def test_use_modified_rules_from_uncommitted(looper, txnPoolNodeSet,
sdk_wallet_trustee,
sdk_wallet_steward,
sdk_pool_handle):
node_stashers = [n.nodeIbStasher for n in txnPoolNodeSet]
wh, _ = sdk_wallet_trustee
new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
changed_constraint = AuthConstraint(role=STEWARD, sig_count=1)
with delay_rules(node_stashers, cDelay()):
r_auth = sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=NYM,
field=ROLE,
new_value=STEWARD,
old_value=None,
constraint=changed_constraint.as_dict,
no_wait=True)
looper.runFor(waits.expectedPrePrepareTime(len(txnPoolNodeSet)))
r_add_steward = sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey,
no_wait=True)
sdk_get_and_check_replies(looper, [r_auth])
sdk_get_and_check_replies(looper, [r_add_steward])
def _get_nym_for_new_rule(self):
wh, _ = self.checker_wallet
did, verkey = create_verkey_did(self.looper, wh)
return self._build_nym(self.checker_wallet,
self.role_string,
did,
verkey=verkey,
skipverkey=False)
def get_nym(self):
wh, _ = self.creator_wallet
did, verkey = create_verkey_did(self.looper, wh)
return self._build_nym(self.creator_wallet,
self.role_string,
did,
verkey=verkey,
skipverkey=False)
def test_check_rule_for_add_action_changing(looper, sdk_wallet_trustee,
sdk_wallet_steward,
sdk_pool_handle):
wh, _ = sdk_wallet_trustee
did1, verkey1 = create_verkey_did(looper, wh)
"""Adding new steward for old auth rules"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newSteward1',
STEWARD_STRING,
dest=did1,
verkey=verkey1)
constraint = AuthConstraint(role=STEWARD, sig_count=1)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=NYM,
field=ROLE,
new_value=STEWARD,
old_value=None,
constraint=constraint.as_dict)
did2, verkey2 = create_verkey_did(looper, wh)
with pytest.raises(RequestRejectedException,
match="Not enough STEWARD signatures"):
"""Adding new steward for changed auth rules"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newSteward2',
STEWARD_STRING,
dest=did2,
verkey=verkey2)
"""We change auth rules and for now only steward can add new steward"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=did2,
verkey=verkey2)
def test_multi_sig_auth_rule(looper, wallets_for_success, sdk_pool_handle,
prepare_auth_map):
wh, _ = wallets_for_success[0]
did, verkey = create_verkey_did(looper, wh)
add_new_nym(looper,
sdk_pool_handle,
wallets_for_success,
'newSteward1',
STEWARD_STRING,
dest=did)
get_nym(looper, sdk_pool_handle, wallets_for_success[0], did)
def test_catching_up_auth_rule_txn(looper, txnPoolNodeSet, sdk_wallet_trustee,
sdk_wallet_steward, sdk_pool_handle):
delayed_node = txnPoolNodeSet[-1]
wh, _ = sdk_wallet_trustee
new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
changed_constraint = AuthConstraint(role=STEWARD, sig_count=1)
action = AuthActionAdd(txn_type=NYM, field=ROLE, value=STEWARD)
with pytest.raises(RequestRejectedException,
match="Not enough TRUSTEE signatures"):
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey)
with delay_rules_without_processing(delayed_node.nodeIbStasher, cDelay(),
pDelay(), ppDelay()):
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=action.txn_type,
field=action.field,
new_value=action.value,
old_value=None,
constraint=changed_constraint.as_dict)
sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee,
'newSteward2')
delayed_node.start_catchup()
looper.run(
eventually(
lambda: assertExp(delayed_node.mode == Mode.participating)))
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward3',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey)
ensure_all_nodes_have_same_data(looper, txnPoolNodeSet)
config_state = delayed_node.states[CONFIG_LEDGER_ID]
from_state = config_state.get(config.make_state_path_for_auth_rule(
action.get_action_id()),
isCommitted=True)
assert changed_constraint == ConstraintsSerializer(
config_state_serializer).deserialize(from_state)
def prepare_auth_map(looper,
sdk_wallet_trustee,
sdk_pool_handle):
wh, _ = sdk_wallet_trustee
did1, verkey1 = create_verkey_did(looper, wh)
"""Adding new steward for old auth rules"""
add_new_nym(looper,
sdk_pool_handle,
[sdk_wallet_trustee],
'newSteward1',
STEWARD_STRING,
dest=did1, verkey=verkey1)
sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee,
sdk_pool_handle, auth_action=ADD_PREFIX,
auth_type=NYM, field=ROLE, new_value=STEWARD, old_value=None,
constraint=auth_constraint.as_dict)
def test_check_rule_for_edit_action_changing(looper, sdk_wallet_trustee,
sdk_wallet_steward,
sdk_pool_handle):
wh, _ = sdk_wallet_trustee
new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
"""Adding new steward for old auth rules"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newSteward1',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey)
constraint = AuthConstraint(role=STEWARD, sig_count=1)
"""Change role from steward to '' (blacklisting STEWARD) can only STEWARD"""
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=NYM,
field=ROLE,
new_value='',
old_value=STEWARD,
constraint=constraint.as_dict)
op = {'type': '1', 'dest': new_steward_did, 'role': None}
with pytest.raises(RequestRejectedException,
match="Not enough STEWARD signatures"):
"""Blacklisting new steward by TRUSTEE"""
req = sdk_sign_and_submit_op(looper, sdk_pool_handle,
sdk_wallet_trustee, op)
sdk_get_and_check_replies(looper, [req])
"""We change auth rules and for now only steward can add new steward"""
req = sdk_sign_and_submit_op(looper, sdk_pool_handle, sdk_wallet_steward,
op)
sdk_get_and_check_replies(looper, [req])