feat: add MsgAddAuthorization to add or update and authorization and …

…MsgRemoveAuthorization to remove a authorization (#2305)

changelog.md

@@ -22,6 +22,7 @@
 * [2275](https://github.com/zeta-chain/node/pull/2275) - add ChainInfo singleton state variable in authority
 * [2291](https://github.com/zeta-chain/node/pull/2291) - initialize cctx gateway interface
 * [2289](https://github.com/zeta-chain/node/pull/2289) - add an authorization list to keep track of all authorizations on the chain
+* [2305](https://github.com/zeta-chain/node/pull/2305) - add new messages `MsgAddAuthorization` and `MsgRemoveAuthorization` that can be used to update the authorization list
 
 ### Refactor
 

docs/cli/zetacored/zetacored_tx_authority.md

@@ -26,6 +26,8 @@ zetacored tx authority [flags]
 ### SEE ALSO
 
 * [zetacored tx](zetacored_tx.md)	 - Transactions subcommands
+* [zetacored tx authority add-authorization](zetacored_tx_authority_add-authorization.md)	 - Add a new authorization or update the policy of an existing authorization. Policy type can be 0 for groupEmergency, 1 for groupOperational, 2 for groupAdmin.
+* [zetacored tx authority remove-authorization](zetacored_tx_authority_remove-authorization.md)	 - removes an existing authorization
 * [zetacored tx authority update-chain-info](zetacored_tx_authority_update-chain-info.md)	 - Update the chain info
-* [zetacored tx authority update-policies](zetacored_tx_authority_update-policies.md)	 - Update the policies
+* [zetacored tx authority update-policies](zetacored_tx_authority_update-policies.md)	 - Update policies to values provided in the JSON file.
 

docs/cli/zetacored/zetacored_tx_authority_add-authorization.md

@@ -0,0 +1,53 @@
+# tx authority add-authorization
+
+Add a new authorization or update the policy of an existing authorization. Policy type can be 0 for groupEmergency, 1 for groupOperational, 2 for groupAdmin.
+
+```
+zetacored tx authority add-authorization [msg-url] [authorized-policy] [flags]
+```
+
+### Options
+
+```
+  -a, --account-number uint      The account number of the signing account (offline mode only)
+      --aux                      Generate aux signer data instead of sending a tx
+  -b, --broadcast-mode string    Transaction broadcasting mode (sync|async) 
+      --chain-id string          The network chain ID
+      --dry-run                  ignore the --gas flag and perform a simulation of a transaction, but don't broadcast it (when enabled, the local Keybase is not accessible)
+      --fee-granter string       Fee granter grants fees for the transaction
+      --fee-payer string         Fee payer pays fees for the transaction instead of deducting from the signer
+      --fees string              Fees to pay along with transaction; eg: 10uatom
+      --from string              Name or address of private key with which to sign
+      --gas string               gas limit to set per-transaction; set to "auto" to calculate sufficient gas automatically. Note: "auto" option doesn't always report accurate results. Set a valid coin value to adjust the result. Can be used instead of "fees". (default 200000)
+      --gas-adjustment float     adjustment factor to be multiplied against the estimate returned by the tx simulation; if the gas limit is set manually this flag is ignored  (default 1)
+      --gas-prices string        Gas prices in decimal format to determine the transaction fee (e.g. 0.1uatom)
+      --generate-only            Build an unsigned transaction and write it to STDOUT (when enabled, the local Keybase only accessed when providing a key name)
+  -h, --help                     help for add-authorization
+      --keyring-backend string   Select keyring's backend (os|file|kwallet|pass|test|memory) 
+      --keyring-dir string       The client Keyring directory; if omitted, the default 'home' directory will be used
+      --ledger                   Use a connected Ledger device
+      --node string              [host]:[port] to tendermint rpc interface for this chain 
+      --note string              Note to add a description to the transaction (previously --memo)
+      --offline                  Offline mode (does not allow any online functionality)
+  -o, --output string            Output format (text|json) 
+  -s, --sequence uint            The sequence number of the signing account (offline mode only)
+      --sign-mode string         Choose sign mode (direct|amino-json|direct-aux), this is an advanced feature
+      --timeout-height uint      Set a block timeout height to prevent the tx from being committed past a certain height
+      --tip string               Tip is the amount that is going to be transferred to the fee payer on the target chain. This flag is only valid when used with --aux, and is ignored if the target chain didn't enable the TipDecorator
+  -y, --yes                      Skip tx broadcasting prompt confirmation
+```
+
+### Options inherited from parent commands
+
+```
+      --home string         directory for config and data 
+      --log_format string   The logging format (json|plain) 
+      --log_level string    The logging level (trace|debug|info|warn|error|fatal|panic) 
+      --log_no_color        Disable colored logs
+      --trace               print out full stack trace on errors
+```
+
+### SEE ALSO
+
+* [zetacored tx authority](zetacored_tx_authority.md)	 - authority transactions subcommands
+

