def test_authorization(looper, mint_tokens, sdk_wallet_trustee,
sdk_pool_handle, helpers, input_param, address,
sdk_wallet_trustees, sdk_wallet_stewards,
sdk_wallet_clients, sdk_wallet_trust_anchors):
helpers.general.do_set_fees(set_fees, fill_auth_map=False)
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=ATTRIB,
field="*",
new_value="*",
constraint=input_param.auth_constraint.as_dict)
for req in input_param.valid_requests:
_send_request(looper, helpers, req.fees, req.wallets, address,
req.owner, sdk_wallet_trustee, sdk_wallet_trustees,
sdk_wallet_stewards, sdk_wallet_clients,
sdk_wallet_trust_anchors)
for req in input_param.invalid_requests:
with pytest.raises(RequestRejectedException,
match="UnauthorizedClientRequest"):
_send_request(looper, helpers, req.fees, req.wallets, address,
req.owner, sdk_wallet_trustee, sdk_wallet_trustees,
sdk_wallet_stewards, sdk_wallet_clients,
sdk_wallet_trust_anchors)
def test_nym_without_fees_but_required(fees, helpers,
nodeSetWithIntegratedTokenPlugin,
sdk_wallet_steward, sdk_pool_handle,
sdk_wallet_trustee, mint_tokens,
address_main, looper):
"""
Steps:
1. Send auth_rule txn with fees in metadata
2. Send nym without fees and check, that it will be rejected
"""
helpers.general.do_set_fees(fees, fill_auth_map=False)
original_action = add_new_identity_owner
original_constraint = auth_map.get(add_new_identity_owner.get_action_id())
original_constraint.set_metadata({'fees': NYM_FEES_ALIAS})
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=NYM,
field=original_action.field,
new_value=original_action.value,
old_value=None,
constraint=original_constraint.as_dict)
with pytest.raises(RequestRejectedException,
match="Fees are required for this txn type"):
helpers.general.do_nym()
def test_validation_nym_with_fees_more_than_required(fees,
helpers,
nodeSetWithIntegratedTokenPlugin,
address_main,
sdk_pool_handle,
sdk_wallet_trustee,
mint_tokens,
looper):
"""
Steps:
1. Checks that nym with fees will be rejected, because fees are not set
2. Send auth_rule txn with fees in metadata and set fees for pool
3. Resend nym with fees more than required and check, that it will be rejected
"""
current_amount = get_amount_from_token_txn(mint_tokens)
seq_no = 1
with pytest.raises(RequestRejectedException, match="Fees are not required for this txn type"):
current_amount, seq_no, _ = send_and_check_nym_with_fees(helpers, {FEES: fees}, seq_no, looper, [address_main],
current_amount)
helpers.general.do_set_fees(fees, fill_auth_map=False)
original_action = add_new_identity_owner
original_constraint = auth_map.get(add_new_identity_owner.get_action_id())
original_constraint.set_metadata({'fees': NYM_FEES_ALIAS})
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX, auth_type=NYM,
field=original_action.field, new_value=original_action.value,
old_value=None, constraint=original_constraint.as_dict)
with pytest.raises(RequestRejectedException, match="ExtraFundsError"):
current_amount, seq_no, _ = send_and_check_nym_with_fees(helpers, {FEES: {NYM_FEES_ALIAS: fees[NYM_FEES_ALIAS] + 1}}, seq_no, looper, [address_main],
current_amount)
ensure_all_nodes_have_same_data(looper, nodeSetWithIntegratedTokenPlugin)
def test_auth_rule_transaction_for_edit(looper,
sdk_wallet_trustee,
sdk_pool_handle):
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX)
def test_add_metadata_with_existed_fees_alias(looper,
helpers,
sdk_wallet_trustee,
sdk_pool_handle,
nodeSetWithIntegratedTokenPlugin):
fees_alias = '3333'
current_fees = helpers.general.do_get_fees()
assert fees_alias not in current_fees[FEES]
helpers.general.do_set_fees({fees_alias: 42}, fill_auth_map=False)
