Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Principal namespaces #1507

Merged
merged 44 commits into from
Nov 18, 2022
Merged

Principal namespaces #1507

Show file tree
Hide file tree
Changes from 39 commits
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
9ca72b6
update pact for pact-4.4
emilypi Aug 9, 2022
7fb035d
update warp tls
jmcardon Aug 9, 2022
878cf4b
Merge branch 'master' into feat/integrate-pact44
edmundnoble Aug 10, 2022
34ad004
set up initial gas environment
jmcardon Aug 10, 2022
3f485e6
fix merge conflicts
jmcardon Aug 10, 2022
76d5ae6
wip fix tests
jmcardon Aug 10, 2022
9f51bc1
fix rosetta gas bound
jmcardon Aug 10, 2022
6a052aa
update pin to latest master
jmcardon Aug 10, 2022
ea2c899
Fix spcae mistake in ns.pact
jmcardon Aug 10, 2022
01b5778
merge master
emilypi Aug 10, 2022
fab4b49
merge master
emilypi Aug 10, 2022
3ac3196
get started on pactinprocapi test
emilypi Aug 10, 2022
7ea8f31
wip tests to pre/post fork conditions in define-keyset
jmcardon Aug 12, 2022
12914a2
all tests pre-post fork
jmcardon Aug 12, 2022
f3c7ec2
update pin with latest master
jmcardon Aug 12, 2022
ab14aa9
Remove now nonexistent flag
edmundnoble Aug 15, 2022
98d29e9
initial rewrite
emilypi Aug 15, 2022
5736a63
remove unnecessary flag
emilypi Aug 15, 2022
1e502f0
parser fixes
jmcardon Aug 16, 2022
463c780
kludgy first implementation
emilypi Aug 16, 2022
a0e104f
WIP repl tests
emilypi Aug 17, 2022
0deff95
Add initial coverage, get code working
emilypi Aug 17, 2022
405d35a
latest pact master
jmcardon Aug 17, 2022
6688d46
bless old contract
emilypi Aug 17, 2022
dab259b
Merge branch 'feat/integrate-pact44' into feat/principal-namespaces
emilypi Aug 17, 2022
7d96a95
add ns-v2.yaml
emilypi Aug 17, 2022
e980f22
hook up repl tests to pact tests for ns (v1 and v2)
emilypi Aug 19, 2022
58c8789
Merge branch 'master' into feat/principal-namespaces
emilypi Aug 19, 2022
eccced7
undo checkpointer change
emilypi Aug 19, 2022
6547c57
move stale logic out of contract defn
emilypi Aug 19, 2022
e21f1d3
Merge branch 'master' into feat/principal-namespaces
emilypi Aug 26, 2022
1b9a00f
Merge branch 'master' into feat/principal-namespaces
sirlensalot Sep 8, 2022
b836725
Principal namespaces: use hashes, rework upgrade methodology (#1534)
sirlensalot Sep 21, 2022
f2f09cc
Merge branch 'master' into feat/principal-namespaces
emilypi Sep 22, 2022
1cb0e16
Merge branch 'master' into feat/principal-namespaces
emilypi Sep 26, 2022
3378b52
add typecheck for principal type + test
emilypi Sep 29, 2022
f7c83af
Merge branch 'master' into feat/principal-namespaces
emilypi Oct 1, 2022
2a7b1ae
Merge branch 'master' into feat/principal-namespaces
emilypi Nov 10, 2022
3320655
Merge branch 'feat/principal-namespaces' of github.com:kadena-io/chai…
emilypi Nov 10, 2022
7ebe5a7
Merge branch 'master' into feat/principal-namespaces
emilypi Nov 17, 2022
0516230
add (wip) test for failed upgrade + comments
emilypi Nov 18, 2022
a7b8f9f
purge pact history
emilypi Nov 18, 2022
272cdb4
add weird test for upgrades
emilypi Nov 18, 2022
9b1eb09
stuarts comments
emilypi Nov 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions pact/gas-payer/gas-payer-v1.repl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
(env-data {'gas-payer-operate: ["operate"]})
(env-keys ["operate"])

(env-exec-config ['DisablePact44])
(load "gas-payer-v1-reference.pact")

(verify "user.gas-payer-v1-reference")
Expand Down
2 changes: 1 addition & 1 deletion pact/genesis/mainnet/ns.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
codeFile: ../../namespaces/ns.pact
codeFile: ../../namespaces/v1/ns.pact
data:
ns-admin-keyset:
keys:
Expand Down
2 changes: 1 addition & 1 deletion pact/genesis/ns.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
codeFile: ../namespaces/ns.pact
codeFile: ../namespaces/v1/ns.pact
data:
ns-admin-keyset: ["368820f80c324bbc7c2b0610688a7da43e39f91d118732671cd9c7500ff43cca"]
ns-operate-keyset: ["368820f80c324bbc7c2b0610688a7da43e39f91d118732671cd9c7500ff43cca"]
Expand Down
61 changes: 32 additions & 29 deletions pact/namespaces/ns.pact
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@

(define-keyset 'ns-admin-keyset (read-keyset 'ns-admin-keyset))
(define-keyset 'ns-operate-keyset (read-keyset 'ns-genesis-keyset))

(module ns GOVERNANCE
"Administers definition of new namespaces in Chainweb."

