def test_auth_rule_after_get_auth_rule_as_is(
looper, sdk_pool_handle, sdk_wallet_trustee
):
# get all auth rules
auth_rules_resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee
)
auth_rules = auth_rules_resp[0][1][RESULT][DATA]
for rule in auth_rules:
# prepare action key
dict_key = dict(rule)
dict_key.pop(CONSTRAINT)
# prepare "operation" to send AUTH_RULE txn
op = dict(rule)
op[TXN_TYPE] = AUTH_RULE
# send AUTH_RULE txn
req_obj = sdk_gen_request(op, identifier=sdk_wallet_trustee[1])
req = sdk_sign_and_submit_req_obj(looper,
sdk_pool_handle,
sdk_wallet_trustee,
req_obj)
sdk_get_and_check_replies(looper, [req])
# send GET_AUTH_RULE
get_response = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **dict_key)
# check response
result = get_response[0][1]["result"][DATA]
assert len(result) == 1
_check_key(dict_key, result[0])
assert rule[CONSTRAINT] == result[0][CONSTRAINT]
assert get_response[0][1]["result"][STATE_PROOF]
def test_auth_rule_after_get_auth_rule_as_is_using_sdk(
looper, sdk_pool_handle, sdk_wallet_trustee
):
# get all auth rules
auth_rules_resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee
)
auth_rules = auth_rules_resp[0][1][RESULT][DATA]
for rule in auth_rules:
# prepare action key
dict_key = dict(rule)
dict_key.pop(CONSTRAINT)
# prepare AUTH_RULE request
req_json = build_auth_rule_request_json(
looper, sdk_wallet_trustee[1], **rule
)
# send AUTH_RULE txn
req = sdk_sign_and_submit_req(sdk_pool_handle,
sdk_wallet_trustee,
req_json)
sdk_get_and_check_replies(looper, [req])
# send GET_AUTH_RULE
get_response = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **dict_key)
# check response
result = get_response[0][1]["result"][DATA]
assert len(result) == 1
_check_key(dict_key, result[0])
assert rule[CONSTRAINT] == result[0][CONSTRAINT]
assert get_response[0][1]["result"][STATE_PROOF]
def test_get_auth_rule_transaction_unique_for_anyone_can_write_map_is_rejected(
looper, sdk_wallet_trustee, sdk_pool_handle):
key = generate_key(auth_action=ADD_PREFIX,
auth_type=NYM,
field=ROLE,
new_value='*')
with pytest.raises(
RequestNackedException,
match=r"Unknown authorization rule: key '1--ADD--role--\*--\*' "
"is not found in authorization map"):
sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle,
sdk_wallet_trustee, **key)
def test_auth_rules_transaction_without_changes(looper, sdk_wallet_trustee,
sdk_pool_handle):
before_resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee)
sdk_send_and_check_auth_rules_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
rules=before_resp[0][1][RESULT][DATA])
after_resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee)
assert before_resp[0][1]["result"][DATA] == after_resp[0][1]["result"][
DATA]
def test_get_all_auth_rule_transactions_after_write(looper,
sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = TRUST_ANCHOR
constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action,
auth_type=auth_type,
field=field,
new_value=new_value,
constraint=constraint)
str_auth_key = ConfigReqHandler.get_auth_key(resp[0][0][OPERATION])
resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee
)
result = resp[0][1]["result"][DATA]
for rule in result:
key = ConfigReqHandler.get_auth_key(rule)
if auth_map[key] is None:
assert {} == rule[CONSTRAINT]
elif key == str_auth_key:
assert constraint == rule[CONSTRAINT]
else:
assert auth_map[key].as_dict == rule[CONSTRAINT]
def test_get_one_auth_rule_transaction_after_write(looper,
sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = TRUST_ANCHOR
constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value,
constraint=constraint)
dict_auth_key = generate_key(auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value)
resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **dict_auth_key
)
result = resp[0][1]["result"][DATA]
assert len(result) == 1
