cosmos · mergify · Feb 20, 2021 · Jan 28, 2021 · Jan 29, 2021 · Jan 29, 2021
diff --git a/docs/core/proto-docs.md b/docs/core/proto-docs.md
diff --git a/proto/cosmos/authz/v1beta1/authz.proto b/proto/cosmos/authz/v1beta1/authz.proto
@@ -47,3 +47,14 @@ message DelegateAuthorization {
   // empty, there is no spend limit and any amount of coins can be delegated.
   cosmos.base.v1beta1.Coin max_tokens = 2 [(gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coin"];
 }
+// UndelegateAuthorization allows the grantee to un-delegate tokens from provided set of validators
+// on behalf of the granter's account.
+message UndelegateAuthorization {
+  option (cosmos_proto.implements_interface) = "Authorization";
+
+  // validator_address specifies list of validator addresses from whom grantee can un-delegate tokens on behalf of granter's account.
+  repeated string validator_address = 1;
+  // max_tokens specifies the maximum amount of tokens can be un-delegate from a validator. If it is
+  // empty, there is no spend limit and any amount of coins can be un-delegated.
+  cosmos.base.v1beta1.Coin max_tokens = 2 [(gogoproto.castrepeated) = "github.com/cosmos/cosmos-sdk/types.Coin"];
+}
diff --git a/proto/cosmos/authz/v1beta1/genesis.proto b/proto/cosmos/authz/v1beta1/genesis.proto
@@ -5,7 +5,6 @@ import "google/protobuf/timestamp.proto";
 import "google/protobuf/any.proto";
 import "gogoproto/gogo.proto";
 import "cosmos_proto/cosmos.proto";
-import "cosmos/authz/v1beta1/tx.proto";
 
 option go_package = "github.com/cosmos/cosmos-sdk/x/authz/types";
 

diff --git a/proto/cosmos/authz/v1beta1/query.proto b/proto/cosmos/authz/v1beta1/query.proto
@@ -1,10 +1,7 @@
 syntax = "proto3";
 package cosmos.authz.v1beta1;
 
-import "gogoproto/gogo.proto";
-import "google/protobuf/any.proto";
 import "google/api/annotations.proto";
-import "cosmos_proto/cosmos.proto";
 import "cosmos/base/query/v1beta1/pagination.proto";
 import "cosmos/authz/v1beta1/authz.proto";
 

diff --git a/x/authz/client/cli/tx.go b/x/authz/client/cli/tx.go
@@ -46,7 +46,7 @@ func GetTxCmd() *cobra.Command {
 
 func NewCmdGrantAuthorization() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "grant <grantee> <authorization_type=\"send\"|\"generic\"|\"delegate\"> --from <granter>",
+		Use:   "grant <grantee> <authorization_type=\"send\"|\"generic\"|\"delegate\"|\"unbond\"> --from <granter>",
 		Short: "Grant authorization to an address",
 		Long: strings.TrimSpace(
 			fmt.Sprintf(`Grant authorization to an address to execute a transaction on your behalf:
@@ -94,7 +94,7 @@ Examples:
 				}
 
 				authorization = types.NewGenericAuthorization(msgType)
-			case "delegate":
+			case "delegate", "unbond":
 				limit, err := cmd.Flags().GetString(FlagSpendLimit)
 				if err != nil {
 					return err
@@ -123,12 +123,18 @@ Examples:
 					if !spendLimit.IsAllPositive() {
 						return fmt.Errorf("spend-limit should be greater than zero")
 					}
-
-					authorization = types.NewDelegateAuthorization(vals, &spendLimit[0])
+					if args[1] == "delegate" {
+						authorization = types.NewDelegateAuthorization(vals, &spendLimit[0])
+					} else {
+						authorization = types.NewUndelegateAuthorization(vals, &spendLimit[0])
+					}
 				} else {
-					authorization = types.NewDelegateAuthorization(vals, nil)
+					if args[1] == "delegate" {
+						authorization = types.NewDelegateAuthorization(vals, nil)
+					} else {
+						authorization = types.NewUndelegateAuthorization(vals, nil)
+					}
 				}
-
 			default:
 				return fmt.Errorf("invalid authorization type, %s", args[1])
 			}

diff --git a/x/authz/client/cli/tx_test.go b/x/authz/client/cli/tx_test.go
@@ -21,6 +21,7 @@ import (
 	govcli "github.com/cosmos/cosmos-sdk/x/gov/client/cli"
 	govtestutil "github.com/cosmos/cosmos-sdk/x/gov/client/testutil"
 	govtypes "github.com/cosmos/cosmos-sdk/x/gov/types"
+	stakingcli "github.com/cosmos/cosmos-sdk/x/staking/client/cli"
 
 	"github.com/cosmos/cosmos-sdk/x/authz/types"
 	bankcli "github.com/cosmos/cosmos-sdk/x/bank/client/testutil"
@@ -208,6 +209,12 @@ func execGrantAuthorization(val *network.Validator, args []string) (testutil.Buf
 	return clitestutil.ExecTestCLICmd(clientCtx, cmd, args)
 }
 
