def test_plugin_complex_with_or_rule_with_not_allowed(write_auth_req_validator,
write_request_validation,
signatures, is_owner,
amount):
validate(auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraintForbidden(),
AuthConstraint(role="*",
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2})
]),
valid_actions=[(signature, owner, 2) for signature in signatures
if signature for owner in [True, False]],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_simple_error_msg_not_enough_amount(write_auth_req_validator):
set_auth_constraint(
write_auth_req_validator,
AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 10}))
req, actions = build_req_and_action(
Action(author=IDENTITY_OWNER,
endorser=None,
sigs={IDENTITY_OWNER: 1},
is_owner=True,
amount=5,
extra_sigs=False))
with pytest.raises(UnauthorizedClientRequest) as excinfo:
write_auth_req_validator.validate(req, actions)
assert ("not enough amount in plugin field") in str(excinfo.value)
def test_plugin_simple_rule_0_sig_owner_no_endorser(write_auth_req_validator, write_request_validation,
signatures, is_owner, off_ledger_signature, amount):
validate(
auth_constraint=AuthConstraint(role='*', sig_count=0, need_to_be_owner=False,
off_ledger_signature=off_ledger_signature,
metadata={PLUGIN_FIELD: '2'}),
valid_actions=[Action(author=IDENTITY_OWNER, endorser=None, sigs={},
is_owner=owner, amount=2, extra_sigs=False)
for owner in [True, False]] +
[Action(author=IDENTITY_OWNER, endorser=None, sigs={IDENTITY_OWNER: s},
is_owner=owner, amount=2, extra_sigs=False)
for owner in [True, False]
for s in range(1, MAX_SIG_COUNT + 1)],
author=IDENTITY_OWNER, endorser=None,
all_signatures=signatures, is_owner=is_owner, amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation
)
def test_check_rule_for_add_action_changing(looper, sdk_wallet_trustee,
sdk_wallet_steward,
sdk_pool_handle):
wh, _ = sdk_wallet_trustee
did1, verkey1 = create_verkey_did(looper, wh)
"""Adding new steward for old auth rules"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newSteward1',
STEWARD_STRING,
dest=did1,
verkey=verkey1)
constraint = AuthConstraint(role=STEWARD, sig_count=1)
sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=ADD_PREFIX,
auth_type=NYM,
field=ROLE,
new_value=STEWARD,
old_value=None,
constraint=constraint.as_dict)
did2, verkey2 = create_verkey_did(looper, wh)
with pytest.raises(RequestRejectedException,
match="TRUSTEE can not do this action"):
"""Adding new steward for changed auth rules"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newSteward2',
STEWARD_STRING,
dest=did2,
verkey=verkey2)
"""We change auth rules and for now only steward can add new steward"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=did2,
verkey=verkey2)
def test_endorser_required_when_multi_sig_with_off_ledger_signature(
looper, txnPoolNodeSet, sdk_wallet_client, sdk_pool_handle,
sdk_wallet_trustee, sdk_wallet_endorser):
change_new_did_auth_rule(looper,
sdk_pool_handle,
sdk_wallet_trustee,
constraint=AuthConstraint(
role='*',
sig_count=2,
off_ledger_signature=True))
new_did, verkey = \
looper.loop.run_until_complete(
create_and_store_my_did(sdk_wallet_client[0], json.dumps({'seed': randomString(32)})))
sdk_wallet_new_client = (sdk_wallet_client[0], new_did)
nym_request = looper.loop.run_until_complete(
build_nym_request(new_did, new_did, verkey, None, IDENTITY_OWNER))
# can not send without Endorser
with pytest.raises(
RequestRejectedException,
match=
"'Endorser' field must be explicitly set for the endorsed transaction"
):
signed_req = sdk_multisign_request_object(looper,
sdk_wallet_new_client,
nym_request)
signed_req = sdk_multisign_request_object(looper, sdk_wallet_endorser,
signed_req)
request_couple = sdk_send_signed_requests(sdk_pool_handle,
[signed_req])[0]
sdk_get_and_check_replies(looper, [request_couple])
