feat: enforce msg restriction rules

Makefile

@@ -143,24 +143,26 @@ proto-lint:
 proto-check-breaking:
 	@$(DOCKER_BUF) breaking --against $(HTTPS_GIT)#branch=main
 
-TM_URL              = https://raw.githubusercontent.com/tendermint/tendermint/v0.34.0-rc6/proto/tendermint
-GOGO_PROTO_URL      = https://raw.githubusercontent.com/regen-network/protobuf/cosmos
-GOOGLE_API_URL		= https://raw.githubusercontent.com/googleapis/googleapis/master/google/api
-COSMOS_PROTO_URL    = https://raw.githubusercontent.com/regen-network/cosmos-proto/master
-CONFIO_URL          = https://raw.githubusercontent.com/confio/ics23/v0.6.4
-
-TM_CRYPTO_TYPES     = third_party/proto/tendermint/crypto
-TM_ABCI_TYPES       = third_party/proto/tendermint/abci
-TM_TYPES            = third_party/proto/tendermint/types
-TM_VERSION          = third_party/proto/tendermint/version
-TM_LIBS             = third_party/proto/tendermint/libs/bits
-TM_P2P              = third_party/proto/tendermint/p2p
-
-GOGO_PROTO_TYPES    = third_party/proto/gogoproto
+TM_URL              	= https://raw.githubusercontent.com/tendermint/tendermint/v0.34.0-rc6/proto/tendermint
+GOGO_PROTO_URL      	= https://raw.githubusercontent.com/regen-network/protobuf/cosmos
+GOOGLE_PROTOBUF_URL		= https://raw.githubusercontent.com/protocolbuffers/protobuf/main/src/google/protobuf
+GOOGLE_API_URL			= https://raw.githubusercontent.com/googleapis/googleapis/master/google/api
+COSMOS_PROTO_URL    	= https://raw.githubusercontent.com/regen-network/cosmos-proto/master
+CONFIO_URL          	= https://raw.githubusercontent.com/confio/ics23/v0.6.4
+
+TM_CRYPTO_TYPES     	= third_party/proto/tendermint/crypto
+TM_ABCI_TYPES       	= third_party/proto/tendermint/abci
+TM_TYPES            	= third_party/proto/tendermint/types
+TM_VERSION          	= third_party/proto/tendermint/version
+TM_LIBS             	= third_party/proto/tendermint/libs/bits
+TM_P2P              	= third_party/proto/tendermint/p2p
+
+GOGO_PROTO_TYPES    	= third_party/proto/gogoproto
 GOOGLE_API_TYPES		= third_party/proto/google/api
-COSMOS_PROTO_TYPES  = third_party/proto/cosmos_proto
+GOOGLE_PROTOBUF_TYPES	= third_party/proto/google/protobuf
+COSMOS_PROTO_TYPES  	= third_party/proto/cosmos_proto
 # For some reason ibc expects confio proto files to be in the main folder
-CONFIO_TYPES        = third_party/proto
+CONFIO_TYPES        	= third_party/proto
 
 proto-update-deps:
 	@mkdir -p $(GOGO_PROTO_TYPES)
@@ -170,6 +172,9 @@ proto-update-deps:
 	@curl -sSL $(GOOGLE_API_URL)/annotations.proto > $(GOOGLE_API_TYPES)/annotations.proto
 	@curl -sSL $(GOOGLE_API_URL)/http.proto > $(GOOGLE_API_TYPES)/http.proto
 
+	@mkdir -p $(GOOGLE_PROTOBUF_TYPES)
+	@curl -sSL $(GOOGLE_PROTOBUF_URL)/descriptor.proto > $(GOOGLE_PROTOBUF_TYPES)/descriptor.proto
+
 	@mkdir -p $(COSMOS_PROTO_TYPES)
 	@curl -sSL $(COSMOS_PROTO_URL)/cosmos.proto > $(COSMOS_PROTO_TYPES)/cosmos.proto
 

go.mod

@@ -5,7 +5,7 @@ go 1.18
 require (
 	github.com/armon/go-metrics v0.3.10
 	github.com/axelarnetwork/tm-events v0.0.0-20220329200027-3f6720431fcf
-	github.com/axelarnetwork/utils v0.0.0-20220404190329-a441c50ebb3a
+	github.com/axelarnetwork/utils v0.0.0-20220405200343-8b1f98ba3b21
 	github.com/btcsuite/btcd v0.22.0-beta
 	github.com/btcsuite/btcutil v1.0.3-0.20201208143702-a53e38424cce
 	github.com/cosmos/cosmos-sdk v0.45.1
@@ -29,6 +29,7 @@ require (
 	github.com/tendermint/tendermint v0.34.16
 	github.com/tendermint/tm-db v0.6.7
 	golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29
+	golang.org/x/exp v0.0.0-20220328175248-053ad81199eb
 	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3
 	golang.org/x/text v0.3.7
 	golang.org/x/tools v0.1.10
@@ -138,7 +139,6 @@ require (
 	github.com/tyler-smith/go-bip39 v1.1.0 // indirect
 	github.com/zondax/hid v0.9.0 // indirect
 	go.etcd.io/bbolt v1.3.6 // indirect
-	golang.org/x/exp v0.0.0-20220328175248-053ad81199eb // indirect
 	golang.org/x/net v0.0.0-20211208012354-db4efeb81f4b // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
 	golang.org/x/sys v0.0.0-20220329152356-43be30ef3008 // indirect

