov Codecov
Copy link

codecov bot commented Sep 12, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.0%. Comparing base (2431b7b) to head (e4239a8).

Additional details and impacted files 
@@                            Coverage Diff                            @@
##           09-09-add_perimission_checks_to_object   #14605     +/-   ##
=========================================================================
+ Coverage                                    59.4%    60.0%   +0.6%     
=========================================================================
  Files                                         857      857             
  Lines                                      210762   210762             
=========================================================================
+ Hits                                       125197   126586   +1389     
+ Misses                                      85565    84176   -1389

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

lightmark
lightmark reviewed Sep 16, 2024
View reviewed changes
Copy link
Contributor

@lightmark lightmark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we add the initialization with intent code?

@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 9037ce3 to 843150a Compare September 17, 2024 05:09
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from b2c0a3d to 8ab6836 Compare September 17, 2024 05:09
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 843150a to 33a73d7 Compare September 17, 2024 21:23
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 8ab6836 to fe7cd59 Compare September 17, 2024 21:24
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 33a73d7 to 9123ceb Compare September 18, 2024 06:23
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from fe7cd59 to d48d186 Compare September 18, 2024 06:23
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 9123ceb to 206e782 Compare September 18, 2024 17:52
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from d48d186 to 3c1467e Compare September 18, 2024 17:52
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 206e782 to 9c81c83 Compare September 19, 2024 00:35
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 3c1467e to ac81f59 Compare September 19, 2024 00:35
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 9c81c83 to 75362c4 Compare September 19, 2024 08:09
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from ac81f59 to 2695494 Compare September 19, 2024 08:09
@rahxephon89 rahxephon89 force-pushed the 09-11-permission_for_framework branch from daea4f8 to 76ad6f0 Compare October 1, 2024 20:12
@rahxephon89 rahxephon89 changed the base branch from 09-09-add_perimission_checks_to_object to main October 1, 2024 20:12
@runtian-zhou runtian-zhou marked this pull request as ready for review October 4, 2024 20:46
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 729cd2a to 638ddbb Compare October 4, 2024 20:57
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from dffbce5 to d8dad95 Compare November 27, 2024 07:49
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 8837896 to 876e84b Compare November 27, 2024 07:49
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from d8dad95 to 1e81ef4 Compare November 27, 2024 08:22
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 876e84b to e2ca0c2 Compare November 27, 2024 08:22
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 1e81ef4 to db21dee Compare November 27, 2024 08:40
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from e2ca0c2 to 0bf87f0 Compare November 27, 2024 08:40
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from db21dee to 9cab1df Compare December 2, 2024 02:40
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 0bf87f0 to 8de6de8 Compare December 2, 2024 02:40
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 9cab1df to bac9d91 Compare December 2, 2024 02:44
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 8de6de8 to b10828f Compare December 2, 2024 02:44
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from bac9d91 to 253e2f2 Compare December 2, 2024 10:07
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from b10828f to 5a5ba7d Compare December 2, 2024 10:07
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 253e2f2 to 9bc9130 Compare December 4, 2024 06:15
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 5a5ba7d to 7ab440e Compare December 4, 2024 06:15
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 9bc9130 to a471067 Compare December 5, 2024 02:23
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 7ab440e to cee59bb Compare December 5, 2024 02:23
igor-aptos
igor-aptos reviewed Dec 14, 2024
View reviewed changes
Copy link
Contributor

@igor-aptos igor-aptos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you also ask for reviews from folks that wrote these files, to make sure we understand the use and make permission sets reasonable

aptos-move/framework/aptos-framework/sources/account.move Outdated Show resolved Hide resolved
aptos-move/framework/aptos-framework/sources/aptos_governance.move Outdated
struct GovernancePermission has copy, drop, store {}

/// Permissions
inline fun check_signer_permission(s: &signer) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe better to name these by the permission - i.e. check_governance_permission vs check_signer_permission

aptos-move/framework/aptos-framework/sources/code.move Outdated
/// Current permissioned signer cannot publish codes.
const ENO_CODE_PERMISSION: u64 = 0xB;

struct CodePermission has copy, drop, store {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe CodePublishingPermission?

aptos-move/framework/aptos-framework/sources/delegation_pool.move Outdated
@@ -346,6 +350,8 @@ module aptos_framework::delegation_pool {
allowlist: SmartTable<address, bool>,
}

struct DelegationPermission has copy, drop, store {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand correctly , there are (at least) two different roles here:

DelegationPoolManagementPermission (i.e. for delegation pool owners)
and
StakingToDelegationPoolPermission (i.e. for folks staking their fudns to delegation pool nodes. Also maybe this should be the same permission as regular staking, i.e. differentiating between StakingToDelegationPoolPermission and StakingPermission might be unnecessary

aptos-move/framework/aptos-framework/sources/object_code_deployment.move Outdated
@@ -75,6 +78,21 @@ module aptos_framework::object_code_deployment {
object_address: address,
}

struct ObjectCodePermission has copy, drop, store {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this need a separate permission from code.move? I am not sure I understand the difference between the two files fully.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

aptos-move/framework/aptos-framework/sources/stake.move Outdated Show resolved Hide resolved
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch 2 times, most recently from 0e65f1b to 925457f Compare December 16, 2024 09:16
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from cee59bb to 7d27d69 Compare December 16, 2024 09:16
@runtian-zhou runtian-zhou mentioned this pull request Dec 16, 2024
Draft
22 tasks
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 925457f to 6851ffb Compare December 16, 2024 09:28
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch 2 times, most recently from e00ba7b to a234dbf Compare December 16, 2024 09:51
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from 6851ffb to d4a929c Compare December 17, 2024 02:27
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from a234dbf to 81c1691 Compare December 17, 2024 02:28
@runtian-zhou runtian-zhou force-pushed the 09-09-add_perimission_checks_to_object branch from d4a929c to 6fd4575 Compare December 17, 2024 12:01
@runtian-zhou runtian-zhou force-pushed the 09-11-permission_for_framework branch from 81c1691 to 6db859a Compare December 17, 2024 12:01
@runtian-zhou runtian-zhou mentioned this pull request Dec 17, 2024
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@igor-aptos igor-aptos igor-aptos left review comments

@rahxephon89 rahxephon89 rahxephon89 left review comments

@lightmark lightmark lightmark left review comments

@junkil-park junkil-park Awaiting requested review from junkil-park junkil-park is a code owner

@alinush alinush Awaiting requested review from alinush alinush is a code owner

@davidiw davidiw Awaiting requested review from davidiw davidiw is a code owner

@movekevin movekevin Awaiting requested review from movekevin movekevin is a code owner

@wrwg wrwg Awaiting requested review from wrwg wrwg is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@runtian-zhou @lightmark @rahxephon89 @igor-aptos