# can send with Endorser
sdk_submit_and_check_by_endorser(looper,
sdk_pool_handle,
sdk_wallet_author=sdk_wallet_new_client,
sdk_wallet_endorser=sdk_wallet_endorser,
request_json=nym_request)
details = get_nym_details(txnPoolNodeSet[0].states[1],
new_did,
is_committed=True)
assert details[ROLE] == IDENTITY_OWNER
assert details[VERKEY] == verkey
def test_plugin_or_and_rule_diff_roles_trustee_no_endorser(write_auth_req_validator, write_request_validation,
signatures, is_owner, amount):
validate(
auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False),
]),
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False),
AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False),
]),
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
AuthConstraint(role=ENDORSER, sig_count=2, need_to_be_owner=True,
metadata={PLUGIN_FIELD: 2}),
]),
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
AuthConstraint(role=IDENTITY_OWNER, sig_count=3, need_to_be_owner=True,
metadata={PLUGIN_FIELD: 3}),
]),
]),
valid_actions=[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3},
is_owner=False, amount=None, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3},
is_owner=True, amount=None, extra_sigs=True)] +
[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1, STEWARD: s2},
is_owner=owner, amount=None, extra_sigs=True)
for s1 in range(1, 4)
for s2 in range(2, 4)
for owner in [True, False]] +
[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1, ENDORSER: s2},
is_owner=True, amount=2, extra_sigs=True)
for s1 in range(1, 4)
for s2 in range(2, 4)] +
[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, IDENTITY_OWNER: 3},
is_owner=True, amount=3, extra_sigs=True),
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, IDENTITY_OWNER: 3},
is_owner=True, amount=3, extra_sigs=True)],
author=TRUSTEE, endorser=None,
all_signatures=signatures, is_owner=is_owner, amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation
)
def test_plugin_complex_with_and_rule_with_not_allowed(
write_auth_req_validator, write_request_validation, signatures,
is_owner, off_ledger_signature, amount):
validate(auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraintForbidden(),
AuthConstraint(role="*",
sig_count=1,
need_to_be_owner=False,
off_ledger_signature=off_ledger_signature,
metadata={PLUGIN_FIELD: 2})
]),
valid_actions=[],
author=TRUSTEE,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_simple_rule_1_sig(write_auth_req_validator,
write_request_validation, signatures,
is_owner, amount):
validate(auth_constraint=AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[({
IDENTITY_OWNER: 1
}, True, 2), ({
IDENTITY_OWNER: 2
}, True, 2), ({
IDENTITY_OWNER: 3
}, True, 2)],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_create_did_without_endorser_need_to_be(looper, txnPoolNodeSet,
nym_txn_data, sdk_pool_handle,
sdk_wallet_trustee):
change_auth_rule(looper,
sdk_pool_handle,
sdk_wallet_trustee,
constraint=AuthConstraint(role='*',
sig_count=1,
off_ledger_signature=False))
wh, alias, sender_did, sender_verkey = nym_txn_data
nym_request = looper.loop.run_until_complete(
build_nym_request(sender_did, sender_did, sender_verkey, alias,
NEW_ROLE))
request_couple = sdk_sign_and_send_prepared_request(
looper, (wh, sender_did), sdk_pool_handle, nym_request)
with pytest.raises(RequestRejectedException,
match='is not found in the Ledger'):
sdk_get_and_check_replies(looper, [request_couple])
def test_plugin_simple_rule_3_sig(write_auth_req_validator,
write_request_validation, signatures,
is_owner, amount):
validate(auth_constraint=AuthConstraint(role=TRUSTEE,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[
({
TRUSTEE: 3
}, False, 2),
({
TRUSTEE: 3
}, True, 2),
],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_set_fees(helpers, fees, addresses, looper, sdk_wallet_trustee,
sdk_pool_handle):
"""
