Fix obj-caps facility #2018
Fix obj-caps facility #2018
Conversation
hu55a1n1
force-pushed
the
hu55a1n1/2013-improve-obj-caps
branch
from
c4d31de to
7fe7da1
Compare
| } | ||
|
|
||
| pub trait CapabilityReader { | ||
| pub trait CapabilityReader<M: Into<ModuleId>> { |
There was a problem hiding this comment.
This is the main change in this PR. CapabilityReader and CapabilityKeeper are now generic over ModuleId. This follows from the intuition that they are always scoped to a module and the library never makes calls to the underlying host system's (unscoped) CapabilityReader.
I experimented with two other designs - one with a composition style approach (see ec20b5a) and another with a freestanding CapabilityReader with a blanket scoped implementation, but both those designs proved to be unwieldy. The benefit of this approach is that it makes the least assumptions on the host's capability system and allows users to write a blanket implementation for all modules.
| } | ||
| } | ||
|
|
||
| pub trait PortKeeper: CapabilityKeeper + PortReader { | ||
| pub trait PortCapabilityKeeper<M: Into<ModuleId>>: |
There was a problem hiding this comment.
PortCapabilityKeeper and ChannelCapabilityKeeper have been extracted out of Port/ChannelKeeper. These traits only have provided methods and are provided for convenience.
| @@ -37,6 +37,7 @@ pub enum Path { | |||
| Connections(ConnectionsPath), | |||
| Ports(PortsPath), | |||
| ChannelEnds(ChannelEndsPath), | |||
| ChannelCapability(ChannelCapabilityPath), | |||
There was a problem hiding this comment.
This is a new Path that defines a key for the channel capability in the persistent store.
| @@ -31,9 +44,12 @@ pub trait Ics26Context: | |||
| + ConnectionKeeper | |||
| + ChannelKeeper | |||
| + ChannelReader | |||
| + PortReader | |||
| + ChannelCapabilityKeeper<CoreModuleId, Capability = <Self as Ics26Context>::Capability> | |||
There was a problem hiding this comment.
All Capability related keepers that the Ics26Context depends on, are scoped to the CoreModule and all associated Capability types are bound to be the same.
| fn from(index: u64) -> Self { | ||
| Self { index } | ||
| } | ||
| pub trait Capability { |
There was a problem hiding this comment.
Capability is a trait now so the host system is free to define it's own non-forgeable and secure Capability type.
| @@ -125,14 +136,18 @@ pub(crate) fn process( | |||
| // Transition the channel end to the new state & pick a version. | |||
| new_channel_end.set_state(State::TryOpen); | |||
|
|
|||
| let (channel_id_state, channel_cap) = if msg.previous_channel_id.is_none() { | |||
There was a problem hiding this comment.
We only create a new capability if a previous_channel_id isn't specified.
| Self::new( | ||
| ChainId::new("mockgaia".to_string(), 0), | ||
| HostType::Mock, | ||
| 5, | ||
| Height::new(0, 5), | ||
| ) | ||
| .with_router(dummy_router(ocap.clone())) |
There was a problem hiding this comment.
The default implementation now comes with a dummy_router() and an ocap system where the default port is already owned by the DummyModule. This setup simplifies handler tests.
| } | ||
| } | ||
|
|
||
| impl Clone for MockContext { |
There was a problem hiding this comment.
We manually implement Clone because ocap is a pointer. This implementation sets up the ocap pointer to it's initial state as per the Default impl.
| @@ -365,7 +424,27 @@ impl MockContext { | |||
| channel_end: ChannelEnd, | |||
| ) -> Self { | |||
| let mut channels = self.channels.clone(); | |||
| channels.insert((port_id, chan_id), channel_end); | |||
| channels.insert((port_id.clone(), chan_id), channel_end); | |||
| let (module_id, _) = self | |||
There was a problem hiding this comment.
Adding a channel automatically creates a new associated capability and is claimed by the module that owns the port capability.
| @@ -124,19 +128,60 @@ pub struct MockContext { | |||
|
|
|||
| /// ICS26 router impl | |||
| router: MockRouter, | |||
|
|
|||
| /// Object capabilites impl | |||
| ocap: Arc<Mutex<MockOCap>>, | |||
There was a problem hiding this comment.
This must be shared across modules, hence the Arc<Mutex<>>
| @@ -32,7 +32,8 @@ pub fn send_packet(ctx: &dyn ChannelReader, packet: Packet) -> HandlerResult<Pac | |||
| return Err(Error::channel_closed(packet.source_channel)); | |||
| } | |||
|
|
|||
| let _channel_cap = ctx.authenticated_capability(&packet.source_port)?; | |||
| // Fixme(hu55a1n1) | |||
There was a problem hiding this comment.
To fix this, we would need Ics20Context to have access to a scoped CapabilityReader and since there's already a PR for ICS20 impl, I updated the PR author checklist to include this -> #1989.
|
@hu55a1n1 Shall we close this now that we've decided not go forward with the OCap model for the time being? |
Closes: cosmos/ibc-rs#53
Description
PR author checklist:
unclog.docs/).Reviewer checklist:
Files changedin the GitHub PR explorer.