def test_plugin_complex_with_or_rule_with_not_allowed(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraintForbidden(), AuthConstraint(role="*", sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[(signature, owner, 2) for signature in signatures if signature for owner in [True, False]], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_simple_error_msg_not_enough_amount(write_auth_req_validator): set_auth_constraint( write_auth_req_validator, AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 10})) req, actions = build_req_and_action( Action(author=IDENTITY_OWNER, endorser=None, sigs={IDENTITY_OWNER: 1}, is_owner=True, amount=5, extra_sigs=False)) with pytest.raises(UnauthorizedClientRequest) as excinfo: write_auth_req_validator.validate(req, actions) assert ("not enough amount in plugin field") in str(excinfo.value)
def test_plugin_simple_rule_0_sig_owner_no_endorser(write_auth_req_validator, write_request_validation, signatures, is_owner, off_ledger_signature, amount): validate( auth_constraint=AuthConstraint(role='*', sig_count=0, need_to_be_owner=False, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: '2'}), valid_actions=[Action(author=IDENTITY_OWNER, endorser=None, sigs={}, is_owner=owner, amount=2, extra_sigs=False) for owner in [True, False]] + [Action(author=IDENTITY_OWNER, endorser=None, sigs={IDENTITY_OWNER: s}, is_owner=owner, amount=2, extra_sigs=False) for owner in [True, False] for s in range(1, MAX_SIG_COUNT + 1)], author=IDENTITY_OWNER, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_check_rule_for_add_action_changing(looper, sdk_wallet_trustee, sdk_wallet_steward, sdk_pool_handle): wh, _ = sdk_wallet_trustee did1, verkey1 = create_verkey_did(looper, wh) """Adding new steward for old auth rules""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward1', STEWARD_STRING, dest=did1, verkey=verkey1) constraint = AuthConstraint(role=STEWARD, sig_count=1) sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=STEWARD, old_value=None, constraint=constraint.as_dict) did2, verkey2 = create_verkey_did(looper, wh) with pytest.raises(RequestRejectedException, match="TRUSTEE can not do this action"): """Adding new steward for changed auth rules""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward2', STEWARD_STRING, dest=did2, verkey=verkey2) """We change auth rules and for now only steward can add new steward""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward, 'newSteward2', STEWARD_STRING, dest=did2, verkey=verkey2)
def test_endorser_required_when_multi_sig_with_off_ledger_signature( looper, txnPoolNodeSet, sdk_wallet_client, sdk_pool_handle, sdk_wallet_trustee, sdk_wallet_endorser): change_new_did_auth_rule(looper, sdk_pool_handle, sdk_wallet_trustee, constraint=AuthConstraint( role='*', sig_count=2, off_ledger_signature=True)) new_did, verkey = \ looper.loop.run_until_complete( create_and_store_my_did(sdk_wallet_client[0], json.dumps({'seed': randomString(32)}))) sdk_wallet_new_client = (sdk_wallet_client[0], new_did) nym_request = looper.loop.run_until_complete( build_nym_request(new_did, new_did, verkey, None, IDENTITY_OWNER)) # can not send without Endorser with pytest.raises( RequestRejectedException, match= "'Endorser' field must be explicitly set for the endorsed transaction" ): signed_req = sdk_multisign_request_object(looper, sdk_wallet_new_client, nym_request) signed_req = sdk_multisign_request_object(looper, sdk_wallet_endorser, signed_req) request_couple = sdk_send_signed_requests(sdk_pool_handle, [signed_req])[0] sdk_get_and_check_replies(looper, [request_couple]) # can send with Endorser sdk_submit_and_check_by_endorser(looper, sdk_pool_handle, sdk_wallet_author=sdk_wallet_new_client, sdk_wallet_endorser=sdk_wallet_endorser, request_json=nym_request) details = get_nym_details(txnPoolNodeSet[0].states[1], new_did, is_committed=True) assert details[ROLE] == IDENTITY_OWNER assert details[VERKEY] == verkey
