iroha icon indicating copy to clipboard operation
iroha copied to clipboard
verified publisher icon hyperledger

feat: improve multisig utility and usability

Open s8sato opened this issue 1 year ago • 4 comments

BREAKING CHANGES:

  • (api-changes) CanRegisterAnyTrigger CanUnregisterAnyTrigger permission
  • (config-changes) defaults/genesis.json assumes wasm_triggers[*].action.executable is prebuilt under wasm_samples/target/prebuilt/

Major commits:

  • feat: support multisig recursion
  • feat: introduce multisig quorum and weights
  • feat: add multisig subcommand to client CLI
  • feat: introduce multisig transaction time-to-live
  • feat: predefine multisig world-level trigger in genesis
  • feat: allow accounts in domain to register multisig accounts

Context

  • Partially resolves #4930

Solution

Each commit is explained below, starting with the most recent. You can see the commit history here

feat: support multisig recursion

Allows multisig to function hierarchically, expected to be useful for e.g. automating organizational approval flows.

  • When a multisig transaction proposed, every subordinate node (multisig account and corresponding transactions registry) automatically get ready to accept approvals that will be coming up from individual signatories
  • Using CLI, individual signatories can query all pending multisig transactions they are involved in, not only those proposed to their direct multisig account

Tests:

cargo test -p iroha integration::multisig::multisig_recursion
bash scripts/tests/multisig.recursion.sh

feat: introduce multisig quorum and weights

Inspired by Sui's multisig. Allows for flexible, if not completely free, authentication policies beyond "m of n". For example, weight equivalent to quorum represents administrative privileges

feat: add multisig subcommand to client CLI

$ cargo build
$ ./target/debug/iroha multisig

The subcommand related to multisig accounts and transactions

Usage: iroha multisig <COMMAND>

Commands:
  register  Register a multisig account
  propose   Propose a multisig transaction
  approve   Approve a multisig transaction
  list      List pending multisig transactions relevant to you
  help      Print this message or the help of the given subcommand(s)

Options:
  -h, --help  Print help

You can see more usage in the testing script

feat: introduce multisig transaction time-to-live

Considers the latest block timestamp as the current time and determines timeout, when the transactions registry is called

feat: predefine multisig world-level trigger in genesis

Defines a global trigger in genesis that exercises authority over all domains. There will be three types of triggers on the system side related to multisig:

  • Domains initializer has world-level authority and in response to a domain creation event, registers an accounts registry handled by the domain owner authority
  • Accounts registry has domain-level authority and when called by a domain resident, registers a multisig account along with a transactions registry
  • Transactions registry has account-level authority and when called by a multisig signatory, accepts proposals or approvals for multisig transactions, and is responsible for executing them

feat: allow accounts in domain to register multisig accounts

Accounts registry has authority of the domain owner, so access was previously restricted. This commit allows anyone to organize any multisig account within the domain.

This may be too lenient. Discussion

Review notes

To get an overview,

cargo test -p iroha integration::multisig::multisig
bash scripts/tests/multisig.sh

sequenceDiagram
    autonumber
    participant oo as etc.
    participant DI as Domains Initializer
    Note over DI: /world
    oo-->>DI: domain created
    create participant AR as Accounts Registry
    DI-->>AR: register
    Note over AR: /world/domain
    create actor s0 as signatory 0
    oo->>s0: register
    create actor s1 as signatory 1
    oo->>s1: register
    s0->>AR: request new ms account
    create actor 01 as ms account 01
    AR-->>01: register
    create participant TR as Transactions Registry
    AR-->>TR: register
    AR-->>s0: grant ms role
    AR-->>s1: grant ms role
    Note over 01,TR: /world/domain/account
    s1->>TR: propose instructions
    create participant tx as pending ms transaction
    TR-->>tx: deploy ms transaction
    s0->>TR: approve instructions
    destroy tx
    TR-->>tx: execute instructions

The dotted line indicates an automatic process

Checklist

  • [x] I've read CONTRIBUTING.md.
  • [x] I've written integration tests for the code changes.
  • [ ] All review comments have been resolved.

s8sato avatar Sep 03 '24 00:09 s8sato

@BAStos525

github-actions[bot] avatar Sep 03 '24 00:09 github-actions[bot]

Genesis needs to be updated

nxsaken avatar Sep 03 '24 08:09 nxsaken

Updates:

  • review doc: add a reference to multisig recursion diagram
  • review fix: signatories and weights must be equal in length
  • review fix: condition to rebuild multisig subordinate triggers
  • review fix: genesis.json includes not wasm blobs but hashes
  • review fix: autofill multisig account domains
  • review fix: avoid name collisions of multisig role and triggers
  • review fix: perpetuate multisig domain-level authority
  • review fix: add a domain for domain-free system accounts

commit history

Notes:

  • Currently script tests (scripts/tests/multisig.*) are failing after rebase for some reason

s8sato avatar Oct 03 '24 07:10 s8sato

Updates:

  • review fix: exception for multisig role registration
  • review fix: give genesis.json a special field to register wasm triggers
  • DROP: review fix: genesis.json includes not wasm blobs but hashes
  • EDIT: review fix: avoid name collisions of multisig role and triggers

commit history

Notes:

  • Currently script tests (scripts/tests/multisig.*) are failing after rebase for some reason

    This was because only integration tests passed due to my overlook of privileged Alice in TestGenesis. Fixed

  • Stopped pursuing the cause of the failing integration::extra_functional::restart_peer::restarted_peer_should_have_the_same_asset_amount

s8sato avatar Oct 08 '24 14:10 s8sato

Major updates:

  • accept transaction_ttl as humantime::Duration and convert to milliseconds
  • hide system entities configuration from kagami::genesis::generate
  • reorganize wasm_samples, remove multisig_*/build.rs
  • create dedicated iroha_multisig_data_model crate

Minor updates are fixed up with existing commits.

commit history

Notes:

  • genesis_block_builder_example is failing to compile for some reason. Left to another PR

I'd address further feedbacks in another PR of #4930. This PR is already enough hard to maintain

s8sato avatar Oct 22 '24 04:10 s8sato

Updates:

  • fix CI to build, upload and download wasm libraries
    • may become a cost on CI @BAStos525
  • FIXUP: make a wasm trigger executable path relative to genesis.json directory
  • FIXUP: hide system entity configurations from kagami::genesis::generate
  • EDIT: review fix: give genesis.json a special field to register wasm triggers

commit history

Notes:

image

  • Does this have something to do with the repository change?

    When an outside contributor submits a pull request to a public repository, a maintainer with write access may need to approve some workflow runs.

    EDIT: resolved by joining the organization

s8sato avatar Oct 25 '24 19:10 s8sato

image

This request was automatically failed because there were no enabled runners online to process the request for more than 1 days.

Every failing job runs-on: [self-hosted, Linux, iroha2]. It seems they depend on runners not available atm

s8sato avatar Oct 28 '24 06:10 s8sato

Afterword: I think it was not a good practice to keep a single commit during review, which was remnants of our Rebase and merge days. Now that we Squash and merge, I'd separate commits to some extent

s8sato avatar Oct 31 '24 06:10 s8sato