1. Send a SET_FEES txn from 3 TRUSTEE
2. Change the auth rule for editing SET_FEES to 1 STEWARD signature
3. Send a transfer from 3 TRUSTEE, check that auth validation failed.
4. Send and check that a SET_FEES request with STEWARD signature pass.
5. Change the auth rule to a default value.
6. Send and check a SET_FEES txn from 3 TRUSTEE.
"""
set_fees(helpers, fees)
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=SET_FEES,
field='*',
old_value='*',
new_value='*',
constraint=AuthConstraint(
role=STEWARD,
sig_count=1,
need_to_be_owner=False).as_dict)
with pytest.raises(RequestRejectedException,
match="Not enough STEWARD signatures"):
set_fees(helpers, fees)
set_fees(helpers, fees, trustee=False)
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=SET_FEES,
field='*',
old_value='*',
new_value='*',
constraint=sovtokenfees_auth_map[edit_fees.get_action_id()].as_dict)
set_fees(helpers, fees)
def test_catching_up_auth_rule_txn(looper,
txnPoolNodeSet,
sdk_wallet_trustee,
sdk_wallet_steward,
sdk_pool_handle):
delayed_node = txnPoolNodeSet[-1]
wh, _ = sdk_wallet_trustee
new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
changed_constraint = AuthConstraint(role=STEWARD,
sig_count=1)
action = AuthActionAdd(txn_type=NYM,
field=ROLE,
value=STEWARD)
with pytest.raises(RequestRejectedException, match="Not enough TRUSTEE signatures"):
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=new_steward_did, verkey=new_steward_verkey)
with delay_rules_without_processing(delayed_node.nodeIbStasher, cDelay(), pDelay(), ppDelay()):
sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=action.txn_type, field=action.field,
new_value=action.value, old_value=None,
constraint=changed_constraint.as_dict)
delayed_node.start_catchup()
looper.run(eventually(lambda: assertExp(delayed_node.mode == Mode.participating)))
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=new_steward_did, verkey=new_steward_verkey)
ensure_all_nodes_have_same_data(looper, txnPoolNodeSet)
config_state = delayed_node.states[CONFIG_LEDGER_ID]
config_req_handler = delayed_node.get_req_handler(CONFIG_LEDGER_ID)
from_state = config_state.get(config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=True)
assert changed_constraint == config_req_handler.constraint_serializer.deserialize(from_state)
def test_plugin_simple_rule_1_sig_endorser_no_endorser(
write_auth_req_validator, write_request_validation, signatures,
is_owner, amount):
validate(auth_constraint=AuthConstraint(role=ENDORSER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[
Action(author=ENDORSER,
endorser=None,
sigs={ENDORSER: s},
is_owner=True,
amount=2,
extra_sigs=True) for s in range(1, MAX_SIG_COUNT + 1)
],
author=ENDORSER,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_complex_with_or_rule_with_not_allowed_trustee_no_endorser(write_auth_req_validator,
write_request_validation,
signatures, is_owner, off_ledger_signature,
amount):
validate(
auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraintForbidden(),
AuthConstraint(role="*", sig_count=1, need_to_be_owner=False,
off_ledger_signature=off_ledger_signature,
metadata={PLUGIN_FIELD: 2})
]),
valid_actions=[
Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1},
is_owner=owner, amount=2, extra_sigs=True)
for s1 in range(1, MAX_SIG_COUNT + 1)
for owner in [True, False]
],
author=TRUSTEE, endorser=None,
all_signatures=signatures, is_owner=is_owner, amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation
)
def test_node_txn_demote_by_endorser(txnPoolNodeSet, sdk_pool_handle,
sdk_wallet_trustee, looper,
sdk_wallet_handle):
validators_before = get_pool_validator_count(txnPoolNodeSet)
new_end_did, new_end_verkey = looper.loop.run_until_complete(
did.create_and_store_my_did(sdk_wallet_trustee[0], "{}"))
# Step 1. Add new Endorser
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newEndorser',
ENDORSER_STRING,
verkey=new_end_verkey,
dest=new_end_did)
new_constraint = AuthConstraint(ENDORSER, 1)
# Step 2. Change auth rule, to allowing endorser demote node
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=demote_action.txn_type,
field=demote_action.field,
new_value=demote_action.new_value,
old_value=demote_action.old_value,
constraint=new_constraint.as_dict)