def test_plugin_or_and_rule_diff_roles_trustee_no_endorser(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False), ]), AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False), ]), AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=ENDORSER, sig_count=2, need_to_be_owner=True, metadata={PLUGIN_FIELD: 2}), ]), AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=IDENTITY_OWNER, sig_count=3, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}), ]), ]), valid_actions=[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3}, is_owner=False, amount=None, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3}, is_owner=True, amount=None, extra_sigs=True)] + [Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1, STEWARD: s2}, is_owner=owner, amount=None, extra_sigs=True) for s1 in range(1, 4) for s2 in range(2, 4) for owner in [True, False]] + [Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1, ENDORSER: s2}, is_owner=True, amount=2, extra_sigs=True) for s1 in range(1, 4) for s2 in range(2, 4)] + [Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, IDENTITY_OWNER: 3}, is_owner=True, amount=3, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, IDENTITY_OWNER: 3}, is_owner=True, amount=3, extra_sigs=True)], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_plugin_complex_with_and_rule_with_not_allowed( write_auth_req_validator, write_request_validation, signatures, is_owner, off_ledger_signature, amount): validate(auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintForbidden(), AuthConstraint(role="*", sig_count=1, need_to_be_owner=False, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_simple_rule_1_sig(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 2}), valid_actions=[({ IDENTITY_OWNER: 1 }, True, 2), ({ IDENTITY_OWNER: 2 }, True, 2), ({ IDENTITY_OWNER: 3 }, True, 2)], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_create_did_without_endorser_need_to_be(looper, txnPoolNodeSet, nym_txn_data, sdk_pool_handle, sdk_wallet_trustee): change_auth_rule(looper, sdk_pool_handle, sdk_wallet_trustee, constraint=AuthConstraint(role='*', sig_count=1, off_ledger_signature=False)) wh, alias, sender_did, sender_verkey = nym_txn_data nym_request = looper.loop.run_until_complete( build_nym_request(sender_did, sender_did, sender_verkey, alias, NEW_ROLE)) request_couple = sdk_sign_and_send_prepared_request( looper, (wh, sender_did), sdk_pool_handle, nym_request) with pytest.raises(RequestRejectedException, match='is not found in the Ledger'): sdk_get_and_check_replies(looper, [request_couple])
def test_plugin_simple_rule_3_sig(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), valid_actions=[ ({ TRUSTEE: 3 }, False, 2), ({ TRUSTEE: 3 }, True, 2), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_set_fees(helpers, fees, addresses, looper, sdk_wallet_trustee, sdk_pool_handle): """ 1. Send a SET_FEES txn from 3 TRUSTEE 2. Change the auth rule for editing SET_FEES to 1 STEWARD signature 3. Send a transfer from 3 TRUSTEE, check that auth validation failed. 4. Send and check that a SET_FEES request with STEWARD signature pass. 5. Change the auth rule to a default value. 6. Send and check a SET_FEES txn from 3 TRUSTEE. """ set_fees(helpers, fees) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX, auth_type=SET_FEES, field='*', old_value='*', new_value='*', constraint=AuthConstraint( role=STEWARD, sig_count=1, need_to_be_owner=False).as_dict) with pytest.raises(RequestRejectedException, match="Not enough STEWARD signatures"): set_fees(helpers, fees) set_fees(helpers, fees, trustee=False) sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX, auth_type=SET_FEES, field='*', old_value='*', new_value='*', constraint=sovtokenfees_auth_map[edit_fees.get_action_id()].as_dict) set_fees(helpers, fees)
