def test_plugin_and_rule(write_auth_req_validator, write_request_validation,
signatures, is_owner, amount):
validate(auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
AuthConstraint(role=STEWARD,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2})
]),
valid_actions=[
({
TRUSTEE: 2,
STEWARD: 3
}, False, 2),
({
TRUSTEE: 3,
STEWARD: 3
}, False, 2),
({
TRUSTEE: 2,
STEWARD: 3
}, True, 2),
({
TRUSTEE: 3,
STEWARD: 3
}, True, 2),
],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_and_rule_trustee_no_endorser(write_auth_req_validator,
write_request_validation,
signatures, is_owner, amount):
validate(auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '2'}),
AuthConstraint(role=STEWARD,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '2'})
]),
valid_actions=[
Action(author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: s,
STEWARD: 3
},
is_owner=owner,
amount=2,
extra_sigs=True) for s in range(2, 4)
for owner in [True, False]
],
author=TRUSTEE,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_not_authorize_with_and_constraint(composite_authorizer, req_auth):
with pytest.raises(AuthValidationError):
composite_authorizer.authorize(
req_auth,
AuthConstraintAnd(
[AuthConstraint(STEWARD, 1),
AuthConstraint(TRUSTEE, 1)]), None)
def test_plugin_and_or_rule_same_role_trustee_no_endorser(write_auth_req_validator, write_request_validation,
signatures, amount):
validate(
auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False),
AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
]),
AuthConstraintOr(auth_constraints=[
AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False),
AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
])
]),
valid_actions=[
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3},
is_owner=False, amount=2, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3},
is_owner=False, amount=2, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3},
is_owner=False, amount=None, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3},
is_owner=False, amount=None, extra_sigs=True),
],
author=TRUSTEE, endorser=None,
all_signatures=signatures, is_owner=False, amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation
)
def test_str_for_auth_constraint_and():
constraint = AuthConstraintAnd([
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True),
AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True)
])
assert str(constraint) == '1 TRUSTEE signature is required and needs to be owner ' \
'AND ' \
'1 STEWARD signature is required and needs to be owner'
def test_not_authorize_with_and_constraint(composite_authorizer, req_auth):
with pytest.raises(AuthValidationError):
composite_authorizer.authorize(
req_auth,
AuthConstraintAnd([
AuthConstraint("SomeRole", 1),
AuthConstraint("SomeOtherRole", 1)
]), None)
def test_plugin_or_and_rule_diff_roles_trustee_no_endorser(write_auth_req_validator, write_request_validation,
signatures, is_owner, amount):
validate(
auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False),
]),
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False),
AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False),
]),
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
AuthConstraint(role=ENDORSER, sig_count=2, need_to_be_owner=True,
metadata={PLUGIN_FIELD: 2}),
]),
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
AuthConstraint(role=IDENTITY_OWNER, sig_count=3, need_to_be_owner=True,
metadata={PLUGIN_FIELD: 3}),
]),
]),
valid_actions=[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3},
is_owner=False, amount=None, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3},
is_owner=True, amount=None, extra_sigs=True)] +
[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1, STEWARD: s2},
is_owner=owner, amount=None, extra_sigs=True)
for s1 in range(1, 4)
for s2 in range(2, 4)
for owner in [True, False]] +
[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1, ENDORSER: s2},
is_owner=True, amount=2, extra_sigs=True)
for s1 in range(1, 4)
for s2 in range(2, 4)] +
[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, IDENTITY_OWNER: 3},
is_owner=True, amount=3, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, IDENTITY_OWNER: 3},
is_owner=True, amount=3, extra_sigs=True)],
author=TRUSTEE, endorser=None,
all_signatures=signatures, is_owner=is_owner, amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation
)
def constraints():
role_constraints = [
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True),
AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True)
]
and_constraint = AuthConstraintAnd(role_constraints)
or_constraint = AuthConstraintOr(role_constraints)
return role_constraints[0], and_constraint, or_constraint
def test_plugin_complex_with_and_rule_with_not_allowed(write_auth_req_validator, write_request_validation,
signatures, is_owner, off_ledger_signature, amount):
validate(
auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraintForbidden(),
AuthConstraint(role="*", sig_count=1, need_to_be_owner=False,
off_ledger_signature=off_ledger_signature,
metadata={PLUGIN_FIELD: 2})
]),
valid_actions=[],
