-
Notifications
You must be signed in to change notification settings - Fork 0
feat: grant role timelock solana #109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 6 commits
Commits
Show all changes
26 commits
Select commit
Hold shift + click to select a range
19d82f9
feat: add EVM grant role changeset
ecPablo a1a5a65
fix: lint errors
ecPablo 40f7ea7
fix: use generic string type instead of addresses to keep inputs chai…
ecPablo fd8efb4
fix: use generic string type instead of addresses to keep inputs chai…
ecPablo a340a0a
Merge branch 'ecpablo/grant-role-timelock' into ecpablo/grant-role-ti…
ecPablo 196404f
feat: add solana grant role implementation sequence and operation
ecPablo e59d091
fix: address review comments
ecPablo 8140ed3
fix: cleanup redundant funcs and us t.Context
ecPablo 908e726
fix: add t.helper
ecPablo 44030ea
Merge branch 'main' into ecpablo/grant-role-timelock
ecPablo a657cb5
Merge branch 'ecpablo/grant-role-timelock' into ecpablo/grant-role-ti…
ecPablo 079d3e7
fix: test flakyness for solana program loading
ecPablo 514e353
Merge branch 'ecpablo/grant-role-timelock' into ecpablo/grant-role-ti…
ecPablo 3afd45e
fix: refactor roles helpers
ecPablo a3e9f1c
fix: refactor roles helpers unit tests
ecPablo 9a17a52
fix: remove unused func
ecPablo 05f961a
fix: cleanup tests code
ecPablo 1fc1c45
fix: use map in validation funcs fdor role types
ecPablo 8c69cb9
fix: restore gitignore
ecPablo b0c2d02
chore: bump mcms
ecPablo 53d97d3
Merge branch 'main' into ecpablo/grant-role-timelock-solana
ecPablo 9ad9c88
chore: bump mcms
ecPablo ca26c92
fix: merge conflicts
ecPablo 97fb1f2
fix: linting errors
ecPablo 9c67a8b
fix: address review comments
ecPablo 633a7c4
Merge branch 'main' into ecpablo/grant-role-timelock-solana
ecPablo File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| // Package all blank-imports built-in MCMS grant-role families and readers. | ||
| package all | ||
|
|
||
| import ( | ||
| _ "github.com/smartcontractkit/cld-changesets/mcms/evm/grant-role" | ||
| _ "github.com/smartcontractkit/cld-changesets/mcms/evm/readers" | ||
| _ "github.com/smartcontractkit/cld-changesets/mcms/solana/grant-role" | ||
| _ "github.com/smartcontractkit/cld-changesets/mcms/solana/readers" | ||
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,154 @@ | ||
| package grantrole | ||
|
|
||
| import ( | ||
| "errors" | ||
| "fmt" | ||
| "slices" | ||
|
|
||
| "github.com/smartcontractkit/chainlink-deployments-framework/changeset/sequenceutils" | ||
| cldfdatastore "github.com/smartcontractkit/chainlink-deployments-framework/datastore" | ||
| cldf "github.com/smartcontractkit/chainlink-deployments-framework/deployment" | ||
|
|
||
| "github.com/smartcontractkit/cld-changesets/internal/maputil" | ||
| ) | ||
|
|
||
| var _ cldf.ChangeSetV2[Input] = Changeset{} | ||
|
|
||
| // Changeset grants RBACTimelock roles across configured chains. | ||
| type Changeset struct{} | ||
|
|
||
| func (Changeset) VerifyPreconditions(env cldf.Environment, input Input) error { | ||
| if env.DataStore == nil { | ||
| return errors.New("datastore is required for grant-role") | ||
| } | ||
| if input.MCMS != nil { | ||
| if err := input.MCMS.Validate(); err != nil { | ||
| return fmt.Errorf("invalid MCMS timelock proposal input: %w", err) | ||
| } | ||
| } | ||
| if len(input.Cfg.GrantsByChain) == 0 { | ||
| return errors.New("no role grants provided") | ||
| } | ||
| if err := validateGrants(input.Cfg.GrantsByChain); err != nil { | ||
| return err | ||
| } | ||
|
|
||
| byFamily, err := groupByFamily(input) | ||
| if err != nil { | ||
| return err | ||
| } | ||
|
|
||
| families := make([]string, 0, len(byFamily)) | ||
| for family := range byFamily { | ||
| families = append(families, family) | ||
| } | ||
| slices.Sort(families) | ||
|
|