# Step 3. Demote node using new Endorser
demote_node(looper, (sdk_wallet_handle, new_end_did), sdk_pool_handle,
txnPoolNodeSet[-1])
# Check, that node was demoted
assert validators_before - get_pool_validator_count(
txnPoolNodeSet[:-1]) == 1
def test_plugin_simple_rule_1_sig_owner_no_endorser(write_auth_req_validator,
write_request_validation,
signatures, is_owner,
amount):
validate(auth_constraint=AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[
Action(author=IDENTITY_OWNER,
endorser=None,
sigs={IDENTITY_OWNER: 1},
is_owner=True,
amount=2,
extra_sigs=False)
],
author=IDENTITY_OWNER,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_create_did_without_endorser(looper, txnPoolNodeSet, nym_txn_data,
sdk_pool_handle, sdk_wallet_trustee):
change_auth_rule(looper,
sdk_pool_handle,
sdk_wallet_trustee,
constraint=AuthConstraint(role='*',
sig_count=1,
off_ledger_signature=True))
wh, alias, sender_did, sender_verkey = nym_txn_data
nym_request = looper.loop.run_until_complete(
build_nym_request(sender_did, sender_did, sender_verkey, alias,
NEW_ROLE))
request_couple = sdk_sign_and_send_prepared_request(
looper, (wh, sender_did), sdk_pool_handle, nym_request)
sdk_get_and_check_replies(looper, [request_couple])
details = get_nym_details(txnPoolNodeSet[0].states[1],
sender_did,
is_committed=True)
assert details[ROLE] == NEW_ROLE
assert details[VERKEY] == sender_verkey
def test_plugin_simple_rule_3_sig_trustee_no_endorser(write_auth_req_validator,
write_request_validation,
signatures, is_owner,
amount):
validate(auth_constraint=AuthConstraint(role=TRUSTEE,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[
Action(author=TRUSTEE,
endorser=None,
sigs={TRUSTEE: 3},
is_owner=owner,
amount=2,
extra_sigs=True) for owner in [True, False]
],
author=TRUSTEE,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_simple_rule_1_sig_all_roles_trustee_no_endorser(
write_auth_req_validator, write_request_validation, signatures,
is_owner, off_ledger_signature, amount):
validate(auth_constraint=AuthConstraint(
role='*',
sig_count=1,
need_to_be_owner=True,
off_ledger_signature=off_ledger_signature,
metadata={PLUGIN_FIELD: 2}),
valid_actions=[
Action(author=TRUSTEE,
endorser=None,
sigs={TRUSTEE: s1},
is_owner=True,
amount=2,
extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1)
],
author=TRUSTEE,
endorser=None,
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_check_rule_for_edit_action_changing(looper, sdk_wallet_trustee,
sdk_wallet_steward,
sdk_pool_handle):
wh, _ = sdk_wallet_trustee
new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
"""Adding new steward for old auth rules"""
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_trustee,
'newSteward1',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey)
constraint = AuthConstraint(role=STEWARD, sig_count=1)
"""Change role from steward to '' (blacklisting STEWARD) can only STEWARD"""
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=EDIT_PREFIX,
auth_type=NYM,
field=ROLE,
new_value='',
old_value=STEWARD,
constraint=constraint.as_dict)
op = {'type': '1', 'dest': new_steward_did, 'role': None}
with pytest.raises(RequestRejectedException,
match="Not enough STEWARD signatures"):
"""Blacklisting new steward by TRUSTEE"""
req = sdk_sign_and_submit_op(looper, sdk_pool_handle,
sdk_wallet_trustee, op)
sdk_get_and_check_replies(looper, [req])
"""We change auth rules and for now only steward can add new steward"""
req = sdk_sign_and_submit_op(looper, sdk_pool_handle, sdk_wallet_steward,
op)
sdk_get_and_check_replies(looper, [req])
def test_str_any_several_sig_owner():
constraint = AuthConstraint(role='*', sig_count=7, need_to_be_owner=True)
assert str(
constraint
) == '7 signatures of any role are required and needs to be owner'
def test_str_any_1_off_ledger_sig():
constraint = AuthConstraint(role='*',
sig_count=1,
off_ledger_signature=True)
assert str(constraint
) == '1 signature of any role (off-ledger included) is required'
def test_plugin_and_or_rule_diff_role(write_auth_req_validator,
write_request_validation, signatures,
is_owner, amount):
validate(auth_constraint=AuthConstraintAnd(auth_constraints=[
AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
AuthConstraint(role=STEWARD,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