docs/cli/zetacored/zetacored_tx_authority_remove-authorization.md

@@ -0,0 +1,53 @@
+# tx authority remove-authorization
+
+removes an existing authorization
+
+```
+zetacored tx authority remove-authorization [msg-url] [flags]
+```
+
+### Options
+
+```
+  -a, --account-number uint      The account number of the signing account (offline mode only)
+      --aux                      Generate aux signer data instead of sending a tx
+  -b, --broadcast-mode string    Transaction broadcasting mode (sync|async) 
+      --chain-id string          The network chain ID
+      --dry-run                  ignore the --gas flag and perform a simulation of a transaction, but don't broadcast it (when enabled, the local Keybase is not accessible)
+      --fee-granter string       Fee granter grants fees for the transaction
+      --fee-payer string         Fee payer pays fees for the transaction instead of deducting from the signer
+      --fees string              Fees to pay along with transaction; eg: 10uatom
+      --from string              Name or address of private key with which to sign
+      --gas string               gas limit to set per-transaction; set to "auto" to calculate sufficient gas automatically. Note: "auto" option doesn't always report accurate results. Set a valid coin value to adjust the result. Can be used instead of "fees". (default 200000)
+      --gas-adjustment float     adjustment factor to be multiplied against the estimate returned by the tx simulation; if the gas limit is set manually this flag is ignored  (default 1)
+      --gas-prices string        Gas prices in decimal format to determine the transaction fee (e.g. 0.1uatom)
+      --generate-only            Build an unsigned transaction and write it to STDOUT (when enabled, the local Keybase only accessed when providing a key name)
+  -h, --help                     help for remove-authorization
+      --keyring-backend string   Select keyring's backend (os|file|kwallet|pass|test|memory) 
+      --keyring-dir string       The client Keyring directory; if omitted, the default 'home' directory will be used
+      --ledger                   Use a connected Ledger device
+      --node string              [host]:[port] to tendermint rpc interface for this chain 
+      --note string              Note to add a description to the transaction (previously --memo)
+      --offline                  Offline mode (does not allow any online functionality)
+  -o, --output string            Output format (text|json) 
+  -s, --sequence uint            The sequence number of the signing account (offline mode only)
+      --sign-mode string         Choose sign mode (direct|amino-json|direct-aux), this is an advanced feature
+      --timeout-height uint      Set a block timeout height to prevent the tx from being committed past a certain height
+      --tip string               Tip is the amount that is going to be transferred to the fee payer on the target chain. This flag is only valid when used with --aux, and is ignored if the target chain didn't enable the TipDecorator
+  -y, --yes                      Skip tx broadcasting prompt confirmation
+```
+
+### Options inherited from parent commands
+
+```
+      --home string         directory for config and data 
+      --log_format string   The logging format (json|plain) 
+      --log_level string    The logging level (trace|debug|info|warn|error|fatal|panic) 
+      --log_no_color        Disable colored logs
+      --trace               print out full stack trace on errors
+```
+
+### SEE ALSO
+
+* [zetacored tx authority](zetacored_tx_authority.md)	 - authority transactions subcommands
+