current_fees = helpers.general.do_get_fees()
assert fees_alias in current_fees[FEES]
constraint = copy.deepcopy(auth_map.one_trustee_constraint)
constraint.set_metadata({FEES_FIELD_NAME: fees_alias})
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX, auth_type=NYM,
field=ROLE, new_value=STEWARD,
old_value=None, constraint=constraint.as_dict)
key = generate_key(auth_action=ADD_PREFIX, auth_type=NYM,
field=ROLE, new_value=STEWARD,)
auth_rule = sdk_send_and_check_get_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
**key)[0][1]
assert auth_rule['result']['data'][0][CONSTRAINT]['metadata'][FEES_FIELD_NAME] == fees_alias
def test_reject_auth_rule_transaction(looper,
sdk_wallet_steward,
sdk_pool_handle):
with pytest.raises(RequestRejectedException) as e:
sdk_send_and_check_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_steward
)
e.match('Not enough TRUSTEE signatures')
def send_and_check_auth_rule(looper, sdk_pool_handle, sdk_wallet_trustee):
auth_constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX, auth_type=NYM,
field=ROLE, new_value=ENDORSER,
constraint=auth_constraint)
def test_reject_auth_rule_transaction(looper,
sdk_wallet_steward,
sdk_pool_handle):
with pytest.raises(RequestRejectedException) as e:
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_steward,
sdk_pool_handle)
e.match('UnauthorizedClientRequest')
e.match('can not do this action')
def test_auth_rule_transaction_with_large_constraint(looper,
sdk_wallet_trustee,
sdk_pool_handle):
constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
constraint=constraint)
def test_auth_mint(helpers, addresses, looper, sdk_wallet_trustee,
sdk_pool_handle):
"""
1. Send a MINT_PUBLIC txn from 3 TRUSTEE
2. Change the auth rule for adding MINT_PUBLIC to 1 STEWARD signature
3. Send a transfer from 3 TRUSTEE, check that auth validation failed.
4. Send and check that a MINT_PUBLIC request with STEWARD signature pass.
5. Change the auth rule to a default value.
6. Send and check a MINT_PUBLIC txn from 3 TRUSTEE.
"""
outputs = [{ADDRESS: addresses[0], AMOUNT: 1000}]
helpers.general.do_mint(outputs)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=MINT_PUBLIC,
field='*',
new_value='*',
constraint=AuthConstraint(
role=STEWARD,
sig_count=1,
need_to_be_owner=False).as_dict)
outputs = [{ADDRESS: addresses[0], AMOUNT: 1000}]
with pytest.raises(RequestRejectedException,
match="Not enough STEWARD signatures"):
helpers.general.do_mint(outputs)
steward_do_mint(helpers, outputs)
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=MINT_PUBLIC,
field='*',
new_value='*',
constraint=sovtoken_auth_map[add_mint.get_action_id()].as_dict)
helpers.general.do_mint(outputs)
resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle,
sdk_wallet_trustee)
full_auth_map = OrderedDict(auth_map)
full_auth_map.update(sovtoken_auth_map)
result = resp[0][1]["result"][DATA]
for i, (auth_key, constraint) in enumerate(full_auth_map.items()):
rule = result[i]
assert auth_key == StaticAuthRuleHelper.get_auth_key(rule)
if constraint is None:
assert {} == rule[CONSTRAINT]
else:
assert constraint.as_dict == rule[CONSTRAINT]
def test_reqnack_auth_rule_transaction_with_wrong_key(looper,
sdk_wallet_trustee,
sdk_pool_handle):
with pytest.raises(RequestNackedException) as e:
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_type="*")
e.match("InvalidClientRequest")
e.match("is not found in authorization map")
def test_auth_xfer(helpers, addresses, looper, sdk_wallet_trustee,
sdk_pool_handle, mint_tokens, new_client_wallet,
txnPoolNodeSet, sdk_wallet_steward):
"""
