Create distinct environments, feature flags and admin-only instructions.
cfg
attribute with Rust features
(#[cfg(feature = ...)]
) to run different code or provide different variable
values based on the Rust feature provided. This happens at compile-time and
doesn’t allow you to swap values after a program has been deployed.cfg!
macro to compile different code paths
based on the features that are enabled.[features]
table of the program’s Cargo.toml
file. You may define multiple features for different use cases.
--features
flag with the
anchor test
command.
cfg
attributecfg
attribute within your code to
conditionally compile code based on whether or not a given feature is enabled.
This allows you to include or exclude certain code from your program.
The syntax for using the cfg
attribute is like any other attribute macro:
#[cfg(feature=[FEATURE_HERE])]
. For example, the following code compiles the
function function_for_testing
when the testing
feature is enabled and the
function_when_not_testing
otherwise:
cfg
attribute to include different token addresses for local testing compared to
other deployments:
cfg
attribute is used to conditionally compile two
different implementations of the constants
module. This allows the program to
use different values for the USDC_MINT_PUBKEY
constant depending on whether or
not the local-testing
feature is enabled.
cfg!
macrocfg
attribute, the cfg!
macro in Rust allows you to check
the values of certain configuration flags at runtime. This can be useful if you
want to execute different code paths depending on the values of certain
configuration flags.
You could use this to bypass or adjust the time-based constraints required in
the NFT staking app we mentioned previously. When running a test, you can
execute code that provides far higher staking rewards when compared to running a
production build.
To use the cfg!
macro in an Anchor program, you simply add a cfg!
macro call
to the conditional statement in question:
test_function
uses the cfg!
macro to check the value of
the local-testing
feature at runtime. If the local-testing
feature is
enabled, the first code path is executed. If the local-testing
feature is not
enabled, the second code path is executed instead.
initialize
instruction.update_program_config
instruction to only be usable
by a hard-coded admin might look like this:
ADMIN_PUBKEY
. Notice that the
example above doesn’t show the instruction that initializes the config account,
but it should have similar constraints to ensure that an attacker can’t
initialize the account with unexpected values.
While this approach works, it also means keeping track of an admin wallet on top
of keeping track of a program’s upgrade authority. With a few more lines of
code, you could simply restrict an instruction to only be callable by the
upgrade authority. The only tricky part is getting a program’s upgrade authority
to compare against.
ProgramData
account type and has the upgrade_authority_address
field.
The program itself stores this account’s address in its data in the field
programdata_address
.
So in addition to the two accounts required by the instruction in the hard-coded
admin example, this instruction requires the program
and the program_data
accounts.
The accounts then need the following constraints:
program
ensuring that the provided program_data
account
matches the program’s programdata_address
fieldprogram_data
account ensuring that the instruction’s
signer matches the program_data
account’s upgrade_authority_address
field.admin
field.
initialize
, it’s very
unlikely that an attacker is even aware of your program’s existence much less
trying to make themselves the admin. If by some crazy stroke of bad luck someone
“intercepts” your program, you can close the program with the upgrade authority
and redeploy.
starter
branch
of this repository.
The code contains a program with a single instruction and a single test in the
tests
directory.
Let’s quickly walk through how the program works.
The lib.rs
file includes a constant for the USDC address and a single
payment
instruction. The payment
instruction simply calls the
payment_handler
function in the instructions/payment.rs
file where the
instruction logic is contained.
The instructions/payment.rs
file contains both the payment_handler
function
as well as the Payment
account validation struct representing the accounts
required by the payment
instruction. The payment_handler
function calculates
a 1% fee from the payment amount, transfers the fee to a designated token
account, and transfers the remaining amount to the payment recipient.
Finally, the tests
directory has a single test file, config.ts
that simply
invokes the payment
instruction and asserts that the corresponding token
account balances have been debited and credited accordingly.
Before we continue, take a few minutes to familiarize yourself with these files
and their contents.
yarn
or npm install
to install the dependencies laid out
in the package.json
file. Then be sure to run anchor keys list
to get the
public key for your program printed to the console. This differs based on the
keypair you have locally, so you need to update lib.rs
and Anchor.toml
to
use your key.
Finally, run anchor test
to start the test. It should fail with the following
output:
lib.rs
file of the program), but that mint
doesn’t exist in the local environment.
local-testing
featurelocal-testing
feature that, when enabled, will
make the program use our local mint but otherwise use the production USDC mint.
Generate a new keypair by running solana-keygen grind
. Run the following
command to generate a keypair with a public key that begins with “env”.
lib.rs
file. Use the cfg
attribute to define the USDC_MINT_PUBKEY
constant depending on whether the
local-testing
feature is enabled or disabled. Remember to set the
USDC_MINT_PUBKEY
constant for local-testing
with the one generated in the
previous step rather than copying the one below.
local-testing
feature to the Cargo.toml
file located in
/programs
.
config.ts
test file to create a mint using the generated
keypair. Start by deleting the mint
constant.
local-testing
feature enabled.
lib.rs
file to:
SEED_PROGRAM_CONFIG
constant, which will be used to generate the
PDA for the program config account.ADMIN
constant, which will be used as a constraint when
initializing the program config account. Run the solana address
command to
get your address to use as the constant’s value.state
module that we’ll implement shortly.initialize_program_config
and update_program_config
instructions and calls to their “handlers,” both of which we’ll implement in
another step.ProgramConfig
state. This account
will store the admin, the token account where fees are sent, and the fee rate.
We’ll also specify the number of bytes required to store this structure.
Create a new file called state.rs
in the /src
directory and add the
following code.
ADMIN
key
and should set all the properties on the ProgramConfig
account.
Create a folder called program_config
at the path
/src/instructions/program_config
. This folder will store all instructions
related to the program config account.
Within the program_config
folder, create a file called
initialize_program_config.rs
and add the following code.
admin
stored in the
program_config
account.
Within the program_config
folder, create a file called
update_program_config.rs
and add the following code.
lib.rs
doesn’t show an error. Start by adding a file mod.rs
in the
program_config
folder. Add the code below to make the two modules,
initialize_program_config
and update_program_config
accessible.
instructions.rs
at the path /src/instructions.rs
. Add the code
below to make the two modules, program_config
and payment
accessible.
fee_destination
account in the instruction matches the fee_destination
stored in the program
config account. Then update the instruction’s fee calculation to be based on the
fee_basis_point
stored in the program config account.
programConfig
account.
solution
branch
of the same repository.
initialize_program_config
so that only the upgrade authority can
call it rather than having a hardcoded ADMIN
.
Note that the anchor test
command, when run on a local network, starts a new
test validator using solana-test-validator
. This test validator uses a
non-upgradeable loader. The non-upgradeable loader makes it so the program’s
program_data
account isn’t initialized when the validator starts. You’ll
recall from the lesson that this account is how we access the upgrade authority
from the program.
To work around this, you can add a deploy
function to the test file that runs
the deploy command for the program with an upgradeable loader. To use it, run
anchor test --skip-deploy
, and call the deploy
function within the test to
run the deploy command after the test validator has started.
challenge
branch of
the same repository
to see one possible solution.