||
| for _, family := range families { | ||
| if err := Registry.VerifyForFamily(family, env, byFamily[family]); err != nil { | ||
| return err | ||
| } | ||
| } | ||
|
|
||
| return nil | ||
| } | ||
|
|
||
| func (Changeset) Apply(env cldf.Environment, input Input) (cldf.ChangesetOutput, error) { | ||
| deps := Deps{ | ||
| BlockChains: env.BlockChains, | ||
| DataStore: env.DataStore, | ||
| } | ||
|
|
||
| var agg sequenceutils.OnChainOutput | ||
| for _, chainSelector := range maputil.SortedMapKeys(input.Cfg.GrantsByChain) { | ||
| grants := input.Cfg.GrantsByChain[chainSelector] | ||
|
|
||
| seq, seqErr := Registry.SequenceForChainSelector(chainSelector) | ||
| if seqErr != nil { | ||
| return buildOutput(env, input.MCMS, agg, fmt.Errorf("chain selector %d: %w", chainSelector, seqErr)) | ||
| } | ||
|
|
||
| var mergeErr error | ||
| agg, mergeErr = sequenceutils.ExecuteOnChainSequenceAndMerge( | ||
| env.OperationsBundle, | ||
| deps, | ||
| seq, | ||
| SeqInput{ | ||
| ChainSelector: chainSelector, | ||
| Grants: grants, | ||
| MCMS: input.MCMS, | ||
| GasBoostConfig: input.Cfg.GasBoostConfig, | ||
| }, | ||
| agg, | ||
| ) | ||
| if mergeErr != nil { | ||
| return buildOutput(env, input.MCMS, agg, mergeErr) | ||
| } | ||
| } | ||
|
|
||
| return buildOutput(env, input.MCMS, agg, nil) | ||
| } | ||
|
|
||
| func buildOutput( | ||
| env cldf.Environment, | ||
| mcmsInput *cldf.MCMSTimelockProposalInput, | ||
| agg sequenceutils.OnChainOutput, | ||
| err error, | ||
| ) (cldf.ChangesetOutput, error) { | ||
| ds := cldfdatastore.NewMemoryDataStore() | ||
| if metaErr := ds.WriteMetadata(agg.Metadata); metaErr != nil { | ||
| return cldf.ChangesetOutput{DataStore: ds}, | ||
| fmt.Errorf("write metadata to datastore: %w", metaErr) | ||
| } | ||
|
|
||
| partialOutput := cldf.ChangesetOutput{DataStore: ds} | ||
| if err != nil { | ||
| return partialOutput, err | ||
| } | ||
|
|
||
| builder := cldf.NewOutputBuilder(env, ds) | ||
| if mcmsInput != nil { | ||
| builder = builder.WithTimelockProposal(*mcmsInput, agg.BatchOps) | ||
| } | ||
|
|
||
| out, buildErr := builder.Build() | ||
| if buildErr != nil { | ||
| return out, fmt.Errorf("build changeset output: %w", buildErr) | ||
| } | ||
|
|
||
| if mcmsInput != nil && len(out.MCMSTimelockProposals) > 0 { | ||
| env.Logger.Infow("GrantRole proposal created", "proposalCount", len(out.MCMSTimelockProposals)) | ||
| } | ||
|
|
||
| return out, nil | ||
| } | ||
|
|
||
| func validateGrants(grantsByChain map[uint64][]RoleGrant) error { | ||
| for chainSelector, grants := range grantsByChain { | ||
| if len(grants) == 0 { | ||
| return fmt.Errorf("chain %d: no role grants provided", chainSelector) | ||
| } | ||
| seen := make(map[string]struct{}) | ||
| for grantIdx, grant := range grants { | ||
| if !grant.Role.Valid() { | ||
| return fmt.Errorf("chain %d grants[%d]: unsupported timelock role %s", chainSelector, grantIdx, grant.Role.String()) | ||
| } | ||
| if len(grant.Addresses) == 0 { | ||
| return fmt.Errorf("chain %d grants[%d]: no addresses provided", chainSelector, grantIdx) | ||
| } | ||
| for addrIdx, addr := range grant.Addresses { | ||
| if addr == "" { | ||
| return fmt.Errorf("chain %d grants[%d].addresses[%d]: address must not be empty", chainSelector, grantIdx, addrIdx) | ||
| } | ||
| key := grant.Role.String() + ":" + addr | ||
| if _, ok := seen[key]; ok { | ||
| return fmt.Errorf("chain %d grants[%d].addresses[%d]: duplicate grant for role %s and address %s", | ||
| chainSelector, grantIdx, addrIdx, grant.Role.String(), addr) | ||
| } | ||
| seen[key] = struct{}{} | ||
| } | ||
| } | ||
| } | ||
|
|
||
| return nil | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will remove this once mcms lib is released with new solana implementation for set role