diff --git a/Cargo.lock b/Cargo.lock index 14299e2071..1efaf21c3f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6349,7 +6349,6 @@ dependencies = [ name = "integration-tests-helpers" version = "1.0.0" dependencies = [ - "asset-test-utils", "cumulus-pallet-xcmp-queue", "emulated-integration-tests-common", "hex-literal", @@ -6907,6 +6906,7 @@ dependencies = [ "sp-runtime", "sp-trie", "sp-weights", + "staging-xcm", "staging-xcm-builder", ] @@ -16281,17 +16281,8 @@ dependencies = [ "cumulus-primitives-core", "frame-support", "log", - "pallet-treasury", - "parity-scale-codec", - "polkadot-runtime-common", - "scale-info", - "sp-api", - "sp-core 38.0.0", "sp-runtime", "sp-state-machine", - "sp-std", - "staging-xcm", - "staging-xcm-executor", ] [[package]] diff --git a/integration-tests/emulated/chains/parachains/assets/asset-hub-polkadot/src/lib.rs b/integration-tests/emulated/chains/parachains/assets/asset-hub-polkadot/src/lib.rs index 4818101918..2731fd352b 100644 --- a/integration-tests/emulated/chains/parachains/assets/asset-hub-polkadot/src/lib.rs +++ b/integration-tests/emulated/chains/parachains/assets/asset-hub-polkadot/src/lib.rs @@ -49,6 +49,7 @@ decl_test_parachains! { PoolAssets: asset_hub_polkadot_runtime::PoolAssets, AssetConversion: asset_hub_polkadot_runtime::AssetConversion, SnowbridgeSystemFrontend: asset_hub_polkadot_runtime::SnowbridgeSystemFrontend, + Preimage: asset_hub_polkadot_runtime::Preimage, } }, } diff --git a/integration-tests/emulated/chains/relays/polkadot/src/lib.rs b/integration-tests/emulated/chains/relays/polkadot/src/lib.rs index d8c7a753b4..b0357f117c 100644 --- a/integration-tests/emulated/chains/relays/polkadot/src/lib.rs +++ b/integration-tests/emulated/chains/relays/polkadot/src/lib.rs @@ -38,6 +38,7 @@ decl_test_relay_chains! { Balances: polkadot_runtime::Balances, Treasury: polkadot_runtime::Treasury, AssetRate: polkadot_runtime::AssetRate, + Preimage: polkadot_runtime::Preimage, Hrmp: polkadot_runtime::Hrmp, } }, diff --git a/integration-tests/emulated/helpers/Cargo.toml b/integration-tests/emulated/helpers/Cargo.toml index bcdb425db0..e99d68cb69 100644 --- a/integration-tests/emulated/helpers/Cargo.toml +++ b/integration-tests/emulated/helpers/Cargo.toml @@ -22,7 +22,6 @@ pallet-xcm = { workspace = true, default-features = true } # Cumulus xcm-emulator = { workspace = true } cumulus-pallet-xcmp-queue = { workspace = true, default-features = true } -asset-test-utils = { workspace = true } emulated-integration-tests-common = { workspace = true } [features] diff --git a/integration-tests/emulated/helpers/src/lib.rs b/integration-tests/emulated/helpers/src/lib.rs index 753746e39b..84718238e8 100644 --- a/integration-tests/emulated/helpers/src/lib.rs +++ b/integration-tests/emulated/helpers/src/lib.rs @@ -24,7 +24,6 @@ pub use pallet_xcm; pub use xcm::prelude::{AccountId32, VersionedAssets, Weight, WeightLimit}; // Cumulus -pub use asset_test_utils; pub use cumulus_pallet_xcmp_queue; pub use emulated_integration_tests_common::{macros::Dmp, test_chain_can_claim_assets}; pub use xcm_emulator::Chain; diff --git a/integration-tests/emulated/tests/governance/polkadot/src/common.rs b/integration-tests/emulated/tests/governance/polkadot/src/common.rs new file mode 100644 index 0000000000..c7c4f36118 --- /dev/null +++ b/integration-tests/emulated/tests/governance/polkadot/src/common.rs @@ -0,0 +1,53 @@ +// Copyright (C) Parity Technologies and the various Polkadot contributors, see Contributions.md +// for a list of specific contributors. +// SPDX-License-Identifier: Apache-2.0 + +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +use crate::imports::*; + +/// CollectivesPolkadot dispatches `pallet_xcm::send` with `OriginKind:Xcm` to the dest with encoded +/// whitelist call. +pub fn collectives_send_whitelist( + dest: Location, + encoded_whitelist_call: impl FnOnce() -> Vec, +) { + CollectivesPolkadot::execute_with(|| { + type RuntimeEvent = ::RuntimeEvent; + type RuntimeCall = ::RuntimeCall; + type RuntimeOrigin = ::RuntimeOrigin; + type Runtime = ::Runtime; + + let whitelist_call = RuntimeCall::PolkadotXcm(pallet_xcm::Call::::send { + dest: bx!(VersionedLocation::from(dest)), + message: bx!(VersionedXcm::from(Xcm(vec![ + UnpaidExecution { weight_limit: Unlimited, check_origin: None }, + Transact { + origin_kind: OriginKind::Xcm, + fallback_max_weight: None, + call: encoded_whitelist_call().into(), + } + ]))), + }); + + use collectives_polkadot_runtime::fellowship::pallet_fellowship_origins::Origin::Fellows as FellowsOrigin; + let fellows_origin: RuntimeOrigin = FellowsOrigin.into(); + assert_ok!(whitelist_call.dispatch(fellows_origin)); + assert_expected_events!( + CollectivesPolkadot, + vec![ + RuntimeEvent::PolkadotXcm(pallet_xcm::Event::Sent { .. }) => {}, + ] + ); + }); +} diff --git a/integration-tests/emulated/tests/governance/polkadot/src/lib.rs b/integration-tests/emulated/tests/governance/polkadot/src/lib.rs index 94a3886f8b..404d0d504e 100644 --- a/integration-tests/emulated/tests/governance/polkadot/src/lib.rs +++ b/integration-tests/emulated/tests/governance/polkadot/src/lib.rs @@ -14,50 +14,35 @@ // See the License for the specific language governing permissions and // limitations under the License. -use emulated_integration_tests_common::{ - impls::{assert_expected_events, bx, TestExt}, - xcm_emulator::Chain, -}; -use frame_support::assert_ok; -use polkadot_system_emulated_network::CollectivesPolkadotPara as CollectivesPolkadot; -use sp_runtime::traits::Dispatchable; -use xcm::{latest::prelude::*, VersionedLocation, VersionedXcm}; - #[cfg(test)] -mod open_gov_on_relay; +mod imports { + pub(crate) use codec::Encode; + pub(crate) use emulated_integration_tests_common::{ + assert_whitelisted, + impls::{assert_expected_events, bx, Parachain, RelayChain, TestExt}, + xcm_emulator::Chain, + xcm_helpers::{ + build_xcm_send_authorize_upgrade_call, call_hash_of, + dispatch_whitelisted_call_with_preimage, + }, + }; + pub(crate) use frame_support::{assert_err, assert_ok}; + pub(crate) use polkadot_runtime::{governance::pallet_custom_origins::Origin, Dmp}; + pub(crate) use sp_runtime::{traits::Dispatchable, DispatchError}; + pub(crate) use xcm::{latest::prelude::*, VersionedLocation, VersionedXcm}; -/// CollectivesPolkadot dispatches `pallet_xcm::send` with `OriginKind:Xcm` to the dest with encoded -/// whitelist call. -pub fn collectives_send_whitelist( - dest: Location, - encoded_whitelist_call: impl FnOnce() -> Vec, -) { - CollectivesPolkadot::execute_with(|| { - type RuntimeEvent = ::RuntimeEvent; - type RuntimeCall = ::RuntimeCall; - type RuntimeOrigin = ::RuntimeOrigin; - type Runtime = ::Runtime; + pub(crate) use polkadot_system_emulated_network::{ + AssetHubPolkadotPara as AssetHubPolkadot, BridgeHubPolkadotPara as BridgeHubPolkadot, + CollectivesPolkadotPara as CollectivesPolkadot, CoretimePolkadotPara as CoretimePolkadot, + PeoplePolkadotPara as PeoplePolkadot, PolkadotRelay as Polkadot, + }; +} - let whitelist_call = RuntimeCall::PolkadotXcm(pallet_xcm::Call::::send { - dest: bx!(VersionedLocation::from(dest)), - message: bx!(VersionedXcm::from(Xcm(vec![ - UnpaidExecution { weight_limit: Unlimited, check_origin: None }, - Transact { - origin_kind: OriginKind::Xcm, - fallback_max_weight: None, - call: encoded_whitelist_call().into(), - } - ]))), - }); +#[cfg(test)] +mod common; - use collectives_polkadot_runtime::fellowship::pallet_fellowship_origins::Origin::Fellows as FellowsOrigin; - let fellows_origin: RuntimeOrigin = FellowsOrigin.into(); - assert_ok!(whitelist_call.dispatch(fellows_origin)); - assert_expected_events!( - CollectivesPolkadot, - vec![ - RuntimeEvent::PolkadotXcm(pallet_xcm::Event::Sent { .. }) => {}, - ] - ); - }); -} +#[cfg(test)] +mod open_gov_on_asset_hub; + +#[cfg(test)] +mod open_gov_on_relay; diff --git a/integration-tests/emulated/tests/governance/polkadot/src/open_gov_on_asset_hub.rs b/integration-tests/emulated/tests/governance/polkadot/src/open_gov_on_asset_hub.rs new file mode 100644 index 0000000000..77d0be7357 --- /dev/null +++ b/integration-tests/emulated/tests/governance/polkadot/src/open_gov_on_asset_hub.rs @@ -0,0 +1,301 @@ +// Copyright (C) Parity Technologies (UK) Ltd. +// SPDX-License-Identifier: Apache-2.0 + +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +use crate::{common::*, imports::*}; + +use asset_hub_polkadot_runtime::governance::pallet_custom_origins::Origin; + +#[test] +fn assethub_can_authorize_upgrade_for_itself() { + let code_hash = [1u8; 32].into(); + type AssetHubRuntime = ::Runtime; + type AssetHubRuntimeCall = ::RuntimeCall; + type AssetHubRuntimeOrigin = ::RuntimeOrigin; + + let authorize_upgrade = + AssetHubRuntimeCall::Utility(pallet_utility::Call::::force_batch { + calls: vec![AssetHubRuntimeCall::System(frame_system::Call::authorize_upgrade { + code_hash, + })], + }); + + // bad origin + let invalid_origin: AssetHubRuntimeOrigin = Origin::StakingAdmin.into(); + // ok origin + let ok_origin: AssetHubRuntimeOrigin = Origin::WhitelistedCaller.into(); + + let call_hash = call_hash_of::(&authorize_upgrade); + + // Err - when dispatch non-whitelisted + assert_err!( + dispatch_whitelisted_call_with_preimage::( + authorize_upgrade.clone(), + ok_origin.clone() + ), + DispatchError::Module(sp_runtime::ModuleError { + index: 64, + error: [3, 0, 0, 0], + message: Some("CallIsNotWhitelisted") + }) + ); + + // whitelist + collectives_send_whitelist( + CollectivesPolkadot::sibling_location_of(::para_id()), + || { + AssetHubRuntimeCall::Whitelist( + pallet_whitelist::Call::::whitelist_call { call_hash }, + ) + .encode() + }, + ); + AssetHubPolkadot::execute_with(|| { + assert_whitelisted!(AssetHubPolkadot, call_hash); + }); + + // Err - when dispatch wrong origin + assert_err!( + dispatch_whitelisted_call_with_preimage::( + authorize_upgrade.clone(), + invalid_origin + ), + DispatchError::BadOrigin + ); + + // check before + AssetHubPolkadot::execute_with(|| { + assert!(::System::authorized_upgrade().is_none()) + }); + + // ok - authorized + assert_ok!(dispatch_whitelisted_call_with_preimage::( + authorize_upgrade, + ok_origin + )); + + // check after - authorized + AssetHubPolkadot::execute_with(|| { + assert_eq!( + ::System::authorized_upgrade().unwrap().code_hash(), + &code_hash + ) + }); +} + +#[test] +fn assethub_can_authorize_upgrade_for_relay_chain() { + type AssetHubRuntime = ::Runtime; + type AssetHubRuntimeCall = ::RuntimeCall; + type AssetHubRuntimeOrigin = ::RuntimeOrigin; + + let code_hash = [1u8; 32].into(); + + let authorize_upgrade = + AssetHubRuntimeCall::Utility(pallet_utility::Call::::force_batch { + calls: vec![build_xcm_send_authorize_upgrade_call::( + AssetHubPolkadot::parent_location(), + &code_hash, + None, + )], + }); + + // bad origin + let invalid_origin: AssetHubRuntimeOrigin = Origin::StakingAdmin.into(); + // ok origin + let ok_origin: AssetHubRuntimeOrigin = Origin::WhitelistedCaller.into(); + + let call_hash = call_hash_of::(&authorize_upgrade); + + // Err - when dispatch non-whitelisted + assert_err!( + dispatch_whitelisted_call_with_preimage::( + authorize_upgrade.clone(), + ok_origin.clone() + ), + DispatchError::Module(sp_runtime::ModuleError { + index: 64, + error: [3, 0, 0, 0], + message: Some("CallIsNotWhitelisted") + }) + ); + + // whitelist + collectives_send_whitelist( + CollectivesPolkadot::sibling_location_of(::para_id()), + || { + AssetHubRuntimeCall::Whitelist( + pallet_whitelist::Call::::whitelist_call { call_hash }, + ) + .encode() + }, + ); + AssetHubPolkadot::execute_with(|| { + assert_whitelisted!(AssetHubPolkadot, call_hash); + }); + + // Err - when dispatch wrong origin + assert_err!( + dispatch_whitelisted_call_with_preimage::( + authorize_upgrade.clone(), + invalid_origin + ), + DispatchError::BadOrigin + ); + + // check before + Polkadot::execute_with(|| assert!(::System::authorized_upgrade().is_none())); + + // ok - authorized + assert_ok!(dispatch_whitelisted_call_with_preimage::( + authorize_upgrade, + ok_origin + )); + + // check after - authorized + Polkadot::execute_with(|| { + assert_eq!