Module `0x1::ValidatorConfig`

The ValidatorConfig resource holds information about a validator. Information is published and updated by Diem root in a <code><a href="ValidatorConfig.md#0x1_ValidatorConfig_ValidatorConfig">Self::ValidatorConfig</a></code> in preparation for later inclusion (by functions in DiemConfig) in a <code><a href="DiemConfig.md#0x1_DiemConfig_DiemConfig">DiemConfig::DiemConfig</a><<a href="DiemSystem.md#0x1_DiemSystem">DiemSystem</a>></code> struct (the <code><a href="ValidatorConfig.md#0x1_ValidatorConfig_ValidatorConfig">Self::ValidatorConfig</a></code> in a <code>DiemConfig::ValidatorInfo</code> which is a member of the <code><a href="DiemSystem.md#0x1_DiemSystem_DiemSystem">DiemSystem::DiemSystem</a>.validators</code> vector).

Struct Config
Resource ValidatorConfig
Constants
Function publish
Function exists_config
Function set_operator
Function remove_operator
Function set_config
Function is_valid
Function get_config
Function get_human_name
Function get_operator
Function get_consensus_pubkey
Function get_validator_network_addresses
Module Specification

<pre><code>use <a href="DiemTimestamp.md#0x1_DiemTimestamp">0x1::DiemTimestamp</a>; use <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors">0x1::Errors</a>; use <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option">0x1::Option</a>; use <a href="Roles.md#0x1_Roles">0x1::Roles</a>; use <a href="Signature.md#0x1_Signature">0x1::Signature</a>; use <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer">0x1::Signer</a>; use <a href="ValidatorOperatorConfig.md#0x1_ValidatorOperatorConfig">0x1::ValidatorOperatorConfig</a>; </code></pre>

Struct `Config`

<pre><code>struct <a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">Config</a> has copy, drop, store </code></pre> <details> <summary>Fields</summary> <dl> <dt> <code>consensus_pubkey: vector<u8></code> </dt> <dd> </dd> <dt> <code>validator_network_addresses: vector<u8></code> </dt> <dd> </dd> <dt> <code>fullnode_network_addresses: vector<u8></code> </dt> <dd> </dd> </dl> </details>

Resource `ValidatorConfig`

<pre><code>struct <a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a> has key </code></pre> <details> <summary>Fields</summary> <dl> <dt> <code>config: <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_Option">Option::Option</a><<a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">ValidatorConfig::Config</a>></code> </dt> <dd> set and rotated by the operator_account </dd> <dt> <code>operator_account: <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_Option">Option::Option</a><address></code> </dt> <dd> </dd> <dt> <code>human_name: vector<u8></code> </dt> <dd> The human readable name of this entity. Immutable. </dd> </dl> </details>

Constants

The provided consensus public key is malformed

<pre><code>const <a href="ValidatorConfig.md#0x1_ValidatorConfig_EINVALID_CONSENSUS_KEY">EINVALID_CONSENSUS_KEY</a>: u64 = 2; </code></pre>

The sender is not the operator for the specified validator

<pre><code>const <a href="ValidatorConfig.md#0x1_ValidatorConfig_EINVALID_TRANSACTION_SENDER">EINVALID_TRANSACTION_SENDER</a>: u64 = 1; </code></pre>

Tried to set an account without the correct operator role as a Validator Operator

<pre><code>const <a href="ValidatorConfig.md#0x1_ValidatorConfig_ENOT_A_VALIDATOR_OPERATOR">ENOT_A_VALIDATOR_OPERATOR</a>: u64 = 3; </code></pre>

The <code><a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a></code> resource was not in the required state

<pre><code>const <a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>: u64 = 0; </code></pre>

Function `publish`

Publishes a mostly empty ValidatorConfig struct. Eventually, it will have critical info such as keys, network addresses for validators, and the address of the validator operator.

