def test_get_one_auth_rule_transaction_after_write(looper,
sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = TRUST_ANCHOR
constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value,
constraint=constraint)
dict_auth_key = generate_key(auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value)
resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **dict_auth_key
)
result = resp[0][1]["result"][DATA]
assert len(result) == 1
_check_key(dict_auth_key, result[0])
assert constraint == result[0][CONSTRAINT]
assert resp[0][1]["result"][STATE_PROOF]
def get_auth_rule_request(creator):
return Request(identifier=creator,
reqId=5,
operation={
TXN_TYPE: GET_AUTH_RULE,
**generate_key()
})
def test_get_one_auth_rule_transaction(looper, sdk_wallet_trustee,
sdk_pool_handle):
key = generate_key()
str_key = ConfigReqHandler.get_auth_key(key)
req, resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **key)[0]
for resp_rule in resp[RESULT][DATA]:
_check_key(key, resp_rule)
assert auth_map.get(str_key).as_dict == resp_rule[CONSTRAINT]
def test_reqnack_auth_rule_add_transaction_with_wrong_format(
looper, sdk_wallet_trustee, sdk_pool_handle):
with pytest.raises(RequestNackedException) as e:
sdk_send_and_check_auth_rule_invalid_request(
looper, sdk_pool_handle, sdk_wallet_trustee,
**generate_key(old_value="*"))
e.match("InvalidClientRequest")
e.match("Transaction for change authentication "
"rule for {}={} must not contain field {}".format(
AUTH_ACTION, ADD_PREFIX, OLD_VALUE))
def test_auth_rule_static_validation_failed_with_incorrect_key(
get_auth_rule_request, get_auth_rule_handler: GetAuthRuleHandler):
get_auth_rule_request.operation.update(
generate_key(auth_action=EDIT_PREFIX,
auth_type="wrong_type",
field=ROLE,
new_value=ENDORSER,
old_value="*"))
with pytest.raises(InvalidClientRequest,
match="is not found in authorization map"):
get_auth_rule_handler.static_validation(get_auth_rule_request)
def test_get_auth_rule_transaction_unique_for_anyone_can_write_map_is_rejected(
looper, sdk_wallet_trustee, sdk_pool_handle):
key = generate_key(auth_action=ADD_PREFIX,
auth_type=NYM,
field=ROLE,
new_value='*')
with pytest.raises(
RequestNackedException,
match=r"Unknown authorization rule: key '1--ADD--role--\*--\*' "
"is not found in authorization map"):
sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle,
sdk_wallet_trustee, **key)
def test_get_one_disabled_auth_rule_transaction(looper,
sdk_wallet_trustee,
sdk_pool_handle):
key = generate_key(auth_action=EDIT_PREFIX, auth_type=SCHEMA,
field='*', old_value='*', new_value='*')
req, resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **key
)[0]
result = resp["result"][DATA]
assert len(result) == 1
_check_key(key, result[0])
assert {} == result[0][CONSTRAINT]
def test_fail_get_auth_rule_with_incorrect_key(looper, sdk_wallet_trustee,
sdk_pool_handle):
key = generate_key()
key[AUTH_TYPE] = "wrong_txn_type"
with pytest.raises(RequestNackedException,
match="Unknown authorization rule: key .* "
"is not found in authorization map."):
sdk_send_and_check_get_auth_rule_invalid_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **key)[0]
del key[AUTH_TYPE]
with pytest.raises(RequestNackedException,
match="Not enough fields to build an auth key."):
sdk_send_and_check_get_auth_rule_invalid_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **key)[0]
def test_auth_rule_state_format(looper, sdk_pool_handle, sdk_wallet_trustee,
txnPoolNodeSet, off_ledger_signature):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = ENDORSER
constraint = {
CONSTRAINT_ID: ConstraintsEnum.ROLE_CONSTRAINT_ID,
ROLE: "*",
SIG_COUNT: 1,
NEED_TO_BE_OWNER: False,
METADATA: {}
}
if off_ledger_signature:
constraint[OFF_LEDGER_SIGNATURE] = off_ledger_signature
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action,
auth_type=auth_type,
field=field,
new_value=new_value,
constraint=constraint)
state = txnPoolNodeSet[0].db_manager.get_database(CONFIG_LEDGER_ID).state
key = generate_key(auth_action, auth_type, field, new_value)
path = config.make_state_path_for_auth_rule(
StaticAuthRuleHelper.get_auth_key(key))
state_constraint = config_state_serializer.deserialize(state.get(path))
assert state_constraint == constraint
_, before_resp = sdk_send_and_check_get_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_type=auth_type,
auth_action=auth_action,
field=field,
new_value=new_value)[0]
for rule in before_resp["result"][DATA]:
if rule[CONSTRAINT][CONSTRAINT_ID] == 'ROLE' and off_ledger_signature:
assert OFF_LEDGER_SIGNATURE in rule[CONSTRAINT]
def test_state_proof_returned_for_get_auth_rule(looper,
nodeSetWithOneNodeResponding,
sdk_wallet_steward,
sdk_pool_handle,
sdk_wallet_client,
send_auth_rule):
req = send_auth_rule
key = generate_key(auth_action=ADD_PREFIX, auth_type=NYM,
field=ROLE, new_value=ENDORSER)
rep = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_client, **key)
result = rep[0][1]['result']
expected_data = req[0][0]['operation']
del expected_data['type']
assert DATA in result
data = result.get(DATA)
assert data
assert data[0] == expected_data
check_valid_proof(result)