( + ::System::authorized_upgrade().unwrap().code_hash(), + &code_hash + ) + }); +} + +#[test] +fn assethub_can_authorize_upgrade_for_system_chains() { + type AssetHubRuntime = ::Runtime; + type AssetHubRuntimeCall = ::RuntimeCall; + type AssetHubRuntimeOrigin = ::RuntimeOrigin; + + let code_hash_bridge_hub = [2u8; 32].into(); + let code_hash_collectives = [3u8; 32].into(); + let code_hash_coretime = [4u8; 32].into(); + let code_hash_people = [5u8; 32].into(); + + let authorize_upgrade = + AssetHubRuntimeCall::Utility(pallet_utility::Call::::force_batch { + calls: vec![ + build_xcm_send_authorize_upgrade_call::( + AssetHubPolkadot::sibling_location_of(BridgeHubPolkadot::para_id()), + &code_hash_bridge_hub, + None, + ), + build_xcm_send_authorize_upgrade_call::( + AssetHubPolkadot::sibling_location_of(CollectivesPolkadot::para_id()), + &code_hash_collectives, + None, + ), + build_xcm_send_authorize_upgrade_call::( + AssetHubPolkadot::sibling_location_of(CoretimePolkadot::para_id()), + &code_hash_coretime, + None, + ), + build_xcm_send_authorize_upgrade_call::( + AssetHubPolkadot::sibling_location_of(PeoplePolkadot::para_id()), + &code_hash_people, + None, + ), + ], + }); + + // bad origin + let invalid_origin: AssetHubRuntimeOrigin = Origin::StakingAdmin.into(); + // ok origin + let ok_origin: AssetHubRuntimeOrigin = Origin::WhitelistedCaller.into(); + + let call_hash = call_hash_of::(&authorize_upgrade); + + // Err - when dispatch non-whitelisted + assert_err!( + dispatch_whitelisted_call_with_preimage::( + authorize_upgrade.clone(), + ok_origin.clone() + ), + DispatchError::Module(sp_runtime::ModuleError { + index: 64, + error: [3, 0, 0, 0], + message: Some("CallIsNotWhitelisted") + }) + ); + + // whitelist + collectives_send_whitelist( + CollectivesPolkadot::sibling_location_of(::para_id()), + || { + AssetHubRuntimeCall::Whitelist( + pallet_whitelist::Call::::whitelist_call { call_hash }, + ) + .encode() + }, + ); + AssetHubPolkadot::execute_with(|| { + assert_whitelisted!(AssetHubPolkadot, call_hash); + }); + + // Err - when dispatch wrong origin + assert_err!( + dispatch_whitelisted_call_with_preimage::( + authorize_upgrade.clone(), + invalid_origin + ), + DispatchError::BadOrigin + ); + + // check before + BridgeHubPolkadot::execute_with(|| { + assert!(::System::authorized_upgrade().is_none()) + }); + CollectivesPolkadot::execute_with(|| { + assert!(::System::authorized_upgrade().is_none()) + }); + CoretimePolkadot::execute_with(|| { + assert!(::System::authorized_upgrade().is_none()) + }); + PeoplePolkadot::execute_with(|| { + assert!(::System::authorized_upgrade().is_none()) + }); + + // ok - authorized + assert_ok!(dispatch_whitelisted_call_with_preimage::( + authorize_upgrade, + ok_origin + )); + + // check after - authorized + BridgeHubPolkadot::execute_with(|| { + assert_eq!( + ::System::authorized_upgrade().unwrap().code_hash(), + &code_hash_bridge_hub + ) + }); + CollectivesPolkadot::execute_with(|| { + assert_eq!( + ::System::authorized_upgrade() + .unwrap() + .code_hash(), + &code_hash_collectives + ) + }); + CoretimePolkadot::execute_with(|| { + assert_eq!( + ::System::authorized_upgrade().unwrap().code_hash(), + &code_hash_coretime + ) + }); + PeoplePolkadot::execute_with(|| { + assert_eq!( + ::System::authorized_upgrade().unwrap().code_hash(), + &code_hash_people + ) + }); +} diff --git a/integration-tests/emulated/tests/governance/polkadot/src/open_gov_on_relay.rs b/integration-tests/emulated/tests/governance/polkadot/src/open_gov_on_relay.rs index e44ca2e0d7..7044a6c6b6 100644 --- a/integration-tests/emulated/tests/governance/polkadot/src/open_gov_on_relay.rs +++ b/integration-tests/emulated/tests/governance/polkadot/src/open_gov_on_relay.rs @@ -12,25 +12,7 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. -use crate::*; -use codec::Encode; -use emulated_integration_tests_common::{ - assert_whitelisted, - impls::RelayChain, - xcm_emulator::{Chain, Parachain, TestExt}, - xcm_helpers::{ - build_xcm_send_authorize_upgrade_call, call_hash_of, - dispatch_whitelisted_call_with_preimage, - }, -}; -use frame_support::assert_err; -use polkadot_runtime::{governance::pallet_custom_origins::Origin, Dmp}; -use polkadot_system_emulated_network::{ - AssetHubPolkadotPara as AssetHubPolkadot, BridgeHubPolkadotPara as BridgeHubPolkadot, - CoretimePolkadotPara as CoretimePolkadot, PeoplePolkadotPara as PeoplePolkadot, - PolkadotRelay as Polkadot, -}; -use sp_runtime::DispatchError; +use crate::{common::*, imports::*}; #[test] fn relaychain_can_authorize_upgrade_for_itself() { @@ -213,13 +195,13 @@ fn relaychain_can_authorize_upgrade_for_system_chains() { // ok - authorized assert_ok!(dispatch_whitelisted_call_with_preimage::(authorize_upgrade, ok_origin)); + // check after - authorized AssetHubPolkadot::execute_with(|| { assert_eq!( ::System::authorized_upgrade().unwrap().code_hash(), &code_hash_asset_hub ) }); - // check after - authorized BridgeHubPolkadot::execute_with(|| { assert_eq!( ::System::authorized_upgrade().unwrap().code_hash(), diff --git a/integration-tests/emulated/tests/people/people-kusama/Cargo.toml b/integration-tests/emulated/tests/people/people-kusama/Cargo.toml index d3d4e4af42..90c6d7500d 100644 --- a/integration-tests/emulated/tests/people/people-kusama/Cargo.toml +++ b/integration-tests/emulated/tests/people/people-kusama/Cargo.toml @@ -31,6 +31,7 @@ asset-test-utils = { workspace = true } cumulus-pallet-parachain-system = { workspace = true, default-features = true } # Local +asset-hub-kusama-runtime = { workspace = true } kusama-runtime-constants = { workspace = true, default-features = true } kusama-runtime = { workspace = true } integration-tests-helpers = { workspace = true } @@ -39,6 +40,7 @@ kusama-system-emulated-network = { workspace = true } [features] runtime-benchmarks = [ + "asset-hub-kusama-runtime/runtime-benchmarks", "cumulus-pallet-parachain-system/runtime-benchmarks", "frame-support/runtime-benchmarks", "integration-tests-helpers/runtime-benchmarks", diff --git a/integration-tests/emulated/tests/people/people-kusama/src/tests/governance.rs b/integration-tests/emulated/tests/people/people-kusama/src/tests/governance.rs index a1d8ee136b..2b11e95570 100644 --- a/integration-tests/emulated/tests/people/people-kusama/src/tests/governance.rs +++ b/integration-tests/emulated/tests/people/people-kusama/src/tests/governance.rs @@ -14,9 +14,10 @@ // limitations under the License. use crate::*; +use asset_hub_kusama_runtime::governance::pallet_custom_origins::Origin::GeneralAdmin as GeneralAdminOriginFromAssetHub; use emulated_integration_tests_common::accounts::{ALICE, BOB}; use frame_support::sp_runtime::traits::Dispatchable; -use kusama_runtime::governance::pallet_custom_origins::Origin::GeneralAdmin as GeneralAdminOrigin; +use kusama_runtime::governance::pallet_custom_origins::Origin::GeneralAdmin as GeneralAdminOriginFromRelay; use kusama_system_emulated_network::kusama_emulated_chain::kusama_runtime::Dmp; use pallet_identity::Data; use people_kusama_runtime::people::IdentityInfo; @@ -24,7 +25,7 @@ use people_kusama_runtime::people::IdentityInfo; #[test] fn relay_commands_add_registrar() { let origins = vec![ - (OriginKind::Xcm, GeneralAdminOrigin.into()), + (OriginKind::Xcm, GeneralAdminOriginFromRelay.into()), (OriginKind::Superuser, ::RuntimeOrigin::root()), ]; for (origin_kind, origin) in origins { @@ -78,6 +79,62 @@ fn relay_commands_add_registrar() { } } +#[test] +fn asset_hub_commands_add_registrar() { + let origins = vec![ + (OriginKind::Xcm, GeneralAdminOriginFromAssetHub.into()), + (OriginKind::Superuser, ::RuntimeOrigin::root()), + ]; + for (origin_kind, origin) in origins { + let registrar: AccountId = [1; 32].into(); + AssetHubKusama::execute_with(|| { + type Runtime = ::Runtime; + type RuntimeCall = ::RuntimeCall; + type RuntimeEvent = ::RuntimeEvent; + type PeopleCall = ::RuntimeCall; + type PeopleRuntime = ::Runtime; + + let add_registrar_call = + PeopleCall::Identity(pallet_identity::Call::::add_registrar { + account: registrar.into(), + }); + + let xcm_message = RuntimeCall::PolkadotXcm(pallet_xcm::Call::::send { + dest: bx!(VersionedLocation::from(Location::new(1, [Parachain(1004)]))), + message: bx!(VersionedXcm::from(Xcm(vec![ + UnpaidExecution { weight_limit: Unlimited, check_origin: None }, + Transact { + origin_kind, + fallback_max_weight: None, + call: add_registrar_call.encode().into(), + } + ]))), + }); + + assert_ok!(xcm_message.dispatch(origin)); + + assert_expected_events!( + AssetHubKusama, + vec![ + RuntimeEvent::PolkadotXcm(pallet_xcm::Event::Sent { .. }) => {}, + ] + ); + }); + + PeopleKusama::execute_with(|| { + type RuntimeEvent = ::RuntimeEvent; + + assert_expected_events!( + PeopleKusama, + vec![ + RuntimeEvent::Identity(pallet_identity::Event::RegistrarAdded { .. }) => {}, + RuntimeEvent::MessageQueue(pallet_message_queue::Event::Processed { success: true, .. }) => {}, + ] + ); + }); + } +} + #[test] fn relay_commands_add_registrar_wrong_origin() { let people_kusama_alice = PeopleKusama::account_id_of(ALICE); @@ -280,7 +337,7 @@ fn relay_commands_add_remove_username_authority() { let people_kusama_bob = PeopleKusama::account_id_of(BOB); let origins = vec![ - (OriginKind::Xcm, GeneralAdminOrigin.into(), "generaladmin.suffix1"), + (OriginKind::Xcm, GeneralAdminOriginFromRelay.into(), "generaladmin.suffix1"), (OriginKind::Superuser, ::RuntimeOrigin::root(), "rootusername.suffix1"), ]; for (origin_kind, origin, usr) in origins { @@ -398,10 +455,7 @@ fn relay_commands_add_remove_username_authority() { UnpaidExecution { weight_limit: Unlimited, check_origin: None }, Transact { origin_kind, - // TODO: - // this and all other references to `require_weight_at_most` can be - // removed once XCMv5 is in use. - fallback_max_weight: Some(Weight::from_parts(500_000_000, 500_000)), + fallback_max_weight: None, call: remove_username_authority.encode().into(), } ]))), diff --git a/integration-tests/emulated/tests/people/people-polkadot/Cargo.toml b/integration-tests/emulated/tests/people/people-polkadot/Cargo.toml index 04660bc170..2970e3ada2 100644 --- a/integration-tests/emulated/tests/people/people-polkadot/Cargo.toml +++ b/integration-tests/emulated/tests/people/people-polkadot/Cargo.toml @@ -31,6 +31,7 @@ asset-test-utils = { workspace = true } cumulus-pallet-parachain-system = { workspace = true, default-features = true } # Local +asset-hub-polkadot-runtime = { workspace = true } polkadot-runtime-constants = { workspace = true, default-features = true } polkadot-runtime = { workspace = true } integration-tests-helpers = { workspace = true } @@ -39,6 +40,7 @@ polkadot-system-emulated-network = { workspace = true } [features] runtime-benchmarks = [ + "asset-hub-polkadot-runtime/runtime-benchmarks", "cumulus-pallet-parachain-system/runtime-benchmarks", "frame-support/runtime-benchmarks", "integration-tests-helpers/runtime-benchmarks", diff --git a/integration-tests/emulated/tests/people/people-polkadot/src/tests/governance.rs b/integration-tests/emulated/tests/people/people-polkadot/src/tests/governance.rs index 7d8c6d054d..764700bc2a 100644 --- a/integration-tests/emulated/tests/people/people-polkadot/src/tests/governance.rs +++ b/integration-tests/emulated/tests/people/people-polkadot/src/tests/governance.rs @@ -14,17 +14,18 @@ // limitations under the License. use crate::*; +use asset_hub_polkadot_runtime::governance::pallet_custom_origins::Origin::GeneralAdmin as GeneralAdminOriginFromAssetHub; use emulated_integration_tests_common::accounts::{ALICE, BOB}; use frame_support::sp_runtime::traits::Dispatchable; use pallet_identity::Data; use people_polkadot_runtime::people::IdentityInfo; -use polkadot_runtime::governance::pallet_custom_origins::Origin::GeneralAdmin as GeneralAdminOrigin; +use polkadot_runtime::governance::pallet_custom_origins::Origin::GeneralAdmin as GeneralAdminOriginFromRelay; use polkadot_system_emulated_network::polkadot_emulated_chain::polkadot_runtime::Dmp; #[test] fn relay_commands_add_registrar() { let origins = vec![ - (OriginKind::Xcm, GeneralAdminOrigin.into()), + (OriginKind::Xcm, GeneralAdminOriginFromRelay.into()), (OriginKind::Superuser, ::RuntimeOrigin::root()), ]; for (origin_kind, origin) in origins { @@ -78,6 +79,62 @@ fn relay_commands_add_registrar() { } } +#[test] +fn asset_hub_commands_add_registrar() { + let origins = vec![ + (OriginKind::Xcm, GeneralAdminOriginFromAssetHub.into()), + (OriginKind::Superuser, ::RuntimeOrigin::root()), + ]; + for (origin_kind, origin) in origins { + let registrar: AccountId = [1; 32].into(); + AssetHubPolkadot::execute_with(|| { + type Runtime = ::Runtime; + type RuntimeCall = ::RuntimeCall; + type RuntimeEvent = ::RuntimeEvent; + type PeopleCall = ::RuntimeCall; + type PeopleRuntime = ::Runtime; + + let add_registrar_call = + PeopleCall::Identity(pallet_identity::Call::::add_registrar { + account: registrar.into(), + }); + + let xcm_message = RuntimeCall::PolkadotXcm(pallet_xcm::Call::::send { + dest: bx!