1. Send a transfer txn XFER_PUBLIC from client
2. Change the auth rule for adding XFER_PUBLIC to 1 STEWARD signature
3. Send a transfer from client, check that auth validation failed.
4. Send and check that a transfer request with STEWARD signature pass.
5. Change the auth rule to a default value.
6. Send and check a transfer txn from client.
"""
transfer_count = 10
client_wallet = (new_client_wallet[0], new_client_wallet[1])
do_transfer(txnPoolNodeSet, sdk_pool_handle, helpers, looper,
client_wallet, addresses[:2], transfer_count)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=XFER_PUBLIC,
field='*',
new_value='*',
constraint=AuthConstraint(
role=STEWARD,
sig_count=1,
need_to_be_owner=False).as_dict)
with pytest.raises(RequestRejectedException,
match="Not enough STEWARD signatures"):
do_transfer(txnPoolNodeSet, sdk_pool_handle, helpers, looper,
client_wallet, addresses[:2], transfer_count)
do_transfer(txnPoolNodeSet,
sdk_pool_handle,
helpers,
looper,
sdk_wallet_steward,
addresses[:2],
transfer_count,
sign=True)
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=XFER_PUBLIC,
field='*',
new_value='*',
constraint=sovtoken_auth_map[add_xfer.get_action_id()].as_dict)
do_transfer(txnPoolNodeSet, sdk_pool_handle, helpers, looper,
client_wallet, addresses[:2], transfer_count)
def test_auth_rule_for_raw_attrib_works(looper,
sdk_wallet_trustee,
sdk_pool_handle,
sdk_user_wallet_a,
sdk_wallet_trust_anchor):
_, did_cl = sdk_user_wallet_a
# We can add and modify attribs
data = dict()
data['a'] = {'John': 'Snow'}
data = json.dumps(data)
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl)
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl)
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=EDIT_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
old_value='*',
constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
# We still can add, but cannot edit attrib
data = dict()
data['b'] = {'John': 'Snow'}
data = json.dumps(data)
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl)
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl)
e.match('Not enough STEWARD signatures')
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=ADD_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
# We cannot add or edit attrib
data = dict()
data['c'] = {'John': 'Snow'}
data = json.dumps(data)
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl)
e.match('Not enough STEWARD signatures')
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl)
e.match('Not enough STEWARD signatures')
def test_reqnack_auth_rule_add_transaction_with_wrong_format(
looper, sdk_wallet_trustee, sdk_pool_handle):
with pytest.raises(RequestNackedException) as e:
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
old_value="*")
e.match("InvalidClientRequest")
e.match("Transaction for change authentication "
"rule for {}={} must not contain field {}".format(
AUTH_ACTION, ADD_PREFIX, OLD_VALUE))
def test_auth_rule_for_enc_attrib_works(looper,
sdk_wallet_trustee,
sdk_pool_handle,
sdk_user_wallet_a,
sdk_wallet_trust_anchor):
_, did_cl = sdk_user_wallet_a
set_attrib_auth_to_none(looper, sdk_wallet_trustee, sdk_pool_handle)
# We can add and modify attribs
data = secretBox.encrypt(json.dumps({'name': 'Jaime'}).encode()).hex()
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=EDIT_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
old_value='*',
constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
# We still can add, but cannot edit attrib
data = secretBox.encrypt(json.dumps({'name': 'Cersei'}).encode()).hex()
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
e.match('Not enough STEWARD signatures')
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=ADD_PREFIX,
auth_type=ATTRIB,
field='*',
new_value='*',
constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict)
# We cannot add or edit attrib
data = secretBox.encrypt(json.dumps({'name': 'Tywin'}).encode()).hex()
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
e.match('Not enough STEWARD signatures')
with pytest.raises(RequestRejectedException) as e:
sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data)