docs/cli/zetacored/zetacored_tx_authority_update-policies.md

@@ -1,6 +1,6 @@
 # tx authority update-policies
 
-Update the policies
+Update policies to values provided in the JSON file.
 
 ```
 zetacored tx authority update-policies [policies-json-file] [flags]

docs/openapi/openapi.swagger.yaml

@@ -56730,6 +56730,14 @@ definitions:
       ChainInfo contains static information about the chains
       This structure is used to dynamically update these info on a live network
       before hardcoding the values in a upgrade
+  authorityMsgAddAuthorizationResponse:
+    type: object
+    description: MsgAddAuthorizationResponse defines the MsgAddAuthorizationResponse service.
+  authorityMsgRemoveAuthorizationResponse:
+    type: object
+    description: |-
+      MsgRemoveAuthorizationResponse defines the MsgRemoveAuthorizationResponse
+      service.
   authorityMsgUpdateChainInfoResponse:
     type: object
     description: MsgUpdateChainInfoResponse defines the MsgUpdateChainInfoResponse service.
@@ -56758,13 +56766,17 @@ definitions:
       - groupEmergency
       - groupOperational
       - groupAdmin
+      - groupEmpty
     default: groupEmergency
     description: |-
       - groupEmergency: Used for emergency situations that require immediate action
        - groupOperational: Used for operational tasks like changing
        - groupAdmin: non-sensitive protocol parameters
 
       Used for administrative tasks like changing sensitive
+       - groupEmpty: protocol parameters or moving funds
+
+      Used for empty policy, no action is allowed
     title: PolicyType defines the type of policy
   authorityQueryGetChainInfoResponse:
     type: object

docs/spec/authority/messages.md

@@ -23,3 +23,27 @@ message MsgUpdateChainInfo {
 }
 ```
 
+## MsgAddAuthorization
+
+AddAuthorization defines a method to add an authorization.If the authorization already exists, it will be overwritten with the provided policy.
+This should be called by the admin policy account.
+
+```proto
+message MsgAddAuthorization {
+	string creator = 1;
+	string msg_url = 2;
+	PolicyType authorized_policy = 3;
+}
+```
+
+## MsgRemoveAuthorization
+
+RemoveAuthorization removes the authorization from the list. It should be called by the admin policy account.
+
+```proto
+message MsgRemoveAuthorization {
+	string creator = 1;
+	string msg_url = 2;
+}
+```
+

proto/zetachain/zetacore/authority/policies.proto

@@ -14,6 +14,7 @@ enum PolicyType {
                         // non-sensitive protocol parameters
   groupAdmin = 2;       // Used for administrative tasks like changing sensitive
                         // protocol parameters or moving funds
+  groupEmpty = 3;       // Used for empty policy, no action is allowed
 }
 
 message Policy {

proto/zetachain/zetacore/authority/tx.proto

@@ -12,8 +12,35 @@ option go_package = "github.com/zeta-chain/zetacore/x/authority/types";
 service Msg {
   rpc UpdatePolicies(MsgUpdatePolicies) returns (MsgUpdatePoliciesResponse);
   rpc UpdateChainInfo(MsgUpdateChainInfo) returns (MsgUpdateChainInfoResponse);
+  rpc AddAuthorization(MsgAddAuthorization)
+      returns (MsgAddAuthorizationResponse);
+  rpc RemoveAuthorization(MsgRemoveAuthorization)
+      returns (MsgRemoveAuthorizationResponse);
 }
 