<pre><code>public(friend) fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_publish">publish</a>(validator_account: &signer, dr_account: &signer, human_name: vector<u8>) </code></pre> <details> <summary>Implementation</summary> <pre><code>public(friend) fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_publish">publish</a>( validator_account: &signer, dr_account: &signer, human_name: vector<u8>, ) { <a href="DiemTimestamp.md#0x1_DiemTimestamp_assert_operating">DiemTimestamp::assert_operating</a>(); <a href="Roles.md#0x1_Roles_assert_diem_root">Roles::assert_diem_root</a>(dr_account); <a href="Roles.md#0x1_Roles_assert_validator">Roles::assert_validator</a>(validator_account); assert( !exists<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(<a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_address_of">Signer::address_of</a>(validator_account)), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_already_published">Errors::already_published</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>) ); move_to(validator_account, <a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a> { config: <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_none">Option::none</a>(), operator_account: <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_none">Option::none</a>(), human_name, }); } </code></pre> </details> <details> <summary>Specification</summary> <pre><code>include <a href="ValidatorConfig.md#0x1_ValidatorConfig_PublishAbortsIf">PublishAbortsIf</a>; ensures <a href="ValidatorConfig.md#0x1_ValidatorConfig_exists_config">exists_config</a>(<a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_spec_address_of">Signer::spec_address_of</a>(validator_account)); </code></pre>

<pre><code>schema <a href="ValidatorConfig.md#0x1_ValidatorConfig_PublishAbortsIf">PublishAbortsIf</a> { validator_account: signer; dr_account: signer; let validator_addr = <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_spec_address_of">Signer::spec_address_of</a>(validator_account); include <a href="DiemTimestamp.md#0x1_DiemTimestamp_AbortsIfNotOperating">DiemTimestamp::AbortsIfNotOperating</a>; include <a href="Roles.md#0x1_Roles_AbortsIfNotDiemRoot">Roles::AbortsIfNotDiemRoot</a>{account: dr_account}; include <a href="Roles.md#0x1_Roles_AbortsIfNotValidator">Roles::AbortsIfNotValidator</a>{account: validator_account}; aborts_if <a href="ValidatorConfig.md#0x1_ValidatorConfig_exists_config">exists_config</a>(validator_addr) with <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_ALREADY_PUBLISHED">Errors::ALREADY_PUBLISHED</a>; } </code></pre> </details>

Function `exists_config`

Returns true if a ValidatorConfig resource exists under addr.

<pre><code>fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_exists_config">exists_config</a>(addr: address): bool </code></pre> <details> <summary>Implementation</summary> <pre><code>fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_exists_config">exists_config</a>(addr: address): bool { exists<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr) } </code></pre> </details>

Function `set_operator`

Sets a new operator account, preserving the old config. Note: Access control. No one but the owner of the account may change .operator_account

<pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_set_operator">set_operator</a>(validator_account: &signer, operator_addr: address) </code></pre> <details> <summary>Implementation</summary> <pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_set_operator">set_operator</a>(validator_account: &signer, operator_addr: address) acquires <a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a> { <a href="Roles.md#0x1_Roles_assert_validator">Roles::assert_validator</a>(validator_account); // Check for validator role is not necessary since the role is checked when the config // resource is published. assert( <a href="ValidatorOperatorConfig.md#0x1_ValidatorOperatorConfig_has_validator_operator_config">ValidatorOperatorConfig::has_validator_operator_config</a>(operator_addr), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_invalid_argument">Errors::invalid_argument</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_ENOT_A_VALIDATOR_OPERATOR">ENOT_A_VALIDATOR_OPERATOR</a>) ); let sender = <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_address_of">Signer::address_of</a>(validator_account); assert(<a href="ValidatorConfig.md#0x1_ValidatorConfig_exists_config">exists_config</a>(sender), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_not_published">Errors::not_published</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>)); (borrow_global_mut<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(sender)).operator_account = <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_some">Option::some</a>(operator_addr); } </code></pre> </details> <details> <summary>Specification</summary>

Must abort if the signer does not have the Validator role [H16].

<pre><code>include <a href="Roles.md#0x1_Roles_AbortsIfNotValidator">Roles::AbortsIfNotValidator</a>{account: validator_account}; include <a href="ValidatorConfig.md#0x1_ValidatorConfig_SetOperatorAbortsIf">SetOperatorAbortsIf</a>; include <a href="ValidatorConfig.md#0x1_ValidatorConfig_SetOperatorEnsures">SetOperatorEnsures</a>; </code></pre>

Must abort if the signer does not have the Validator role [B24].