e.match('Not enough STEWARD signatures')
def test_reject_with_unacceptable_role_in_constraint(looper,
sdk_wallet_trustee,
sdk_pool_handle):
constraint = generate_constraint_entity()
unacceptable_role = 'olololo'
constraint[ROLE] = unacceptable_role
with pytest.raises(RequestNackedException) as e:
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
constraint=constraint)
e.match('InvalidClientRequest')
e.match('Role {} is not acceptable'.format(unacceptable_role))
def test_catching_up_auth_rule_txn(looper, txnPoolNodeSet, sdk_wallet_trustee,
sdk_wallet_steward, sdk_pool_handle):
delayed_node = txnPoolNodeSet[-1]
wh, _ = sdk_wallet_trustee
new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
changed_constraint = AuthConstraint(role=STEWARD, sig_count=1)
action = AuthActionAdd(txn_type=NYM, field=ROLE, value=STEWARD)
with pytest.raises(RequestRejectedException,
match="Not enough TRUSTEE signatures"):
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey)
with delay_rules_without_processing(delayed_node.nodeIbStasher, cDelay(),
pDelay(), ppDelay()):
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=action.txn_type,
field=action.field,
new_value=action.value,
old_value=None,
constraint=changed_constraint.as_dict)
sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee,
'newSteward2')
delayed_node.start_catchup()
looper.run(
eventually(
lambda: assertExp(delayed_node.mode == Mode.participating)))
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward3',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey)
ensure_all_nodes_have_same_data(looper, txnPoolNodeSet)
config_state = delayed_node.states[CONFIG_LEDGER_ID]
from_state = config_state.get(config.make_state_path_for_auth_rule(
action.get_action_id()),
isCommitted=True)
assert changed_constraint == ConstraintsSerializer(
config_state_serializer).deserialize(from_state)
def prepare_auth_map(looper,
sdk_wallet_trustee,
sdk_pool_handle):
wh, _ = sdk_wallet_trustee
did1, verkey1 = create_verkey_did(looper, wh)
"""Adding new steward for old auth rules"""
add_new_nym(looper,
sdk_pool_handle,
[sdk_wallet_trustee],
'newSteward1',
STEWARD_STRING,
dest=did1, verkey=verkey1)
sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee,
sdk_pool_handle, auth_action=ADD_PREFIX,
auth_type=NYM, field=ROLE, new_value=STEWARD, old_value=None,
constraint=auth_constraint.as_dict)
def test_get_all_auth_rule_transactions_after_write(looper, sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = TRUST_ANCHOR
constraint = generate_constraint_list(auth_constraints=[
generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)
])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=auth_action,
auth_type=auth_type,
field=field,
new_value=new_value,
constraint=constraint)
auth_key = ConfigReqHandler.get_auth_key(resp[0][0][OPERATION])
resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee,
sdk_pool_handle)
expect = {key: constraint.as_dict for key, constraint in auth_map.items()}
expect[auth_key] = constraint
result = resp[0][1]["result"][DATA]
assert result == expect
def test_use_modified_rules_from_uncommitted(looper, txnPoolNodeSet,
sdk_wallet_trustee,
sdk_wallet_steward,
sdk_pool_handle):
node_stashers = [n.nodeIbStasher for n in txnPoolNodeSet]
wh, _ = sdk_wallet_trustee
new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
changed_constraint = AuthConstraint(role=STEWARD, sig_count=1)
with delay_rules(node_stashers, cDelay()):
r_auth = sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=NYM,
field=ROLE,
new_value=STEWARD,
old_value=None,
constraint=changed_constraint.as_dict,
no_wait=True)
looper.runFor(waits.expectedPrePrepareTime(len(txnPoolNodeSet)))
r_add_steward = sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey,
no_wait=True)
sdk_get_and_check_replies(looper, [r_auth])
sdk_get_and_check_replies(looper, [r_add_steward])
def test_get_all_auth_rule_transactions_after_write(looper,
sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = ENDORSER
auth_constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value,
constraint=auth_constraint)
auth_key = StaticAuthRuleHelper.get_auth_key(resp[0][0][OPERATION])