+// MsgAddAuthorization defines the MsgAddAuthorization service.
+// Adds an authorization to the chain. If the authorization already exists, it
+// will be updated.
+message MsgAddAuthorization {
+  string creator = 1;
+  string msg_url = 2;
+  PolicyType authorized_policy = 3;
+}
+
+// MsgAddAuthorizationResponse defines the MsgAddAuthorizationResponse service.
+message MsgAddAuthorizationResponse {}
+
+// MsgRemoveAuthorization defines the MsgRemoveAuthorization service.
+// Removes an authorization from the chain.
+message MsgRemoveAuthorization {
+  string creator = 1;
+  string msg_url = 2;
+}
+
+// MsgRemoveAuthorizationResponse defines the MsgRemoveAuthorizationResponse
+// service.
+message MsgRemoveAuthorizationResponse {}
+
 // MsgUpdatePolicies defines the MsgUpdatePolicies service.
 message MsgUpdatePolicies {
   string creator = 1;

testutil/keeper/authority.go

@@ -79,7 +79,7 @@ func MockIsAuthorized(m *mock.Mock, address string, policyType types.PolicyType,
 	m.On("IsAuthorized", mock.Anything, address, policyType).Return(isAuthorized).Once()
 }
 
-func SetAdminPolices(ctx sdk.Context, ak *keeper.Keeper) string {
+func SetAdminPolicies(ctx sdk.Context, ak *keeper.Keeper) string {
 	admin := sample.AccAddress()
 	ak.SetPolicies(ctx, types.Policies{Items: []*types.Policy{
 		{

typescript/zetachain/zetacore/authority/policies_pb.d.ts

@@ -34,6 +34,15 @@ export declare enum PolicyType {
    * @generated from enum value: groupAdmin = 2;
    */
   groupAdmin = 2,
+
+  /**
+   * protocol parameters or moving funds
+   *
+   * Used for empty policy, no action is allowed
+   *
+   * @generated from enum value: groupEmpty = 3;
+   */
+  groupEmpty = 3,
 }
 
 /**

typescript/zetachain/zetacore/authority/tx_pb.d.ts

@@ -5,9 +5,122 @@
 
 import type { BinaryReadOptions, FieldList, JsonReadOptions, JsonValue, PartialMessage, PlainMessage } from "@bufbuild/protobuf";
 import { Message, proto3 } from "@bufbuild/protobuf";
-import type { Policies } from "./policies_pb.js";
+import type { Policies, PolicyType } from "./policies_pb.js";
 import type { ChainInfo } from "./chain_info_pb.js";
 