+func execDelegate(val *network.Validator, args []string) (testutil.BufferWriter, error) {
+	cmd := stakingcli.NewDelegateCmd()
+	clientCtx := val.ClientCtx
+	return clitestutil.ExecTestCLICmd(clientCtx, cmd, args)
+}
+
 func (s *IntegrationTestSuite) TestCmdRevokeAuthorizations() {
 	val := s.network.Validators[0]
 
@@ -738,6 +745,228 @@ func (s *IntegrationTestSuite) TestExecDelegateAuthorization() {
 		},
 	}
 
+	for _, tc := range testCases {
+		tc := tc
+		s.Run(tc.name, func() {
+			cmd := cli.NewCmdExecAuthorization()
+			clientCtx := val.ClientCtx
+
+			out, err := clitestutil.ExecTestCLICmd(clientCtx, cmd, tc.args)
+			if tc.expectErr {
+				s.Require().Error(err)
+				s.Require().Contains(err.Error(), tc.errMsg)
+			} else {
+				s.Require().NoError(err)
+				s.Require().NoError(clientCtx.JSONMarshaler.UnmarshalJSON(out.Bytes(), tc.respType), out.String())
+				txResp := tc.respType.(*sdk.TxResponse)
+				s.Require().Equal(tc.expectedCode, txResp.Code, out.String())
+			}
+		})
+	}
+}
+
+func (s *IntegrationTestSuite) TestExecUndelegateAuthorization() {
+	val := s.network.Validators[0]
+	grantee := s.grantee
+	twoHours := time.Now().Add(time.Minute * time.Duration(120)).Unix()
+
+	_, err := execGrantAuthorization(
+		val,
+		[]string{
+			grantee.String(),
+			"unbond",
+			fmt.Sprintf("--%s=100stake", cli.FlagSpendLimit),
+			fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+			fmt.Sprintf("--%s=%s", flags.FlagFrom, val.Address.String()),
+			fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+			fmt.Sprintf("--%s=%d", cli.FlagExpiration, twoHours),
+			fmt.Sprintf("--%s=%s", cli.FlagValidators, fmt.Sprintf("%s", val.ValAddress.String())),
+			fmt.Sprintf("--%s=%s", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()),
+		},
+	)
+	s.Require().NoError(err)
+
+	// create delegation
+	_, err = execDelegate(
+		val,
+		[]string{
+			val.ValAddress.String(),
+			"100stake",
+			fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+			fmt.Sprintf("--%s=%s", flags.FlagFrom, val.Address.String()),
+			fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+			fmt.Sprintf("--%s=%s", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()),
+		},
+	)
+	s.Require().NoError(err)
+
+	tokens := sdk.NewCoins(
+		sdk.NewCoin("stake", sdk.NewInt(50)),
+	)
+
+	undelegateTx := fmt.Sprintf(`{"body":{"messages":[{"@type":"/cosmos.staking.v1beta1.Msg/Undelegate","delegator_address":"%s","validator_address":"%s","amount":{"denom":"%s","amount":"%s"}}],"memo":"","timeout_height":"0","extension_options":[],"non_critical_extension_options":[]},"auth_info":{"signer_infos":[],"fee":{"amount":[],"gas_limit":"200000","payer":"","granter":""}},"signatures":[]}`, val.Address.String(), val.ValAddress.String(),
+		tokens.GetDenomByIndex(0), tokens[0].Amount)
+	execMsg := testutil.WriteToNewTempFile(s.T(), undelegateTx)
+
+	testCases := []struct {
+		name         string
+		args         []string
+		respType     proto.Message
+		expectedCode uint32
+		expectErr    bool
+		errMsg       string
+	}{
+		{
+			"fail invalid grantee",
+			[]string{
+				execMsg.Name(),
+				fmt.Sprintf("--%s=%s", flags.FlagFrom, "invalid_grantee"),
+				fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+				fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+				fmt.Sprintf("--%s=%s", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()),
+			},
+			nil,
+			0,
+			true,
+			"The specified item could not be found in the keyring",
+		},
+		{
+			"fail invalid json path",
+			[]string{
+				"/invalid/file.txt",
+				fmt.Sprintf("--%s=%s", flags.FlagFrom, grantee.String()),
+				fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+				fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+			},
+			nil,
+			0,
+			true,
+			"",
+		},
+		{
+			"valid txn: (undelegate half tokens)",
+			[]string{
+				execMsg.Name(),
+				fmt.Sprintf("--%s=%s", flags.FlagFrom, grantee.String()),
+				fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+				fmt.Sprintf("--%s=%s", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()),
+				fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+			},
+			&sdk.TxResponse{},
+			0,
+			false,
+			"",
+		},
+		{
+			"valid txn: (undelegate remaining half tokens)",
+			[]string{