_check_key(dict_auth_key, result[0])
assert constraint == result[0][CONSTRAINT]
assert resp[0][1]["result"][STATE_PROOF]
def test_get_all_auth_rule_transactions_after_write(looper,
sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = ENDORSER
auth_constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value,
constraint=auth_constraint)
auth_key = StaticAuthRuleHelper.get_auth_key(resp[0][0][OPERATION])
resp = sdk_send_and_check_get_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee)
result = resp[0][1]["result"][DATA]
full_auth_map = OrderedDict(auth_map)
full_auth_map.update(sovtoken_auth_map)
full_auth_map.update(sovtokenfees_auth_map)
full_auth_map[auth_key] = ConstraintCreator.create_constraint(auth_constraint)
for i, (auth_key, constraint) in enumerate(full_auth_map.items()):
rule = result[i]
assert auth_key == StaticAuthRuleHelper.get_auth_key(rule)
if constraint is None:
assert {} == rule[CONSTRAINT]
else:
assert constraint.as_dict == rule[CONSTRAINT]
def test_reject_all_rules_from_auth_rules_txn(looper, sdk_wallet_trustee,
sdk_pool_handle):
_, before_resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee)[0]
rules = [
generate_auth_rule(ADD_PREFIX, NYM, ROLE, "wrong_new_value"),
generate_auth_rule(EDIT_PREFIX, NYM, ROLE, TRUST_ANCHOR, TRUSTEE)
]
with pytest.raises(RequestNackedException):
sdk_send_and_check_auth_rules_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
rules=rules)
_, after_resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee)[0]
assert before_resp["result"][DATA] == after_resp["result"][DATA]
def test_auth_mint(helpers, addresses, looper, sdk_wallet_trustee,
sdk_pool_handle):
"""
1. Send a MINT_PUBLIC txn from 3 TRUSTEE
2. Change the auth rule for adding MINT_PUBLIC to 1 STEWARD signature
3. Send a transfer from 3 TRUSTEE, check that auth validation failed.
4. Send and check that a MINT_PUBLIC request with STEWARD signature pass.
5. Change the auth rule to a default value.
6. Send and check a MINT_PUBLIC txn from 3 TRUSTEE.
"""
outputs = [{ADDRESS: addresses[0], AMOUNT: 1000}]
helpers.general.do_mint(outputs)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=MINT_PUBLIC,
field='*',
new_value='*',
constraint=AuthConstraint(
role=STEWARD,
sig_count=1,
need_to_be_owner=False).as_dict)
outputs = [{ADDRESS: addresses[0], AMOUNT: 1000}]
with pytest.raises(RequestRejectedException,
match="Not enough STEWARD signatures"):
helpers.general.do_mint(outputs)
steward_do_mint(helpers, outputs)
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=MINT_PUBLIC,
field='*',
new_value='*',
constraint=sovtoken_auth_map[add_mint.get_action_id()].as_dict)
helpers.general.do_mint(outputs)
resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle,
sdk_wallet_trustee)
full_auth_map = OrderedDict(auth_map)
full_auth_map.update(sovtoken_auth_map)
result = resp[0][1]["result"][DATA]
for i, (auth_key, constraint) in enumerate(full_auth_map.items()):
rule = result[i]
assert auth_key == StaticAuthRuleHelper.get_auth_key(rule)
if constraint is None:
assert {} == rule[CONSTRAINT]
else:
assert constraint.as_dict == rule[CONSTRAINT]
def test_get_one_auth_rule_transaction(looper, sdk_wallet_trustee,
sdk_pool_handle):
key = generate_key()
str_key = ConfigReqHandler.get_auth_key(key)
req, resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **key)[0]
for resp_rule in resp[RESULT][DATA]:
_check_key(key, resp_rule)
assert auth_map.get(str_key).as_dict == resp_rule[CONSTRAINT]
def test_get_one_auth_rule_transaction(looper, sdk_wallet_trustee,
sdk_pool_handle):
key = generate_key()
str_key = ConfigReqHandler.get_auth_key(key)
req, resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **key)[0]
result = resp["result"][DATA][0]
assert len(resp["result"][DATA]) == 1
_check_key(key, result)
assert result[CONSTRAINT] == auth_map.get(str_key).as_dict
