Set up
The steps to enable new permissions model are as described below:
New network
- Bring up the initial set of nodes which will be part of the network
- Deploy the
PermissionsUpgradable.solin the network. The deployment of this contract will require a guardian account to be given as a part of deployment. - Deploy the rest of the contracts. All the other contracts will require the address of
PermissionsUpgradable.solcontract as a part of deployment. - Once all the contracts are deployed create a file
permission-config.jsonwhich will have the following construct:
{
"upgradableAddress": "0x1932c48b2bf8102ba33b4a6b545c32236e342f34",
"interfaceAddress": "0x4d3bfd7821e237ffe84209d8e638f9f309865b87",
"implAddress": "0xfe0602d820f42800e3ef3f89e1c39cd15f78d283",
"nodeMgrAddress": "0x8a5e2a6343108babed07899510fb42297938d41f",
"accountMgrAddress": "0x9d13c6d3afe1721beef56b55d303b09e021e27ab",
"roleMgrAddress": "0x1349f3e1b8d71effb47b840594ff27da7e603d17",
"voterMgrAddress": "0xd9d64b7dc034fafdba5dc2902875a67b5d586420",
"orgMgrAddress" : "0x938781b9796aea6376e40ca158f67fa89d5d8a18",
"nwAdminOrg": "ADMINORG",
"nwAdminRole" : "ADMIN",
"orgAdminRole" : "ORGADMIN",
"accounts":["0xed9d02e382b34818e88b88a309c7fe71e65f419d", "0xca843569e3427144cead5e4d5999a3d0ccf92b8e"],
"subOrgBreadth" : 3,
"subOrgDepth" : 4
}
upgradableAddressis the address of deployed contractPermissionsUpgradable.solinterfaceAddressis the address of deployed contractPermissionsInterface.solimplAddressis the address of deployed contractPermissionsImplementation.solnodeMgrAddressis the address of deployed contractNodeManager.solaccountMgrAddressis the address of deployed contractAccountManager.solroleMgrAddressis the address of deployed contractRoleManager.solvoterMgrAddressis the address of deployed contractVoterManager.solorgMgrAddressis the address of deployed contractOrgManager.solnwAdminOrgis the name of initial organization that will be created as a part of network boot up with new permissions model. This organization will own all the initial nodes which come at the time of network boot up and accounts which will be the network admin accountnwAdminRoleis role id which will have full access and will be network admin. This role will be assigned to the network admin accountsorgAdminRoleis role id which will have full access and will manage organization level administration activities. This role will be assigned to the org admin accountaccountsholds the initial list of accounts which will be linked to the network admin organization and will be assigned the network admin role. These accounts will have complete control on the network and can propose and approve new organizations into the networksubOrgBreadthindicates the number of sub organizations that any org can havesubOrgDepthindicates the maximum depth of sub org hierarchy allowed in the network
- Once the contracts are deployed,
initinPermissionsUpgradable.solneed to be executed by the guardian account. This will link the interface and implementation contracts. A sample script for loading the upgradable contract atgethprompt is as given below
ac = eth.accounts[0];
web3.eth.defaultAccount = ac;
var abi = [{"constant":true,"inputs":[],"name":"getPermImpl","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_proposedImpl","type":"address"}],"name":"confirmImplChange","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"getGuardian","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getPermInterface","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_permInterface","type":"address"},{"name":"_permImpl","type":"address"}],"name":"init","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"inputs":[{"name":"_guardian","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"}];
var upgr = web3.eth.contract(abi).at("0x1932c48b2bf8102ba33b4a6b545c32236e342f34"); // address of the upgradable contracts
var impl = "0xfe0602d820f42800e3ef3f89e1c39cd15f78d283" // address of the implementation contracts
var intr = "0x4d3bfd7821e237ffe84209d8e638f9f309865b87" // address of the interface contracts
- At
gethprompt load the above script after replacing the contract addresses appropriately and executeupgr.init(intr, impl, {from: <guardian account>, gas: 4500000}) - Bring down the all
gethnodes in the network and copypermission-config.jsoninto the data directory of each node
Migrating from an earlier version
The following steps needs to be followed when migrating from a earlier version for enabling permissions feature
- Bring down the running network in the earlier version.
- The
maxCodeSizeattribute ingenesis.jsonneed to be set to 35. Updategenesis.jsonto reflect the same
"config": {
"homesteadBlock": 0,
"byzantiumBlock": 0,
"chainId": 10,
"eip150Block": 0,
"eip155Block": 0,
"eip150Hash": "0x0000000000000000000000000000000000000000000000000000000000000000",
"eip158Block": 0,
"maxCodeSize" : 35,
"isQuorum":
- Execute
geth --datadir <<data dir path>> init genesis.json - Bring up the network with latest geth and deploy the contracts as explained earlier in the set up. The rest of the steps will be similar to bringing up a new network
!!! Note
* It should be noted that the new permission model will be in force only when permission-config.json is present in data directory. If this file is not there and the node is brought up with --permissioned flag, node level permissions as per the earlier model will be effective.
* Please ensure that maxCodeSize in genesis.json is set to 35