def test_catching_up_auth_rule_txn(looper, txnPoolNodeSet, sdk_wallet_trustee, sdk_wallet_steward, sdk_pool_handle): delayed_node = txnPoolNodeSet[-1] wh, _ = sdk_wallet_trustee new_steward_did, new_steward_verkey = create_verkey_did(looper, wh) changed_constraint = AuthConstraint(role=STEWARD, sig_count=1) action = AuthActionAdd(txn_type=NYM, field=ROLE, value=STEWARD) with pytest.raises(RequestRejectedException, match="Not enough TRUSTEE signatures"): sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward, 'newSteward2', STEWARD_STRING, dest=new_steward_did, verkey=new_steward_verkey) with delay_rules_without_processing(delayed_node.nodeIbStasher, cDelay(), pDelay(), ppDelay()): sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=action.txn_type, field=action.field, new_value=action.value, old_value=None, constraint=changed_constraint.as_dict) delayed_node.start_catchup() looper.run(eventually(lambda: assertExp(delayed_node.mode == Mode.participating))) sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward, 'newSteward2', STEWARD_STRING, dest=new_steward_did, verkey=new_steward_verkey) ensure_all_nodes_have_same_data(looper, txnPoolNodeSet) config_state = delayed_node.states[CONFIG_LEDGER_ID] config_req_handler = delayed_node.get_req_handler(CONFIG_LEDGER_ID) from_state = config_state.get(config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=True) assert changed_constraint == config_req_handler.constraint_serializer.deserialize(from_state)
def test_plugin_simple_rule_1_sig_endorser_no_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 2}), valid_actions=[ Action(author=ENDORSER, endorser=None, sigs={ENDORSER: s}, is_owner=True, amount=2, extra_sigs=True) for s in range(1, MAX_SIG_COUNT + 1) ], author=ENDORSER, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_complex_with_or_rule_with_not_allowed_trustee_no_endorser(write_auth_req_validator, write_request_validation, signatures, is_owner, off_ledger_signature, amount): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraintForbidden(), AuthConstraint(role="*", sig_count=1, need_to_be_owner=False, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[ Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1}, is_owner=owner, amount=2, extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1) for owner in [True, False] ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_node_txn_demote_by_endorser(txnPoolNodeSet, sdk_pool_handle, sdk_wallet_trustee, looper, sdk_wallet_handle): validators_before = get_pool_validator_count(txnPoolNodeSet) new_end_did, new_end_verkey = looper.loop.run_until_complete( did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) # Step 1. Add new Endorser sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newEndorser', ENDORSER_STRING, verkey=new_end_verkey, dest=new_end_did) new_constraint = AuthConstraint(ENDORSER, 1) # Step 2. Change auth rule, to allowing endorser demote node sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX, auth_type=demote_action.txn_type, field=demote_action.field, new_value=demote_action.new_value, old_value=demote_action.old_value, constraint=new_constraint.as_dict) # Step 3. Demote node using new Endorser demote_node(looper, (sdk_wallet_handle, new_end_did), sdk_pool_handle, txnPoolNodeSet[-1]) # Check, that node was demoted assert validators_before - get_pool_validator_count( txnPoolNodeSet[:-1]) == 1
def test_plugin_simple_rule_1_sig_owner_no_endorser(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 2}), valid_actions=[ Action(author=IDENTITY_OWNER, endorser=None, sigs={IDENTITY_OWNER: 1}, is_owner=True, amount=2, extra_sigs=False) ], author=IDENTITY_OWNER, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_create_did_without_endorser(looper, txnPoolNodeSet, nym_txn_data, sdk_pool_handle, sdk_wallet_trustee): change_auth_rule(looper, sdk_pool_handle, sdk_wallet_trustee, constraint=AuthConstraint(role='*', sig_count=1, off_ledger_signature=True)) wh, alias, sender_did, sender_verkey = nym_txn_data nym_request = looper.loop.run_until_complete( build_nym_request(sender_did, sender_did, sender_verkey, alias, NEW_ROLE)) request_couple = sdk_sign_and_send_prepared_request( looper, (wh, sender_did), sdk_pool_handle, nym_request) sdk_get_and_check_replies(looper, [request_couple]) details = get_nym_details(txnPoolNodeSet[0].states[1], sender_did, is_committed=True) assert details[ROLE] == NEW_ROLE assert details[VERKEY] == sender_verkey
