def validate_task_rel_proposal(header, propose, rel_address, state): """Validates that the User exists, the Task exists, and the User is not in the Task's relationship specified by rel_address. Args: header (TransactionHeader): The transaction header. propose (ProposeAddTask_____): The Task relationship proposal. rel_address (str): The Task relationship address produced by the Task and the User. state (sawtooth_sdk.Context): The way to communicate to the validator the state gets and sets. Returns: (dict of addresses) """ user_address = addresser.make_user_address(propose.user_id) task_address = addresser.make_task_attributes_address(propose.task_id) proposal_address = addresser.make_proposal_address( object_id=propose.task_id, related_id=propose.user_id) state_entries = get_state(state, [user_address, task_address, proposal_address, rel_address]) validate_identifier_is_user(state_entries, identifier=propose.user_id, address=user_address) user_entry = get_state_entry(state_entries, user_address) user = get_user_from_container( return_user_container(user_entry), propose.user_id) if header.signer_public_key not in [user.user_id, user.manager_id]: raise InvalidTransaction( "Txn signer {} is not the user or the user's " "manager {}".format(header.signer_public_key, [user.user_id, user.manager_id])) validate_identifier_is_task(state_entries, identifier=propose.task_id, address=task_address) try: task_admins_entry = get_state_entry(state_entries, rel_address) task_rel_container = return_task_rel_container(task_admins_entry) if is_in_task_rel_container( task_rel_container, propose.task_id, propose.user_id): raise InvalidTransaction( "User {} is already in the Role {} " "relationship".format(propose.user_id, propose.task_id)) except KeyError: # The task rel container doesn't exist so no task relationship exists pass return state_entries
def validate_task_rel_del_proposal(header, propose, rel_address, state): """Validates that the User exists, the Task exists, and the User is in the Tasks's relationship specified by the rel_address. Args: header (TransactionHeader): The transaction header. propose (ProposeRemoveTask____): The Task Remove relationship proposal rel_address (str): The task relationship address. state (Context:: The way to communicate to the validator State gets and sets. Returns: (list of StateEntry) """ user_address = addresser.make_user_address(propose.user_id) task_address = addresser.make_task_attributes_address(propose.task_id) proposal_address = addresser.make_proposal_address( object_id=propose.task_id, related_id=propose.user_id) state_entries = get_state( state, [user_address, task_address, proposal_address, rel_address]) validate_identifier_is_user(state_entries, identifier=propose.user_id, address=user_address) user_entry = get_state_entry(state_entries, user_address) user = get_user_from_container(return_user_container(user_entry), propose.user_id) if header.signer_pubkey not in [user.user_id, user.manager_id]: raise InvalidTransaction( "Txn signer {} is not the user {} or the user's manager {}".format( header.signer_pubkey, user.user_id, user.manager_id)) validate_identifier_is_task(state_entries, identifier=propose.task_id, address=task_address) try: task_rel_entry = get_state_entry(state_entries, rel_address) task_rel_container = return_task_rel_container(task_rel_entry) if not is_in_task_rel_container(task_rel_container, propose.task_id, propose.user_id): raise InvalidTransaction("User {} isn't in the Task {} " "relationship".format( propose.user_id, propose.task_id)) except KeyError: raise InvalidTransaction( "User {} isn't in the Task {} relationship, " "since there isn't a container at the address".format( propose.user_id, propose.task_id)) return state_entries
def handle_confirm(state_entries, header, confirm, task_rel_address, state, is_remove): """ Updates proposal and task relationship objects according to the task admin/owner transaction. Args: state_entries: List of states for the proposal, task relationship, and task admins object. header (TransactionHeader): The protobuf TransactionHeader. confirm (RBACPayload): The protobuf RBACPayload. task_rel_address (str): The task relationship address. state (Context): The class that handles state gets and sets. is_remove (boolean): Determines if task admin/owner is being removed or added. """ proposal_address = addresser.make_proposal_address( object_id=confirm.task_id, related_id=confirm.user_id) proposal_entry = get_state_entry(state_entries, proposal_address) proposal_container = return_prop_container(proposal_entry) proposal = get_prop_from_container(proposal_container, proposal_id=confirm.proposal_id) proposal.status = proposal_state_pb2.Proposal.CONFIRMED proposal.closer = header.signer_public_key proposal.close_reason = confirm.reason address_values = {proposal_address: proposal_container.SerializeToString()} try: task_rel_entry = get_state_entry(state_entries, task_rel_address) task_rel_container = return_task_rel_container(task_rel_entry) except KeyError: task_rel_container = task_state_pb2.TaskRelationshipContainer() try: task_rel = get_task_rel_from_container(container=task_rel_container, task_id=confirm.task_id, identifier=confirm.user_id) except KeyError: task_rel = task_rel_container.relationships.add() task_rel.task_id = confirm.task_id if not is_remove: task_rel.identifiers.append(confirm.user_id) else: task_rel.identifiers.remove(confirm.user_id) address_values[task_rel_address] = task_rel_container.SerializeToString() set_state(state, address_values)
