966 grants spike

docs/proto/proto-docs.md

@@ -4,6 +4,17 @@
 
 ## Table of Contents
 
+- [cosmwasm/wasm/v1/authz.proto](#cosmwasm/wasm/v1/authz.proto)
+    - [AcceptedMessageKeysFilter](#cosmwasm.wasm.v1.AcceptedMessageKeysFilter)
+    - [AllowAllWildcard](#cosmwasm.wasm.v1.AllowAllWildcard)
+    - [ContractExecutionAuthorization](#cosmwasm.wasm.v1.ContractExecutionAuthorization)
+    - [ContractExecutionAuthorization.ContractExecutionGrant](#cosmwasm.wasm.v1.ContractExecutionAuthorization.ContractExecutionGrant)
+    - [ContractMigrationAuthorization](#cosmwasm.wasm.v1.ContractMigrationAuthorization)
+    - [ContractMigrationAuthorization.ContractMigrationGrant](#cosmwasm.wasm.v1.ContractMigrationAuthorization.ContractMigrationGrant)
+    - [InfiniteCalls](#cosmwasm.wasm.v1.InfiniteCalls)
+    - [MaxCalls](#cosmwasm.wasm.v1.MaxCalls)
+    - [MaxFunds](#cosmwasm.wasm.v1.MaxFunds)
+
 - [cosmwasm/wasm/v1/types.proto](#cosmwasm/wasm/v1/types.proto)
     - [AbsoluteTxPosition](#cosmwasm.wasm.v1.AbsoluteTxPosition)
     - [AccessConfig](#cosmwasm.wasm.v1.AccessConfig)
@@ -84,6 +95,157 @@
 
 
 
+<a name="cosmwasm/wasm/v1/authz.proto"></a>
+<p align="right"><a href="#top">Top</a></p>
+
+## cosmwasm/wasm/v1/authz.proto
+
+
+
+<a name="cosmwasm.wasm.v1.AcceptedMessageKeysFilter"></a>
+
+### AcceptedMessageKeysFilter
+AcceptedMessageKeysFilter accept specific contract message keys in the json
+object that can be executed
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `messages` | [string](#string) | repeated | Messages is the list of unique keys |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.AllowAllWildcard"></a>
+
+### AllowAllWildcard
+AllowAllWildcard is a wildcard to allow any type of contract execution
+message
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.ContractExecutionAuthorization"></a>
+
+### ContractExecutionAuthorization
+ContractExecutionAuthorization defines authorization for wasm execute.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `grants` | [ContractExecutionAuthorization.ContractExecutionGrant](#cosmwasm.wasm.v1.ContractExecutionAuthorization.ContractExecutionGrant) | repeated |  |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.ContractExecutionAuthorization.ContractExecutionGrant"></a>
+
+### ContractExecutionAuthorization.ContractExecutionGrant
+ContractExecutionGrant a granted execute permission for a single contract
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `contract` | [string](#string) |  | Contract is the address of the smart contract |
+| `infinite_calls` | [InfiniteCalls](#cosmwasm.wasm.v1.InfiniteCalls) |  |  |
+| `max_calls` | [MaxCalls](#cosmwasm.wasm.v1.MaxCalls) |  |  |
+| `max_funds` | [MaxFunds](#cosmwasm.wasm.v1.MaxFunds) |  |  |
+| `accepted_message_keys` | [AcceptedMessageKeysFilter](#cosmwasm.wasm.v1.AcceptedMessageKeysFilter) |  |  |
+| `allow_all_wildcard` | [AllowAllWildcard](#cosmwasm.wasm.v1.AllowAllWildcard) |  |  |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.ContractMigrationAuthorization"></a>
+
+### ContractMigrationAuthorization
+ContractMigrationAuthorization defines authorization for wasm contract
+migration.
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `grants` | [ContractMigrationAuthorization.ContractMigrationGrant](#cosmwasm.wasm.v1.ContractMigrationAuthorization.ContractMigrationGrant) | repeated |  |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.ContractMigrationAuthorization.ContractMigrationGrant"></a>
+
+### ContractMigrationAuthorization.ContractMigrationGrant
+ContractExecutionGrant a granted migrate permission for a single contract
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `contract` | [string](#string) |  | Contract is the address of the smart contract |
+| `infinite_calls` | [InfiniteCalls](#cosmwasm.wasm.v1.InfiniteCalls) |  |  |
+| `max_calls` | [MaxCalls](#cosmwasm.wasm.v1.MaxCalls) |  |  |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.InfiniteCalls"></a>
+
+### InfiniteCalls
+InfiniteCalls unlimited number of calls
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.MaxCalls"></a>
+
+### MaxCalls
+MaxCalls limited number of calls
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `remaining` | [uint64](#uint64) |  | Remaining number that is decremented on each execution |
+
+
+
+
+
+
+<a name="cosmwasm.wasm.v1.MaxFunds"></a>
+
+### MaxFunds
+MaxFunds defines the max amounts that can be sent to a contract
+
+
+| Field | Type | Label | Description |
+| ----- | ---- | ----- | ----------- |
+| `amounts` | [cosmos.base.v1beta1.Coin](#cosmos.base.v1beta1.Coin) | repeated |  |
+
+
+
+
+
+ <!-- end messages -->
+
+ <!-- end enums -->
+
+ <!-- end HasExtensions -->
+
+ <!-- end services -->
+
+
+
 <a name="cosmwasm/wasm/v1/types.proto"></a>
 <p align="right"><a href="#top">Top</a></p>
 