<pre><code>schema <a href="ValidatorConfig.md#0x1_ValidatorConfig_SetOperatorAbortsIf">SetOperatorAbortsIf</a> { validator_account: signer; operator_addr: address; let validator_addr = <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_spec_address_of">Signer::spec_address_of</a>(validator_account); include <a href="Roles.md#0x1_Roles_AbortsIfNotValidator">Roles::AbortsIfNotValidator</a>{account: validator_account}; aborts_if !<a href="ValidatorOperatorConfig.md#0x1_ValidatorOperatorConfig_has_validator_operator_config">ValidatorOperatorConfig::has_validator_operator_config</a>(operator_addr) with <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_INVALID_ARGUMENT">Errors::INVALID_ARGUMENT</a>; include <a href="ValidatorConfig.md#0x1_ValidatorConfig_AbortsIfNoValidatorConfig">AbortsIfNoValidatorConfig</a>{addr: validator_addr}; aborts_if !<a href="ValidatorOperatorConfig.md#0x1_ValidatorOperatorConfig_has_validator_operator_config">ValidatorOperatorConfig::has_validator_operator_config</a>(operator_addr) with <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_NOT_PUBLISHED">Errors::NOT_PUBLISHED</a>; } </code></pre>

<pre><code>schema <a href="ValidatorConfig.md#0x1_ValidatorConfig_SetOperatorEnsures">SetOperatorEnsures</a> { validator_account: signer; operator_addr: address; let validator_addr = <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_spec_address_of">Signer::spec_address_of</a>(validator_account); ensures <a href="ValidatorConfig.md#0x1_ValidatorConfig_spec_has_operator">spec_has_operator</a>(validator_addr); ensures <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_operator">get_operator</a>(validator_addr) == operator_addr; } </code></pre>

The signer can only change its own operator account [H16].

<pre><code>schema <a href="ValidatorConfig.md#0x1_ValidatorConfig_SetOperatorEnsures">SetOperatorEnsures</a> { ensures forall addr: address where addr != validator_addr: global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr).operator_account == old(global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr).operator_account); } </code></pre> </details>

Function `remove_operator`

Removes an operator account, setting a corresponding field to Option::none. The old config is preserved.

<pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_remove_operator">remove_operator</a>(validator_account: &signer) </code></pre> <details> <summary>Implementation</summary> <pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_remove_operator">remove_operator</a>(validator_account: &signer) acquires <a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a> { <a href="Roles.md#0x1_Roles_assert_validator">Roles::assert_validator</a>(validator_account); let sender = <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_address_of">Signer::address_of</a>(validator_account); // <a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">Config</a> field remains set assert(<a href="ValidatorConfig.md#0x1_ValidatorConfig_exists_config">exists_config</a>(sender), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_not_published">Errors::not_published</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>)); (borrow_global_mut<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(sender)).operator_account = <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_none">Option::none</a>(); } </code></pre> </details> <details> <summary>Specification</summary>

Must abort if the signer does not have the Validator role [H16].

<pre><code>let sender = <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_spec_address_of">Signer::spec_address_of</a>(validator_account); include <a href="Roles.md#0x1_Roles_AbortsIfNotValidator">Roles::AbortsIfNotValidator</a>{account: validator_account}; include <a href="ValidatorConfig.md#0x1_ValidatorConfig_AbortsIfNoValidatorConfig">AbortsIfNoValidatorConfig</a>{addr: sender}; ensures !<a href="ValidatorConfig.md#0x1_ValidatorConfig_spec_has_operator">spec_has_operator</a>(<a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_spec_address_of">Signer::spec_address_of</a>(validator_account)); </code></pre>

The signer can only change its own operator account [H16].

<pre><code>ensures forall addr: address where addr != sender: global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr).operator_account == old(global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr).operator_account); </code></pre> </details>

Function `set_config`

Rotate the config in the validator_account. Once the config is set, it can not go back to <code><a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_none">Option::none</a></code> - this is crucial for validity of the DiemSystem's code.

<pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_set_config">set_config</a>(validator_operator_account: &signer, validator_addr: address, consensus_pubkey: vector<u8>, validator_network_addresses: vector<u8>, fullnode_network_addresses: vector<u8>) </code></pre> <details> <summary>Implementation</summary> <pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_set_config">set_config</a>( validator_operator_account: &signer, validator_addr: address, consensus_pubkey: vector<u8>, validator_network_addresses: vector<u8>, fullnode_network_addresses: vector<u8>, ) acquires <a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a> { assert( <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_address_of">Signer::address_of</a>(validator_operator_account) == <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_operator">get_operator</a>(validator_addr), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_invalid_argument">Errors::invalid_argument</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EINVALID_TRANSACTION_SENDER">EINVALID_TRANSACTION_SENDER</a>) ); assert( <a href="Signature.md#0x1_Signature_ed25519_validate_pubkey">Signature::ed25519_validate_pubkey</a>(copy consensus_pubkey), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_invalid_argument">Errors::invalid_argument</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EINVALID_CONSENSUS_KEY">EINVALID_CONSENSUS_KEY</a>) ); // TODO(valerini): verify the proof of posession for consensus_pubkey assert(<a href="ValidatorConfig.md#0x1_ValidatorConfig_exists_config">exists_config</a>(validator_addr), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_not_published">Errors::not_published</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>)); let t_ref = borrow_global_mut<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(validator_addr); t_ref.config = <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_some">Option::some</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">Config</a> { consensus_pubkey, validator_network_addresses, fullnode_network_addresses, }); } </code></pre> </details> <details> <summary>Specification</summary> <pre><code>pragma opaque; modifies global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(validator_addr); include <a href="ValidatorConfig.md#0x1_ValidatorConfig_SetConfigAbortsIf">SetConfigAbortsIf</a>; ensures <a href="ValidatorConfig.md#0x1_ValidatorConfig_is_valid">is_valid</a>(validator_addr); ensures global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(validator_addr) == update_field(old(global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(validator_addr)), config, <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_spec_some">Option::spec_some</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">Config</a> { consensus_pubkey, validator_network_addresses, fullnode_network_addresses, })); </code></pre>

<pre><code>schema <a href="ValidatorConfig.md#0x1_ValidatorConfig_SetConfigAbortsIf">SetConfigAbortsIf</a> { validator_operator_account: signer; validator_addr: address; consensus_pubkey: vector<u8>; aborts_if <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_address_of">Signer::address_of</a>(validator_operator_account) != <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_operator">get_operator</a>(validator_addr) with <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_INVALID_ARGUMENT">Errors::INVALID_ARGUMENT</a>; include <a href="ValidatorConfig.md#0x1_ValidatorConfig_AbortsIfGetOperator">AbortsIfGetOperator</a>{addr: validator_addr}; aborts_if !<a href="Signature.md#0x1_Signature_ed25519_validate_pubkey">Signature::ed25519_validate_pubkey</a>(consensus_pubkey) with <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_INVALID_ARGUMENT">Errors::INVALID_ARGUMENT</a>; } </code></pre> </details>

Function `is_valid`

Returns true if all of the following is true:

there is a ValidatorConfig resource under the address, and
the config is set, and we do not require the operator_account to be set to make sure that if the validator account becomes valid, it stays valid, e.g. all validators in the Validator Set are valid

<pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_is_valid">is_valid</a>(addr: address): bool </code></pre> <details> <summary>Implementation</summary> <pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_is_valid">is_valid</a>(addr: address): bool acquires <a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a> { exists<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr) && <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_is_some">Option::is_some</a>(&borrow_global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr).config) } </code></pre> </details> <details> <summary>Specification</summary> <pre><code>pragma opaque; aborts_if false; ensures result == <a href="ValidatorConfig.md#0x1_ValidatorConfig_is_valid">is_valid</a>(addr); </code></pre> </details>

Function `get_config`

Get Config Aborts if there is no ValidatorConfig resource or if its config is empty

<pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_config">get_config</a>(addr: address): <a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">ValidatorConfig::Config</a> </code></pre> <details> <summary>Implementation</summary> <pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_config">get_config</a>(addr: address): <a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">Config</a> acquires <a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a> { assert(<a href="ValidatorConfig.md#0x1_ValidatorConfig_exists_config">exists_config</a>(addr), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_not_published">Errors::not_published</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>)); let config = &borrow_global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr).config; assert(<a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_is_some">Option::is_some</a>(config), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_invalid_argument">Errors::invalid_argument</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>)); *<a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_borrow">Option::borrow</a>(config) } </code></pre> </details> <details> <summary>Specification</summary> <pre><code>pragma opaque; include <a href="ValidatorConfig.md#0x1_ValidatorConfig_AbortsIfNoValidatorConfig">AbortsIfNoValidatorConfig</a>; aborts_if <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_is_none">Option::is_none</a>(global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr).config) with <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_INVALID_ARGUMENT">Errors::INVALID_ARGUMENT</a>; ensures result == <a href="ValidatorConfig.md#0x1_ValidatorConfig_spec_get_config">spec_get_config</a>(addr); </code></pre>

Returns the config published under addr.

<pre><code>fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_spec_get_config">spec_get_config</a>(addr: address): <a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">Config</a> { <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_borrow">Option::borrow</a>(global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr).config) } </code></pre> </details>

Function `get_human_name`

Get validator's account human name Aborts if there is no ValidatorConfig resource

<pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_human_name">get_human_name</a>(addr: address): vector<u8> </code></pre> <details> <summary>Implementation</summary> <pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_human_name">get_human_name</a>(addr: address): vector<u8> acquires <a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a> { assert(exists<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_not_published">Errors::not_published</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>)); let t_ref = borrow_global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr); *&t_ref.human_name } </code></pre> </details> <details> <summary>Specification</summary> <pre><code>pragma opaque; include <a href="ValidatorConfig.md#0x1_ValidatorConfig_AbortsIfNoValidatorConfig">AbortsIfNoValidatorConfig</a>; ensures result == <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_human_name">get_human_name</a>(addr); </code></pre> </details>

Function `get_operator`

Get operator's account Aborts if there is no ValidatorConfig resource or if the operator_account is unset

<pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_operator">get_operator</a>(addr: address): address </code></pre> <details> <summary>Implementation</summary> <pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_operator">get_operator</a>(addr: address): address acquires <a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a> { assert(exists<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_not_published">Errors::not_published</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>)); let t_ref = borrow_global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr); assert(<a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_is_some">Option::is_some</a>(&t_ref.operator_account), <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_invalid_argument">Errors::invalid_argument</a>(<a href="ValidatorConfig.md#0x1_ValidatorConfig_EVALIDATOR_CONFIG">EVALIDATOR_CONFIG</a>)); *<a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_borrow">Option::borrow</a>(&t_ref.operator_account) } </code></pre> </details> <details> <summary>Specification</summary> <pre><code>pragma opaque; include <a href="ValidatorConfig.md#0x1_ValidatorConfig_AbortsIfGetOperator">AbortsIfGetOperator</a>; ensures result == <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_operator">get_operator</a>(addr); </code></pre>

<pre><code>schema <a href="ValidatorConfig.md#0x1_ValidatorConfig_AbortsIfGetOperator">AbortsIfGetOperator</a> { addr: address; include <a href="ValidatorConfig.md#0x1_ValidatorConfig_AbortsIfNoValidatorConfig">AbortsIfNoValidatorConfig</a>; aborts_if !<a href="ValidatorConfig.md#0x1_ValidatorConfig_spec_has_operator">spec_has_operator</a>(addr) with <a href="../../../../../../move-stdlib/docs/Errors.md#0x1_Errors_INVALID_ARGUMENT">Errors::INVALID_ARGUMENT</a>; } </code></pre> </details>

Function `get_consensus_pubkey`

Get consensus_pubkey from Config Never aborts

<pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_consensus_pubkey">get_consensus_pubkey</a>(config_ref: &<a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">ValidatorConfig::Config</a>): &vector<u8> </code></pre> <details> <summary>Implementation</summary> <pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_consensus_pubkey">get_consensus_pubkey</a>(config_ref: &<a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">Config</a>): &vector<u8> { &config_ref.consensus_pubkey } </code></pre> </details>

