Problem: authz module is risky

[yihuang]

Solution:

• it's already disabled in mempool in v1.0.x, now remove completely in v1.1.x.

👮🏻👮🏻👮🏻 !!!! REFERENCE THE PROBLEM YOUR ARE SOLVING IN THE PR TITLE AND DESCRIBE YOUR SOLUTION HERE !!!! DO NOT FORGET !!!! 👮🏻👮🏻👮🏻

PR Checklist:

• Have you read the CONTRIBUTING.md?
• Does your PR follow the C4 patch requirements?
• Have you rebased your work on top of the latest master?
• Have you checked your code compiles? (make)
• Have you included tests for any non-trivial functionality?
• Have you checked your code passes the unit tests? (make test)
• Have you checked your code formatting is correct? (go fmt)
• Have you checked your basic code style is fine? (golangci-lint run)
• If you added any dependencies, have you checked they do not contain any known vulnerabilities? (go list -json -m all | nancy sleuth)
• If your changes affect the client infrastructure, have you run the integration test?
• If your changes affect public APIs, does your PR follow the C4 evolution of public contracts?
• If your code changes public APIs, have you incremented the crate version numbers and documented your changes in the CHANGELOG.md?
• If you are contributing for the first time, please read the agreement in CONTRIBUTING.md now and add a comment to this pull request stating that your PR is in accordance with the Developer's Certificate of Origin.

Thank you for your code, it's appreciated! :)

Summary by CodeRabbit

• Bug Fixes

  • Removed deprecated authorization module to streamline permissions and access controls within the app.

• Refactor

  • Eliminated unused code related to the authorization module, enhancing app performance and maintainability.

• Documentation

  • Updated CHANGELOG.md to reflect significant changes in authorization logic.

[coderabbitai]

Walkthrough

The unidiff snippets indicate the complete removal of the "authz" module from the codebase, signifying a significant alteration to the logic and functionality of the application, particularly in the area related to authorization. This involves the removal of related imports, module declarations, and initializations across various files, reflecting a substantial shift in how the application handles authorization.

Changes

File Path	Change Summary
CHANGELOG.md	Removed authz module in PR #1274, signifying a significant alteration to the logic and functionality of the codebase related to authorization.
app/app.go	Removed authz related imports, module basics, store keys, and initializations.
app/upgrades.go	Added import authzkeeper and updated storeUpgrades logic to delete authz store under specific conditions.
store/rootmulti/store.go	Refactored logic for processing upgrades, replacing switch statement with conditional checks on the upgrades parameter.

🐇✨
Changes abound, the authz is gone,
Code hops away, a new dawn upon.
In files, it's clear, the module's no trace,
A rabbit's cheer, for cleaner code space. 🌟📜

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat with CodeRabbit Bot (@coderabbitai)

• You can directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
• You can tag CodeRabbit on specific lines of code or entire files in the PR by tagging @coderabbitai in a comment. Examples:
  • @coderabbitai generate unit tests for this file
  • @coderabbitai modularize this function
• You can tag @coderabbitai in a PR comment and ask questions about the PR and the codebase. Use quoted replies to pass the context for follow-up questions. Examples:
  • @coderabbitai gather interesting statistics about this repository and render them in a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai generate unit tests for the src/utils.ts file.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between b47e5c1 and c7a2da7.

Files selected for processing (3)

• CHANGELOG.md (1 hunks)
• app/app.go (9 hunks)
• app/upgrades.go (2 hunks)

Additional comments: 11

app/upgrades.go (2)

• 12-12: The addition of the authztypes import is necessary for the removal of the authz module's store. Ensure that this import is used elsewhere in the file as intended and that there are no references to authz left that would require this import.

• 149-158: The addition of authztypes.StoreKey to the Deleted field of storeUpgrades for both the mainnet and testnet upgrade plans is consistent with the objective of removing the authz module. Verify that the upgrade logic has been tested and that the deletion of the authz store does not affect other parts of the system unexpectedly.

CHANGELOG.md (1)

• 6-6: The update to the CHANGELOG.md correctly reflects the significant change of removing the authz module in pull request Problem: authz module is risky #1274.

app/app.go (8)

• 248-253: The removal of the authz module from GenModuleBasics aligns with the PR objective to remove the authz module from the codebase. Ensure that dependent modules and functionalities are not affected by this removal.

• 278-281: The removal of authz related keys from the StoreKeys function is consistent with the PR objective. Ensure that there are no remaining references to these keys elsewhere in the codebase that could cause runtime errors.

• 340-344: The removal of authz related keepers from the App struct is consistent with the PR objective. Ensure that there are no remaining references to these keepers or methods that were specifically used by the authz module.

• 462-467: The removal of authz related functionality from the App struct's initialization is consistent with the PR objective. Ensure that the initialization sequence of other modules is not disrupted by this change.

• 697-702: The removal of the authz module from the NewAppModule function calls is consistent with the PR objective. Confirm that the app module's functionality remains intact and that no other modules depend on the authz module.

• 728-733: The removal of the authz module from the SetOrderBeginBlockers function calls is consistent with the PR objective. Ensure that the order of operations during the begin block is not negatively impacted by this change.

• 750-755: The removal of the authz module from the SetOrderEndBlockers function calls is consistent with the PR objective. Confirm that the order of operations during the end block remains correct and that no dependencies on the authz module exist.

• 783-788: The removal of the authz module from the SetOrderInitGenesis function calls is consistent with the PR objective. Ensure that the initialization of the genesis state for other modules is not affected by this change.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between c7a2da7 and 4835b64.

Files selected for processing (1)

• CHANGELOG.md (1 hunks)

Files skipped from review due to trivial changes (1)

• CHANGELOG.md

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 4835b64 and 71e8f60.

Files selected for processing (1)

• app/upgrades.go (2 hunks)

Files skipped from review as they are similar to previous changes (1)

• app/upgrades.go

[codecov]

Codecov Report

Attention: 10 lines in your changes are missing coverage. Please review.

Comparison is base (345f564) 16.02% compared to head (8b0c5af) 35.77%.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #1274       +/-   ##
===========================================
+ Coverage   16.02%   35.77%   +19.75%     
===========================================
  Files          80      116       +36     
  Lines        6184    10663     +4479     
===========================================
+ Hits          991     3815     +2824     
- Misses       5114     6471     +1357     
- Partials       79      377      +298     

Files	Coverage Δ
app/upgrades.go	38.39% <0.00%> (-3.77%)	⬇️

... and 54 files with indirect coverage changes

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 71e8f60 and e78d2fb.

Files selected for processing (1)

• CHANGELOG.md (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• CHANGELOG.md

[mmsqe]

seems get wrong Block.Header.AppHash in upgrade test

[yihuang]

seems get wrong Block.Header.AppHash in upgrade test

yeah, maybe some inconsistency between memiavl and iavl handling deletion of store.

[coderabbitai]

Review Status

Actionable comments generated: 1

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between e78d2fb and 8b0c5af.

Files selected for processing (1)

• store/rootmulti/store.go (2 hunks)

Additional comments: 1

store/rootmulti/store.go (1)

• 371-373: The addition of an else block to initialize lastCommitInfo as an empty types.CommitInfo struct when the database version is 0 is a good safety measure. This ensures that lastCommitInfo is never left uninitialized, which could prevent potential nil pointer dereferences.