def apply_user_reject(header, payload, state): reject_payload = user_transaction_pb2.RejectUpdateUserManager() reject_payload.ParseFromString(payload.content) proposal_address = addresser.make_proposal_address( object_id=reject_payload.user_id, related_id=reject_payload.manager_id) state_entries = get_state(state, [proposal_address]) if not proposal_exists_and_open(state_entries=state_entries, proposal_address=proposal_address, proposal_id=reject_payload.proposal_id): raise InvalidTransaction("Proposal {} is not open or does not " "exist".format(reject_payload.proposal_id)) entry = get_state_entry(state_entries, proposal_address) proposal_container = return_prop_container(entry) if not reject_payload.manager_id == header.signer_pubkey: raise InvalidTransaction("Proposal expected closer to be {} while txn " "signer was {}".format( reject_payload.manager_id, header.signer_pubkey)) proposal = get_prop_from_container(proposal_container, reject_payload.proposal_id) handle_reject_state_set(container=proposal_container, proposal=proposal, closer=header.signer_pubkey, reason=reject_payload.reason, address=proposal_address, state=state)
def handle_state_set(proposal_state_entries, header, user_proposal, state): proposal_address = addresser.make_proposal_address( user_proposal.user_id, user_proposal.new_manager_id) try: state_entry = get_state_entry(proposal_state_entries, proposal_address) proposal_container = return_prop_container(state_entry) except KeyError: proposal_container = proposal_state_pb2.ProposalsContainer() proposal = proposal_container.proposals.add() proposal.proposal_id = user_proposal.proposal_id proposal.proposal_type = proposal_state_pb2.Proposal.UPDATE_USER_MANAGER proposal.object_id = user_proposal.user_id proposal.target_id = user_proposal.new_manager_id proposal.opener = header.signer_pubkey proposal.status = proposal_state_pb2.Proposal.OPEN proposal.open_reason = user_proposal.reason proposal.metadata = user_proposal.metadata set_state(state, [ StateEntry(address=proposal_address, data=proposal_container.SerializeToString()) ])
def handle_confirm_state_set(container, proposal, closer, reason, address, user_id, new_manager_id, state): proposal.status = proposal_state_pb2.Proposal.CONFIRMED proposal.closer = closer proposal.close_reason = reason set_state(state, { address: container.SerializeToString() }) user_address = addresser.make_user_address(user_id) state_entries = get_state(state, [user_address]) state_entry = get_state_entry( state_entries=state_entries, address=user_address) user_container = return_user_container(state_entry) user = get_user_from_container(user_container, user_id) user.manager_id = new_manager_id set_state(state, { user_address: user_container.SerializeToString() })
def handle_propose_state_set(state_entries, header, payload, address, proposal_type, state, related_type='user_id'): try: entry = get_state_entry(state_entries, address=address) proposal_container = return_prop_container(entry) except KeyError: proposal_container = proposal_state_pb2.ProposalsContainer() proposal = proposal_container.proposals.add() proposal.proposal_id = payload.proposal_id proposal.object_id = payload.task_id proposal.target_id = getattr(payload, related_type) proposal.proposal_type = proposal_type proposal.status = proposal_state_pb2.Proposal.OPEN proposal.opener = header.signer_public_key proposal.open_reason = payload.reason proposal.metadata = payload.metadata set_state(state, {address: proposal_container.SerializeToString()})
def validate_role_task(header, confirm, txn_signer_rel_address, state): proposal_address = addresser.make_proposal_address( object_id=confirm.role_id, related_id=confirm.task_id) state_entries = get_state(state, [txn_signer_rel_address, proposal_address]) if not proposal_exists_and_open(state_entries, proposal_address, confirm.proposal_id): raise InvalidTransaction("The proposal {} does not exist or " "is not open".format(confirm.proposal_id)) try: entry = get_state_entry(state_entries, txn_signer_rel_address) task_owners_container = return_task_rel_container(entry) except KeyError: raise InvalidTransaction( "Signer {} is not a task owner for task {}".format( header.signer_public_key, confirm.task_id)) if not is_in_task_rel_container(task_owners_container, confirm.task_id, header.signer_public_key): raise InvalidTransaction( "Signer {} is not a task owner for task {} no bytes in " "state".format(header.signer_public_key, confirm.task_id)) return state_entries
