Set EAM permissions for genesis #828
Conversation
infra/fendermint/scripts/subnet.toml
Outdated
| @@ -122,6 +123,10 @@ script.pre = "mkdir -p ${BASE_DIR}/${NODE_NAME}/${KEYS_SUBDIR}; cp ${PRIVATE_KEY | |||
| extend = "fendermint-tool" | |||
| env = { "CMD" = "genesis --genesis-file /data/genesis.json ipc from-parent --subnet-id ${SUBNET_ID} -p ${PARENT_ENDPOINT} --parent-gateway ${PARENT_GATEWAY} --parent-registry ${PARENT_REGISTRY} --base-fee ${BASE_FEE} --power-scale ${POWER_SCALE}" } | |||
|
|
|||
| [tasks.subnet-genesis-set-eam-permissions] | |||
| extend = "fendermint-tool" | |||
| env = { "CMD" = "genesis --genesis-file /data/genesis.json set-eam-permissions --mode unrestricted" } | |||
There was a problem hiding this comment.
@raulk Should we set to allowlist or unrestricted by default?
There was a problem hiding this comment.
Isn't this exactly what genesis --genesis-file /data/genesis.json ipc from-parent did by default ?
There was a problem hiding this comment.
from @raulk in sync: pass permission mode as an env variable to cargo make child-validator
|
I'd just like to point out that the linear link requires login, so if all we say in the description that it closes that issue without describing the change, then it would be nice if the URL was public, or if any issue ready to be worked on would be synced to Github. I usually include some description of what I did and why, just in case. |
Good point! Updated the PR description. |
|
We currently have a number of Linear tasks that are not synced to github issues but I think that should be an exceptional event (e.g. security issues). We'll need to discuss & revisit our processes, agreed we don't want opaque changes. |
This closes ENG-743
We want to set EAM permission when creating the subnet.
Example usage:
To set allowed address:
If allowed address are not provided, will proceed with
unrestrictedEAM permission.It can also be executed as a dependency step for a bigger step, such as
tasks.child-validator, using the same way of providing input-e ALLOWED_ADDR_LIST.