(VersionedLocation::from(Location::new(1, [Parachain(1004)]))), + message: bx!(VersionedXcm::from(Xcm(vec![ + UnpaidExecution { weight_limit: Unlimited, check_origin: None }, + Transact { + origin_kind, + fallback_max_weight: None, + call: add_registrar_call.encode().into(), + } + ]))), + }); + + assert_ok!(xcm_message.dispatch(origin)); + + assert_expected_events!( + AssetHubPolkadot, + vec![ + RuntimeEvent::PolkadotXcm(pallet_xcm::Event::Sent { .. }) => {}, + ] + ); + }); + + PeoplePolkadot::execute_with(|| { + type RuntimeEvent = ::RuntimeEvent; + + assert_expected_events!( + PeoplePolkadot, + vec![ + RuntimeEvent::Identity(pallet_identity::Event::RegistrarAdded { .. }) => {}, + RuntimeEvent::MessageQueue(pallet_message_queue::Event::Processed { success: true, .. }) => {}, + ] + ); + }); + } +} + #[test] fn relay_commands_add_registrar_wrong_origin() { let people_polkadot_alice = PeoplePolkadot::account_id_of(ALICE); @@ -284,7 +341,7 @@ fn relay_commands_add_remove_username_authority() { let people_polkadot_bob = PeoplePolkadot::account_id_of(BOB); let origins = vec![ - (OriginKind::Xcm, GeneralAdminOrigin.into(), "generaladmin.suffix1"), + (OriginKind::Xcm, GeneralAdminOriginFromRelay.into(), "generaladmin.suffix1"), (OriginKind::Superuser, ::RuntimeOrigin::root(), "rootusername.suffix1"), ]; for (origin_kind, origin, usr) in origins { diff --git a/relay/common/Cargo.toml b/relay/common/Cargo.toml index 94aea0ee87..abdbb864ac 100644 --- a/relay/common/Cargo.toml +++ b/relay/common/Cargo.toml @@ -16,7 +16,6 @@ sp-runtime = { workspace = true } polkadot-primitives = { workspace = true } pallet-staking-reward-fn = { workspace = true } - [features] default = ["std"] std = [ diff --git a/relay/kusama/constants/Cargo.toml b/relay/kusama/constants/Cargo.toml index d696045292..de4e95788f 100644 --- a/relay/kusama/constants/Cargo.toml +++ b/relay/kusama/constants/Cargo.toml @@ -20,6 +20,7 @@ sp-core = { workspace = true } sp-trie = { workspace = true, optional = true } pallet-remote-proxy = { workspace = true } +xcm = { workspace = true } xcm-builder = { workspace = true } [features] @@ -36,6 +37,7 @@ std = [ "sp-trie?/std", "sp-weights/std", "xcm-builder/std", + "xcm/std", ] fast-runtime = [] runtime-benchmarks = [ @@ -46,4 +48,5 @@ runtime-benchmarks = [ "sp-runtime/runtime-benchmarks", "sp-trie", "xcm-builder/runtime-benchmarks", + "xcm/runtime-benchmarks", ] diff --git a/relay/kusama/constants/src/lib.rs b/relay/kusama/constants/src/lib.rs index a40039952f..a2d5b7b120 100644 --- a/relay/kusama/constants/src/lib.rs +++ b/relay/kusama/constants/src/lib.rs @@ -267,6 +267,16 @@ pub mod proxy { } } +/// XCM protocol related constants. +pub mod xcm { + /// Pluralistic bodies existing within the consensus. + pub mod body { + // The body corresponding to the Kusama OpenGov FellowshipAdmin Origin. + pub const KUSAMA_FELLOWSHIP_ADMIN_BODY_ID: xcm::latest::BodyId = + xcm::latest::BodyId::Moniker([b'k', b'f', b'a', b'b']); + } +} + #[cfg(test)] mod tests { use super::{ diff --git a/relay/kusama/src/governance/fellowship.rs b/relay/kusama/src/governance/fellowship.rs index 1b07e621f4..79a2a2ba53 100644 --- a/relay/kusama/src/governance/fellowship.rs +++ b/relay/kusama/src/governance/fellowship.rs @@ -33,6 +33,7 @@ parameter_types! { pub const AlarmInterval: BlockNumber = 1; pub const SubmissionDeposit: Balance = 0; pub const UndecidingTimeout: BlockNumber = 7 * DAYS; + pub const FellowshipAdminBodyId: BodyId = kusama_runtime_constants::xcm::body::KUSAMA_FELLOWSHIP_ADMIN_BODY_ID; } const TRACKS_DATA: [pallet_referenda::Track; 10] = [ @@ -340,7 +341,15 @@ impl pallet_ranked_collective::Config for Runtime type PromoteOrigin = EitherOf< frame_system::EnsureRootWithSuccess>, EitherOf< - MapSuccess>>, + EitherOf< + // Allow FellowshipAdmin from OpenGov on RC + MapSuccess>>, + // Allow FellowshipAdmin from OpenGov on AH + MapSuccess< + EnsureXcm>, + Replace>, + >, + >, TryMapSuccess>>, >, >; @@ -351,7 +360,15 @@ impl pallet_ranked_collective::Config for Runtime type DemoteOrigin = EitherOf< frame_system::EnsureRootWithSuccess>, EitherOf< - MapSuccess>>, + EitherOf< + // Allow FellowshipAdmin from OpenGov on RC + MapSuccess>>, + // Allow FellowshipAdmin from OpenGov on AH + MapSuccess< + EnsureXcm>, + Replace>, + >, + >, TryMapSuccess>>, >, >; diff --git a/relay/kusama/src/lib.rs b/relay/kusama/src/lib.rs index 209c04630c..c208e9f605 100644 --- a/relay/kusama/src/lib.rs +++ b/relay/kusama/src/lib.rs @@ -73,7 +73,7 @@ use pallet_session::historical as session_historical; use pallet_staking::UseValidatorsMap; use pallet_transaction_payment::{FeeDetails, FungibleAdapter, RuntimeDispatchInfo}; use pallet_treasury::TreasuryAccountId; -use pallet_xcm::EnsureXcm; +use pallet_xcm::{EnsureXcm, IsVoiceOfBody}; use polkadot_primitives::{ slashing, vstaging::{ @@ -134,7 +134,7 @@ use sp_version::NativeVersion; use sp_version::RuntimeVersion; use xcm::prelude::*; use xcm_builder::PayOverXcm; -use xcm_config::AssetHubLocation; +use xcm_config::{AssetHubLocation, GeneralAdminBodyId, StakingAdminBodyId}; use xcm_runtime_apis::{ dry_run::{CallDryRunEffects, Error as XcmDryRunApiError, XcmDryRunEffects}, fees::Error as XcmPaymentApiError, @@ -656,7 +656,10 @@ impl pallet_election_provider_multi_phase::Config for Runtime { (), >; type BenchmarkingConfig = polkadot_runtime_common::elections::BenchmarkConfig; - type ForceOrigin = EitherOf, StakingAdmin>; + type ForceOrigin = EitherOfDiverse< + EitherOf, StakingAdmin>, + EnsureXcm>, + >; type WeightInfo = weights::pallet_election_provider_multi_phase::WeightInfo; type MaxWinners = MaxWinnersPerPage; type ElectionBounds = ElectionBounds; @@ -869,7 +872,10 @@ impl pallet_staking::Config for Runtime { type SessionsPerEra = SessionsPerEra; type BondingDuration = BondingDuration; type SlashDeferDuration = SlashDeferDuration; - type AdminOrigin = EitherOf, StakingAdmin>; + type AdminOrigin = EitherOfDiverse< + EitherOf, StakingAdmin>, + EnsureXcm>, + >; type SessionInterface = Self; type EraPayout = EraPayout; type NextNewSession = Session; @@ -1510,7 +1516,10 @@ parameter_types! { impl parachains_hrmp::Config for Runtime { type RuntimeOrigin = RuntimeOrigin; type RuntimeEvent = RuntimeEvent; - type ChannelManager = EitherOf, GeneralAdmin>; + type ChannelManager = EitherOfDiverse< + EitherOf, GeneralAdmin>, + EnsureXcm>, + >; type Currency = Balances; // Use the `HrmpChannelSizeAndCapacityWithSystemRatio` ratio from the actual active // `HostConfiguration` configuration for `hrmp_channel_max_message_size` and diff --git a/relay/kusama/src/xcm_config.rs b/relay/kusama/src/xcm_config.rs index 4de2afb6ac..cc2d6a5a4f 100644 --- a/relay/kusama/src/xcm_config.rs +++ b/relay/kusama/src/xcm_config.rs @@ -177,6 +177,13 @@ impl Contains for LocalPlurality { } } +pub struct AssetHubPlurality; +impl Contains for AssetHubPlurality { + fn contains(loc: &Location) -> bool { + matches!(loc.unpack(), (0, [Parachain(ASSET_HUB_ID), Plurality { .. }])) + } +} + /// The barriers one of which must be passed for an XCM message to be executed. pub type Barrier = TrailingSetTopicAsId<( // Weight that is paid for may be consumed. @@ -188,7 +195,7 @@ pub type Barrier = TrailingSetTopicAsId<( // If the message is one that immediately attempts to pay for execution, then allow it. AllowTopLevelPaidExecutionFrom, // Messages coming from system parachains need not pay for execution. - AllowExplicitUnpaidExecutionFrom>, + AllowExplicitUnpaidExecutionFrom<(IsChildSystemParachain, AssetHubPlurality)>, // Subscriptions for version tracking are OK. AllowSubscriptionsFrom, ), diff --git a/relay/polkadot/src/lib.rs b/relay/polkadot/src/lib.rs index a96e910a21..9ffc8064f9 100644 --- a/relay/polkadot/src/lib.rs +++ b/relay/polkadot/src/lib.rs @@ -129,7 +129,9 @@ use sp_version::NativeVersion; use sp_version::RuntimeVersion; use xcm::prelude::*; use xcm_builder::PayOverXcm; -use xcm_config::{AssetHubLocation, CollectivesLocation, FellowsBodyId}; +use xcm_config::{ + AssetHubLocation, CollectivesLocation, FellowsBodyId, GeneralAdminBodyId, StakingAdminBodyId, +}; use xcm_runtime_apis::{ dry_run::{CallDryRunEffects, Error as XcmDryRunApiError, XcmDryRunEffects}, fees::Error as XcmPaymentApiError, @@ -642,7 +644,10 @@ impl pallet_election_provider_multi_phase::Config for Runtime { (), >; type BenchmarkingConfig = polkadot_runtime_common::elections::BenchmarkConfig; - type ForceOrigin = EitherOf, StakingAdmin>; + type ForceOrigin = EitherOfDiverse< + EitherOf, StakingAdmin>, + EnsureXcm>, + >; type WeightInfo = weights::pallet_election_provider_multi_phase::WeightInfo; type ElectionBounds = ElectionBounds; } @@ -741,7 +746,10 @@ impl pallet_staking::Config for Runtime { type SessionsPerEra = SessionsPerEra; type BondingDuration = BondingDuration; type SlashDeferDuration = SlashDeferDuration; - type AdminOrigin = EitherOf, StakingAdmin>; + type AdminOrigin = EitherOfDiverse< + EitherOf, StakingAdmin>, + EnsureXcm>, + >; type SessionInterface = Self; type EraPayout = EraPayout; type MaxExposurePageSize = MaxExposurePageSize; @@ -1313,7 +1321,10 @@ parameter_types! { impl parachains_hrmp::Config for Runtime { type RuntimeOrigin = RuntimeOrigin; type RuntimeEvent = RuntimeEvent; - type ChannelManager = EitherOf, GeneralAdmin>; + type ChannelManager = EitherOfDiverse< + EitherOf, GeneralAdmin>, + EnsureXcm>, + >; type Currency = Balances; // Use the `HrmpChannelSizeAndCapacityWithSystemRatio` ratio from the actual active // `HostConfiguration` configuration for `hrmp_channel_max_message_size` and diff --git a/relay/polkadot/src/xcm_config.rs b/relay/polkadot/src/xcm_config.rs index c08c2da968..44148491ea 100644 --- a/relay/polkadot/src/xcm_config.rs +++ b/relay/polkadot/src/xcm_config.rs @@ -41,7 +41,7 @@ use xcm_builder::{ AllowKnownQueryResponses, AllowSubscriptionsFrom, AllowTopLevelPaidExecutionFrom, Case, ChildParachainAsNative, ChildParachainConvertsVia, DescribeAllTerminal, DescribeFamily, FrameTransactionalProcessor, FungibleAdapter, HashedDescription, IsChildSystemParachain, - IsConcrete, MintLocation, OriginToPluralityVoice, SendXcmFeeToAccount, + IsConcrete, LocationAsSuperuser, MintLocation, OriginToPluralityVoice, SendXcmFeeToAccount, SignedAccountId32AsNative, SignedToAccountId32, SovereignSignedViaLocation, TakeWeightCredit, TrailingSetTopicAsId, UsingComponents, WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, XcmFeeManagerFromComponents, @@ -111,6 +111,8 @@ type LocalOriginConverter = ( SignedAccountId32AsNative, // Xcm origins can be represented natively under the Xcm pallet's Xcm origin. XcmPassthrough, + // AssetHub can execute as root + LocationAsSuperuser, RuntimeOrigin>, ); parameter_types! { @@ -193,6 +195,13 @@ impl Contains for LocalPlurality { } } +pub struct AssetHubPlurality; +impl Contains for AssetHubPlurality { + fn contains(loc: &Location) -> bool { + matches!