def handle_create_task(state_entries, payload, state): try: entry = get_state_entry( state_entries, addresser.make_task_attributes_address(payload.task_id)) container = return_task_container(entry) except KeyError: container = task_state_pb2.TaskAttributesContainer() task = container.task_attributes.add() task.task_id = payload.task_id task.name = payload.name task.metadata = payload.metadata address_values = [] pubkeys_by_address = {} for pubkey in payload.admins: address = addresser.make_task_admins_address( task_id=payload.task_id, user_id=pubkey) if address in pubkeys_by_address: pubkeys_by_address[address].append(pubkey) else: pubkeys_by_address[address] = [pubkey] address_values += _handle_task_rel_container( state_entries=state_entries, create_task=payload, pubkeys_by_address=pubkeys_by_address, state=state) pubkeys_by_address = {} for pubkey in payload.owners: address = addresser.make_task_owners_address( task_id=payload.task_id, user_id=pubkey) if address in pubkeys_by_address: pubkeys_by_address[address].append(pubkey) else: pubkeys_by_address[address] = [pubkey] address_values += _handle_task_rel_container( state_entries=state_entries, create_task=payload, pubkeys_by_address=pubkeys_by_address, state=state) address_values += [StateEntry( address=addresser.make_task_attributes_address(payload.task_id), data=container.SerializeToString())] set_state( state, address_values)
def _handle_role_state_set(create_role, state): role_container = role_state_pb2.RoleAttributesContainer() role = role_container.role_attributes.add() role.role_id = create_role.role_id role.name = create_role.name role.metadata = create_role.metadata entries_to_set = [ StateEntry(address=addresser.make_role_attributes_address( create_role.role_id), data=role_container.SerializeToString()) ] pubkeys_by_address = {} for admin in list(create_role.admins): admin_address = addresser.make_role_admins_address( role_id=create_role.role_id, user_id=admin) if admin_address in pubkeys_by_address: pubkeys_by_address[admin_address].append(admin) else: pubkeys_by_address[admin_address] = [admin] for owner in list(create_role.owners): owner_address = addresser.make_role_owners_address( role_id=create_role.role_id, user_id=owner) if owner_address in pubkeys_by_address: pubkeys_by_address[owner_address].append(owner) else: pubkeys_by_address[owner_address] = [owner] state_returns = get_state(state, [ addresser.make_role_admins_address(role_id=create_role.role_id, user_id=a) for a in create_role.admins ] + [ addresser.make_role_owners_address(role_id=create_role.role_id, user_id=o) for o in create_role.owners ]) for addr, pubkeys in pubkeys_by_address.items(): try: state_entry = get_state_entry(state_returns, addr) container = role_state_pb2.RoleRelationshipContainer() container.ParseFromString(state_entry.data) except KeyError: container = role_state_pb2.RoleRelationshipContainer() _add_role_rel_to_container(container, create_role.role_id, pubkeys) entries_to_set.append( StateEntry(address=addr, data=container.SerializeToString())) set_state(state, entries_to_set)
def handle_confirm_add(state_entries, header, confirm, role_rel_address, state, rel_type='user_id'): proposal_address = addresser.make_proposal_address( object_id=confirm.role_id, related_id=getattr(confirm, rel_type)) proposal_entry = get_state_entry(state_entries, proposal_address) proposal_container = return_prop_container(proposal_entry) proposal = get_prop_from_container(proposal_container, proposal_id=confirm.proposal_id) proposal.status = proposal_state_pb2.Proposal.CONFIRMED proposal.closer = header.signer_pubkey proposal.close_reason = confirm.reason address_values = [ StateEntry(address=proposal_address, data=proposal_container.SerializeToString()) ] try: role_rel_entry = get_state_entry(state_entries, role_rel_address) role_rel_container = return_role_rel_container(role_rel_entry) except KeyError: role_rel_container = role_state_pb2.RoleRelationshipContainer() try: role_rel = get_role_rel(role_rel_container, confirm.role_id) except KeyError: role_rel = role_rel_container.relationships.add() role_rel.role_id = confirm.role_id role_rel.identifiers.append(getattr(confirm, rel_type)) address_values.append( StateEntry(address=role_rel_address, data=role_rel_container.SerializeToString())) set_state(state, address_values)
