Implement --generate-only option for commands that create transactions

[ebuchman]

The gaiacli should support workflow for offline signing of transactions.

Additionally, it should support signing without saving a private key to disk (ie. tendermint/go-crypto#57)!

This flow should also allow an HD path to be specified so you can pick an account by passing the seed phrase and the HD path (at least for secp256k1 keys).

Description

As a gaiacli user
I want to generate an unsigned Tx
So that I can review the contents of the transaction before signing it.

Acceptance Criteria

Given transaction parameters
When I run the command to send the transaction with the --generate-only flag on
Then a text representation of the unsigned transaction is printed out.

[jackzampolin]

@sunnya97 and I had a conversation about this today. We could follow the generate | sign | submit workflow. There are also a number spots in the CLI where we would need to implement this (thinking of staking and gov too).

I think the ideal way to deal with this would be to leave the existing functionality, and implement new commands for this workflow. I think the list of affected commands would be:

gaiacli stake create-validator
gaiacli stake edit-validator
gaiacli stake delegate
gaiacli stake unbond begin
gaiacli stake unbond complete
gaiacli stake redelegate begin
gaiacli stake redelegate complete
gaiacli stake unrevoke
gaiacli gov submit-proposal 
gaiacli gov deposit
gaiacli gov vote
gaiacli send

One way to implement this could be to leave the above commands and then create 3 new subcommands:

gaiacli new-tx
gaiacli sign-tx
gaiacli submit-tx

The new-tx command would have subcommands for each of the transactions that are currently created by the cli, sign-tx would take the text/JSON as an argument and sign it. This output would then be able to passed to the submit-tx command, which would just take a signed tx as an argument. This way it would be possible to construct complex transactions using this flow and | them together. This may not be possible given the way we separate code into modules and it might take too large of a refactor.

Another possible way to implement this would be to implement a new-tx sub command for the affected commands above (that generates the tx JSON to pass to gaiacli sign-tx), and leave the root command (e.g. gaiacli send) unchanged.

Would love to hear some thoughts on this as it's still tagged prelaunch

[rigelrozanski]

Alternatively, maybe a bit more easy to implement - we could add some common flags:
--only-generate
--only-sign
--only-submit
to do the exact same thing except without new commands - I think we'd actually be able to easily abstract the desired functionality separation logic between commands real easily in the sdk.

[jackzampolin]

@rigelrozanski The --generate-only, -g flag I really like! Would you be opposed to then having a gaiacli sign and gaiacli submit for the other two, or do both of those need to be specific to each transaction?

[alexanderbez]

I don't believe sign and submit need to be specific to each transaction and/or module. As long as things are super intuitive and easy for the end user.

[jackzampolin]

Cool. I think we go with this then.

[jackzampolin]

Care should be taken in implementation such that the commands can be |ed together:

gaiacli send --from <key> --to <address> --generate-only | gaiacli sign <key> | gaiacli send

Or the result could be saved to a file, edited and then read from a file:

gaiacli send --from <key> --to <address> --generate-only > ./transaction.json
gaiacli sign <key> --from-file @transaction.json > ./signed_transaction.json
gaiacli send --from-file @signed_transaction.json

[jackzampolin]

I'm also going to open issues for both gaiacli sign and gaiacli send to track work on those in a separate issue.

[rigelrozanski]

awesome

[alessio]

Sketching description and acceptance criteria:

Description

As a gaiacli user
I want to generate an unsigned Tx
So that I can review the contents of the transaction before signing it.

Acceptance Criteria

Given a transaction
When I run its respective command with the --generate-only flag on
Then a text representation of the unsigned transaction is printed out.

[jackzampolin]

I would say

Given a cli command that generates a transaction
When I run its respective command with the --generate-only flag
Then a sign-able text representation of the unsigned transaction is printed out

[alessio]

Agreed.
Feel free to improve/amend it and paste it into the issue's description 👍

[EDIT]
Mmm, I may have to disagree with myself here :)

The Given clause should be used to lay the context/set of inputs out. In that case, the inputs consist of transaction parameters.

[alessio]

I'm on this, a brief preview of the output follows:

alessio@bizet:~/.../github.com/cosmos/cosmos-sdk$ gaiacli send --home=/tmp/.test_gaiacli --node=tcp://0.0.0.0:39199 --chain-id=test-chain-pXd1DH --generate-only --amount=10steak --to=cosmosaccaddr1pfdd6y6tt8r4vqr0s092dscssa85kssrmsk49p --from=foo
{"ChainID":"test-chain-pXd1DH","AccountNumber":"0","Sequence":"0","Fee":{"amount":[{"denom":"","amount":"0"}],"gas":"200000"},"Msgs":[{"type":"cosmos-sdk/Send","value":{"inputs":[{"address":"cosmosaccaddr1ujjwtf5sp9f70vhk0p4ealetnvg0f007dxrjc5","coins":[{"denom":"steak","amount":"10"}]}],"outputs":[{"address":"cosmosaccaddr1pfdd6y6tt8r4vqr0s092dscssa85kssrmsk49p","coins":[{"denom":"steak","amount":"10"}]}]}}],"Memo":""}
alessio@bizet:~/.../github.com/cosmos/cosmos-sdk$

[jackzampolin]

@alessio Looks great! Think this will be a nice feature. Can we switch the variable names to lower case and - separated (chain-id, account-number)?

[alessio]

Will do

…

On Fri, 24 Aug 2018, 20:29 Jack Zampolin, ***@***.***> wrote: @alessio <https://github.com/alessio> Looks great! Think this will be a nice feature. Can we switch the variable names to lower case and - separated (chain-id, account-number)? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#966 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAN_7AAsLi6w7NvFGPJsrSJgBgmPuZNzks5uUFQngaJpZM4T13ch> .

[rigelrozanski]

@alessio it would be great if you could open up a WIP PR for your work on this issue? (3.v. in https://github.com/cosmos/cosmos-sdk/blob/develop/CONTRIBUTING.md#contributing)

[hukkin]

Additionally, it should support signing without saving a private key to disk (ie. tendermint/go-crypto#57)!

Does anyone know if this ever happened? Based on the output of gaiacli tx sign -h and gaiacli tx send -h it seems to me that for the --from flag we still need Name or address of private key with which to sign, meaning that the private key itself must be on the disk.

[alexanderbez]

@hukkinj1 Afaik, we do not support singing txs with a private key held ephemerally at the moment.