Function `get_validator_network_addresses`

Get validator's network address from Config Never aborts

<pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_validator_network_addresses">get_validator_network_addresses</a>(config_ref: &<a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">ValidatorConfig::Config</a>): &vector<u8> </code></pre> <details> <summary>Implementation</summary> <pre><code>public fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_get_validator_network_addresses">get_validator_network_addresses</a>(config_ref: &<a href="ValidatorConfig.md#0x1_ValidatorConfig_Config">Config</a>): &vector<u8> { &config_ref.validator_network_addresses } </code></pre> </details>

Module Specification

<pre><code>pragma aborts_if_is_strict; </code></pre>

Access Control

The permission "{Set,Remove}ValidatorOperator(addr)" is granted to Validator [H16]

<pre><code>invariant update forall a: address where old(exists<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(a)) && exists<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(a): old(global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(a).operator_account) != global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(a).operator_account ==> <a href="../../../../../../move-stdlib/docs/Signer.md#0x1_Signer_is_txn_signer_addr">Signer::is_txn_signer_addr</a>(a) && <a href="Roles.md#0x1_Roles_spec_has_validator_role_addr">Roles::spec_has_validator_role_addr</a>(a); </code></pre>

Validity of Validators

See comment on <code><a href="ValidatorConfig.md#0x1_ValidatorConfig_set_config">ValidatorConfig::set_config</a></code> -- DiemSystem depends on this.

A validator stays valid once it becomes valid.

<pre><code>invariant update forall validator: address where old(<a href="ValidatorConfig.md#0x1_ValidatorConfig_is_valid">is_valid</a>(validator)): <a href="ValidatorConfig.md#0x1_ValidatorConfig_is_valid">is_valid</a>(validator); </code></pre>

Consistency Between Resources and Roles

Every address that has a ValidatorConfig also has a validator role.

<pre><code>invariant forall addr: address where <a href="ValidatorConfig.md#0x1_ValidatorConfig_exists_config">exists_config</a>(addr): <a href="Roles.md#0x1_Roles_spec_has_validator_role_addr">Roles::spec_has_validator_role_addr</a>(addr); </code></pre>

DIP-6 Property: If address has a ValidatorConfig, it has a validator role. This invariant is useful in DiemSystem so we don't have to check whether every validator address has a validator role.

DIP-6 Property: Every address that is_valid (meaning it has a ValidatorConfig with a config option that is "some") has a validator role. This is a trivial consequence of the previous invariant, but it is not inductive and can't be proved without the previous one as a helper.

<pre><code>invariant forall addr: address where <a href="ValidatorConfig.md#0x1_ValidatorConfig_is_valid">is_valid</a>(addr): <a href="Roles.md#0x1_Roles_spec_has_validator_role_addr">Roles::spec_has_validator_role_addr</a>(addr); </code></pre>

Helper Function

Returns true if addr has an operator account.

<pre><code>fun <a href="ValidatorConfig.md#0x1_ValidatorConfig_spec_has_operator">spec_has_operator</a>(addr: address): bool { <a href="../../../../../../move-stdlib/docs/Option.md#0x1_Option_is_some">Option::is_some</a>(global<<a href="ValidatorConfig.md#0x1_ValidatorConfig">ValidatorConfig</a>>(addr).operator_account) } </code></pre>

Module `0x1::ValidatorConfig`

Module 0x1::ValidatorConfig

Struct Config

Resource ValidatorConfig

Constants

Function publish

Function exists_config

Function set_operator

Function remove_operator

Function set_config

Function is_valid

Function get_config

Function get_human_name

Function get_operator

Function get_consensus_pubkey

Function get_validator_network_addresses

Module Specification

Access Control

Validity of Validators

Consistency Between Resources and Roles

Helper Function

Module `0x1::ValidatorConfig`

Struct `Config`

Resource `ValidatorConfig`

Function `publish`

Function `exists_config`

Function `set_operator`

Function `remove_operator`

Function `set_config`

Function `is_valid`

Function `get_config`

Function `get_human_name`

Function `get_operator`

Function `get_consensus_pubkey`

Function `get_validator_network_addresses`