Optional parties and party/signer/role validation overhaul

CHANGELOG.md

@@ -44,6 +44,9 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * Publish Provenance Protobuf API as a NPM module [#1449](https://github.com/provenance-io/provenance/issues/1449).
 * Add support for account addresses by attribute name lookup [#1447](https://github.com/provenance-io/provenance/issues/1447).
 * Add allow forced transfers support to creating markers from smart contracts [#1458](https://github.com/provenance-io/provenance/issues/1458).
+* Metadata party rollup and optional parties [#1438](https://github.com/provenance-io/provenance/issues/1438).
+* Repeated roles in a spec require multiple different parties [#1437](https://github.com/provenance-io/provenance/issues/1437).
+* The `PROVENANCE` role can only be used by smart contract addresses, and vice versa [#1381](https://github.com/provenance-io/provenance/issues/1381).
 
 ### Improvements
 
@@ -55,6 +58,9 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * Add attribute cli command to query account addresses by attribute name [#1451](https://github.com/provenance-io/provenance/issues/1451).
 * Add removal of attributes from accounts on name deletion [#1410](https://github.com/provenance-io/provenance/issues/1410).
 
+### Deprecated
+
+* The `MsgWriteRecordRequest.parties` field has been deprecated and is ignored. The parties in question are identified by the session [PR 1453](https://github.com/provenance-io/provenance/pull/1453).
 
 ### Bug Fixes
 
@@ -68,11 +74,17 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * Removed the `WriteP8eContractSpec` and `P8eMemorializeContract` endpoints [#1402](https://github.com/provenance-io/provenance/issues/1402).
 * Removed the `github.com/provenance-io/provenance/x/metadata/types/p8e` proto package [#1402](https://github.com/provenance-io/provenance/issues/1402).
   Users that generate code from the Provenance protos might need to delete their `p8e/` directory.
+* The `write-scope` CLI command now takes in `[owners]` as semicolon-delimited parties (instead of comma-delimited `[owner-addresses]`) [PR 1453](https://github.com/provenance-io/provenance/pull/1453).
 
 ### API Breaking
 
 * Removed the `WriteP8eContractSpec` and `P8eMemorializeContract` endpoints [#1402](https://github.com/provenance-io/provenance/issues/1402).
 
+### State Machine Breaking
+
+* The `AddScopeOwner` endpoint now adds a new owner party even if an owner already exists in the scope with that address [PR 1453](https://github.com/provenance-io/provenance/pull/1453).
+  I.e. it no longer updates the role of an existing owner with the same address.
+
 ---
 
 ## [v1.14.1](https://github.com/provenance-io/provenance/releases/tag/v1.14.1) - 2023-02-28

Makefile

@@ -593,7 +593,12 @@ proto-format:
 		docker start -a $(containerProtoFmt); \
 	else \
 		docker run --name $(containerProtoFmt) -v $(CURDIR):/workspace --workdir /workspace tendermintdev/docker-build-proto \
-			find ./ -not -path "./third_party/*" -name *.proto -exec clang-format -i {} \; ; \
+			find . \
+				-not -path './third_party/*' \
+				-not -path './vendor/*' \
+				-not -path './protoBindings/*' \
+				-name '*.proto' \
+				-exec clang-format -i {} \; ; \
 	fi
 
 proto-lint:

docs/proto-docs.md

@@ -3053,6 +3053,7 @@ A Party is an address with/in a given role associated with a contract
 | ----- | ---- | ----- | ----------- |
 | `address` | [string](#string) |  | address of the account (on chain) |
 | `role` | [PartyType](#provenance.metadata.v1.PartyType) |  | a role for this account within the context of the processes used |
+| `optional` | [bool](#bool) |  | whether this party's signature is optional |
 
 
 
@@ -3143,8 +3144,9 @@ Scope defines a root reference for a collection of records owned by one or more
 | `scope_id` | [bytes](#bytes) |  | Unique ID for this scope. Implements sdk.Address interface for use where addresses are required in Cosmos |
 | `specification_id` | [bytes](#bytes) |  | the scope specification that contains the specifications for data elements allowed within this scope |
 | `owners` | [Party](#provenance.metadata.v1.Party) | repeated | These parties represent top level owners of the records within. These parties must sign any requests that modify the data within the scope. These addresses are in union with parties listed on the sessions. |
-| `data_access` | [string](#string) | repeated | Addessses in this list are authorized to recieve off-chain data associated with this scope. |
+| `data_access` | [string](#string) | repeated | Addresses in this list are authorized to receive off-chain data associated with this scope. |
 | `value_owner_address` | [string](#string) |  | An address that controls the value associated with this scope. Standard blockchain accounts and marker accounts are supported for this value. This attribute may only be changed by the entity indicated once it is set. |
+| `require_party_rollup` | [bool](#bool) |  | Whether all parties in this scope and its sessions must be present in this scope's owners field. This also enables use of optional=true scope owners and session parties. |
 
 
 
@@ -3154,11 +3156,10 @@ Scope defines a root reference for a collection of records owned by one or more
 <a name="provenance.metadata.v1.Session"></a>
 
 ### Session
-A Session is created for an execution context against a specific specification instance
+Session defines an execution context against a specific specification instance.
+The context will have a specification and set of parties involved.
 