(loc.unpack(), (0, [Parachain(ASSET_HUB_ID), Plurality { .. }])) + } +} + /// The barriers one of which must be passed for an XCM message to be executed. pub type Barrier = TrailingSetTopicAsId<( // Weight that is paid for may be consumed. @@ -206,7 +215,11 @@ pub type Barrier = TrailingSetTopicAsId<( // Subscriptions for version tracking are OK. AllowSubscriptionsFrom, // Messages from system parachains or the Fellows plurality need not pay for execution. - AllowExplicitUnpaidExecutionFrom<(IsChildSystemParachain, Fellows)>, + AllowExplicitUnpaidExecutionFrom<( + IsChildSystemParachain, + Fellows, + AssetHubPlurality, + )>, ), UniversalLocation, ConstU32<8>, diff --git a/system-parachains/asset-hubs/asset-hub-kusama/src/ah_migration/call_filter.rs b/system-parachains/asset-hubs/asset-hub-kusama/src/ah_migration/call_filter.rs index df1296b624..3302ce0bc7 100644 --- a/system-parachains/asset-hubs/asset-hub-kusama/src/ah_migration/call_filter.rs +++ b/system-parachains/asset-hubs/asset-hub-kusama/src/ah_migration/call_filter.rs @@ -138,7 +138,7 @@ pub fn call_allowed_status( MultiBlockMigrations(..) => OFF, // has not calls Revive(..) => OFF, // TODO: OFF or ON? Parameters(..) => ON, - Society(..) => OFF, // migrating pallet + Society(..) => OFF, // migrating pallet }; // Exhaustive match. Compiler ensures that we did not miss any. diff --git a/system-parachains/asset-hubs/asset-hub-kusama/src/lib.rs b/system-parachains/asset-hubs/asset-hub-kusama/src/lib.rs index e5850b64cd..28e191701e 100644 --- a/system-parachains/asset-hubs/asset-hub-kusama/src/lib.rs +++ b/system-parachains/asset-hubs/asset-hub-kusama/src/lib.rs @@ -71,7 +71,7 @@ use frame_system::{ limits::{BlockLength, BlockWeights}, EnsureRoot, EnsureSigned, EnsureSignedBy, }; -use governance::{pallet_custom_origins, GeneralAdmin, StakingAdmin, Treasurer}; +use governance::{pallet_custom_origins, FellowshipAdmin, GeneralAdmin, StakingAdmin, Treasurer}; use kusama_runtime_constants::time::{DAYS as RC_DAYS, HOURS as RC_HOURS, MINUTES as RC_MINUTES}; use pallet_assets::precompiles::{InlineIdConfig, ERC20}; use pallet_nfts::PalletFeatures; @@ -1345,9 +1345,8 @@ impl EnsureOriginWithArg for DynamicParamet use crate::RuntimeParametersKey::*; match key { - Treasury(_) => { - EitherOf::, GeneralAdmin>::ensure_origin(origin.clone()) - }, + Treasury(_) => + EitherOf::, GeneralAdmin>::ensure_origin(origin.clone()), } .map_err(|_| origin) } diff --git a/system-parachains/asset-hubs/asset-hub-kusama/src/xcm_config.rs b/system-parachains/asset-hubs/asset-hub-kusama/src/xcm_config.rs index 4f869e6313..4513aa7fba 100644 --- a/system-parachains/asset-hubs/asset-hub-kusama/src/xcm_config.rs +++ b/system-parachains/asset-hubs/asset-hub-kusama/src/xcm_config.rs @@ -18,9 +18,9 @@ pub use TreasuryAccount as RelayTreasuryPalletAccount; use super::{ AccountId, AllPalletsWithSystem, AssetConversion, Assets, Balance, Balances, CollatorSelection, - GeneralAdmin, NativeAndAssets, ParachainInfo, ParachainSystem, PolkadotXcm, PoolAssets, - PriceForParentDelivery, Runtime, RuntimeCall, RuntimeEvent, RuntimeHoldReason, RuntimeOrigin, - StakingAdmin, ToPolkadotXcmRouter, WeightToFee, XcmpQueue, + FellowshipAdmin, GeneralAdmin, NativeAndAssets, ParachainInfo, ParachainSystem, PolkadotXcm, + PoolAssets, PriceForParentDelivery, Runtime, RuntimeCall, RuntimeEvent, RuntimeHoldReason, + RuntimeOrigin, StakingAdmin, ToPolkadotXcmRouter, WeightToFee, XcmpQueue, }; use crate::ForeignAssets; use alloc::{vec, vec::Vec}; @@ -277,6 +277,13 @@ impl Contains for ParentOrParentsPlurality { } } +pub struct LocalPlurality; +impl Contains for LocalPlurality { + fn contains(loc: &Location) -> bool { + matches!(loc.unpack(), (0, [Plurality { .. }])) + } +} + /// Location type to determine the Technical Fellowship related /// pallets for use in XCM. pub struct FellowshipEntities; @@ -327,6 +334,7 @@ pub type WaivedLocations = ( RelayOrOtherSystemParachains, Equals, FellowshipEntities, + LocalPlurality, ); /// Cases where a remote origin is accepted as trusted Teleporter for a given asset: @@ -445,6 +453,8 @@ parameter_types! { pub const FellowsBodyId: BodyId = BodyId::Technical; // `GeneralAdmin` pluralistic body. pub const GeneralAdminBodyId: BodyId = BodyId::Administration; + // `FellowshipAdmin` pluralistic body. + pub const FellowshipAdminBodyId: BodyId = kusama_runtime_constants::xcm::body::KUSAMA_FELLOWSHIP_ADMIN_BODY_ID; } /// Type to convert the `StakingAdmin` origin to a Plurality `Location` value. @@ -454,6 +464,9 @@ pub type StakingAdminToPlurality = /// Type to convert the `GeneralAdmin` origin to a Plurality `Location` value. pub type GeneralAdminToPlurality = OriginToPluralityVoice; +/// Type to convert the `FellowshipAdmin` origin to a Plurality `Location` value. +pub type FellowshipAdminToPlurality = + OriginToPluralityVoice; /// Converts a local signed origin into an XCM `Location`. /// Forms the basis for local origins sending/executing XCMs. @@ -466,6 +479,8 @@ pub type LocalPalletOrSignedOriginToLocation = ( GeneralAdminToPlurality, // StakingAdmin origin to be used in XCM as a corresponding Plurality `Location` value. StakingAdminToPlurality, + // FellowshipAdmin origin to be used in XCM as a corresponding Plurality `Location` value. + FellowshipAdminToPlurality, // And a usual Signed origin to be used in XCM as a corresponding `AccountId32`. SignedToAccountId32, ); diff --git a/system-parachains/asset-hubs/asset-hub-kusama/tests/tests.rs b/system-parachains/asset-hubs/asset-hub-kusama/tests/tests.rs index ade079686c..6779a57bd2 100644 --- a/system-parachains/asset-hubs/asset-hub-kusama/tests/tests.rs +++ b/system-parachains/asset-hubs/asset-hub-kusama/tests/tests.rs @@ -891,13 +891,12 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); - // no - random system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::new(1, Parachain(1002)))), + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), Either::Right(InstructionError { index: 1, error: XcmError::BadOrigin }) ); diff --git a/system-parachains/asset-hubs/asset-hub-polkadot/src/lib.rs b/system-parachains/asset-hubs/asset-hub-polkadot/src/lib.rs index 20323904ca..a16fc0f89e 100644 --- a/system-parachains/asset-hubs/asset-hub-polkadot/src/lib.rs +++ b/system-parachains/asset-hubs/asset-hub-polkadot/src/lib.rs @@ -85,7 +85,9 @@ use assets_common::{ use core::cmp::Ordering; use cumulus_pallet_parachain_system::{RelayNumberMonotonicallyIncreases, RelaychainDataProvider}; use cumulus_primitives_core::{AggregateMessageOrigin, ParaId}; -use governance::{pallet_custom_origins, Treasurer, TreasurySpender}; +use governance::{ + pallet_custom_origins, FellowshipAdmin, GeneralAdmin, StakingAdmin, Treasurer, TreasurySpender, +}; use polkadot_core_primitives::AccountIndex; use polkadot_runtime_constants::time::{DAYS as RC_DAYS, HOURS as RC_HOURS, MINUTES as RC_MINUTES}; use sp_api::impl_runtime_apis; @@ -156,8 +158,8 @@ use xcm::{ VersionedXcm, }; use xcm_config::{ - DotLocation, FellowshipLocation, ForeignAssetsConvertedConcreteId, GovernanceLocation, - LocationToAccountId, PoolAssetsConvertedConcreteId, StakingPot, + DotLocation, FellowshipLocation, ForeignAssetsConvertedConcreteId, LocationToAccountId, + PoolAssetsConvertedConcreteId, RelayChainLocation, StakingPot, TrustBackedAssetsConvertedConcreteId, TrustBackedAssetsPalletLocation, XcmOriginToTransactDispatchOrigin, }; @@ -572,7 +574,6 @@ impl InstanceFilter for ProxyType { RuntimeCall::Utility(_) | RuntimeCall::Multisig(_) | RuntimeCall::Proxy(_) | - RuntimeCall::Staking(_) | // TODO @ggwpez add more RuntimeCall::Staking(_) | RuntimeCall::Bounties(..) | @@ -875,7 +876,12 @@ parameter_types! { /// We allow root and the `StakingAdmin` to execute privileged collator selection operations. pub type CollatorSelectionUpdateOrigin = EitherOfDiverse< EnsureRoot, - EnsureXcm>, + EitherOfDiverse< + // Allow StakingAdmin from OpenGov on RC + EnsureXcm>, + // Allow StakingAdmin from OpenGov on AH (local) + StakingAdmin, + >, >; impl pallet_collator_selection::Config for Runtime { diff --git a/system-parachains/asset-hubs/asset-hub-polkadot/src/xcm_config.rs b/system-parachains/asset-hubs/asset-hub-polkadot/src/xcm_config.rs index b487100d23..b23a409b44 100644 --- a/system-parachains/asset-hubs/asset-hub-polkadot/src/xcm_config.rs +++ b/system-parachains/asset-hubs/asset-hub-polkadot/src/xcm_config.rs @@ -18,9 +18,10 @@ pub use TreasuryAccount as RelayTreasuryPalletAccount; use super::{ treasury, AccountId, AllPalletsWithSystem, AssetConversion, Assets, Balance, Balances, - CollatorSelection, ForeignAssets, NativeAndAssets, ParachainInfo, ParachainSystem, PolkadotXcm, - PoolAssets, PriceForParentDelivery, Runtime, RuntimeCall, RuntimeEvent, RuntimeHoldReason, - RuntimeOrigin, ToKusamaXcmRouter, WeightToFee, XcmpQueue, + CollatorSelection, FellowshipAdmin, ForeignAssets, GeneralAdmin, NativeAndAssets, + ParachainInfo, ParachainSystem, PolkadotXcm, PoolAssets, PriceForParentDelivery, Runtime, + RuntimeCall, RuntimeEvent, RuntimeHoldReason, RuntimeOrigin, StakingAdmin, ToKusamaXcmRouter, + Treasurer, WeightToFee, XcmpQueue, }; use alloc::{collections::BTreeSet, vec, vec::Vec}; use assets_common::{ @@ -45,7 +46,10 @@ use parachains_common::xcm_config::{ RelayOrOtherSystemParachains, }; use polkadot_parachain_primitives::primitives::Sibling; -use polkadot_runtime_constants::system_parachain; +use polkadot_runtime_constants::{ + system_parachain, + xcm::body::FELLOWSHIP_ADMIN_INDEX, +}; use snowbridge_outbound_queue_primitives::v2::exporter::PausableExporter; use sp_runtime::traits::TryConvertInto; use xcm::latest::prelude::*; @@ -56,16 +60,16 @@ use xcm_builder::{ DescribeAllTerminal, DescribeFamily, EnsureXcmOrigin, ExternalConsensusLocationsConverterFor, FrameTransactionalProcessor, FungibleAdapter, FungiblesAdapter, HashedDescription, IsConcrete, IsSiblingSystemParachain, LocalMint, MatchedConvertedConcreteId, MintLocation, NoChecking, - ParentAsSuperuser, ParentIsPreset, RelayChainAsNative, SendXcmFeeToAccount, - SiblingParachainAsNative, SiblingParachainConvertsVia, SignedAccountId32AsNative, - SignedToAccountId32, SingleAssetExchangeAdapter, SovereignSignedViaLocation, StartsWith, - StartsWithExplicitGlobalConsensus, TakeWeightCredit, TrailingSetTopicAsId, - UnpaidRemoteExporter, UsingComponents, WeightInfoBounds, WithComputedOrigin, - WithLatestLocationConverter, WithUniqueTopic, XcmFeeManagerFromComponents, + OriginToPluralityVoice, ParentAsSuperuser, ParentIsPreset, RelayChainAsNative, + SendXcmFeeToAccount, SiblingParachainAsNative, SiblingParachainConvertsVia, + SignedAccountId32AsNative, SignedToAccountId32, SingleAssetExchangeAdapter, + SovereignSignedViaLocation, StartsWith, StartsWithExplicitGlobalConsensus, TakeWeightCredit, + TrailingSetTopicAsId, UnpaidRemoteExporter, UsingComponents, WeightInfoBounds, + WithComputedOrigin, WithLatestLocationConverter, WithUniqueTopic, XcmFeeManagerFromComponents, }; use xcm_executor::{traits::ConvertLocation, XcmExecutor}; -pub use system_parachains_constants::polkadot::locations::GovernanceLocation; +pub use system_parachains_constants::polkadot::locations::{AssetHubLocation, RelayChainLocation}; parameter_types! { pub const RootLocation: Location = Location::here(); @@ -354,6 +358,13 @@ impl Contains for ParentOrParentsPlurality { } } +pub struct LocalPlurality; +impl Contains for LocalPlurality { + fn contains(loc: &Location) -> bool { + matches!(loc.unpack(), (0, [Plurality { .. }])) + } +} + pub type Barrier = TrailingSetTopicAsId< DenyThenTry< DenyReserveTransferToRelayChain, @@ -400,6 +411,7 @@ pub type WaivedLocations = ( FellowshipEntities, AmbassadorEntities, SecretaryEntities, + LocalPlurality, ); /// Cases where a remote origin is accepted as trusted Teleporter for a given asset: @@ -512,10 +524,52 @@ impl xcm_executor::Config for XcmConfig { type XcmEventEmitter = PolkadotXcm; } +parameter_types! { + // `GeneralAdmin` pluralistic body. + pub const GeneralAdminBodyId: BodyId = BodyId::Administration; + // StakingAdmin pluralistic body. + pub const StakingAdminBodyId: BodyId = BodyId::Defense; + // FellowshipAdmin pluralistic body. + pub const FellowshipAdminBodyId: BodyId = BodyId::Index(FELLOWSHIP_ADMIN_INDEX); + // `Treasurer` pluralistic body. + pub const TreasurerBodyId: BodyId = BodyId::Treasury; +} + +/// Type to convert the `GeneralAdmin` origin to a Plurality `Location` value. +pub type GeneralAdminToPlurality = + OriginToPluralityVoice; + +/// Type to convert the `StakingAdmin` origin to a Plurality `Location` value. +pub type StakingAdminToPlurality = + OriginToPluralityVoice; + +/// Type to convert the `FellowshipAdmin` origin to a Plurality `Location` value. +pub type FellowshipAdminToPlurality = + OriginToPluralityVoice; + +/// Type to convert the `Treasurer` origin to a Plurality `Location` value. +pub type TreasurerToPlurality = OriginToPluralityVoice; + /// Converts a local signed origin into an XCM `Location`. /// Forms the basis for local origins sending/executing XCMs. pub type LocalSignedOriginToLocation = SignedToAccountId32; +/// Type to convert a pallet `Origin` type value into a `Location` value which represents an +/// interior location of this chain for a destination chain. +pub type LocalPalletOrSignedOriginToLocation = ( + // GeneralAdmin origin to be used in XCM as a corresponding Plurality `Location` value. + GeneralAdminToPlurality, + // StakingAdmin origin to be used in XCM as a corresponding Plurality `Location` value. + StakingAdminToPlurality, + // FellowshipAdmin origin to be used in XCM as a corresponding Plurality `Location` value. + FellowshipAdminToPlurality, + // `Treasurer` origin to be used in XCM as a corresponding Plurality `Location` value. + TreasurerToPlurality, + // And a usual Signed origin to be used in XCM as a corresponding `AccountId32`. + SignedToAccountId32, +); + +/// For routing XCM messages which do not cross local consensus boundary. /// Use [`LocalXcmRouter`] instead. pub(crate) type LocalXcmRouterWithoutException = ( // Two routers - use UMP to communicate with the relay chain: @@ -573,7 +627,7 @@ parameter_types! { impl pallet_xcm::Config for Runtime { type RuntimeEvent = RuntimeEvent; // Any local signed origin can send XCM messages. - type SendXcmOrigin = EnsureXcmOrigin; + type SendXcmOrigin = EnsureXcmOrigin; type XcmRouter = XcmRouter; // Any local signed origin can execute XCM messages. type ExecuteXcmOrigin = EnsureXcmOrigin; diff --git a/system-parachains/asset-hubs/asset-hub-polkadot/tests/tests.rs b/system-parachains/asset-hubs/asset-hub-polkadot/tests/tests.rs index 210a04ea98..09462158fd 100644 --- a/system-parachains/asset-hubs/asset-hub-polkadot/tests/tests.rs +++ b/system-parachains/asset-hubs/asset-hub-polkadot/tests/tests.rs @@ -19,13 +19,14 @@ use asset_hub_polkadot_runtime::{ xcm_config::{ - bridging, CheckingAccount, DotLocation, GovernanceLocation, LocationToAccountId, + bridging, CheckingAccount, DotLocation, LocationToAccountId, RelayChainLocation, StakingPot, TrustBackedAssetsPalletLocation, XcmConfig, }, - AllPalletsWithoutSystem, AssetDeposit, Assets, Balances, Block, ExistentialDeposit, - ForeignAssets, ForeignAssetsInstance, MetadataDepositBase, MetadataDepositPerByte, - ParachainSystem, PolkadotXcm, Runtime, RuntimeCall, RuntimeEvent, RuntimeOrigin, SessionKeys, - ToKusamaXcmRouterInstance, TrustBackedAssetsInstance, XcmpQueue, SLOT_DURATION, + AllPalletsWithoutSystem, AssetConversion, AssetDeposit, Assets, Balances, Block, + ExistentialDeposit, ForeignAssets, ForeignAssetsInstance, MetadataDepositBase, + MetadataDepositPerByte, ParachainSystem, PolkadotXcm, Runtime, RuntimeCall, RuntimeEvent, + RuntimeOrigin, SessionKeys, ToKusamaXcmRouterInstance, TrustBackedAssetsInstance, XcmpQueue, + SLOT_DURATION, }; use asset_test_utils::{ include_create_and_manage_foreign_assets_for_local_consensus_parachain_assets_works, @@ -60,6 +61,11 @@ use xcm_runtime_apis::conversions::LocationToAccountHelper; const ALICE: [u8; 32] = [1u8; 32]; const SOME_ASSET_ADMIN: [u8; 32] = [5u8; 32]; +frame_support::parameter_types! { + // Local OpenGov + pub Governance: GovernanceOrigin = GovernanceOrigin::Origin(RuntimeOrigin::root()); +} + type AssetIdForTrustBackedAssetsConvertLatest = assets_common::AssetIdForTrustBackedAssetsConvert; @@ -551,7 +557,7 @@ fn change_xcm_bridge_hub_router_base_fee_by_governance_works() { >( collator_session_keys(), 1000, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), || { log::error!( target: "bridges::estimate", @@ -583,7 +589,7 @@ fn change_xcm_bridge_hub_router_byte_fee_by_governance_works() { >( collator_session_keys(), 1000, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), || { ( bridging::XcmBridgeHubRouterByteFee::key().to_vec(), @@ -609,7 +615,7 @@ fn change_xcm_bridge_hub_ethereum_base_fee_by_governance_works() { >( collator_session_keys(), 1000, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), || { ( bridging::to_ethereum::BridgeHubEthereumBaseFee::key().to_vec(), @@ -898,7 +904,7 @@ fn authorized_aliases_work() { fn governance_authorize_upgrade_works() { use polkadot_runtime_constants::system_parachain::{ASSET_HUB_ID, COLLECTIVES_ID}; - // no - random para + // no - random non-system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, @@ -906,6 +912,14 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); + // no - random system para + assert_err!( + parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< + Runtime, + RuntimeOrigin, + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), + Either::Right(InstructionError { index: 1, error: XcmError::BadOrigin }) + ); // no - AssetHub assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< @@ -938,9 +952,5 @@ fn governance_authorize_upgrade_works() { assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::parent()))); - assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< - Runtime, - RuntimeOrigin, - >(GovernanceOrigin::Location(GovernanceLocation::get()))); + >(GovernanceOrigin::Location(RelayChainLocation::get()))); } diff --git a/system-parachains/bridge-hubs/bridge-hub-kusama/src/xcm_config.rs b/system-parachains/bridge-hubs/bridge-hub-kusama/src/xcm_config.rs index 9bc1e0308e..9e1fc70a7e 100644 --- a/system-parachains/bridge-hubs/bridge-hub-kusama/src/xcm_config.rs +++ b/system-parachains/bridge-hubs/bridge-hub-kusama/src/xcm_config.rs @@ -36,7 +36,9 @@ use parachains_common::xcm_config::{ }; use polkadot_parachain_primitives::primitives::Sibling; use sp_runtime::traits::AccountIdConversion; -pub use system_parachains_constants::kusama::locations::{AssetHubLocation, RelayChainLocation}; +pub use system_parachains_constants::kusama::locations::{ + AssetHubLocation, AssetHubPlurality, RelayChainLocation, +}; use system_parachains_constants::TREASURY_PALLET_ID; use xcm::latest::prelude::*; use xcm_builder::{ @@ -151,6 +153,7 @@ pub type Barrier = TrailingSetTopicAsId< ParentOrParentsPlurality, Equals, Equals, + AssetHubPlurality, )>, // Subscriptions for version tracking are OK. AllowSubscriptionsFrom, diff --git a/system-parachains/bridge-hubs/bridge-hub-kusama/tests/tests.rs b/system-parachains/bridge-hubs/bridge-hub-kusama/tests/tests.rs index d8687ad53d..e4939ae00b 100644 --- a/system-parachains/bridge-hubs/bridge-hub-kusama/tests/tests.rs +++ b/system-parachains/bridge-hubs/bridge-hub-kusama/tests/tests.rs @@ -590,13 +590,12 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); - // no - random system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::new(1, Parachain(1002)))), + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); diff --git a/system-parachains/bridge-hubs/bridge-hub-polkadot/src/lib.rs b/system-parachains/bridge-hubs/bridge-hub-polkadot/src/lib.rs index 5a7646768f..daad7db3be 100644 --- a/system-parachains/bridge-hubs/bridge-hub-polkadot/src/lib.rs +++ b/system-parachains/bridge-hubs/bridge-hub-polkadot/src/lib.rs @@ -61,8 +61,8 @@ use frame_support::{ genesis_builder_helper::{build_state, get_preset}, parameter_types, traits::{ - tokens::imbalance::ResolveTo, ConstBool, ConstU32, ConstU64, ConstU8, EitherOfDiverse, - Everything, TransformOrigin, + tokens::imbalance::ResolveTo, ConstBool, ConstU32, ConstU64, ConstU8, EitherOf, + EitherOfDiverse, Everything, TransformOrigin, }, weights::{ConstantMultiplier, Weight}, PalletId, @@ -75,7 +75,8 @@ use pallet_xcm::{EnsureXcm, IsVoiceOfBody}; pub use sp_consensus_aura::sr25519::AuthorityId as AuraId; pub use sp_runtime::{MultiAddress, Perbill, Permill}; use xcm_config::{ - FellowshipLocation, GovernanceLocation, StakingPot, XcmOriginToTransactDispatchOrigin, + AssetHubLocation, FellowshipLocation, RelayChainLocation, StakingPot, + XcmOriginToTransactDispatchOrigin, }; #[cfg(any(feature = "std", test))] @@ -505,7 +506,10 @@ parameter_types! { /// We allow root, the StakingAdmin to execute privileged collator selection operations. pub type CollatorSelectionUpdateOrigin = EitherOfDiverse< EnsureRoot, - EnsureXcm>, + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, >; impl pallet_collator_selection::Config for Runtime { diff --git a/system-parachains/bridge-hubs/bridge-hub-polkadot/src/xcm_config.rs b/system-parachains/bridge-hubs/bridge-hub-polkadot/src/xcm_config.rs index b5cf637467..527331603f 100644 --- a/system-parachains/bridge-hubs/bridge-hub-polkadot/src/xcm_config.rs +++ b/system-parachains/bridge-hubs/bridge-hub-polkadot/src/xcm_config.rs @@ -39,25 +39,26 @@ use parachains_common::xcm_config::{ use polkadot_parachain_primitives::primitives::Sibling; use polkadot_runtime_constants::system_parachain; use sp_runtime::traits::AccountIdConversion; -pub use system_parachains_constants::polkadot::locations::GovernanceLocation; -use system_parachains_constants::{ - polkadot::locations::{AssetHubLocation, EthereumNetwork}, - TREASURY_PALLET_ID, -}; +use system_parachains_constants::{polkadot::locations::EthereumNetwork, TREASURY_PALLET_ID}; use xcm::latest::prelude::*; use xcm_builder::{ AccountId32Aliases, AliasChildLocation, AllowExplicitUnpaidExecutionFrom, AllowHrmpNotificationsFromRelayChain, AllowKnownQueryResponses, AllowSubscriptionsFrom, AllowTopLevelPaidExecutionFrom, DenyRecursively, DenyReserveTransferToRelayChain, DenyThenTry, DescribeAllTerminal, DescribeFamily, EnsureXcmOrigin, ExternalConsensusLocationsConverterFor, - FrameTransactionalProcessor, FungibleAdapter, HashedDescription, IsConcrete, ParentAsSuperuser, - ParentIsPreset, RelayChainAsNative, SendXcmFeeToAccount, SiblingParachainAsNative, - SiblingParachainConvertsVia, SignedAccountId32AsNative, SignedToAccountId32, - SovereignSignedViaLocation, TakeWeightCredit, TrailingSetTopicAsId, UsingComponents, - WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, XcmFeeManagerFromComponents, + FrameTransactionalProcessor, FungibleAdapter, HashedDescription, IsConcrete, + LocationAsSuperuser, ParentIsPreset, RelayChainAsNative, SendXcmFeeToAccount, + SiblingParachainAsNative, SiblingParachainConvertsVia, SignedAccountId32AsNative, + SignedToAccountId32, SovereignSignedViaLocation, TakeWeightCredit, TrailingSetTopicAsId, + UsingComponents, WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, + XcmFeeManagerFromComponents, }; use xcm_executor::{traits::ConvertLocation, XcmExecutor}; +pub use system_parachains_constants::polkadot::locations::{ + AssetHubLocation, AssetHubPlurality, RelayChainLocation, +}; + parameter_types! { pub const RootLocation: Location = Location::here(); pub const DotRelayLocation: Location = Location::parent(); @@ -124,9 +125,9 @@ pub type XcmOriginToTransactDispatchOrigin = ( // Native converter for sibling Parachains; will convert to a `SiblingPara` origin when // recognized. SiblingParachainAsNative, - // Superuser converter for the Relay-chain (Parent) location. This will allow it to issue a - // transaction from the Root origin. - ParentAsSuperuser, + // AssetHub or Relay can execute as root (based on: https://github.com/polkadot-fellows/runtimes/issues/651). + // This will allow them to issue a transaction from the Root origin. + LocationAsSuperuser<(Equals, Equals), RuntimeOrigin>, // Native signed account converter; this just converts an `AccountId32` origin into a normal // `RuntimeOrigin::Signed` origin of the same 32-byte value. SignedAccountId32AsNative, @@ -185,6 +186,7 @@ pub type Barrier = TrailingSetTopicAsId< FellowsPlurality, Equals, Equals, + AssetHubPlurality, Equals, )>, // Subscriptions for version tracking are OK. diff --git a/system-parachains/bridge-hubs/bridge-hub-polkadot/tests/snowbridge.rs b/system-parachains/bridge-hubs/bridge-hub-polkadot/tests/snowbridge.rs index 3dfd2d2d36..cf9dd43a56 100644 --- a/system-parachains/bridge-hubs/bridge-hub-polkadot/tests/snowbridge.rs +++ b/system-parachains/bridge-hubs/bridge-hub-polkadot/tests/snowbridge.rs @@ -21,7 +21,7 @@ use bp_polkadot_core::Signature; use bridge_hub_polkadot_runtime::{ bridge_to_ethereum_config::{EthereumGatewayAddress, EthereumNetwork}, bridge_to_kusama_config::OnBridgeHubPolkadotRefundBridgeHubKusamaMessages, - xcm_config::{GovernanceLocation, UniversalLocation, XcmConfig}, + xcm_config::{UniversalLocation, XcmConfig}, AllPalletsWithoutSystem, BridgeRejectObsoleteHeadersAndMessages, EthereumBeaconClient, Executive, MessageQueueServiceWeight, Runtime, RuntimeCall, RuntimeEvent, RuntimeOrigin, SessionKeys, TxExtension, UncheckedExtrinsic, @@ -54,6 +54,8 @@ use xcm_executor::traits::{ConvertLocation, FeeManager, FeeReason}; parameter_types! { pub const DefaultBridgeHubEthereumBaseFee: Balance = 3_833_568_200_000; + // Local OpenGov + pub Governance: GovernanceOrigin = GovernanceOrigin::Origin(RuntimeOrigin::root()); } type RuntimeHelper = parachains_runtimes_test_utils::RuntimeHelper; @@ -117,7 +119,7 @@ fn change_ethereum_gateway_by_governance_works() { change_storage_constant_by_governance_works::( collator_session_keys(), bp_bridge_hub_polkadot::BRIDGE_HUB_POLKADOT_PARACHAIN_ID, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), || (EthereumGatewayAddress::key().to_vec(), EthereumGatewayAddress::get()), |_| [1; 20].into(), ) diff --git a/system-parachains/bridge-hubs/bridge-hub-polkadot/tests/tests.rs