Expand Down Expand Up @@ -31,25 +27,48 @@
(enforce (is-charset CHARSET_LATIN1 name)
"Name must be in latin1 charset"))

(defun create-principal-namespace:string
( g:guard
)
" Format principal namespace as Pact hash (BLAKE2b256) of principal \
\ in hex truncated to 160 bits (40 characters), prepended with 'n_'.\
\ Only w: and k: account protocols are supported. "

(let
((ty (typeof-principal (create-principal g))))

;; only w: and k: currently supported
(if (or (= ty "k:") (= ty "w:"))
(+ "n_" (take 40 (int-to-str 16 (str-to-int 64 (hash g)))))
(enforce false
(format "Unsupported guard protocol: {}" [ty]))
))
)

(defun validate:bool
( ns-name:string
ns-admin:guard
)
" Manages namespace install for Chainweb. Requires active row in registry \
" Manages namespace install for Chainweb. \
\ Allows principal namespaces. \
\ Non-principal namespaces require active row in registry \
\ for NS-NAME with guard matching NS-ADMIN."

(validate-name ns-name)
(if (= (create-principal-namespace ns-admin) ns-name)

true ;; allow principal namespaces

(with-default-read registry ns-name
{ 'admin-guard : ns-admin
, 'active : false }
{ 'admin-guard := ag
, 'active := is-active }
(with-default-read registry ns-name ;; otherwise enforce registry
{ 'admin-guard : ns-admin
, 'active : false }
{ 'admin-guard := ag
, 'active := is-active }

(enforce is-active "Inactive or unregistered namespace")
(enforce (= ns-admin ag) "Admin guard must match guard in registry")

true))
true)
))
sirlensalot marked this conversation as resolved.
Show resolved Hide resolved

(defun write-registry:string
( ns-name:string
Expand All @@ -73,20 +92,4 @@
( ns-name:string )
(read registry ns-name))

)

(create-table registry)

(write-registry "kadena"
(keyset-ref-guard 'ns-operate-keyset) true)
(write-registry "user" GUARD_FAILURE true)
(write-registry "free" GUARD_FAILURE true)

(define-namespace "kadena"
(keyset-ref-guard 'ns-operate-keyset)
(keyset-ref-guard 'ns-operate-keyset))

(define-namespace "user" GUARD_SUCCESS GUARD_FAILURE)
(define-namespace "free" GUARD_SUCCESS GUARD_FAILURE)
;;rotate to real operate keyset
(define-keyset 'ns-operate-keyset (read-keyset 'ns-operate-keyset))
)
108 changes: 108 additions & 0 deletions pact/namespaces/ns.repl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
, 'ns-operate-keyset: ["operate"]
, 'ns-genesis-keyset: { "keys": [], "pred": "="} })

(load "v1/ns.pact")
sirlensalot marked this conversation as resolved.
Show resolved Hide resolved
(load "ns.pact")
(commit-tx)

Expand Down Expand Up @@ -67,6 +68,7 @@
(defcap G () (enforce false "disabled"))
(defun foo () 4))
(commit-tx)
(begin-tx)

(expect "kadena.mod2 works" 4 (kadena.mod2.foo))

Expand All @@ -85,3 +87,109 @@
(expect-failure
"must be latin1 charset"
(write-registry "emilyπ" GUARD_SUCCESS true))

(commit-tx)
(begin-tx)

(env-exec-config [])
(env-data
{ 'single :
["70c787fcfe6c6f4ec23d13c2e94682bc90952f7cec06c7dbac1c012b0b6678b9"]
, 'multi : ["a", "b"]
})

(expect
"single principal ns"
"n_c1a583206e24450af26de41110042b019695db8c"
(ns.create-principal-namespace (read-keyset 'single)))

(expect
"multi principal ns"
"n_64bfdef1c668b167c87f7cf329454c572e284664"
(ns.create-principal-namespace (read-keyset 'multi)))

(expect-failure
"Principal of other than admin keyset fails"
"Inactive or unregistered namespace"
(define-namespace
"n_c1a583206e24450af26de41110042b019695db8c"
(read-keyset 'single)
(read-keyset 'multi))
)

(define-namespace
"n_c1a583206e24450af26de41110042b019695db8c"
(read-keyset 'single)
(read-keyset 'single))