+/**
+ * MsgAddAuthorization defines the MsgAddAuthorization service.
+ * Adds an authorization to the chain. If the authorization already exists, it
+ * will be updated.
+ *
+ * @generated from message zetachain.zetacore.authority.MsgAddAuthorization
+ */
+export declare class MsgAddAuthorization extends Message<MsgAddAuthorization> {
+  /**
+   * @generated from field: string creator = 1;
+   */
+  creator: string;
+
+  /**
+   * @generated from field: string msg_url = 2;
+   */
+  msgUrl: string;
+
+  /**
+   * @generated from field: zetachain.zetacore.authority.PolicyType authorized_policy = 3;
+   */
+  authorizedPolicy: PolicyType;
+
+  constructor(data?: PartialMessage<MsgAddAuthorization>);
+
+  static readonly runtime: typeof proto3;
+  static readonly typeName = "zetachain.zetacore.authority.MsgAddAuthorization";
+  static readonly fields: FieldList;
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): MsgAddAuthorization;
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): MsgAddAuthorization;
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): MsgAddAuthorization;
+
+  static equals(a: MsgAddAuthorization | PlainMessage<MsgAddAuthorization> | undefined, b: MsgAddAuthorization | PlainMessage<MsgAddAuthorization> | undefined): boolean;
+}
+
+/**
+ * MsgAddAuthorizationResponse defines the MsgAddAuthorizationResponse service.
+ *
+ * @generated from message zetachain.zetacore.authority.MsgAddAuthorizationResponse
+ */
+export declare class MsgAddAuthorizationResponse extends Message<MsgAddAuthorizationResponse> {
+  constructor(data?: PartialMessage<MsgAddAuthorizationResponse>);
+
+  static readonly runtime: typeof proto3;
+  static readonly typeName = "zetachain.zetacore.authority.MsgAddAuthorizationResponse";
+  static readonly fields: FieldList;
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): MsgAddAuthorizationResponse;
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): MsgAddAuthorizationResponse;
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): MsgAddAuthorizationResponse;
+
+  static equals(a: MsgAddAuthorizationResponse | PlainMessage<MsgAddAuthorizationResponse> | undefined, b: MsgAddAuthorizationResponse | PlainMessage<MsgAddAuthorizationResponse> | undefined): boolean;
+}
+
+/**
+ * MsgRemoveAuthorization defines the MsgRemoveAuthorization service.
+ * Removes an authorization from the chain.
+ *
+ * @generated from message zetachain.zetacore.authority.MsgRemoveAuthorization
+ */
+export declare class MsgRemoveAuthorization extends Message<MsgRemoveAuthorization> {
+  /**
+   * @generated from field: string creator = 1;
+   */
+  creator: string;
+
+  /**
+   * @generated from field: string msg_url = 2;
+   */
+  msgUrl: string;
+
+  constructor(data?: PartialMessage<MsgRemoveAuthorization>);
+
+  static readonly runtime: typeof proto3;
+  static readonly typeName = "zetachain.zetacore.authority.MsgRemoveAuthorization";
+  static readonly fields: FieldList;
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): MsgRemoveAuthorization;
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): MsgRemoveAuthorization;
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): MsgRemoveAuthorization;
+
+  static equals(a: MsgRemoveAuthorization | PlainMessage<MsgRemoveAuthorization> | undefined, b: MsgRemoveAuthorization | PlainMessage<MsgRemoveAuthorization> | undefined): boolean;
+}
+
+/**
+ * MsgRemoveAuthorizationResponse defines the MsgRemoveAuthorizationResponse
+ * service.
+ *
+ * @generated from message zetachain.zetacore.authority.MsgRemoveAuthorizationResponse
+ */
+export declare class MsgRemoveAuthorizationResponse extends Message<MsgRemoveAuthorizationResponse> {
+  constructor(data?: PartialMessage<MsgRemoveAuthorizationResponse>);
+
+  static readonly runtime: typeof proto3;
+  static readonly typeName = "zetachain.zetacore.authority.MsgRemoveAuthorizationResponse";
+  static readonly fields: FieldList;
+
+  static fromBinary(bytes: Uint8Array, options?: Partial<BinaryReadOptions>): MsgRemoveAuthorizationResponse;
+
+  static fromJson(jsonValue: JsonValue, options?: Partial<JsonReadOptions>): MsgRemoveAuthorizationResponse;
+
+  static fromJsonString(jsonString: string, options?: Partial<JsonReadOptions>): MsgRemoveAuthorizationResponse;
+
+  static equals(a: MsgRemoveAuthorizationResponse | PlainMessage<MsgRemoveAuthorizationResponse> | undefined, b: MsgRemoveAuthorizationResponse | PlainMessage<MsgRemoveAuthorizationResponse> | undefined): boolean;
+}
+
 /**
  * MsgUpdatePolicies defines the MsgUpdatePolicies service.
  *

x/authority/client/cli/tx.go

@@ -20,8 +20,10 @@ func GetTxCmd() *cobra.Command {
 	}
 
 	cmd.AddCommand(
-		CmdUpdatePolices(),
+		CmdUpdatePolicies(),
 		CmdUpdateChainInfo(),
+		CmdAddAuthorization(),
+		CmdRemoveAuthorization(),
 	)
 
 	return cmd