-The context will have a specification and set of parties involved.  The Session may be updated several
-times so long as the parties listed are signers on the transaction.  NOTE: When there are no Records within a Scope
-that reference a Session it is removed.
+NOTE: When there are no more Records within a Scope that reference a Session, the Session is removed.
 
 
 | Field | Type | Label | Description |
@@ -3198,7 +3199,7 @@ ResultStatus indicates the various states of execution of a record
 | Name | Number | Description |
 | ---- | ------ | ----------- |
 | RESULT_STATUS_UNSPECIFIED | 0 | RESULT_STATUS_UNSPECIFIED indicates an unset condition |
-| RESULT_STATUS_PASS | 1 | RESULT_STATUS_PASS indicates the execution was successfult |
+| RESULT_STATUS_PASS | 1 | RESULT_STATUS_PASS indicates the execution was successful |
 | RESULT_STATUS_SKIP | 2 | RESULT_STATUS_SKIP indicates condition/consideration was skipped due to missing inputs or delayed execution |
 | RESULT_STATUS_FAIL | 3 | RESULT_STATUS_FAIL indicates the execution of the condition/consideration failed. |
 
@@ -4233,7 +4234,7 @@ MsgAddScopeOwnerRequest is the request to add owner AccAddress to scope
 | Field | Type | Label | Description |
 | ----- | ---- | ----- | ----------- |
 | `scope_id` | [bytes](#bytes) |  | scope MetadataAddress for updating data access |
-| `owners` | [Party](#provenance.metadata.v1.Party) | repeated | AccAddress owner addresses to be added to scope |
+| `owners` | [Party](#provenance.metadata.v1.Party) | repeated | owner parties to add to the scope |
 | `signers` | [string](#string) | repeated | signers is the list of address of those signing this request. |
 
 
@@ -4597,7 +4598,7 @@ MsgWriteRecordRequest is the request type for the Msg/WriteRecord RPC method.
 | `signers` | [string](#string) | repeated | signers is the list of address of those signing this request. |
 | `session_id_components` | [SessionIdComponents](#provenance.metadata.v1.SessionIdComponents) |  | SessionIDComponents is an optional (alternate) way of defining what the session_id should be in the provided record. If provided, it must have both a scope and session_uuid. Those components will be used to create the MetadataAddress for the session which will override the session_id in the provided record. If not provided (or all empty), nothing special happens. If there is a value in record.session_id that is different from the one created from these components, an error is returned. |
 | `contract_spec_uuid` | [string](#string) |  | contract_spec_uuid is an optional contract specification uuid string, e.g. "def6bc0a-c9dd-4874-948f-5206e6060a84" If provided, it will be combined with the record name to generate the MetadataAddress for the record specification which will override the specification_id in the provided record. If not provided (or it is an empty string), nothing special happens. If there is a value in record.specification_id that is different from the one created from this uuid and record.name, an error is returned. |
-| `parties` | [Party](#provenance.metadata.v1.Party) | repeated | parties is the list of parties involved with this record. |
+| `parties` | [Party](#provenance.metadata.v1.Party) | repeated | parties is the list of parties involved with this record. Deprecated: This field is ignored. The parties are identified in the session and as signers. |
 
 
 