def test_plugin_simple_rule_3_sig_trustee_no_endorser(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), valid_actions=[ Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3}, is_owner=owner, amount=2, extra_sigs=True) for owner in [True, False] ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_simple_rule_1_sig_all_roles_trustee_no_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, off_ledger_signature, amount): validate(auth_constraint=AuthConstraint( role='*', sig_count=1, need_to_be_owner=True, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: 2}), valid_actions=[ Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1}, is_owner=True, amount=2, extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1) ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_check_rule_for_edit_action_changing(looper, sdk_wallet_trustee, sdk_wallet_steward, sdk_pool_handle): wh, _ = sdk_wallet_trustee new_steward_did, new_steward_verkey = create_verkey_did(looper, wh) """Adding new steward for old auth rules""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward1', STEWARD_STRING, dest=new_steward_did, verkey=new_steward_verkey) constraint = AuthConstraint(role=STEWARD, sig_count=1) """Change role from steward to '' (blacklisting STEWARD) can only STEWARD""" sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX, auth_type=NYM, field=ROLE, new_value='', old_value=STEWARD, constraint=constraint.as_dict) op = {'type': '1', 'dest': new_steward_did, 'role': None} with pytest.raises(RequestRejectedException, match="Not enough STEWARD signatures"): """Blacklisting new steward by TRUSTEE""" req = sdk_sign_and_submit_op(looper, sdk_pool_handle, sdk_wallet_trustee, op) sdk_get_and_check_replies(looper, [req]) """We change auth rules and for now only steward can add new steward""" req = sdk_sign_and_submit_op(looper, sdk_pool_handle, sdk_wallet_steward, op) sdk_get_and_check_replies(looper, [req])
def test_str_any_several_sig_owner(): constraint = AuthConstraint(role='*', sig_count=7, need_to_be_owner=True) assert str( constraint ) == '7 signatures of any role are required and needs to be owner'
def test_str_any_1_off_ledger_sig(): constraint = AuthConstraint(role='*', sig_count=1, off_ledger_signature=True) assert str(constraint ) == '1 signature of any role (off-ledger included) is required'
def test_plugin_and_or_rule_diff_role(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), ]), AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUST_ANCHOR, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=IDENTITY_OWNER, sig_count=3, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}), ]) ]), valid_actions=[ ({ TRUSTEE: 2, TRUST_ANCHOR: 3 }, False, 3), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, False, 3), ({ TRUSTEE: 2, TRUST_ANCHOR: 3 }, True, 3), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, True, 3), ({ TRUSTEE: 2, IDENTITY_OWNER: 3 }, True, 3), ({ TRUSTEE: 3, IDENTITY_OWNER: 3 }, True, 3), ({ STEWARD: 2, TRUST_ANCHOR: 3 }, False, 3), ({ STEWARD: 3, TRUST_ANCHOR: 3 }, False, 3), ({ STEWARD: 2, TRUST_ANCHOR: 3 }, True, 3), ({ STEWARD: 3, TRUST_ANCHOR: 3 }, True, 3), ({ STEWARD: 2, IDENTITY_OWNER: 3 }, True, 3), ({ STEWARD: 3, IDENTITY_OWNER: 3 }, True, 3), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_complex(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ # 1st AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraintOr(auth_constraints=[ AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraint(role=TRUST_ANCHOR, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), ]), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraint(role=TRUST_ANCHOR, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), ]) ]), # 2d AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}) ]), # 3d AuthConstraintAnd(auth_constraints=[ AuthConstraint( role=TRUSTEE, sig_count=3, need_to_be_owner=False), AuthConstraintOr(auth_constraints=[ AuthConstraint( role=STEWARD, sig_count=2, need_to_be_owner=False), AuthConstraint( role=TRUST_ANCHOR, sig_count=2, need_to_be_owner=True), ]) ]), # 4th AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 2}) ]), ]), valid_actions=[ # 1st ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 1 }, False, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 1 }, False, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 2 }, False, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 2 }, False, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 