+				execMsg.Name(),
+				fmt.Sprintf("--%s=%s", flags.FlagFrom, grantee.String()),
+				fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+				fmt.Sprintf("--%s=%s", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()),
+				fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+			},
+			&sdk.TxResponse{},
+			0,
+			false,
+			"",
+		},
+		{
+			"failed with error no authorization found",
+			[]string{
+				execMsg.Name(),
+				fmt.Sprintf("--%s=%s", flags.FlagFrom, grantee.String()),
+				fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+				fmt.Sprintf("--%s=%s", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()),
+				fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+			},
+			&sdk.TxResponse{},
+			4,
+			false,
+			"authorization not found",
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		s.Run(tc.name, func() {
+			cmd := cli.NewCmdExecAuthorization()
+			clientCtx := val.ClientCtx
+
+			out, err := clitestutil.ExecTestCLICmd(clientCtx, cmd, tc.args)
+			if tc.expectErr {
+				s.Require().Error(err)
+				s.Require().Contains(err.Error(), tc.errMsg)
+			} else {
+				s.Require().NoError(err)
+				s.Require().NoError(clientCtx.JSONMarshaler.UnmarshalJSON(out.Bytes(), tc.respType), out.String())
+				txResp := tc.respType.(*sdk.TxResponse)
+				s.Require().Equal(tc.expectedCode, txResp.Code, out.String())
+			}
+		})
+	}
+
+	// grant undelegate authorization without limit
+	_, err = execGrantAuthorization(
+		val,
+		[]string{
+			grantee.String(),
+			"unbond",
+			fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+			fmt.Sprintf("--%s=%s", flags.FlagFrom, val.Address.String()),
+			fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+			fmt.Sprintf("--%s=%d", cli.FlagExpiration, twoHours),
+			fmt.Sprintf("--%s=%s", cli.FlagValidators, fmt.Sprintf("%s", val.ValAddress.String())),
+			fmt.Sprintf("--%s=%s", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()),
+		},
+	)
+	s.Require().NoError(err)
+	tokens = sdk.NewCoins(
+		sdk.NewCoin("stake", sdk.NewInt(50)),
+	)
+
+	undelegateTx = fmt.Sprintf(`{"body":{"messages":[{"@type":"/cosmos.staking.v1beta1.Msg/Undelegate","delegator_address":"%s","validator_address":"%s","amount":{"denom":"%s","amount":"%s"}}],"memo":"","timeout_height":"0","extension_options":[],"non_critical_extension_options":[]},"auth_info":{"signer_infos":[],"fee":{"amount":[],"gas_limit":"200000","payer":"","granter":""}},"signatures":[]}`, val.Address.String(), val.ValAddress.String(),
+		tokens.GetDenomByIndex(0), tokens[0].Amount)
+	execMsg = testutil.WriteToNewTempFile(s.T(), undelegateTx)
+
+	testCases = []struct {
+		name         string
+		args         []string
+		respType     proto.Message
+		expectedCode uint32
+		expectErr    bool
+		errMsg       string
+	}{
+		{
+			"valid txn",
+			[]string{
+				execMsg.Name(),
+				fmt.Sprintf("--%s=%s", flags.FlagFrom, grantee.String()),
+				fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+				fmt.Sprintf("--%s=%s", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()),
+				fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+			},
+			&sdk.TxResponse{},
+			0,
+			false,
+			"",
+		},
+		{
+			"valid txn",
+			[]string{
+				execMsg.Name(),
+				fmt.Sprintf("--%s=%s", flags.FlagFrom, grantee.String()),
+				fmt.Sprintf("--%s=%s", flags.FlagBroadcastMode, flags.BroadcastBlock),
+				fmt.Sprintf("--%s=%s", flags.FlagFees, sdk.NewCoins(sdk.NewCoin(s.cfg.BondDenom, sdk.NewInt(10))).String()),
+				fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
+			},
+			&sdk.TxResponse{},
+			0,
+			false,
+			"",
+		},
+	}
+
 	for _, tc := range testCases {
 		tc := tc
 		s.Run(tc.name, func() {

diff --git a/x/authz/simulation/operations.go b/x/authz/simulation/operations.go
@@ -251,7 +251,7 @@ func SimulateMsgExecuteAuthorized(ak types.AccountKeeper, bk types.BankKeeper, k
 		sendGrant := targetGrant.Authorization.GetCachedValue().(*types.SendAuthorization)
 		_, _, err = sendGrant.Accept(execMsg, ctx.BlockHeader())
 		if err != nil {
-			return simtypes.NoOpMsg(types.ModuleName, TypeMsgExecDelegated, "not allowed"), nil, nil
+			return simtypes.NoOpMsg(types.ModuleName, TypeMsgExecDelegated, err.Error()), nil, nil
 		}
 
 		txGen := simappparams.MakeTestEncodingConfig().TxConfig