def test_auth_rule_after_get_auth_rule_as_is_except_constraint(
looper, sdk_wallet_trustee, sdk_pool_handle
):
constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
# get all auth rules
auth_rules_resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee
)
auth_rules = auth_rules_resp[0][1][RESULT][DATA]
rule = auth_rules[0]
# prepare action key
dict_key = dict(rule)
dict_key.pop(CONSTRAINT)
# prepare "operation" to send AUTH_RULE txn
op = dict(rule)
op[TXN_TYPE] = AUTH_RULE
op[CONSTRAINT] = constraint
# send AUTH_RULE txn
req_obj = sdk_gen_request(op, identifier=sdk_wallet_trustee[1])
req = sdk_sign_and_submit_req_obj(looper,
sdk_pool_handle,
sdk_wallet_trustee,
req_obj)
sdk_get_and_check_replies(looper, [req])
# send GET_AUTH_RULE
get_response = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **dict_key
)
# check response
result = get_response[0][1]["result"][DATA]
assert len(result) == 1
_check_key(dict_key, result[0])
assert constraint == result[0][CONSTRAINT]
assert get_response[0][1]["result"][STATE_PROOF]
def test_get_one_disabled_auth_rule_transaction(looper,
sdk_wallet_trustee,
sdk_pool_handle):
key = generate_key(auth_action=EDIT_PREFIX, auth_type=SCHEMA,
field='*', old_value='*', new_value='*')
req, resp = sdk_send_and_check_get_auth_rule_request(
looper, sdk_pool_handle, sdk_wallet_trustee, **key
)[0]
result = resp["result"][DATA]
assert len(result) == 1
_check_key(key, result[0])
assert {} == result[0][CONSTRAINT]
def test_get_all_auth_rule_transactions(looper, sdk_wallet_trustee,
sdk_pool_handle):
resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle,
sdk_wallet_trustee)
result = resp[0][1]["result"][DATA]
for i, (auth_key, constraint) in enumerate(auth_map.items()):
rule = result[i]
assert auth_key == ConfigReqHandler.get_auth_key(rule)
if constraint is None:
assert {} == rule[CONSTRAINT]
else:
assert constraint.as_dict == rule[CONSTRAINT]
def test_get_all_auth_rule_transactions(looper,
sdk_wallet_trustee,
sdk_pool_handle):
resp = sdk_send_and_check_get_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee)
result = resp[0][1]["result"][DATA]
full_auth_map = OrderedDict(auth_map)
full_auth_map.update(sovtoken_auth_map)
full_auth_map.update(sovtokenfees_auth_map)
for i, (auth_key, constraint) in enumerate(full_auth_map.items()):
rule = result[i]
assert auth_key == StaticAuthRuleHelper.get_auth_key(rule)
if constraint is None:
assert {} == rule[CONSTRAINT]
else:
assert constraint.as_dict == rule[CONSTRAINT]
def test_auth_rule_state_format(looper, sdk_pool_handle, sdk_wallet_trustee,
txnPoolNodeSet, off_ledger_signature):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = ENDORSER
constraint = {
CONSTRAINT_ID: ConstraintsEnum.ROLE_CONSTRAINT_ID,
ROLE: "*",
SIG_COUNT: 1,
NEED_TO_BE_OWNER: False,
METADATA: {}
}
if off_ledger_signature:
constraint[OFF_LEDGER_SIGNATURE] = off_ledger_signature
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action,
auth_type=auth_type,
field=field,
new_value=new_value,
constraint=constraint)
state = txnPoolNodeSet[0].db_manager.get_database(CONFIG_LEDGER_ID).state
key = generate_key(auth_action, auth_type, field, new_value)
path = config.make_state_path_for_auth_rule(
StaticAuthRuleHelper.get_auth_key(key))
state_constraint = config_state_serializer.deserialize(state.get(path))
assert state_constraint == constraint
_, before_resp = sdk_send_and_check_get_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_type=auth_type,
auth_action=auth_action,
field=field,
new_value=new_value)[0]
for rule in before_resp["result"][DATA]:
if rule[CONSTRAINT][CONSTRAINT_ID] == 'ROLE' and off_ledger_signature:
assert OFF_LEDGER_SIGNATURE in rule[CONSTRAINT]
def test_state_proof_returned_for_get_auth_rule(looper,
nodeSetWithOneNodeResponding,
sdk_wallet_steward,
sdk_pool_handle,
sdk_wallet_client,