resp = sdk_send_and_check_get_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee)
result = resp[0][1]["result"][DATA]
full_auth_map = OrderedDict(auth_map)
full_auth_map.update(sovtoken_auth_map)
full_auth_map.update(sovtokenfees_auth_map)
full_auth_map[auth_key] = ConstraintCreator.create_constraint(auth_constraint)
for i, (auth_key, constraint) in enumerate(full_auth_map.items()):
rule = result[i]
assert auth_key == StaticAuthRuleHelper.get_auth_key(rule)
if constraint is None:
assert {} == rule[CONSTRAINT]
else:
assert constraint.as_dict == rule[CONSTRAINT]
def test_get_one_auth_rule_transaction_after_write(looper,
sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = TRUST_ANCHOR
constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value,
constraint=constraint)
dict_auth_key = generate_key(auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value)
resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **dict_auth_key
)
result = resp[0][1]["result"][DATA]
assert len(result) == 1
_check_key(dict_auth_key, result[0])
assert constraint == result[0][CONSTRAINT]
assert resp[0][1]["result"][STATE_PROOF]
def test_get_all_auth_rule_transactions_after_write(looper,
sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = TRUST_ANCHOR
constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action,
auth_type=auth_type,
field=field,
new_value=new_value,
constraint=constraint)
str_auth_key = ConfigReqHandler.get_auth_key(resp[0][0][OPERATION])
resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee
)
result = resp[0][1]["result"][DATA]
for rule in result:
key = ConfigReqHandler.get_auth_key(rule)
if auth_map[key] is None:
assert {} == rule[CONSTRAINT]
elif key == str_auth_key:
assert constraint == rule[CONSTRAINT]
else:
assert auth_map[key].as_dict == rule[CONSTRAINT]
def test_get_one_auth_rule_transaction_after_write(looper,
sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = TRUST_ANCHOR
constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value,
constraint=constraint)
dict_auth_key = generate_key(auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value)
str_key = ConfigReqHandler.get_auth_key(dict_auth_key)
resp = sdk_get_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
dict_auth_key)
print(config.make_state_path_for_auth_rule(str_key))
result = resp[0][1]["result"][DATA][config.make_state_path_for_auth_rule(str_key).decode()]
assert result == constraint
assert resp[0][1]["result"][STATE_PROOF]
def test_add_metadata_with_not_existed_alias(looper,
helpers,
sdk_wallet_trustee,
sdk_pool_handle,
nodeSetWithIntegratedTokenPlugin):
fees_alias = "add_new_steward"
current_fees = helpers.general.do_get_fees()
assert fees_alias not in current_fees[FEES]
constraint = copy.deepcopy(auth_map.one_trustee_constraint)
constraint.set_metadata({FEES_FIELD_NAME: fees_alias})
with pytest.raises(RequestRejectedException, match="does not exist in current fees".format(fees_alias)):
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX, auth_type=NYM,
field=ROLE, new_value=STEWARD,
old_value=None, constraint=constraint.as_dict)
def test_node_txn_promote_by_endorser(txnPoolNodeSet, sdk_pool_handle,
sdk_wallet_trustee, looper,
sdk_wallet_handle):
validators_before = get_pool_validator_count(txnPoolNodeSet)
new_end_did, new_end_verkey = looper.loop.run_until_complete(
did.create_and_store_my_did(sdk_wallet_trustee[0], "{}"))
# Step 1. Demote node using default auth rule
demote_node(looper, sdk_wallet_trustee, sdk_pool_handle,
txnPoolNodeSet[-1])
# Check, that node was demoted
assert validators_before - get_pool_validator_count(
txnPoolNodeSet[:-1]) == 1
# Step 2. Add new Endorser
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newEndorser',
ENDORSER_STRING,
verkey=new_end_verkey,
dest=new_end_did)
new_constraint = AuthConstraint(ENDORSER, 1)
# Step 3. Change auth rule, to allowing endorser promote node back
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=promote_action.txn_type,
field=promote_action.field,
new_value=promote_action.new_value,
old_value=promote_action.old_value,
constraint=new_constraint.as_dict)