author=TRUSTEE, endorser=None,
all_signatures=signatures, is_owner=is_owner, amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation
)
def test_check_equal(constraints):
same_role, same_and, same_or = constraints
"""
The same constraints as from fixture but should have not the same id
"""
role_constraints = [
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True),
AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True)
]
and_constraint = AuthConstraintAnd(role_constraints)
or_constraint = AuthConstraintOr(role_constraints)
assert id(same_role) != id(role_constraints[0])
assert id(same_or) != id(or_constraint)
assert id(same_and) != id(and_constraint)
assert same_role == role_constraints[0]
assert same_or == or_constraint
assert same_and == and_constraint
def test_plugin_and_or_rule_diff_role(write_auth_req_validator,
write_request_validation, signatures,
is_owner, amount):
validate(auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
AuthConstraint(role=STEWARD,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
]),
AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUST_ANCHOR,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
AuthConstraint(role=IDENTITY_OWNER,
sig_count=3,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 3}),
])
]),
valid_actions=[
({
TRUSTEE: 2,
TRUST_ANCHOR: 3
}, False, 3),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, False, 3),
({
TRUSTEE: 2,
TRUST_ANCHOR: 3
}, True, 3),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, True, 3),
({
TRUSTEE: 2,
IDENTITY_OWNER: 3
}, True, 3),
({
TRUSTEE: 3,
IDENTITY_OWNER: 3
}, True, 3),
({
STEWARD: 2,
TRUST_ANCHOR: 3
}, False, 3),
({
STEWARD: 3,
TRUST_ANCHOR: 3
}, False, 3),
({
STEWARD: 2,
TRUST_ANCHOR: 3
}, True, 3),
({
STEWARD: 3,
TRUST_ANCHOR: 3
}, True, 3),
({
STEWARD: 2,
IDENTITY_OWNER: 3
}, True, 3),
({
STEWARD: 3,
IDENTITY_OWNER: 3
}, True, 3),
],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_complex(write_auth_req_validator, write_request_validation,
signatures, is_owner, amount):
validate(
auth_constraint=AuthConstraintOr(auth_constraints=[
# 1st
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
AuthConstraintOr(auth_constraints=[
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=STEWARD,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
AuthConstraint(role=TRUST_ANCHOR,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
]),
AuthConstraint(role=STEWARD,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
AuthConstraint(role=TRUST_ANCHOR,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
])
]),
# 2d
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 3})
]),
# 3d
AuthConstraintAnd(auth_constraints=[
AuthConstraint(
role=TRUSTEE, sig_count=3, need_to_be_owner=False),
AuthConstraintOr(auth_constraints=[
AuthConstraint(
role=STEWARD, sig_count=2, need_to_be_owner=False),
AuthConstraint(
role=TRUST_ANCHOR, sig_count=2, need_to_be_owner=True),
])
]),
# 4th
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 2})
]),
]),
valid_actions=[
# 1st
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 1
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 2,
TRUST_ANCHOR: 1
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 2
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 2,
TRUST_ANCHOR: 2
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 3
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 3,
TRUST_ANCHOR: 1
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 3,
TRUST_ANCHOR: 3
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 1
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 2,
TRUST_ANCHOR: 1
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 2
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 2,
TRUST_ANCHOR: 2
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 3
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 3,
TRUST_ANCHOR: 1
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 3,
TRUST_ANCHOR: 3
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 2
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 3
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 2
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 3
}, True, 1),
({
TRUSTEE: 3,
TRUST_ANCHOR: 2
}, False, 1),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, False, 1),
({
TRUSTEE: 3,
TRUST_ANCHOR: 2
}, True, 1),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, True, 1),
# 2d
({
TRUSTEE: 3,
IDENTITY_OWNER: 1
}, True, 3),
({
TRUSTEE: 3,
IDENTITY_OWNER: 2
}, True, 3),
({
TRUSTEE: 3,
IDENTITY_OWNER: 3
}, True, 3),
# 3d
({
TRUSTEE: 3,
STEWARD: 2
}, False, None),
({
TRUSTEE: 3,
STEWARD: 3
}, False, None),
({
TRUSTEE: 3,
STEWARD: 2
}, True, None),
({
TRUSTEE: 3,
STEWARD: 3
}, True, None),
({
TRUSTEE: 3,
TRUST_ANCHOR: 2
}, False, None),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, False, None),
({
TRUSTEE: 3,
TRUST_ANCHOR: 2
}, True, None),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, True, None),
# 4th
({
TRUSTEE: 2,
IDENTITY_OWNER: 1
}, True, 2),
({
TRUSTEE: 2,
IDENTITY_OWNER: 2
}, True, 2),
({
TRUSTEE: 2,
IDENTITY_OWNER: 3
}, True, 2),
