refactor: merge AuthMethod into AccessControl

[onurinanc]

Closes: #2930
Fixes: #2943

Tasks:

• Consider removing build_auth_component method added in Fix: AuthControlled faucet leaves Authority setters unauthenticated #2958
• Consider separating create_fungible_faucet as create_network_fungible_faucet and create_user_fungible_faucet specified here: refactor: merge AuthMethod into AccessControl #2944 (comment)

[bobbinth]

Thank you! Not a review yet, but I left some comments inline. For now, more questions/thoughts than concrete suggestions.

[bobbinth]

There is no fundamental reason why faucets shouldn't support multisig-based auth. Let's create an issue for this - though, it'll probably be a fairly low priority.

[bobbinth]

Adding AuthMethod to Ownable2Step and Rbac feels a bit off because currently the only "legal" value for these variants is AuthMethod::NetworkAccount. I think the fault mostly lies in the AuthMethod enum which is kind of in between an auth component and a pure enum.

It would be a bigger refactoring, but I think we should get rid of AuthMethod enum altogether and replace it with something like AccountAuthComponent struct which would be a wrapper over AccountComponent with some convenience constructors.

[onurinanc]

Adding AuthMethod to Ownable2Step and Rbac feels a bit off
I agree on this. Additionally, adding and AuthMethod to AccessControl doesn't sound well either. AuthControlled should be an account component similar to Ownable2Step and Rbac and having an AccountAuthComponent would be a good variant instead of combining AuthMethod with AuthControlled.

For this refactoring, do we also need #2621 this to be merged? similar to below comment?

Other than that, if we decide to remove AuthMethod and replace it with AccountAuthComponent, I think separating this PR into two:

• The first one is as described above: Consider merging AuthMethod into AccessControl #2930
• The second on is resolving this issue: Bug: AuthControlled faucet leaves Authority setters unauthenticated #2943

[bobbinth]

Yes, let's tackle #2943 separately (which I see you've already done) - and then we can come back here and do a more comprehensive refactoring.

[bobbinth]

I wonder if we are trying to do too much with this single function. Maybe it is worth splitting it up with a couple functions - something like:

pub fn create_network_fungible_faucet(
    init_seed: [u8; 32],
    faucet: FungibleFaucet,
    access_control: AccessControl, // this would contain only Ownable2Step and Rbac
    token_policy_manager: TokenPolicyManager,
    storage_mode: AccountStorageMode,
) -> Result<Account, FungibleFaucetError> {
    ...
}

pub fn create_user_fungible_faucet(
    init_seed: [u8; 32],
    faucet: FungibleFaucet,
    auth_method: AuthMethod, // this would not contain NetworkAccount
    token_policy_manager: TokenPolicyManager,
    storage_mode: AccountStorageMode,
) -> Result<Account, FungibleFaucetError> {
    ...
}

But again, this would be a bigger refactoring along the lines of #2621.

[onurinanc]

This approach seems to me better in that way we can separate AccountAuthComponent and AccessControl. We might also want to rename the AccessControl enum to NetworkAccessControl and doesn't include AccountAuthComponent as a variant in the enum.

[mmagician]

It looks like this PR contains most of the changes from #2958

[mmagician]

was this comment removed on purpose?

[PhilippGackstatter]

Taking a step back, it seems like these helpers for faucet creation (create_user_fungible_faucet, create_network_fungible_faucet) inucr a high amount of additional code we need for questionable gain (client uses it in tests only, node doesn't use it at all). I'd love to get rid of them, but maybe that's too drastic. At the very least, I think we should simplify these. In my opinion, it's totally fine to be opinionated here - it's always possible to fall back to the AccountBuilder and to add more functions rather than to do more with the same function.

I think the main complication comes from us trying to support various auth components in the creation of the faucets. Right now we support NoAuth for network accounts and custom account components for each, but really, the meaningful configurations we can support are AuthSinglesigAcl for users faucets as well as AuthNetworkAccount for network accounts. For custom components, we cannot meaningfully validate anything in these helpers anyway, so there is no gain from supporting these. Users might as well use the AccountBuilder directly. I don't think we should allow NoAuth anyway, because it is dangerous for network accounts. That one might be convenient for tests, but we can introduce a separate testing-gated helper for this, if needed.