(define-namespace
"n_64bfdef1c668b167c87f7cf329454c572e284664"
(read-keyset 'multi)
(read-keyset 'multi))

(commit-tx)

(begin-tx "test rotation")
(env-keys
[ "70c787fcfe6c6f4ec23d13c2e94682bc90952f7cec06c7dbac1c012b0b6678b9" ])
;; rotate to multi/multi
(define-namespace
"n_c1a583206e24450af26de41110042b019695db8c"
(read-keyset 'multi)
(read-keyset 'multi))
;; rotate to multi/single
(env-keys ["a","b"])
(define-namespace
"n_c1a583206e24450af26de41110042b019695db8c"
(read-keyset 'multi)
(read-keyset 'single))
(rollback-tx)


(begin-tx)
(env-exec-config [])
(env-keys
[ "70c787fcfe6c6f4ec23d13c2e94682bc90952f7cec06c7dbac1c012b0b6678b9"
, "a"
, "b"
]
)

(namespace "n_c1a583206e24450af26de41110042b019695db8c")
(module modK G
(defcap G () true)
(defun f () 1))

(namespace "n_64bfdef1c668b167c87f7cf329454c572e284664")
(module modW G
(defcap G () true)
(defun f () 2))

(commit-tx)
(begin-tx)

(expect
"k: principal namespaces work"
1
(n_c1a583206e24450af26de41110042b019695db8c.modK.f))

(expect
"w: principal namespaces work"
2
(n_64bfdef1c668b167c87f7cf329454c572e284664.modW.f))

(commit-tx)
(begin-tx)

(env-data
{ "n_c1a583206e24450af26de41110042b019695db8c.failure": ['k]
})

(namespace "n_c1a583206e24450af26de41110042b019695db8c")
(define-keyset "n_c1a583206e24450af26de41110042b019695db8c.failure")

(expect-failure
"r: principal namespaces do not work"
"Unsupported guard protocol: r:"
(ns.create-principal-namespace
(keyset-ref-guard "n_c1a583206e24450af26de41110042b019695db8c.failure")))
92 changes: 92 additions & 0 deletions pact/namespaces/v1/ns.pact
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@

(define-keyset 'ns-admin-keyset (read-keyset 'ns-admin-keyset))
(define-keyset 'ns-operate-keyset (read-keyset 'ns-genesis-keyset))

(module ns GOVERNANCE
"Administers definition of new namespaces in Chainweb."

(defschema reg-entry
admin-guard:guard
active:bool)

(deftable registry:{reg-entry})

(defcap GOVERNANCE ()
(enforce-keyset 'ns-admin-keyset))

(defcap OPERATE ()
(enforce-keyset 'ns-operate-keyset))

(defconst GUARD_SUCCESS (create-user-guard (success)))
(defconst GUARD_FAILURE (create-user-guard (failure)))

(defun success ()
true)
(defun failure ()
(enforce false "Disabled"))

(defun validate-name (name)
(enforce (!= "" name) "Empty name not allowed")
(enforce (< (length name) 64) "Name must be less than 64 characters long")
(enforce (is-charset CHARSET_LATIN1 name)
"Name must be in latin1 charset"))

(defun validate:bool
( ns-name:string
ns-admin:guard
)
" Manages namespace install for Chainweb. Requires active row in registry \
\ for NS-NAME with guard matching NS-ADMIN."

(validate-name ns-name)

(with-default-read registry ns-name
{ 'admin-guard : ns-admin
, 'active : false }
{ 'admin-guard := ag
, 'active := is-active }

(enforce is-active "Inactive or unregistered namespace")
(enforce (= ns-admin ag) "Admin guard must match guard in registry")

true))

(defun write-registry:string
( ns-name:string
guard:guard
active:bool
)
" Write entry with GUARD and ACTIVE into registry for NAME. \
\ Guarded by operate keyset. "

(with-capability (OPERATE)

(validate-name ns-name)

(write registry ns-name
{ 'admin-guard: guard
, 'active: active })

"Register entry written"))

(defun query:object{reg-entry}
( ns-name:string )
(read registry ns-name))

)

(create-table registry)

(write-registry "kadena"
(keyset-ref-guard 'ns-operate-keyset) true)
(write-registry "user" GUARD_FAILURE true)
(write-registry "free" GUARD_FAILURE true)

(define-namespace "kadena"
(keyset-ref-guard 'ns-operate-keyset)
(keyset-ref-guard 'ns-operate-keyset))

(define-namespace "user" GUARD_SUCCESS GUARD_FAILURE)
(define-namespace "free" GUARD_SUCCESS GUARD_FAILURE)
;;rotate to real operate keyset
(define-keyset 'ns-operate-keyset (read-keyset 'ns-operate-keyset))
Loading