send_auth_rule):
req = send_auth_rule
key = generate_key(auth_action=ADD_PREFIX, auth_type=NYM,
field=ROLE, new_value=ENDORSER)
rep = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_client, **key)
result = rep[0][1]['result']
expected_data = req[0][0]['operation']
del expected_data['type']
assert DATA in result
data = result.get(DATA)
assert data
assert data[0] == expected_data
check_valid_proof(result)
def test_auth_txn_with_deprecated_key(tconf, tdir, allPluginsPath,
txnPoolNodeSet, looper,
sdk_wallet_trustee, sdk_pool_handle):
"""
Add to the auth_map a fake rule
Send AUTH_RULE txn to change this fake rule (and set the fake key to the config state)
Send GET_AUTH_RULE txn and check that the fake rule was changed
Remove the fake auth rule from the map
Check that we can't get the fake auth rule
Restart the last node with its state regeneration
Check that nodes data is equal after changing the existing auth rule (restarted node regenerate config state)
"""
fake_txn_type = "100002"
fake_key = AuthActionAdd(txn_type=fake_txn_type, field="*",
value="*").get_action_id()
fake_constraint = one_trustee_constraint
new_auth_constraint = AuthConstraint(role=STEWARD,
sig_count=1,
need_to_be_owner=False).as_dict
# Add to the auth_map a fake rule
with extend_auth_map(txnPoolNodeSet, fake_key, fake_constraint):
# Send AUTH_RULE txn to change this fake rule (and set the fake key to the config state)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=fake_txn_type,
field='*',
new_value='*',
constraint=new_auth_constraint)
# Send GET_AUTH_RULE txn and check that the fake rule was changed
result = sdk_send_and_check_get_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_type=fake_txn_type,
auth_action=ADD_PREFIX,
field="*",
new_value="*")[0][1]["result"][DATA][0]
assert result[AUTH_TYPE] == fake_txn_type
assert result[CONSTRAINT] == new_auth_constraint
# Remove the fake auth rule from the map
# Check that we can't get the fake auth rule
with pytest.raises(RequestNackedException,
match="not found in authorization map"):
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=fake_txn_type,
field='*',
new_value='*',
constraint=AuthConstraint(role=STEWARD,
sig_count=2,
need_to_be_owner=False).as_dict)
resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle,
sdk_wallet_trustee)
assert all(rule[AUTH_TYPE] != fake_txn_type
for rule in resp[0][1]["result"][DATA])
with pytest.raises(RequestNackedException,
match="not found in authorization map"):
sdk_send_and_check_get_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_type=fake_txn_type,
auth_action=ADD_PREFIX,
field="*",
new_value="*")
# Restart the last node with its state regeneration
ensure_all_nodes_have_same_data(looper, txnPoolNodeSet)
node_to_stop = txnPoolNodeSet[-1]
node_state = node_to_stop.states[CONFIG_LEDGER_ID]
assert not node_state.isEmpty
state_db_path = node_state._kv.db_path
node_to_stop.cleanupOnStopping = False
node_to_stop.stop()
looper.removeProdable(node_to_stop)
ensure_node_disconnected(looper, node_to_stop, txnPoolNodeSet[:-1])
shutil.rmtree(state_db_path)
config_helper = NodeConfigHelper(node_to_stop.name, tconf, chroot=tdir)
restarted_node = TestNode(node_to_stop.name,
config_helper=config_helper,
config=tconf,
pluginPaths=allPluginsPath,
ha=node_to_stop.nodestack.ha,
cliha=node_to_stop.clientstack.ha)
looper.add(restarted_node)
txnPoolNodeSet[-1] = restarted_node
# Check that nodes data is equal (restarted node regenerate config state)
looper.run(checkNodesConnected(txnPoolNodeSet))
ensureElectionsDone(looper, txnPoolNodeSet, customTimeout=30)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=NYM,
field=ROLE,
new_value=STEWARD,
constraint=AuthConstraint(
role=STEWARD,
sig_count=2,
need_to_be_owner=False).as_dict)
ensure_all_nodes_have_same_data(looper, txnPoolNodeSet, custom_timeout=20)