So, I think we can just require the concrete component to be passed:

pub fn create_user_fungible_faucet(
    init_seed: [u8; 32],
    faucet: FungibleFaucet,
    auth_component: AuthSingleSigAcl,
    token_policy_manager: TokenPolicyManager,
    account_type: AccountType,
) -> Result<Account, FungibleFaucetError> {
    todo!()
}

pub fn create_network_fungible_faucet(
    init_seed: [u8; 32],
    faucet: FungibleFaucet,
    access_control: AccessControl,
    auth_component: AuthNetworkAccount,
    token_policy_manager: TokenPolicyManager,
    account_type: AccountType,
) -> Result<Account, FungibleFaucetError> {
    todo!()
}

This means no need for AccountAuthScheme (*) and AccountAuthComponent, no need to have extensive docs describing what auth components are supported and which are rejected, no need to test that certain components are rejected, and an API that tells you at compile time whether the configuration is valid rather than at runtime.

If we want to introduce additonal helpers for, say, a multisig-user faucet, we can add this as a separate function.

(*) Right now the AccountComponentInterface still soft-requires us to have this auth scheme enumeration, but we should get rid of this very soon (#2621), so I'd keep it in the most minimal form possible that makes the existing code work.

[onurinanc]

Applied the changes considering the possible direction commented here: #2944 (comment)

[PhilippGackstatter]

Looks great! I think this is a much-needed relief on complexity.

Left a few nits and suggestions, nothing blocking.

[PhilippGackstatter]

Seems to be a test-only helper, so I'd move it behind testing.

[PhilippGackstatter]

Suggested change

	let allowlist: BTreeSet<NoteScriptRoot> =
	[NoteScriptRoot::from_raw(Word::new([Felt::ONE; 4]))].into_iter().collect();
	let allowlist: BTreeSet<NoteScriptRoot> =
	[NoteScriptRoot::from_array([0; 4])].into_iter().collect();

Nit: We have a nice helper for test construction.

[PhilippGackstatter]

nit: I'm not sure this error is meaningful anymore. We might as well return AccountError from create_basic_wallet.

[PhilippGackstatter]

Seems like we could inline this logic into create_new_faucet now.

[PhilippGackstatter]

Same with this, should we inline this into add_existing_basic_faucet?

[PhilippGackstatter]

Suggested change

	let allowed_script_roots: alloc::collections::BTreeSet<NoteScriptRoot> =
	let allowed_script_roots: BTreeSet<NoteScriptRoot> =

nit

[PhilippGackstatter]

This might be the result of some auto union-merge, could you double check if there are duplicate entries now?

In any case, this PR's entry should go into the 0.16 section.

[bobbinth]

Looks good! Thank you! I left a few comments/questions inline.

Also, role assignment will be done in a different PR, right? Do we already have an issue for this?

[bobbinth]

I think this and a few other unrelated changes snuck into the changelog somehow.

[bobbinth]

Previously, we could use this to create multisig wallets as well. Should we add another helper function to support this functionality? For example, something like create_multisig_wallet().

Another thing, maybe we could also create a helper for creating guardian-supported wallets - e.g., create_guarded_wallet(). But maybe I'm going too far.

[bobbinth]

Just to clarify: the caller is expected to configure the ACL auth component with the roots of all procedures, right? Would this create friction for the user?

[bobbinth]

A couple of comments on this:

• We don't need to pass account_type here as network accounts must be public.
• Why do we need to pass AuthNetworkAccount component? Could we not create/configure it automatically in this function?

[PhilippGackstatter]

• Why do we need to pass AuthNetworkAccount component? Could we not create/configure it automatically in this function?

I think if we did that, we'd have to take two parameters (note allowlist, tx script allowlist) as input rather than one (AuthNetworkAccount), so the current approach seems a bit cleaner to me.

[bobbinth]

But then the caller needs to know the internal details of this function - no? Specifically, they need to know that config notes for the Pausable component need to be added to the note allowlist.

More generally though, can't this procedure build both the note script allowlist and tx script allowlist? If we can't do it here, there may not be much value in having this function - i.e., using the builder directly would result in a more readable/maintainable code.

My understanding is that we are OK with being pretty opinionated with this function (we are providing a quick way to construct a faucet w/o using the builder directly) - and so, we can make assumptions about notes/scripts allowed for this account.

[PhilippGackstatter]

Ah, that's true. Agreed, we should be able to configure the auth component internally and being opinionated is fine here.

[bobbinth]

Is adding PausableManager component enough? Should we not also add Pausable component?