Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ All notable changes to this project will be documented in this file.

### Changes

- Serviceability
- Gate Location and Exchange instructions (create/update/suspend/resume/delete, exchange setdevice) on `INFRA_ADMIN` or foundation via `authorize()`. (#3979)
- Collector
- Harden ledger writes against a slow/degraded RPC endpoint: bound each RPC request (default 15s, `--ledger-rpc-timeout`), size the connection pool above the submitter concurrency (default 128, `--ledger-rpc-max-conns`), and deadline each submission attempt so it fails fast and retries with a fresh blockhash instead of sending an expired one and failing preflight with `BlockhashNotFound`. (#3973)
- E2E
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
helper::assign_bgp_community,
pda::*,
Expand All @@ -9,6 +10,7 @@ use crate::{
exchange::{Exchange, ExchangeStatus},
globalconfig::GlobalConfig,
globalstate::GlobalState,
permission::permission_flags,
},
};
use borsh::BorshSerialize;
Expand Down Expand Up @@ -92,9 +94,14 @@ pub fn process_create_exchange(
let mut globalstate = GlobalState::try_from(globalstate_account)?;
globalstate.account_index += 1;

if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

// We need to access globalconfig in order to assign BGP community
let mut globalconfig = GlobalConfig::try_from(globalconfig_account)?;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
serializer::try_acc_close,
state::{exchange::Exchange, globalstate::GlobalState},
state::{exchange::Exchange, globalstate::GlobalState, permission::permission_flags},
};
use borsh::BorshSerialize;
use borsh_incremental::BorshDeserializeIncremental;
Expand Down Expand Up @@ -64,9 +65,14 @@ pub fn process_delete_exchange(

// Parse the global state account & check if the payer is in the allowlist
let globalstate = GlobalState::try_from(globalstate_account)?;
if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

let exchange = Exchange::try_from(exchange_account)?;

Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
serializer::try_acc_write,
state::{
exchange::{Exchange, ExchangeStatus},
globalstate::GlobalState,
permission::permission_flags,
},
};
use borsh::BorshSerialize;
Expand Down Expand Up @@ -72,9 +74,14 @@ pub fn process_resume_exchange(

// Authorization:
// - Only accounts in the foundation_allowlist may resume the exchange.
if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

// Only resume exchanges that are currently Suspended
if exchange.status != ExchangeStatus::Suspended {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
serializer::try_acc_write,
state::{device::Device, exchange::*, globalstate::GlobalState},
state::{device::Device, exchange::*, globalstate::GlobalState, permission::permission_flags},
};
use borsh::{BorshDeserialize, BorshSerialize};
use borsh_incremental::BorshDeserializeIncremental;
Expand Down Expand Up @@ -85,9 +86,14 @@ pub fn process_setdevice_exchange(

// Parse the global state account & check if the payer is in the allowlist
let globalstate = GlobalState::try_from(globalstate_account)?;
if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

let mut exchange: Exchange = Exchange::try_from(exchange_account)?;
let mut device: Device = Device::try_from(device_account)?;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
serializer::try_acc_write,
state::{exchange::*, globalstate::GlobalState},
state::{exchange::*, globalstate::GlobalState, permission::permission_flags},
};
use borsh::BorshSerialize;
use borsh_incremental::BorshDeserializeIncremental;
Expand Down Expand Up @@ -69,9 +70,14 @@ pub fn process_suspend_exchange(

// Authorization:
// - Only accounts in the foundation_allowlist may suspend the exchange.
if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

if exchange.status != ExchangeStatus::Activated {
#[cfg(test)]
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
helper::assign_bgp_community,
pda::get_globalconfig_pda,
serializer::try_acc_write,
state::{exchange::Exchange, globalconfig::GlobalConfig, globalstate::GlobalState},
state::{
exchange::Exchange, globalconfig::GlobalConfig, globalstate::GlobalState,
permission::permission_flags,
},
};
use borsh::BorshSerialize;
use borsh_incremental::BorshDeserializeIncremental;
Expand Down Expand Up @@ -83,9 +87,14 @@ pub fn process_update_exchange(