def handle_confirm_add(state_entries, header, confirm, task_rel_address, state): proposal_address = addresser.make_proposal_address( object_id=confirm.task_id, related_id=confirm.user_id) proposal_entry = get_state_entry(state_entries, proposal_address) proposal_container = return_prop_container(proposal_entry) proposal = get_prop_from_container( proposal_container, proposal_id=confirm.proposal_id) proposal.status = proposal_state_pb2.Proposal.CONFIRMED proposal.closer = header.signer_public_key proposal.close_reason = confirm.reason address_values = { proposal_address: proposal_container.SerializeToString() } try: task_rel_entry = get_state_entry(state_entries, task_rel_address) task_rel_container = return_task_rel_container(task_rel_entry) except KeyError: task_rel_container = task_state_pb2.TaskRelationshipContainer() try: task_rel = get_task_rel_from_container( container=task_rel_container, task_id=confirm.task_id, identifier=confirm.user_id) except KeyError: task_rel = task_rel_container.relationships.add() task_rel.task_id = confirm.task_id task_rel.identifiers.append(confirm.user_id) address_values[task_rel_address] = task_rel_container.SerializeToString() set_state(state, address_values)
def validate_task_admin_or_owner(header, confirm, txn_signer_rel_address, task_rel_address, state, is_remove): """Validate a [ Confirm | Reject }_____Task[ Admin | Owner } transaction. Args: header (TransactionHeader): The transaction header protobuf class.: confirm: ConfirmAddTaskAdmin, RejectAddTaskAdmin, ... txn_signer_rel_address (str): The transaction signer address. task_rel_address (str): The task relationship address. state (Context): The class responsible for gets and sets of state. is_remove (boolean): Determines if task owner is being added or removed. Returns: (dict of addresses) Raises: InvalidTransaction - The transaction is invalid. """ proposal_address = addresser.make_proposal_address( object_id=confirm.task_id, related_id=confirm.user_id) if not is_remove: state_entries = get_state(state, [txn_signer_rel_address, proposal_address]) else: state_entries = get_state( state, [txn_signer_rel_address, task_rel_address, proposal_address]) if not proposal_exists_and_open(state_entries, proposal_address, confirm.proposal_id): raise InvalidTransaction("The proposal {} does not exist or " "is not open".format(confirm.proposal_id)) try: entry = get_state_entry(state_entries, txn_signer_rel_address) task_rel_container = return_task_rel_container(entry) except KeyError: raise InvalidTransaction( "Signer {} does not have the Task permissions " "to close the proposal".format(header.signer_public_key)) if not is_in_task_rel_container(task_rel_container, task_id=confirm.task_id, identifier=header.signer_public_key): raise InvalidTransaction("Signer {} does not have the Task " "permissions to close the " "proposal".format(header.signer_public_key)) return state_entries
def _validate_state_and_return_user(header, user_proposal, state): """Validate that 1. There is no other open proposal for the manager change 2. The user is a User 3. the manager is a User 4. The manager is the signer of the transaction. Args: header (TransactionHeader): The transaction header. user_proposal (ProposeUpdateUserManager): The transaction that makes the proposal to update the user's manager. state (Context): The way to set and get values from state. """ prop_state_entries = _validate_unique_proposal( header, user_proposal, state) user_address = addresser.make_user_address( user_id=user_proposal.user_id) user_state_entries = get_state( state, [user_address]) validate_identifier_is_user( state_entries=user_state_entries, identifier=user_proposal.user_id, address=user_address) manager_address = addresser.make_user_address( user_id=user_proposal.new_manager_id) manager_state_entries = get_state( state, [manager_address]) validate_identifier_is_user( state_entries=manager_state_entries, identifier=user_proposal.new_manager_id, address=manager_address) user_state_entry = get_state_entry( user_state_entries, user_address) user_container = return_user_container(user_state_entry) _validate_manager_is_signer(header, user_container, user_proposal.user_id) return prop_state_entries
def validate_manager_state(header, create_user, state): manager_entries = get_state( state, [addresser.make_user_address(create_user.manager_id)]) if not manager_entries: raise InvalidTransaction("User id {} listed as manager is not " "in state.".format(create_user.manager_id)) state_entry = get_state_entry( manager_entries, addresser.make_user_address(user_id=create_user.manager_id)) manager_container = return_user_container(state_entry) if not is_in_user_container(manager_container, create_user.manager_id): raise InvalidTransaction( "user id {} listed as manager is not within the User container " "in state".format(create_user.manager_id))