proto/axelarnet/v1beta1/tx.proto

@@ -9,12 +9,14 @@ import "cosmos/base/v1beta1/coin.proto";
 import "cosmos_proto/cosmos.proto";
 import "nexus/exported/v1beta1/types.proto";
 import "axelarnet/v1beta1/types.proto";
+import "permission/exported/v1beta1/types.proto";
 
 option (gogoproto.goproto_getters_all) = false;
 
 // MsgLink represents a message to link a cross-chain address to an Axelar
 // address
 message LinkRequest {
+  option (permission.exported.v1beta1.permission_role) = ROLE_UNRESTRICTED;
   bytes sender = 1 [ (gogoproto.casttype) =
                          "github.com/cosmos/cosmos-sdk/types.AccAddress" ];
   string recipient_addr = 2;
@@ -26,6 +28,7 @@ message LinkResponse { string deposit_addr = 1; };
 
 // MsgConfirmDeposit represents a deposit confirmation message
 message ConfirmDepositRequest {
+  option (permission.exported.v1beta1.permission_role) = ROLE_UNRESTRICTED;
   bytes sender = 1 [ (gogoproto.casttype) =
                          "github.com/cosmos/cosmos-sdk/types.AccAddress" ];
 
@@ -45,6 +48,7 @@ message ConfirmDepositResponse {}
 // MsgExecutePendingTransfers represents a message to trigger transfer all
 // pending transfers
 message ExecutePendingTransfersRequest {
+  option (permission.exported.v1beta1.permission_role) = ROLE_UNRESTRICTED;
   bytes sender = 1 [ (gogoproto.casttype) =
                          "github.com/cosmos/cosmos-sdk/types.AccAddress" ];
 }
@@ -54,6 +58,7 @@ message ExecutePendingTransfersResponse {}
 // MSgRegisterIBCPath represents a message to register an IBC tracing path for
 // a cosmos chain
 message RegisterIBCPathRequest {
+  option (permission.exported.v1beta1.permission_role) = ROLE_CHAIN_MANAGEMENT;
   bytes sender = 1 [ (gogoproto.casttype) =
                          "github.com/cosmos/cosmos-sdk/types.AccAddress" ];
   string chain = 2;
@@ -65,6 +70,7 @@ message RegisterIBCPathResponse {}
 // MsgAddCosmosBasedChain represents a message to register a cosmos based chain
 // to nexus
 message AddCosmosBasedChainRequest {
+  option (permission.exported.v1beta1.permission_role) = ROLE_CHAIN_MANAGEMENT;
   bytes sender = 1 [ (gogoproto.casttype) =
                          "github.com/cosmos/cosmos-sdk/types.AccAddress" ];
   nexus.exported.v1beta1.Chain chain = 2 [ (gogoproto.nullable) = false ];
@@ -79,6 +85,7 @@ message AddCosmosBasedChainResponse {}
 // RegisterAssetRequest represents a message to register an asset to a cosmos
 // based chain
 message RegisterAssetRequest {
+  option (permission.exported.v1beta1.permission_role) = ROLE_CHAIN_MANAGEMENT;
   bytes sender = 1 [ (gogoproto.casttype) =
                          "github.com/cosmos/cosmos-sdk/types.AccAddress" ];
   string chain = 2;
@@ -90,6 +97,7 @@ message RegisterAssetResponse {}
 // RouteIBCTransfersRequest represents a message to route pending transfers to
 // cosmos based chains
 message RouteIBCTransfersRequest {
+  option (permission.exported.v1beta1.permission_role) = ROLE_UNRESTRICTED;
   bytes sender = 1 [ (gogoproto.casttype) =
                          "github.com/cosmos/cosmos-sdk/types.AccAddress" ];
 }
@@ -99,6 +107,7 @@ message RouteIBCTransfersResponse {}
 // RegisterFeeCollectorRequest represents a message to register axelarnet fee
 // collector account
 message RegisterFeeCollectorRequest {
+  option (permission.exported.v1beta1.permission_role) = ROLE_ACCESS_CONTROL;
   bytes sender = 1 [ (gogoproto.casttype) =
                          "github.com/cosmos/cosmos-sdk/types.AccAddress" ];
   bytes fee_collector = 2