// Parse the global state account & check if the payer is in the allowlist
let globalstate = GlobalState::try_from(globalstate_account)?;
if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

// We need to access globalconfig in order to assign BGP community
let mut globalconfig = GlobalConfig::try_from(globalconfig_account)?;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
pda::*,
seeds::{SEED_LOCATION, SEED_PREFIX},
serializer::{try_acc_create, try_acc_write},
state::{accounttype::AccountType, globalstate::GlobalState, location::*},
state::{
accounttype::AccountType, globalstate::GlobalState, location::*,
permission::permission_flags,
},
};
use borsh::BorshSerialize;
use borsh_incremental::BorshDeserializeIncremental;
Expand Down Expand Up @@ -87,9 +91,14 @@ pub fn process_create_location(
let mut globalstate = GlobalState::try_from(globalstate_account)?;
globalstate.account_index += 1;

if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;
// get the PDA pubkey and bump seed for the account location & check if it matches the account
let (expected_pda_account, bump_seed) = get_location_pda(program_id, globalstate.account_index);
assert_eq!(
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,11 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
serializer::try_acc_close,
state::{accounttype::AccountType, globalstate::GlobalState, location::*},
state::{
accounttype::AccountType, globalstate::GlobalState, location::*,
permission::permission_flags,
},
};
use borsh::BorshSerialize;
use borsh_incremental::BorshDeserializeIncremental;
Expand Down Expand Up @@ -59,9 +63,14 @@ pub fn process_delete_location(

// Parse the global state account & check if the payer is in the allowlist
let globalstate = GlobalState::try_from(globalstate_account)?;
if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

let location = Location::try_from(location_account)?;
assert_eq!(
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
serializer::try_acc_write,
state::{globalstate::GlobalState, location::*},
state::{globalstate::GlobalState, location::*, permission::permission_flags},
};
use borsh::BorshSerialize;
use borsh_incremental::BorshDeserializeIncremental;
Expand Down Expand Up @@ -58,9 +59,14 @@ pub fn process_resume_location(

// Parse the global state account & check if the payer is in the allowlist
let globalstate = GlobalState::try_from(globalstate_account)?;
if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

let mut location: Location = Location::try_from(location_account)?;

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
serializer::try_acc_write,
state::{globalstate::GlobalState, location::*},
state::{globalstate::GlobalState, location::*, permission::permission_flags},
};
use borsh::BorshSerialize;
use borsh_incremental::BorshDeserializeIncremental;
Expand Down Expand Up @@ -59,9 +60,14 @@ pub fn process_suspend_location(

// Parse the global state account & check if the payer is in the allowlist
let globalstate = GlobalState::try_from(globalstate_account)?;
if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

let mut location: Location = Location::try_from(location_account)?;

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
use crate::{
authorize::authorize,
error::DoubleZeroError,
serializer::try_acc_write,
state::{globalstate::GlobalState, location::*},
state::{globalstate::GlobalState, location::*, permission::permission_flags},
};
use borsh::BorshSerialize;
use borsh_incremental::BorshDeserializeIncremental;
Expand Down Expand Up @@ -69,9 +70,14 @@ pub fn process_update_location(
assert!(location_account.is_writable, "PDA Account is not writable");
// Parse the global state account & check if the payer is in the allowlist
let globalstate = GlobalState::try_from(globalstate_account)?;
if !globalstate.foundation_allowlist.contains(payer_account.key) {
return Err(DoubleZeroError::NotAllowed.into());
}
// Authorization: INFRA_ADMIN (Permission account) or foundation (legacy).
authorize(
program_id,
accounts_iter,
payer_account.key,
&globalstate,
permission_flags::INFRA_ADMIN,
)?;

// Parse the location account
let mut location: Location = Location::try_from(location_account)?;
Expand Down
Loading
Loading