def handle_reject(state_entries, header, reject, state): proposal_address = addresser.make_proposal_address( object_id=reject.task_id, related_id=reject.user_id) proposal_entry = get_state_entry(state_entries, proposal_address) proposal_container = return_prop_container(proposal_entry) proposal = get_prop_from_container(proposal_container, proposal_id=reject.proposal_id) proposal.status = proposal_state_pb2.Proposal.REJECTED proposal.closer = header.signer_public_key proposal.close_reason = reject.reason address_values = {proposal_address: proposal_container.SerializeToString()} set_state(state, address_values)
def _handle_task_rel_container(state_entries, create_task, pubkeys_by_address, state): entries_to_set = {} for addr, pubkeys in pubkeys_by_address.items(): try: state_entry = get_state_entry(state_entries, addr) container = task_state_pb2.TaskRelationshipContainer() container.ParseFromString(state_entry.data) except KeyError: container = task_state_pb2.TaskRelationshipContainer() _add_task_rel_to_container(container, create_task.task_id, pubkeys) entries_to_set[addr] = container.SerializeToString() return entries_to_set
def validate_role_admin_or_owner(header, confirm, txn_signer_rel_address, state): """Validate a [ Confirm | Reject }_____Role[ Admin | Owner } transaction. Args: header (TransactionHeader): The transaction header protobuf class.: confirm: ConfirmAddRoleAdmin, RejectAddRoleAdmin, ... state (Context): The class responsible for gets and sets of state. Returns: (dict of addresses) """ proposal_address = addresser.make_proposal_address( object_id=confirm.role_id, related_id=confirm.user_id) state_entries = get_state( state, [txn_signer_rel_address, proposal_address]) if not proposal_exists_and_open( state_entries, proposal_address, confirm.proposal_id): raise InvalidTransaction("The proposal {} does not exist or " "is not open".format(confirm.proposal_id)) try: entry = get_state_entry(state_entries, txn_signer_rel_address) role_rel_container = return_role_rel_container(entry) except KeyError: raise InvalidTransaction( "Signer {} does not have the Role permissions " "to close the proposal".format(header.signer_public_key)) if not is_in_role_rel_container( role_rel_container, role_id=confirm.role_id, identifier=header.signer_public_key): raise InvalidTransaction("Signer {} does not have the Role " "permissions to close the " "proposal".format(header.signer_public_key)) return state_entries
def validate_create_task_state(state_entries, payload): validate_list_of_user_are_users(state_entries, payload.admins) validate_list_of_user_are_users(state_entries, payload.owners) try: entry = get_state_entry( state_entries, addresser.make_task_attributes_address(payload.task_id)) container = return_task_container(entry) if is_in_task_container(container, payload.task_id): raise InvalidTransaction("Task with id {} already in " "state".format(payload.task_id)) except KeyError: # The task container is not in state, so no at this address. pass
def handle_reject(state_entries, header, reject, state, rel_type='user_id'): proposal_address = addresser.make_proposal_address( object_id=reject.role_id, related_id=getattr(reject, rel_type)) proposal_entry = get_state_entry(state_entries, proposal_address) proposal_container = return_prop_container(proposal_entry) proposal = get_prop_from_container(proposal_container, proposal_id=reject.proposal_id) proposal.status = proposal_state_pb2.Proposal.REJECTED proposal.closer = header.signer_pubkey proposal.close_reason = reject.reason address_values = [ StateEntry(address=proposal_address, data=proposal_container.SerializeToString()) ] set_state(state, address_values)
def apply_user_confirm(header, payload, state): confirm_payload = user_transaction_pb2.ConfirmUpdateUserManager() confirm_payload.ParseFromString(payload.content) proposal_address = addresser.make_proposal_address( object_id=confirm_payload.user_id, related_id=confirm_payload.manager_id) proposal_entries = get_state(state, [proposal_address]) if not proposal_exists_and_open( state_entries=proposal_entries, proposal_address=proposal_address, proposal_id=confirm_payload.proposal_id): raise InvalidTransaction( "Proposal id {} does not exist or is not open.".format( confirm_payload.proposal_id)) entry = get_state_entry(proposal_entries, proposal_address) proposal_container = return_prop_container(entry) proposal = get_prop_from_container( container=proposal_container, proposal_id=confirm_payload.proposal_id) if not proposal.target_id == header.signer_public_key: raise InvalidTransaction( "Confirm update manager txn signed by {} while " "proposal expecting {}".format( header.signer_public_key, proposal.target_id)) handle_confirm_state_set( container=proposal_container, proposal=proposal, closer=header.signer_public_key, reason=confirm_payload.reason, address=proposal_address, user_id=confirm_payload.user_id, new_manager_id=confirm_payload.manager_id, state=state)