3 }, False, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 1 }, False, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 3 }, False, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 1 }, True, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 1 }, True, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 2 }, True, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 2 }, True, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 3 }, True, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 1 }, True, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 3 }, True, 1), ({ TRUSTEE: 3, STEWARD: 2 }, False, 1), ({ TRUSTEE: 3, STEWARD: 3 }, False, 1), ({ TRUSTEE: 3, STEWARD: 2 }, True, 1), ({ TRUSTEE: 3, STEWARD: 3 }, True, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, False, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, False, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, True, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, True, 1), # 2d ({ TRUSTEE: 3, IDENTITY_OWNER: 1 }, True, 3), ({ TRUSTEE: 3, IDENTITY_OWNER: 2 }, True, 3), ({ TRUSTEE: 3, IDENTITY_OWNER: 3 }, True, 3), # 3d ({ TRUSTEE: 3, STEWARD: 2 }, False, None), ({ TRUSTEE: 3, STEWARD: 3 }, False, None), ({ TRUSTEE: 3, STEWARD: 2 }, True, None), ({ TRUSTEE: 3, STEWARD: 3 }, True, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, False, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, False, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, True, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, True, None), # 4th ({ TRUSTEE: 2, IDENTITY_OWNER: 1 }, True, 2), ({ TRUSTEE: 2, IDENTITY_OWNER: 2 }, True, 2), ({ TRUSTEE: 2, IDENTITY_OWNER: 3 }, True, 2), ({ TRUSTEE: 3, IDENTITY_OWNER: 1 }, True, 2), ({ TRUSTEE: 3, IDENTITY_OWNER: 2 }, True, 2), ({ TRUSTEE: 3, IDENTITY_OWNER: 3 }, True, 2), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_str_not_any_7_sig_not_owner(): constraint = AuthConstraint(role=TRUSTEE, sig_count=7, need_to_be_owner=False) assert str(constraint) == '7 TRUSTEE signatures are required'
value='start') cancelUpgrade = AuthActionEdit(txn_type=POOL_UPGRADE, field='action', old_value='start', new_value='cancel') poolRestart = AuthActionAdd(txn_type=POOL_RESTART, field='action', value='*') poolConfig = AuthActionAdd(txn_type=POOL_CONFIG, field='action', value='*') validatorInfo = AuthActionAdd(txn_type=VALIDATOR_INFO, field='*', value='*') authMap = { addNewTrustee.get_action_id(): AuthConstraint(TRUSTEE, 1), addNewSteward.get_action_id(): AuthConstraint(TRUSTEE, 1), addNewTrustAnchor.get_action_id(): AuthConstraintOr([AuthConstraint(TRUSTEE, 1), AuthConstraint(STEWARD, 1)]), addNewIdentityOwner.get_action_id(): AuthConstraintOr([ AuthConstraint(TRUSTEE, 1), AuthConstraint(STEWARD, 1), AuthConstraint(TRUST_ANCHOR, 1) ]), blacklistingTrustee.get_action_id(): AuthConstraint(TRUSTEE, 1), blacklistingSteward.get_action_id(): AuthConstraint(TRUSTEE, 1),
def test_plugin_or_rule_all_amount(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=TRUST_ANCHOR, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}), ]), valid_actions=[ ({ TRUSTEE: 1 }, False, 1), ({ TRUSTEE: 2 }, False, 1), ({ TRUSTEE: 3 }, False, 1), ({ TRUSTEE: 1 }, True, 1), ({ TRUSTEE: 2 }, True, 1), ({ TRUSTEE: 3 }, True, 1), ({ STEWARD: 1 }, False, 2), ({ STEWARD: 2 }, False, 2), ({ STEWARD: 3 }, False, 2), ({ STEWARD: 1 }, True, 2), ({ STEWARD: 2 }, True, 2), ({ STEWARD: 3 }, True, 2), ({ TRUST_ANCHOR: 1 }, True, 3), ({ TRUST_ANCHOR: 2 }, True, 3), ({ TRUST_ANCHOR: 3 }, True, 3), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_str_not_any_1_sig_owner(): constraint = AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True) assert str( constraint) == '1 TRUSTEE signature is required and needs to be owner'
def test_str_any_1_sig_not_owner(): constraint = AuthConstraint(role='*', sig_count=1, need_to_be_owner=False) assert str(constraint) == '1 signature of any role is required'
def test_str_any_1_sig_owner(): constraint = AuthConstraint(role="*", sig_count=1, need_to_be_owner=True) assert str(constraint ) == '1 signature of any role is required and needs to be owner'