({
TRUSTEE: 3,
IDENTITY_OWNER: 1
}, True, 2),
({
TRUSTEE: 3,
IDENTITY_OWNER: 2
}, True, 2),
({
TRUSTEE: 3,
IDENTITY_OWNER: 3
}, True, 2),
],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_authorize_with_and_constraint(composite_authorizer, req_auth):
composite_authorizer.authorize(req_auth,
AuthConstraintAnd([AuthConstraint("SomeRole", 1), AuthConstraint("SomeRole", 1)]),
None)
from indy_common.authorize.auth_constraints import ROLE, AuthConstraint, AuthConstraintAnd, AuthConstraintOr
from indy_common.constants import NYM
from indy_node.test.auth_rule.helper import create_verkey_did, sdk_send_and_check_auth_rule_request
from indy_node.test.nym_txn.test_nym_additional import get_nym
from plenum.common.constants import STEWARD, STEWARD_STRING, TRUSTEE, TRUSTEE_STRING
from plenum.common.exceptions import RequestRejectedException
from plenum.common.util import randomString
from plenum.test.conftest import sdk_wallet_client
from plenum.test.helper import sdk_get_and_check_replies, sdk_send_signed_requests, sdk_sign_request_objects, \
sdk_json_to_request_object, sdk_multi_sign_request_objects
from plenum.test.pool_transactions.helper import prepare_nym_request, \
sdk_sign_and_send_prepared_request, sdk_add_new_nym
auth_constraint = AuthConstraintOr(auth_constraints=[
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=STEWARD, sig_count=2),
AuthConstraint(role=TRUSTEE, sig_count=1)
]),
AuthConstraint(role=TRUSTEE, sig_count=2)
])
@pytest.fixture(scope='module',
params=[(2, 0), (3, 0), (1, 2), (1, 3), (2, 1)])
def wallets_for_success(request, sdk_wallet_steward_list,
sdk_wallet_trustee_list):
return (sdk_wallet_trustee_list[:request.param[0]] +
sdk_wallet_steward_list[:request.param[1]])
@pytest.fixture(scope='module', params=[(0, 3), (1, 0), (1, 1)])
def wallets_for_fail(request, sdk_wallet_steward_list,
def test_plugin_complex_trustee_no_endorser(write_auth_req_validator,
write_request_validation,
signatures, is_owner, amount):
validate(
auth_constraint=AuthConstraintOr(auth_constraints=[
# 1st
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '1'}),
AuthConstraintOr(auth_constraints=[
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=STEWARD,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '1'}),
AuthConstraint(role=ENDORSER,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '1'}),
]),
AuthConstraint(role=STEWARD,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '1'}),
AuthConstraint(role=ENDORSER,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '1'}),
])
]),
# 2d
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '3'}),
AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: '3'})
]),
# 3d
AuthConstraintAnd(auth_constraints=[
AuthConstraint(
role=TRUSTEE, sig_count=3, need_to_be_owner=False),
AuthConstraintOr(auth_constraints=[
AuthConstraint(
role=STEWARD, sig_count=2, need_to_be_owner=False),
AuthConstraint(
role=ENDORSER, sig_count=2, need_to_be_owner=True),
])
]),
# 4th
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: '2'}),
AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: '2'})
]),
]),
valid_actions=[
Action(
author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: 3,
STEWARD: s1,
ENDORSER: s2
}, # 1st
is_owner=owner,
amount=1,
extra_sigs=True) for s1 in range(1, 4) for s2 in range(1, 4)
for owner in [True, False]
] + [
Action(author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: 3,
STEWARD: s
},
is_owner=owner,
amount=1,
extra_sigs=True) for s in range(2, 4)
for owner in [True, False]
] + [
Action(
author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: 3,
IDENTITY_OWNER: s
}, # 2d
is_owner=True,
amount=3,
extra_sigs=True) for s in range(1, 4)
] + [
Action(
author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: 3,
STEWARD: s
}, # 3d
is_owner=owner,
amount=amount,
extra_sigs=True) for s in range(2, 4)
for owner in [True, False] for amount in [0, None]
] + [
Action(author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: 3,
ENDORSER: s
},
is_owner=owner,
amount=amount,
extra_sigs=True) for s in range(2, 4)
for owner in [True, False] for amount in [0, None]
] + [
Action(
author=TRUSTEE,
endorser=None,
sigs={
TRUSTEE: 2,
IDENTITY_OWNER: s
}, # 4th
is_owner=True,
amount=2,
extra_sigs=True) for s in range(1, 4)
],
author=TRUSTEE,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
RequestParams(fees=fee_5[1], wallets={STEWARD: 1}),
RequestParams(fees=0, wallets={TRUSTEE: 1}),
RequestParams(fees=fee_5[1],
wallets={
TRUSTEE: 1,
STEWARD: 1
}),
],
invalid_requests=[
RequestParams(fees=fee_1[1], wallets={STEWARD: 1}),
RequestParams(fees=fee_5[1], wallets={TRUSTEE: 1}),
RequestParams(fees=fee_5[1], wallets={IDENTITY_OWNER: 1})
]),
# 1
InputParam(auth_constraint=AuthConstraintAnd([
AuthConstraint(STEWARD, 2, metadata={FEES_FIELD_NAME: fee_5[0]}),
AuthConstraint(TRUSTEE, 1, metadata={FEES_FIELD_NAME: fee_5[0]})
]),
valid_requests=[
RequestParams(fees=fee_5[1],
wallets={
STEWARD: 2,
TRUSTEE: 1
}),
RequestParams(fees=fee_5[1],
wallets={
STEWARD: 3,
TRUSTEE: 2
}),
],
invalid_requests=[
RequestParams(fees=fee_5[1], wallets={STEWARD: 3}),