proto/cosmwasm/wasm/v1/authz.proto

@@ -0,0 +1,82 @@
+syntax = "proto3";
+package cosmwasm.wasm.v1;
+
+import "gogoproto/gogo.proto";
+import "cosmos_proto/cosmos.proto";
+import "cosmos/base/v1beta1/coin.proto";
+
+option go_package = "github.com/CosmWasm/wasmd/x/wasm/types";
+
+// ContractExecutionAuthorization defines authorization for wasm execute.
+message ContractExecutionAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  repeated ContractExecutionGrant grants = 1 [ (gogoproto.nullable) = false ];
+
+  // ContractExecutionGrant a granted execute permission for a single contract
+  message ContractExecutionGrant {
+    // Contract is the address of the smart contract
+    string contract = 1;
+
+    // ExecutionLimit specifies number of executions or spendable amounts
+    oneof execution_limit {
+      InfiniteCalls infinite_calls = 2;
+      MaxCalls max_calls = 3;
+      MaxFunds max_funds = 4;
+    }
+
+    // Filter rules to apply
+    oneof filter {
+      AcceptedMessageKeysFilter accepted_message_keys = 5;
+      AllowAllWildcard allow_all_wildcard = 6;
+    }
+  }
+}
+
+// ContractMigrationAuthorization defines authorization for wasm contract
+// migration.
+message ContractMigrationAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  repeated ContractMigrationGrant grants = 1 [ (gogoproto.nullable) = false ];
+
+  // ContractExecutionGrant a granted migrate permission for a single contract
+  message ContractMigrationGrant {
+    // Contract is the address of the smart contract
+    string contract = 1;
+
+    // MaxExecutions specifies the number of authorized migrations remaining
+    oneof max_executions {
+      InfiniteCalls infinite_calls = 2;
+      MaxCalls max_calls = 3;
+    }
+  }
+}
+
+// InfiniteCalls unlimited number of calls
+message InfiniteCalls {}
+
+// MaxCalls limited number of calls
+message MaxCalls {
+  // Remaining number that is decremented on each execution
+  uint64 remaining = 1;
+}
+
+// MaxFunds defines the max amounts that can be sent to a contract
+message MaxFunds {
+  repeated cosmos.base.v1beta1.Coin amounts = 1 [
+    (gogoproto.nullable) = false,
+    (gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coins"
+  ];
+}
+
+// AllowAllWildcard is a wildcard to allow any type of contract execution
+// message
+message AllowAllWildcard {}
+
+// AcceptedMessageKeysFilter accept specific contract message keys in the json
+// object that can be executed
+message AcceptedMessageKeysFilter {
+  // Messages is the list of unique keys
+  repeated string messages = 1;
+}

x/wasm/client/cli/tx.go

@@ -5,12 +5,14 @@ import (
 	"fmt"
 	"os"
 	"strconv"
+	"time"
 
 	"github.com/cosmos/cosmos-sdk/client"
 	"github.com/cosmos/cosmos-sdk/client/flags"
 	"github.com/cosmos/cosmos-sdk/client/tx"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
+	"github.com/cosmos/cosmos-sdk/x/authz"
 	"github.com/spf13/cobra"
 	flag "github.com/spf13/pflag"
 
@@ -28,6 +30,9 @@ const (
 	flagInstantiateNobody      = "instantiate-nobody"
 	flagInstantiateByAddress   = "instantiate-only-address"
 	flagProposalType           = "type"
+	flagAllowedMsgs            = "allow-msgs"
+	flagRunOnce                = "run-once"
+	flagExpiration             = "expiration"
 )
 
 // GetTxCmd returns the transaction commands for this module
@@ -46,6 +51,7 @@ func GetTxCmd() *cobra.Command {
 		MigrateContractCmd(),
 		UpdateContractAdminCmd(),
 		ClearContractAdminCmd(),
+		GrantAuthorizationCmd(),
 	)
 	return txCmd
 }
@@ -278,3 +284,59 @@ func parseExecuteArgs(contractAddr string, execMsg string, sender sdk.AccAddress
 		Msg:      []byte(execMsg),
 	}, nil
 }
+
+func GrantAuthorizationCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "grant [grantee] [contract_addr_bech32] --allow-msgs [msg1,msg2,...]",
+		Short: "Grant authorization to an address",
+		Args:  cobra.ExactArgs(2),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			clientCtx, err := client.GetClientTxContext(cmd)
+			if err != nil {
+				return err
+			}
+
+			grantee, err := sdk.AccAddressFromBech32(args[0])
+			if err != nil {
+				return err
+			}
+
+			contract, err := sdk.AccAddressFromBech32(args[1])
+			if err != nil {
+				return err
+			}
+
+			msgs, err := cmd.Flags().GetStringSlice(flagAllowedMsgs)
+			if err != nil {
+				return err
+			}
+
+			once, err := cmd.Flags().GetBool(flagRunOnce)
+			if err != nil {
+				return err
+			}
+
+			exp, err := cmd.Flags().GetInt64(flagExpiration)
+			if err != nil {
+				return err
+			}
+
+			authorization := types.NewContractAuthorization(contract, msgs, once)
+			if err = authorization.ValidateBasic(); err != nil {
+				return err
+			}
+
+			msg, err := authz.NewMsgGrant(clientCtx.GetFromAddress(), grantee, authorization, time.Unix(exp, 0))
+			if err != nil {
+				return err
+			}
+
+			return tx.GenerateOrBroadcastTxCLI(clientCtx, cmd.Flags(), msg)
+		},
+	}
+	flags.AddTxFlagsToCmd(cmd)
+	cmd.Flags().StringSlice(flagAllowedMsgs, []string{}, "Allowed msgs")
+	cmd.Flags().Bool(flagRunOnce, false, "Allow to execute only once")
+	cmd.Flags().Int64(flagExpiration, time.Now().AddDate(1, 0, 0).Unix(), "The Unix timestamp. Default is one year.")
+	return cmd
+}