refactor: merge AuthMethod into AccessControl

[onurinanc]

Closes: #2930
Fixes: #2943

Tasks:

• Consider removing build_auth_component method added in Fix: AuthControlled faucet leaves Authority setters unauthenticated #2958
• Consider separating create_fungible_faucet as create_network_fungible_faucet and create_user_fungible_faucet specified here: refactor: merge AuthMethod into AccessControl #2944 (comment)

[bobbinth]

Thank you! Not a review yet, but I left some comments inline. For now, more questions/thoughts than concrete suggestions.

[bobbinth]

There is no fundamental reason why faucets shouldn't support multisig-based auth. Let's create an issue for this - though, it'll probably be a fairly low priority.

[bobbinth]

Adding AuthMethod to Ownable2Step and Rbac feels a bit off because currently the only "legal" value for these variants is AuthMethod::NetworkAccount. I think the fault mostly lies in the AuthMethod enum which is kind of in between an auth component and a pure enum.

It would be a bigger refactoring, but I think we should get rid of AuthMethod enum altogether and replace it with something like AccountAuthComponent struct which would be a wrapper over AccountComponent with some convenience constructors.

[onurinanc]

Adding AuthMethod to Ownable2Step and Rbac feels a bit off
I agree on this. Additionally, adding and AuthMethod to AccessControl doesn't sound well either. AuthControlled should be an account component similar to Ownable2Step and Rbac and having an AccountAuthComponent would be a good variant instead of combining AuthMethod with AuthControlled.

For this refactoring, do we also need #2621 this to be merged? similar to below comment?

Other than that, if we decide to remove AuthMethod and replace it with AccountAuthComponent, I think separating this PR into two:

• The first one is as described above: Consider merging AuthMethod into AccessControl #2930
• The second on is resolving this issue: Bug: AuthControlled faucet leaves Authority setters unauthenticated #2943

[bobbinth]

Yes, let's tackle #2943 separately (which I see you've already done) - and then we can come back here and do a more comprehensive refactoring.

[bobbinth]

I wonder if we are trying to do too much with this single function. Maybe it is worth splitting it up with a couple functions - something like:

pub fn create_network_fungible_faucet(
    init_seed: [u8; 32],
    faucet: FungibleFaucet,
    access_control: AccessControl, // this would contain only Ownable2Step and Rbac
    token_policy_manager: TokenPolicyManager,
    storage_mode: AccountStorageMode,
) -> Result<Account, FungibleFaucetError> {
    ...
}

pub fn create_user_fungible_faucet(
    init_seed: [u8; 32],
    faucet: FungibleFaucet,
    auth_method: AuthMethod, // this would not contain NetworkAccount
    token_policy_manager: TokenPolicyManager,
    storage_mode: AccountStorageMode,
) -> Result<Account, FungibleFaucetError> {
    ...
}

But again, this would be a bigger refactoring along the lines of #2621.

[onurinanc]

This approach seems to me better in that way we can separate AccountAuthComponent and AccessControl. We might also want to rename the AccessControl enum to NetworkAccessControl and doesn't include AccountAuthComponent as a variant in the enum.

[mmagician]

It looks like this PR contains most of the changes from #2958

[mmagician]

was this comment removed on purpose?