# Step 4. Promote node back, using new Endorser
promote_node(looper, (sdk_wallet_handle, new_end_did), sdk_pool_handle,
txnPoolNodeSet[-1])
# Check, that all other nodes return previous demoted node back
assert validators_before == get_pool_validator_count(txnPoolNodeSet[:-1])
def test_check_rule_for_add_action_changing(looper, sdk_wallet_trustee,
sdk_wallet_steward,
sdk_pool_handle):
wh, _ = sdk_wallet_trustee
did1, verkey1 = create_verkey_did(looper, wh)
"""Adding new steward for old auth rules"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newSteward1',
STEWARD_STRING,
dest=did1,
verkey=verkey1)
constraint = AuthConstraint(role=STEWARD, sig_count=1)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=NYM,
field=ROLE,
new_value=STEWARD,
old_value=None,
constraint=constraint.as_dict)
did2, verkey2 = create_verkey_did(looper, wh)
with pytest.raises(RequestRejectedException,
match="Not enough STEWARD signatures"):
"""Adding new steward for changed auth rules"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newSteward2',
STEWARD_STRING,
dest=did2,
verkey=verkey2)
"""We change auth rules and for now only steward can add new steward"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=did2,
verkey=verkey2)
def test_add_metadata_with_complex_constraint(looper,
helpers,
sdk_wallet_trustee,
sdk_pool_handle,
nodeSetWithIntegratedTokenPlugin):
fees_alias = "2222"
current_fees = helpers.general.do_get_fees()
assert fees_alias not in current_fees[FEES]
constraint = copy.deepcopy(auth_map.trust_anchor_or_steward_or_trustee_constraint)
# set metadata only for the last constraint in OrAuthConstraint
constraint.auth_constraints[-1].set_metadata({FEES_FIELD_NAME: fees_alias})
with pytest.raises(RequestRejectedException, match="does not exist in current fees".format(fees_alias)):
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX, auth_type=NYM,
field=ROLE, new_value=IDENTITY_OWNER,
old_value=None, constraint=constraint.as_dict)
def test_auth_rule_state_format(looper, sdk_pool_handle, sdk_wallet_trustee,
txnPoolNodeSet, off_ledger_signature):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = ENDORSER
constraint = {
CONSTRAINT_ID: ConstraintsEnum.ROLE_CONSTRAINT_ID,
ROLE: "*",
SIG_COUNT: 1,
NEED_TO_BE_OWNER: False,
METADATA: {}
}
if off_ledger_signature:
constraint[OFF_LEDGER_SIGNATURE] = off_ledger_signature
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action,
auth_type=auth_type,
field=field,
new_value=new_value,
constraint=constraint)
state = txnPoolNodeSet[0].db_manager.get_database(CONFIG_LEDGER_ID).state
key = generate_key(auth_action, auth_type, field, new_value)
path = config.make_state_path_for_auth_rule(
StaticAuthRuleHelper.get_auth_key(key))
state_constraint = config_state_serializer.deserialize(state.get(path))
assert state_constraint == constraint
_, before_resp = sdk_send_and_check_get_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_type=auth_type,
auth_action=auth_action,
field=field,
new_value=new_value)[0]
for rule in before_resp["result"][DATA]:
if rule[CONSTRAINT][CONSTRAINT_ID] == 'ROLE' and off_ledger_signature:
assert OFF_LEDGER_SIGNATURE in rule[CONSTRAINT]
def test_set_fees(helpers, fees, addresses, looper, sdk_wallet_trustee,
sdk_pool_handle):
"""
1. Send a SET_FEES txn from 3 TRUSTEE
2. Change the auth rule for editing SET_FEES to 1 STEWARD signature
3. Send a transfer from 3 TRUSTEE, check that auth validation failed.
4. Send and check that a SET_FEES request with STEWARD signature pass.
5. Change the auth rule to a default value.
6. Send and check a SET_FEES txn from 3 TRUSTEE.
"""
set_fees(helpers, fees)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=SET_FEES,
field='*',
old_value='*',
new_value='*',
constraint=AuthConstraint(
role=STEWARD,
sig_count=1,
need_to_be_owner=False).as_dict)
with pytest.raises(RequestRejectedException,
match="Not enough STEWARD signatures"):
set_fees(helpers, fees)
set_fees(helpers, fees, trustee=False)
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=SET_FEES,
field='*',
old_value='*',
new_value='*',
constraint=sovtokenfees_auth_map[edit_fees.get_action_id()].as_dict)
set_fees(helpers, fees)