b/system-parachains/bridge-hubs/bridge-hub-polkadot/tests/tests.rs index 91429ccb55..ebbeada457 100644 --- a/system-parachains/bridge-hubs/bridge-hub-polkadot/tests/tests.rs +++ b/system-parachains/bridge-hubs/bridge-hub-polkadot/tests/tests.rs @@ -26,7 +26,7 @@ use bridge_hub_polkadot_runtime::{ XcmOverBridgeHubKusamaInstance, }, xcm_config::{ - DotRelayLocation, GovernanceLocation, LocationToAccountId, RelayNetwork, + AssetHubLocation, DotRelayLocation, LocationToAccountId, RelayChainLocation, RelayNetwork, RelayTreasuryLocation, RelayTreasuryPalletAccount, XcmConfig, }, AllPalletsWithoutSystem, Block, BridgeRejectObsoleteHeadersAndMessages, Executive, @@ -79,6 +79,8 @@ type RuntimeTestsAdapter = from_parachain::WithRemoteParachainHelperAdapter< parameter_types! { pub CheckingAccount: AccountId = PolkadotXcm::check_account(); + // Local OpenGov + pub Governance: GovernanceOrigin = GovernanceOrigin::Origin(RuntimeOrigin::root()); } fn construct_extrinsic( @@ -170,7 +172,7 @@ fn initialize_bridge_by_governance_works() { >( collator_session_keys(), bp_bridge_hub_polkadot::BRIDGE_HUB_POLKADOT_PARACHAIN_ID, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), ) } @@ -183,7 +185,7 @@ fn change_bridge_grandpa_pallet_mode_by_governance_works() { >( collator_session_keys(), bp_bridge_hub_polkadot::BRIDGE_HUB_POLKADOT_PARACHAIN_ID, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), ) } @@ -196,7 +198,7 @@ fn change_bridge_parachains_pallet_mode_by_governance_works() { >( collator_session_keys(), bp_bridge_hub_polkadot::BRIDGE_HUB_POLKADOT_PARACHAIN_ID, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), ) } @@ -209,7 +211,7 @@ fn change_bridge_messages_pallet_mode_by_governance_works() { >( collator_session_keys(), bp_bridge_hub_polkadot::BRIDGE_HUB_POLKADOT_PARACHAIN_ID, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), ) } @@ -222,7 +224,7 @@ fn change_delivery_reward_by_governance_works() { >( collator_session_keys(), bp_bridge_hub_polkadot::BRIDGE_HUB_POLKADOT_PARACHAIN_ID, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), || (DeliveryRewardInBalance::key().to_vec(), DeliveryRewardInBalance::get()), |old_value| old_value.checked_mul(2).unwrap(), ) @@ -237,7 +239,7 @@ fn change_required_stake_by_governance_works() { >( collator_session_keys(), bp_bridge_hub_polkadot::BRIDGE_HUB_POLKADOT_PARACHAIN_ID, - GovernanceOrigin::Location(GovernanceLocation::get()), + Governance::get(), || (RequiredStakeForStakeAndSlash::key().to_vec(), RequiredStakeForStakeAndSlash::get()), |old_value| old_value.checked_mul(2).unwrap(), ) @@ -571,9 +573,9 @@ fn xcm_payment_api_works() { #[test] fn governance_authorize_upgrade_works() { - use polkadot_runtime_constants::system_parachain::{ASSET_HUB_ID, COLLECTIVES_ID}; + use polkadot_runtime_constants::system_parachain::COLLECTIVES_ID; - // no - random para + // no - random non-system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, @@ -581,14 +583,15 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); - // no - AssetHub + // no - random system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::new(1, Parachain(ASSET_HUB_ID)))), - Either::Right(InstructionError { index: 1, error: XcmError::BadOrigin }) + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), + Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); + // no - Collectives assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< @@ -613,9 +616,11 @@ fn governance_authorize_upgrade_works() { assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::parent()))); + >(GovernanceOrigin::Location(RelayChainLocation::get()))); + + // ok - AssetHub assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(GovernanceLocation::get()))); + >(GovernanceOrigin::Location(AssetHubLocation::get()))); } diff --git a/system-parachains/collectives/collectives-polkadot/src/ambassador/mod.rs b/system-parachains/collectives/collectives-polkadot/src/ambassador/mod.rs index 76a4fc15c1..8985795256 100644 --- a/system-parachains/collectives/collectives-polkadot/src/ambassador/mod.rs +++ b/system-parachains/collectives/collectives-polkadot/src/ambassador/mod.rs @@ -77,9 +77,15 @@ impl pallet_ambassador_origins::Config for Runtime {} pub type DemoteOrigin = EitherOf< EnsureRootWithSuccess>, EitherOf< - MapSuccess< - EnsureXcm>, - Replace>, + EitherOf< + MapSuccess< + EnsureXcm>, + Replace>, + >, + MapSuccess< + EnsureXcm>, + Replace>, + >, >, TryMapSuccess< EnsureAmbassadorsFrom>, @@ -100,7 +106,10 @@ pub type OpenGovOrHeadAmbassadors = EitherOfDiverse< EnsureRoot, EitherOfDiverse< HeadAmbassadors, - EnsureXcm>, + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, >, >; @@ -217,7 +226,10 @@ impl pallet_core_fellowship::Config for Runtime { type InductOrigin = EitherOfDiverse< EnsureRoot, EitherOfDiverse< - EnsureXcm>, + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, pallet_ranked_collective::EnsureMember< Runtime, AmbassadorCollectiveInstance, @@ -328,9 +340,15 @@ impl pallet_treasury::Config for Runtime { type SpendOrigin = EitherOf< EitherOf< EnsureRootWithSuccess, - MapSuccess< - EnsureXcm>, - Replace>, + EitherOf< + MapSuccess< + EnsureXcm>, + Replace>, + >, + MapSuccess< + EnsureXcm>, + Replace>, + >, >, >, EitherOf< diff --git a/system-parachains/collectives/collectives-polkadot/src/fellowship/mod.rs b/system-parachains/collectives/collectives-polkadot/src/fellowship/mod.rs index a7909b2198..d5e256f2ba 100644 --- a/system-parachains/collectives/collectives-polkadot/src/fellowship/mod.rs +++ b/system-parachains/collectives/collectives-polkadot/src/fellowship/mod.rs @@ -23,9 +23,9 @@ use crate::{ impls::ToParentTreasury, weights, xcm_config::{AssetHubUsdt, LocationToAccountId, TreasurerBodyId}, - AccountId, AssetRateWithNative, Balance, Balances, FellowshipReferenda, GovernanceLocation, - PolkadotTreasuryAccount, Preimage, Runtime, RuntimeCall, RuntimeEvent, RuntimeOrigin, - Scheduler, DAYS, FELLOWSHIP_TREASURY_PALLET_ID, + AccountId, AssetHubLocation, AssetRateWithNative, Balance, Balances, FellowshipReferenda, + PolkadotTreasuryAccount, Preimage, RelayChainLocation, Runtime, RuntimeCall, RuntimeEvent, + RuntimeOrigin, Scheduler, DAYS, FELLOWSHIP_TREASURY_PALLET_ID, }; use frame_support::{ parameter_types, @@ -134,9 +134,15 @@ impl pallet_ranked_collective::Config for Runtime // pass. type DemoteOrigin = EitherOf< EnsureRootWithSuccess>, - MapSuccess< - EnsureXcm>, - Replace>, + EitherOf< + MapSuccess< + EnsureXcm>, + Replace>, + >, + MapSuccess< + EnsureXcm>, + Replace>, + >, >, >; // Exchange is by any of: @@ -167,7 +173,10 @@ impl pallet_core_fellowship::Config for Runtime { // - the FellowshipAdmin origin (i.e. token holder referendum); // - a vote among all Fellows. type ParamsOrigin = EitherOfDiverse< - EnsureXcm>, + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, Fellows, >; // Induction (creating a candidate) is by any of: @@ -176,7 +185,10 @@ impl pallet_core_fellowship::Config for Runtime { // - a single Fellow; // - a vote among all Members. type InductOrigin = EitherOfDiverse< - EnsureXcm>, + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, EitherOfDiverse< pallet_ranked_collective::EnsureMember< Runtime, @@ -191,9 +203,15 @@ impl pallet_core_fellowship::Config for Runtime { // - the FellowshipAdmin origin (i.e. token holder referendum); // - a vote by the rank two above the current rank for all retention up to the Master rank. type ApproveOrigin = EitherOf< - MapSuccess< - EnsureXcm>, - Replace>, + EitherOf< + MapSuccess< + EnsureXcm>, + Replace>, + >, + MapSuccess< + EnsureXcm>, + Replace>, + >, >, EnsureCanRetainAt, >; @@ -202,9 +220,15 @@ impl pallet_core_fellowship::Config for Runtime { // - the FellowshipAdmin origin (i.e. token holder referendum); // - a vote by the rank two above the new rank for all promotions up to the Master rank. type PromoteOrigin = EitherOf< - MapSuccess< - EnsureXcm>, - Replace>, + EitherOf< + MapSuccess< + EnsureXcm>, + Replace>, + >, + MapSuccess< + EnsureXcm>, + Replace>, + >, >, EnsureCanPromoteTo, >; @@ -298,7 +322,13 @@ impl pallet_treasury::Config for Runtime { type Currency = Balances; type RejectOrigin = EitherOfDiverse< EnsureRoot, - EitherOfDiverse>, Fellows>, + EitherOfDiverse< + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, + Fellows, + >, >; type SpendPeriod = ConstU32<{ 7 * DAYS }>; type Burn = Burn; @@ -308,9 +338,15 @@ impl pallet_treasury::Config for Runtime { type SpendOrigin = EitherOf< EitherOf< EnsureRootWithSuccess, - MapSuccess< - EnsureXcm>, - Replace>, + EitherOf< + MapSuccess< + EnsureXcm>, + Replace>, + >, + MapSuccess< + EnsureXcm>, + Replace>, + >, >, >, EitherOf< diff --git a/system-parachains/collectives/collectives-polkadot/src/lib.rs b/system-parachains/collectives/collectives-polkadot/src/lib.rs index 98653874ad..04fb40042f 100644 --- a/system-parachains/collectives/collectives-polkadot/src/lib.rs +++ b/system-parachains/collectives/collectives-polkadot/src/lib.rs @@ -81,7 +81,7 @@ use frame_support::{ traits::{ fungible::HoldConsideration, tokens::{imbalance::ResolveTo, UnityOrOuterConversion}, - ConstBool, ConstU16, ConstU32, ConstU64, ConstU8, EitherOfDiverse, FromContains, + ConstBool, ConstU16, ConstU32, ConstU64, ConstU8, EitherOf, EitherOfDiverse, FromContains, InstanceFilter, LinearStoragePrice, TransformOrigin, }, weights::{ConstantMultiplier, Weight}, @@ -101,8 +101,8 @@ use system_parachains_constants::{ SLOT_DURATION, }; use xcm_config::{ - GovernanceLocation, LocationToAccountId, SelfParaId, StakingPot, TreasurerBodyId, - XcmOriginToTransactDispatchOrigin, + AssetHubLocation, LocationToAccountId, RelayChainLocation, SelfParaId, StakingPot, + TreasurerBodyId, XcmOriginToTransactDispatchOrigin, }; #[cfg(any(feature = "std", test))] @@ -576,7 +576,10 @@ parameter_types! { /// We allow root and the `StakingAdmin` to execute privileged collator selection operations. pub type CollatorSelectionUpdateOrigin = EitherOfDiverse< EnsureRoot, - EnsureXcm>, + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, >; impl pallet_collator_selection::Config for Runtime { @@ -724,7 +727,13 @@ impl pallet_asset_rate::Config for Runtime { type RuntimeEvent = RuntimeEvent; type CreateOrigin = EitherOfDiverse< EnsureRoot, - EitherOfDiverse>, Fellows>, + EitherOfDiverse< + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, + Fellows, + >, >; type RemoveOrigin = Self::CreateOrigin; type UpdateOrigin = Self::CreateOrigin; diff --git a/system-parachains/collectives/collectives-polkadot/src/secretary/mod.rs b/system-parachains/collectives/collectives-polkadot/src/secretary/mod.rs index 52f144fe5c..1624a1bf45 100644 --- a/system-parachains/collectives/collectives-polkadot/src/secretary/mod.rs +++ b/system-parachains/collectives/collectives-polkadot/src/secretary/mod.rs @@ -54,9 +54,15 @@ pub mod ranks { type ApproveOrigin = EitherOf< EnsureRootWithSuccess>, EitherOf< - MapSuccess< - EnsureXcm>, - Replace>, + EitherOf< + MapSuccess< + EnsureXcm>, + Replace>, + >, + MapSuccess< + EnsureXcm>, + Replace>, + >, >, MapSuccess>>, >, diff --git a/system-parachains/collectives/collectives-polkadot/src/xcm_config.rs b/system-parachains/collectives/collectives-polkadot/src/xcm_config.rs index 66e15740c2..eab99c074c 100644 --- a/system-parachains/collectives/collectives-polkadot/src/xcm_config.rs +++ b/system-parachains/collectives/collectives-polkadot/src/xcm_config.rs @@ -35,7 +35,7 @@ use parachains_common::xcm_config::{ use polkadot_parachain_primitives::primitives::Sibling; use polkadot_runtime_constants::xcm::body::FELLOWSHIP_ADMIN_INDEX; use sp_runtime::traits::AccountIdConversion; -use system_parachains_constants::{polkadot::locations::AssetHubLocation, TREASURY_PALLET_ID}; +use system_parachains_constants::TREASURY_PALLET_ID; use xcm::latest::prelude::*; use xcm_builder::{ AccountId32Aliases, AliasChildLocation, AliasOriginRootUsingFilter, @@ -43,7 +43,7 @@ use xcm_builder::{ AllowTopLevelPaidExecutionFrom, DenyReserveTransferToRelayChain, DenyThenTry, DescribeAllTerminal, DescribeFamily, DescribeTerminus, EnsureXcmOrigin, FrameTransactionalProcessor, FungibleAdapter, HashedDescription, IsConcrete, LocatableAssetId, - OriginToPluralityVoice, ParentAsSuperuser, ParentIsPreset, RelayChainAsNative, + LocationAsSuperuser, OriginToPluralityVoice, ParentIsPreset, RelayChainAsNative, SendXcmFeeToAccount, SiblingParachainAsNative, SiblingParachainConvertsVia, SignedAccountId32AsNative, SignedToAccountId32, SovereignSignedViaLocation, TakeWeightCredit, TrailingSetTopicAsId, UsingComponents, WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, @@ -51,7 +51,9 @@ use xcm_builder::{ }; use xcm_executor::{traits::ConvertLocation, XcmExecutor}; -pub use system_parachains_constants::polkadot::locations::GovernanceLocation; +pub use system_parachains_constants::polkadot::locations::{ + AssetHubLocation, AssetHubPlurality, RelayChainLocation, +}; parameter_types! { pub const RootLocation: Location = Location::here(); @@ -124,9 +126,9 @@ pub type XcmOriginToTransactDispatchOrigin = ( // Native converter for sibling Parachains; will convert to a `SiblingPara` origin when // recognised. SiblingParachainAsNative, - // Superuser converter for the Relay-chain (Parent) location. This will allow it to issue a - // transaction from the Root origin. - ParentAsSuperuser, + // AssetHub or Relay can execute as root (based on: https://github.com/polkadot-fellows/runtimes/issues/651). + // This will allow them to issue a transaction from the Root origin. + LocationAsSuperuser<(Equals, Equals), RuntimeOrigin>, // Native signed account converter; this just converts an `AccountId32` origin into a normal // `RuntimeOrigin::Signed` origin of the same 32-byte value. SignedAccountId32AsNative, @@ -174,6 +176,8 @@ pub type Barrier = TrailingSetTopicAsId< AllowExplicitUnpaidExecutionFrom<( ParentOrParentsPlurality, Equals, + Equals, + AssetHubPlurality, )>, // Subscriptions for version tracking are OK. AllowSubscriptionsFrom, diff --git a/system-parachains/collectives/collectives-polkadot/tests/tests.rs b/system-parachains/collectives/collectives-polkadot/tests/tests.rs index 0690720b7c..e2c00906f3 100644 --- a/system-parachains/collectives/collectives-polkadot/tests/tests.rs +++ b/system-parachains/collectives/collectives-polkadot/tests/tests.rs @@ -1,4 +1,7 @@ -use collectives_polkadot_runtime::{xcm_config::GovernanceLocation, Runtime, RuntimeOrigin}; +use collectives_polkadot_runtime::{ + xcm_config::{AssetHubLocation, RelayChainLocation}, + Runtime, RuntimeOrigin, +}; use frame_support::{assert_err, assert_ok}; use parachains_runtimes_test_utils::GovernanceOrigin; use sp_runtime::Either; @@ -6,9 +9,9 @@ use xcm::prelude::*; #[test] fn governance_authorize_upgrade_works() { - use polkadot_runtime_constants::system_parachain::{ASSET_HUB_ID, COLLECTIVES_ID}; + use polkadot_runtime_constants::system_parachain::COLLECTIVES_ID; - // no - random para + // no - random non-system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, @@ -16,14 +19,15 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); - // no - AssetHub + // no - random system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::new(1, Parachain(ASSET_HUB_ID)))), + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); + // no - Collectives assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< @@ -48,9 +52,11 @@ fn governance_authorize_upgrade_works() { assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::parent()))); + >(GovernanceOrigin::Location(RelayChainLocation::get()))); + + // ok - AssetHub assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(GovernanceLocation::get()))); + >(GovernanceOrigin::Location(AssetHubLocation::get()))); } diff --git a/system-parachains/common/Cargo.toml b/system-parachains/common/Cargo.toml index 9d3001c3f8..97ed4888f2 100644 --- a/system-parachains/common/Cargo.toml +++ b/system-parachains/common/Cargo.toml @@ -8,61 +8,35 @@ repository.workspace = true version.workspace = true [dependencies] -codec = { features = ["derive", "max-encoded-len"], workspace = true } log = { workspace = true } -scale-info = { features = ["derive"], workspace = true } -sp-api = { workspace = true } sp-runtime = { workspace = true } -sp-core = { workspace = true } sp-state-machine = { workspace = true } -sp-std = { workspace = true } frame-support = { workspace = true } cumulus-pallet-parachain-system = { workspace = true } cumulus-primitives-core = { workspace = true } -pallet-treasury = { workspace = true } - -polkadot-runtime-common = { workspace = true } -xcm = { workspace = true } -xcm-executor = { workspace = true } - [features] default = ["std"] std = [ - "codec/std", "cumulus-pallet-parachain-system/std", "cumulus-primitives-core/std", "frame-support/std", "log/std", - "pallet-treasury/std", - "polkadot-runtime-common/std", - "scale-info/std", - "sp-api/std", - "sp-core/std", "sp-runtime/std", "sp-state-machine/std", - "sp-std/std", - "xcm-executor/std", - "xcm/std", ] runtime-benchmarks = [ "cumulus-pallet-parachain-system/runtime-benchmarks", "cumulus-primitives-core/runtime-benchmarks", "frame-support/runtime-benchmarks", - "pallet-treasury/runtime-benchmarks", - "polkadot-runtime-common/runtime-benchmarks", "sp-runtime/runtime-benchmarks", - "xcm-executor/runtime-benchmarks", - "xcm/runtime-benchmarks", ] try-runtime = [ "cumulus-pallet-parachain-system/try-runtime", "frame-support/try-runtime", - "pallet-treasury/try-runtime", - "polkadot-runtime-common/try-runtime", "sp-runtime/try-runtime", ] diff --git a/system-parachains/constants/src/kusama.rs b/system-parachains/constants/src/kusama.rs index aec6925382..65c112269f 100644 --- a/system-parachains/constants/src/kusama.rs +++ b/system-parachains/constants/src/kusama.rs @@ -145,7 +145,7 @@ pub mod fee { } pub mod locations { - use frame_support::parameter_types; + use frame_support::{parameter_types, traits::Contains}; pub use kusama_runtime_constants::system_parachain::{AssetHubParaId, PeopleParaId}; use xcm::latest::prelude::{Junction::*, Location}; @@ -156,4 +156,21 @@ pub mod locations { pub PeopleLocation: Location = Location::new(1, Parachain(kusama_runtime_constants::system_parachain::PEOPLE_ID)); } + + /// `Contains` implementation for the asset hub location pluralities. + pub struct AssetHubPlurality; + impl Contains for AssetHubPlurality { + fn contains(loc: &Location) -> bool { + matches!( + loc.unpack(), + ( + 1, + [ + Parachain(kusama_runtime_constants::system_parachain::ASSET_HUB_ID), + Plurality { .. } + ] + ) + ) + } + } } diff --git a/system-parachains/constants/src/polkadot.rs b/system-parachains/constants/src/polkadot.rs index bab33f5cbe..6c7e1f4cb8 100644 --- a/system-parachains/constants/src/polkadot.rs +++ b/system-parachains/constants/src/polkadot.rs @@ -165,10 +165,11 @@ pub mod fee { } pub mod locations { - use frame_support::parameter_types; + use frame_support::{parameter_types, traits::Contains}; use xcm::latest::prelude::{Junction::*, Location, NetworkId}; parameter_types! { + pub RelayChainLocation: Location = Location::parent(); pub AssetHubLocation: Location = Location::new(1, Parachain(polkadot_runtime_constants::system_parachain::ASSET_HUB_ID)); pub PeopleLocation: Location = @@ -178,4 +179,21 @@ pub mod locations { pub EthereumNetwork: NetworkId = NetworkId::Ethereum { chain_id: 1 }; } + + /// `Contains` implementation for the asset hub location pluralities. + pub struct AssetHubPlurality; + impl Contains for AssetHubPlurality { + fn contains(loc: &Location) -> bool { + matches!( + loc.unpack(), + ( + 1, + [ + Parachain(polkadot_runtime_constants::system_parachain::ASSET_HUB_ID), + Plurality { .. } + ] + ) + ) + } + } } diff --git a/system-parachains/coretime/coretime-kusama/src/tests.rs b/system-parachains/coretime/coretime-kusama/src/tests.rs index 9d182ac878..d1927ed6f4 100644 --- a/system-parachains/coretime/coretime-kusama/src/tests.rs +++ b/system-parachains/coretime/coretime-kusama/src/tests.rs @@ -257,13 +257,12 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); - // no - random system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::new(1, Parachain(1002)))), + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); diff --git a/system-parachains/coretime/coretime-kusama/src/xcm_config.rs b/system-parachains/coretime/coretime-kusama/src/xcm_config.rs index 4a847b7d27..121172c155 100644 --- a/system-parachains/coretime/coretime-kusama/src/xcm_config.rs +++ b/system-parachains/coretime/coretime-kusama/src/xcm_config.rs @@ -51,7 +51,9 @@ use xcm_builder::{ }; use xcm_executor::{traits::ConvertLocation, XcmExecutor}; -pub use system_parachains_constants::kusama::locations::{AssetHubLocation, RelayChainLocation}; +pub use system_parachains_constants::kusama::locations::{ + AssetHubLocation, AssetHubPlurality, RelayChainLocation, +}; parameter_types! { pub const RootLocation: Location = Location::here(); @@ -166,6 +168,7 @@ pub type Barrier = TrailingSetTopicAsId< ParentOrParentsPlurality, // For OpenGov on AH Equals, + AssetHubPlurality, )>, // Subscriptions for version tracking are OK. AllowSubscriptionsFrom, diff --git a/system-parachains/coretime/coretime-polkadot/src/lib.rs b/system-parachains/coretime/coretime-polkadot/src/lib.rs index be611a03d6..e32619c145 100644 --- a/system-parachains/coretime/coretime-polkadot/src/lib.rs +++ b/system-parachains/coretime/coretime-polkadot/src/lib.rs @@ -42,7 +42,7 @@ use frame_support::{ genesis_builder_helper::{build_state, get_preset}, parameter_types, traits::{ - tokens::imbalance::ResolveTo, ConstBool, ConstU32, ConstU64, ConstU8, Contains, + tokens::imbalance::ResolveTo, ConstBool, ConstU32, ConstU64, ConstU8, Contains, EitherOf, EitherOfDiverse, EverythingBut, InstanceFilter, TransformOrigin, }, weights::{ConstantMultiplier, Weight}, @@ -78,7 +78,7 @@ use system_parachains_constants::{ use weights::{BlockExecutionWeight, ExtrinsicBaseWeight, RocksDbWeight}; use xcm::prelude::*; use xcm_config::{ - DotRelayLocation, FellowshipLocation, GovernanceLocation, StakingPot, + AssetHubLocation, DotRelayLocation, FellowshipLocation, RelayChainLocation, StakingPot, XcmOriginToTransactDispatchOrigin, }; use xcm_runtime_apis::{ @@ -462,7 +462,10 @@ parameter_types! { /// We allow Root and the `StakingAdmin` to execute privileged collator selection operations. pub type CollatorSelectionUpdateOrigin = EitherOfDiverse< EnsureRoot, - EnsureXcm>, + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, >; impl pallet_collator_selection::Config for Runtime { diff --git a/system-parachains/coretime/coretime-polkadot/src/tests.rs b/system-parachains/coretime/coretime-polkadot/src/tests.rs index 56665a8168..cca2827dbd 100644 --- a/system-parachains/coretime/coretime-polkadot/src/tests.rs +++ b/system-parachains/coretime/coretime-polkadot/src/tests.rs @@ -17,7 +17,7 @@ use crate::{ coretime::{BrokerPalletId, CoretimeBurnAccount}, xcm_config::LocationToAccountId, - GovernanceLocation, *, + *, }; use coretime::CoretimeAllocator; use cumulus_pallet_parachain_system::ValidationData; @@ -249,9 +249,9 @@ fn xcm_payment_api_works() { #[test] fn governance_authorize_upgrade_works() { - use polkadot_runtime_constants::system_parachain::{ASSET_HUB_ID, COLLECTIVES_ID}; + use polkadot_runtime_constants::system_parachain::COLLECTIVES_ID; - // no - random para + // no - random non-system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, @@ -259,14 +259,15 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); - // no - AssetHub + // no - random system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::new(1, Parachain(ASSET_HUB_ID)))), + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); + // no - Collectives assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< @@ -291,9 +292,11 @@ fn governance_authorize_upgrade_works() { assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::parent()))); + >(GovernanceOrigin::Location(RelayChainLocation::get()))); + + // ok - AssetHub assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(GovernanceLocation::get()))); + >(GovernanceOrigin::Location(AssetHubLocation::get()))); } diff --git a/system-parachains/coretime/coretime-polkadot/src/xcm_config.rs b/system-parachains/coretime/coretime-polkadot/src/xcm_config.rs index 57fb3065d0..05fbe71667 100644 --- a/system-parachains/coretime/coretime-polkadot/src/xcm_config.rs +++ b/system-parachains/coretime/coretime-polkadot/src/xcm_config.rs @@ -36,7 +36,7 @@ use parachains_common::xcm_config::{ use polkadot_parachain_primitives::primitives::Sibling; use polkadot_runtime_constants::system_parachain; use sp_runtime::traits::AccountIdConversion; -use system_parachains_constants::{polkadot::locations::AssetHubLocation, TREASURY_PALLET_ID}; +use system_parachains_constants::TREASURY_PALLET_ID; use xcm::latest::prelude::*; use xcm_builder::{ AccountId32Aliases, AliasChildLocation, AliasOriginRootUsingFilter, @@ -44,15 +44,17 @@ use xcm_builder::{ AllowTopLevelPaidExecutionFrom, DenyReserveTransferToRelayChain, DenyThenTry, DescribeAllTerminal, DescribeFamily, DescribeTerminus, EnsureXcmOrigin, FrameTransactionalProcessor, FungibleAdapter, HashedDescription, IsConcrete, - NonFungibleAdapter, ParentAsSuperuser, ParentIsPreset, RelayChainAsNative, SendXcmFeeToAccount, - SiblingParachainAsNative, SiblingParachainConvertsVia, SignedAccountId32AsNative, - SignedToAccountId32, SovereignSignedViaLocation, TakeWeightCredit, TrailingSetTopicAsId, - UsingComponents, WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, + LocationAsSuperuser, NonFungibleAdapter, ParentIsPreset, RelayChainAsNative, + SendXcmFeeToAccount, SiblingParachainAsNative, SiblingParachainConvertsVia, + SignedAccountId32AsNative, SignedToAccountId32, SovereignSignedViaLocation, TakeWeightCredit, + TrailingSetTopicAsId, UsingComponents, WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, XcmFeeManagerFromComponents, }; use xcm_executor::{traits::ConvertLocation, XcmExecutor}; -pub use system_parachains_constants::polkadot::locations::GovernanceLocation; +pub use system_parachains_constants::polkadot::locations::{ + AssetHubLocation, AssetHubPlurality, RelayChainLocation, +}; parameter_types! { pub const RootLocation: Location = Location::here(); @@ -133,9 +135,9 @@ pub type XcmOriginToTransactDispatchOrigin = ( // Native converter for sibling Parachains; will convert to a `SiblingPara` origin when // recognized. SiblingParachainAsNative, - // Superuser converter for the Relay-chain (Parent) location. This will allow it to issue a - // transaction from the Root origin. - ParentAsSuperuser, + // AssetHub or Relay can execute as root (based on: https://github.com/polkadot-fellows/runtimes/issues/651). + // This will allow them to issue a transaction from the Root origin. + LocationAsSuperuser<(Equals, Equals), RuntimeOrigin>, // Native signed account converter; this just converts an `AccountId32` origin into a normal // `RuntimeOrigin::Signed` origin of the same 32-byte value. SignedAccountId32AsNative, @@ -185,6 +187,8 @@ pub type Barrier = TrailingSetTopicAsId< ParentOrParentsPlurality, FellowsPlurality, Equals, + Equals, + AssetHubPlurality, )>, // Subscriptions for version tracking are OK. AllowSubscriptionsFrom, diff --git a/system-parachains/encointer/src/xcm_config.rs b/system-parachains/encointer/src/xcm_config.rs index 808b8d93d6..b29ac10db4 100644 --- a/system-parachains/encointer/src/xcm_config.rs +++ b/system-parachains/encointer/src/xcm_config.rs @@ -48,7 +48,9 @@ use xcm_builder::{ }; use xcm_executor::XcmExecutor; -pub use system_parachains_constants::kusama::locations::{AssetHubLocation, RelayChainLocation}; +pub use system_parachains_constants::kusama::locations::{ + AssetHubLocation, AssetHubPlurality, RelayChainLocation, +}; parameter_types! { pub const KsmLocation: Location = Location::parent(); @@ -148,6 +150,7 @@ pub type Barrier = TrailingSetTopicAsId< ParentOrParentsPlurality, // For OpenGov on AH Equals, + AssetHubPlurality, )>, // Subscriptions for version tracking are OK. AllowSubscriptionsFrom, diff --git a/system-parachains/encointer/tests/tests.rs b/system-parachains/encointer/tests/tests.rs index 4a5666b256..c1cbf52b72 100644 --- a/system-parachains/encointer/tests/tests.rs +++ b/system-parachains/encointer/tests/tests.rs @@ -17,13 +17,12 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); - // no - random system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::new(1, Parachain(1002)))), + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); diff --git a/system-parachains/people/people-kusama/src/tests.rs b/system-parachains/people/people-kusama/src/tests.rs index 1af5c1a2f0..0bf46f955e 100644 --- a/system-parachains/people/people-kusama/src/tests.rs +++ b/system-parachains/people/people-kusama/src/tests.rs @@ -150,13 +150,12 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); - // no - random system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::new(1, Parachain(1002)))), + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); diff --git a/system-parachains/people/people-kusama/src/xcm_config.rs b/system-parachains/people/people-kusama/src/xcm_config.rs index d9b187a48b..0ea7ee1c3a 100644 --- a/system-parachains/people/people-kusama/src/xcm_config.rs +++ b/system-parachains/people/people-kusama/src/xcm_config.rs @@ -37,7 +37,9 @@ use parachains_common::{ }; use polkadot_parachain_primitives::primitives::Sibling; use sp_runtime::traits::AccountIdConversion; -pub use system_parachains_constants::kusama::locations::{AssetHubLocation, RelayChainLocation}; +pub use system_parachains_constants::kusama::locations::{ + AssetHubLocation, AssetHubPlurality, RelayChainLocation, +}; use xcm::latest::prelude::*; use xcm_builder::{ AccountId32Aliases, AliasChildLocation, AliasOriginRootUsingFilter, @@ -178,6 +180,7 @@ pub type Barrier = TrailingSetTopicAsId< ParentOrParentsPlurality, // For OpenGov on AH Equals, + AssetHubPlurality, )>, // Subscriptions for version tracking are OK. AllowSubscriptionsFrom, diff --git a/system-parachains/people/people-polkadot/src/lib.rs b/system-parachains/people/people-polkadot/src/lib.rs index 9cc753800e..aa2efd2035 100644 --- a/system-parachains/people/people-polkadot/src/lib.rs +++ b/system-parachains/people/people-polkadot/src/lib.rs @@ -38,8 +38,8 @@ use frame_support::{ genesis_builder_helper::{build_state, get_preset}, parameter_types, traits::{ - tokens::imbalance::ResolveTo, ConstBool, ConstU32, ConstU64, ConstU8, EitherOfDiverse, - Everything, InstanceFilter, TransformOrigin, + tokens::imbalance::ResolveTo, ConstBool, ConstU32, ConstU64, ConstU8, EitherOf, + EitherOfDiverse, Everything, InstanceFilter, TransformOrigin, }, weights::{ConstantMultiplier, Weight}, PalletId, @@ -78,8 +78,8 @@ use xcm::{ VersionedXcm, }; use xcm_config::{ - FellowshipLocation, GovernanceLocation, PriceForSiblingParachainDelivery, StakingPot, - XcmConfig, XcmOriginToTransactDispatchOrigin, + AssetHubLocation, FellowshipLocation, PriceForSiblingParachainDelivery, RelayChainLocation, + StakingPot, XcmConfig, XcmOriginToTransactDispatchOrigin, }; use xcm_runtime_apis::{ dry_run::{CallDryRunEffects, Error as XcmDryRunApiError, XcmDryRunEffects}, @@ -397,7 +397,10 @@ parameter_types! { /// We allow Root and the `StakingAdmin` to execute privileged collator selection operations. pub type CollatorSelectionUpdateOrigin = EitherOfDiverse< EnsureRoot, - EnsureXcm>, + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, >; impl pallet_collator_selection::Config for Runtime { diff --git a/system-parachains/people/people-polkadot/src/people.rs b/system-parachains/people/people-polkadot/src/people.rs index 07ae82f18b..b489adf723 100644 --- a/system-parachains/people/people-polkadot/src/people.rs +++ b/system-parachains/people/people-polkadot/src/people.rs @@ -28,7 +28,6 @@ use sp_runtime::{ RuntimeDebug, }; use xcm::latest::prelude::BodyId; -use xcm_config::GovernanceLocation; parameter_types! { // 27 | Min encoded size of `Registration` @@ -46,7 +45,10 @@ parameter_types! { pub type IdentityAdminOrigin = EitherOfDiverse< EnsureRoot, - EnsureXcm>, + EitherOf< + EnsureXcm>, + EnsureXcm>, + >, >; impl pallet_identity::Config for Runtime { diff --git a/system-parachains/people/people-polkadot/src/tests.rs b/system-parachains/people/people-polkadot/src/tests.rs index 0e2d6067db..3604f67f85 100644 --- a/system-parachains/people/people-polkadot/src/tests.rs +++ b/system-parachains/people/people-polkadot/src/tests.rs @@ -15,7 +15,7 @@ // limitations under the License. use crate::{ - xcm_config::{GovernanceLocation, LocationToAccountId}, + xcm_config::{AssetHubLocation, LocationToAccountId, RelayChainLocation}, Block, Runtime, RuntimeCall, RuntimeOrigin, WeightToFee, }; use cumulus_primitives_core::relay_chain::AccountId; @@ -142,9 +142,9 @@ fn xcm_payment_api_works() { #[test] fn governance_authorize_upgrade_works() { - use polkadot_runtime_constants::system_parachain::{ASSET_HUB_ID, COLLECTIVES_ID}; + use polkadot_runtime_constants::system_parachain::COLLECTIVES_ID; - // no - random para + // no - random non-system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, @@ -152,14 +152,15 @@ fn governance_authorize_upgrade_works() { >(GovernanceOrigin::Location(Location::new(1, Parachain(12334)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); - // no - AssetHub + // no - random system para assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::new(1, Parachain(ASSET_HUB_ID)))), + >(GovernanceOrigin::Location(Location::new(1, Parachain(1765)))), Either::Right(InstructionError { index: 0, error: XcmError::Barrier }) ); + // no - Collectives assert_err!( parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< @@ -184,9 +185,11 @@ fn governance_authorize_upgrade_works() { assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(Location::parent()))); + >(GovernanceOrigin::Location(RelayChainLocation::get()))); + + // ok - AssetHub assert_ok!(parachains_runtimes_test_utils::test_cases::can_governance_authorize_upgrade::< Runtime, RuntimeOrigin, - >(GovernanceOrigin::Location(GovernanceLocation::get()))); + >(GovernanceOrigin::Location(AssetHubLocation::get()))); } diff --git a/system-parachains/people/people-polkadot/src/xcm_config.rs b/system-parachains/people/people-polkadot/src/xcm_config.rs index 6151bdb432..8cdb80e3c7 100644 --- a/system-parachains/people/people-polkadot/src/xcm_config.rs +++ b/system-parachains/people/people-polkadot/src/xcm_config.rs @@ -38,22 +38,24 @@ use parachains_common::{ use polkadot_parachain_primitives::primitives::Sibling; use polkadot_runtime_constants::system_parachain; use sp_runtime::traits::AccountIdConversion; -use system_parachains_constants::polkadot::locations::AssetHubLocation; use xcm::latest::prelude::*; use xcm_builder::{ AccountId32Aliases, AliasChildLocation, AliasOriginRootUsingFilter, AllowExplicitUnpaidExecutionFrom, AllowKnownQueryResponses, AllowSubscriptionsFrom, AllowTopLevelPaidExecutionFrom, DenyReserveTransferToRelayChain, DenyThenTry, DescribeAllTerminal, DescribeFamily, DescribeTerminus, EnsureXcmOrigin, - FrameTransactionalProcessor, FungibleAdapter, HashedDescription, IsConcrete, ParentAsSuperuser, - ParentIsPreset, RelayChainAsNative, SendXcmFeeToAccount, SiblingParachainAsNative, - SiblingParachainConvertsVia, SignedAccountId32AsNative, SignedToAccountId32, - SovereignSignedViaLocation, TakeWeightCredit, TrailingSetTopicAsId, UsingComponents, - WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, XcmFeeManagerFromComponents, + FrameTransactionalProcessor, FungibleAdapter, HashedDescription, IsConcrete, + LocationAsSuperuser, ParentIsPreset, RelayChainAsNative, SendXcmFeeToAccount, + SiblingParachainAsNative, SiblingParachainConvertsVia, SignedAccountId32AsNative, + SignedToAccountId32, SovereignSignedViaLocation, TakeWeightCredit, TrailingSetTopicAsId, + UsingComponents, WeightInfoBounds, WithComputedOrigin, WithUniqueTopic, + XcmFeeManagerFromComponents, }; use xcm_executor::{traits::ConvertLocation, XcmExecutor}; -pub use system_parachains_constants::polkadot::locations::GovernanceLocation; +pub use system_parachains_constants::polkadot::locations::{ + AssetHubLocation, AssetHubPlurality, RelayChainLocation, +}; parameter_types! { pub const RootLocation: Location = Location::here(); @@ -138,9 +140,9 @@ pub type XcmOriginToTransactDispatchOrigin = ( // Native converter for sibling Parachains; will convert to a `SiblingPara` origin when // recognized. SiblingParachainAsNative, - // Superuser converter for the Relay-chain (Parent) location. This will allow it to issue a - // transaction from the Root origin. - ParentAsSuperuser, + // AssetHub or Relay can execute as root (based on: https://github.com/polkadot-fellows/runtimes/issues/651). + // This will allow them to issue a transaction from the Root origin. + LocationAsSuperuser<(Equals, Equals), RuntimeOrigin>, // Native signed account converter; this just converts an `AccountId32` origin into a normal // `RuntimeOrigin::Signed` origin of the same 32-byte value. SignedAccountId32AsNative, @@ -197,6 +199,8 @@ pub type Barrier = TrailingSetTopicAsId< ParentOrParentsPlurality, FellowsPlurality, Equals, + Equals, + AssetHubPlurality, )>, // Subscriptions for version tracking are OK. AllowSubscriptionsFrom,