@@ -4783,8 +4784,8 @@ Msg defines the Metadata Msg service.
 | `DeleteScope` | [MsgDeleteScopeRequest](#provenance.metadata.v1.MsgDeleteScopeRequest) | [MsgDeleteScopeResponse](#provenance.metadata.v1.MsgDeleteScopeResponse) | DeleteScope deletes a scope and all associated Records, Sessions. | |
 | `AddScopeDataAccess` | [MsgAddScopeDataAccessRequest](#provenance.metadata.v1.MsgAddScopeDataAccessRequest) | [MsgAddScopeDataAccessResponse](#provenance.metadata.v1.MsgAddScopeDataAccessResponse) | AddScopeDataAccess adds data access AccAddress to scope | |
 | `DeleteScopeDataAccess` | [MsgDeleteScopeDataAccessRequest](#provenance.metadata.v1.MsgDeleteScopeDataAccessRequest) | [MsgDeleteScopeDataAccessResponse](#provenance.metadata.v1.MsgDeleteScopeDataAccessResponse) | DeleteScopeDataAccess removes data access AccAddress from scope | |
-| `AddScopeOwner` | [MsgAddScopeOwnerRequest](#provenance.metadata.v1.MsgAddScopeOwnerRequest) | [MsgAddScopeOwnerResponse](#provenance.metadata.v1.MsgAddScopeOwnerResponse) | AddScopeOwner adds new owner AccAddress to scope | |
-| `DeleteScopeOwner` | [MsgDeleteScopeOwnerRequest](#provenance.metadata.v1.MsgDeleteScopeOwnerRequest) | [MsgDeleteScopeOwnerResponse](#provenance.metadata.v1.MsgDeleteScopeOwnerResponse) | DeleteScopeOwner removes data access AccAddress from scope | |
+| `AddScopeOwner` | [MsgAddScopeOwnerRequest](#provenance.metadata.v1.MsgAddScopeOwnerRequest) | [MsgAddScopeOwnerResponse](#provenance.metadata.v1.MsgAddScopeOwnerResponse) | AddScopeOwner adds new owner parties to a scope | |
+| `DeleteScopeOwner` | [MsgDeleteScopeOwnerRequest](#provenance.metadata.v1.MsgDeleteScopeOwnerRequest) | [MsgDeleteScopeOwnerResponse](#provenance.metadata.v1.MsgDeleteScopeOwnerResponse) | DeleteScopeOwner removes owner parties (by addresses) from a scope | |
 | `WriteSession` | [MsgWriteSessionRequest](#provenance.metadata.v1.MsgWriteSessionRequest) | [MsgWriteSessionResponse](#provenance.metadata.v1.MsgWriteSessionResponse) | WriteSession adds or updates a session context. | |
 | `WriteRecord` | [MsgWriteRecordRequest](#provenance.metadata.v1.MsgWriteRecordRequest) | [MsgWriteRecordResponse](#provenance.metadata.v1.MsgWriteRecordResponse) | WriteRecord adds or updates a record. | |
 | `DeleteRecord` | [MsgDeleteRecordRequest](#provenance.metadata.v1.MsgDeleteRecordRequest) | [MsgDeleteRecordResponse](#provenance.metadata.v1.MsgDeleteRecordResponse) | DeleteRecord deletes a record. | |

proto/provenance/metadata/v1/scope.proto

@@ -85,20 +85,20 @@ message Scope {
   // These parties represent top level owners of the records within.  These parties must sign any requests that modify
   // the data within the scope.  These addresses are in union with parties listed on the sessions.
   repeated Party owners = 3 [(gogoproto.nullable) = false];
-  // Addessses in this list are authorized to recieve off-chain data associated with this scope.
+  // Addresses in this list are authorized to receive off-chain data associated with this scope.
   repeated string data_access = 4 [(gogoproto.moretags) = "yaml:\"data_access\""];
   // An address that controls the value associated with this scope.  Standard blockchain accounts and marker accounts
   // are supported for this value.  This attribute may only be changed by the entity indicated once it is set.
   string value_owner_address = 5 [(gogoproto.moretags) = "yaml:\"value_owner_address\""];
+  // Whether all parties in this scope and its sessions must be present in this scope's owners field.
+  // This also enables use of optional=true scope owners and session parties.
+  bool require_party_rollup = 6 [(gogoproto.moretags) = "yaml:\"require_party_rollup\""];
 }
 
-/*
-A Session is created for an execution context against a specific specification instance
-
-The context will have a specification and set of parties involved.  The Session may be updated several
-times so long as the parties listed are signers on the transaction.  NOTE: When there are no Records within a Scope
-that reference a Session it is removed.
-*/
+// Session defines an execution context against a specific specification instance.
+// The context will have a specification and set of parties involved.
+//
+// NOTE: When there are no more Records within a Scope that reference a Session, the Session is removed.
 message Session {
   option (gogoproto.goproto_stringer) = false;
 
@@ -207,7 +207,7 @@ message RecordOutput {
 enum ResultStatus {
   // RESULT_STATUS_UNSPECIFIED indicates an unset condition
   RESULT_STATUS_UNSPECIFIED = 0;
-  // RESULT_STATUS_PASS indicates the execution was successfult
+  // RESULT_STATUS_PASS indicates the execution was successful
   RESULT_STATUS_PASS = 1;
   // RESULT_STATUS_SKIP indicates condition/consideration was skipped due to missing inputs or delayed execution
   RESULT_STATUS_SKIP = 2;
@@ -223,6 +223,8 @@ message Party {
   string address = 1;
   // a role for this account within the context of the processes used
   PartyType role = 2;
+  // whether this party's signature is optional
+  bool optional = 3;
 }
 
 // AuditFields capture information about the last account to make modifications and when they were made