]),
AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUST_ANCHOR,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
AuthConstraint(role=IDENTITY_OWNER,
sig_count=3,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 3}),
])
]),
valid_actions=[
({
TRUSTEE: 2,
TRUST_ANCHOR: 3
}, False, 3),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, False, 3),
({
TRUSTEE: 2,
TRUST_ANCHOR: 3
}, True, 3),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, True, 3),
({
TRUSTEE: 2,
IDENTITY_OWNER: 3
}, True, 3),
({
TRUSTEE: 3,
IDENTITY_OWNER: 3
}, True, 3),
({
STEWARD: 2,
TRUST_ANCHOR: 3
}, False, 3),
({
STEWARD: 3,
TRUST_ANCHOR: 3
}, False, 3),
({
STEWARD: 2,
TRUST_ANCHOR: 3
}, True, 3),
({
STEWARD: 3,
TRUST_ANCHOR: 3
}, True, 3),
({
STEWARD: 2,
IDENTITY_OWNER: 3
}, True, 3),
({
STEWARD: 3,
IDENTITY_OWNER: 3
}, True, 3),
],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_plugin_complex(write_auth_req_validator, write_request_validation,
signatures, is_owner, amount):
validate(
auth_constraint=AuthConstraintOr(auth_constraints=[
# 1st
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
AuthConstraintOr(auth_constraints=[
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=STEWARD,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
AuthConstraint(role=TRUST_ANCHOR,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
]),
AuthConstraint(role=STEWARD,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
AuthConstraint(role=TRUST_ANCHOR,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
])
]),
# 2d
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=3,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 3}),
AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 3})
]),
# 3d
AuthConstraintAnd(auth_constraints=[
AuthConstraint(
role=TRUSTEE, sig_count=3, need_to_be_owner=False),
AuthConstraintOr(auth_constraints=[
AuthConstraint(
role=STEWARD, sig_count=2, need_to_be_owner=False),
AuthConstraint(
role=TRUST_ANCHOR, sig_count=2, need_to_be_owner=True),
])
]),
# 4th
AuthConstraintAnd(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=2,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 2})
]),
]),
valid_actions=[
# 1st
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 1
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 2,
TRUST_ANCHOR: 1
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 2
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 2,
TRUST_ANCHOR: 2
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 3
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 3,
TRUST_ANCHOR: 1
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 3,
TRUST_ANCHOR: 3
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 1
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 2,
TRUST_ANCHOR: 1
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 2
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 2,
TRUST_ANCHOR: 2
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 1,
TRUST_ANCHOR: 3
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 3,
TRUST_ANCHOR: 1
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 3,
TRUST_ANCHOR: 3
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 2
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 3
}, False, 1),
({
TRUSTEE: 3,
STEWARD: 2
}, True, 1),
({
TRUSTEE: 3,
STEWARD: 3
}, True, 1),
({
TRUSTEE: 3,
TRUST_ANCHOR: 2
}, False, 1),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, False, 1),
({
TRUSTEE: 3,
TRUST_ANCHOR: 2
}, True, 1),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, True, 1),
# 2d
({
TRUSTEE: 3,
IDENTITY_OWNER: 1
}, True, 3),
({
TRUSTEE: 3,
IDENTITY_OWNER: 2
}, True, 3),
({
TRUSTEE: 3,
IDENTITY_OWNER: 3
}, True, 3),
# 3d
({
TRUSTEE: 3,
STEWARD: 2
}, False, None),
({
TRUSTEE: 3,
STEWARD: 3
}, False, None),
({
TRUSTEE: 3,
STEWARD: 2
}, True, None),
({
TRUSTEE: 3,
STEWARD: 3
}, True, None),
({
TRUSTEE: 3,
TRUST_ANCHOR: 2
}, False, None),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, False, None),
({
TRUSTEE: 3,
TRUST_ANCHOR: 2
}, True, None),
({
TRUSTEE: 3,
TRUST_ANCHOR: 3
}, True, None),
# 4th
({
TRUSTEE: 2,
IDENTITY_OWNER: 1
}, True, 2),
({
TRUSTEE: 2,
IDENTITY_OWNER: 2
}, True, 2),
({
TRUSTEE: 2,
IDENTITY_OWNER: 3
}, True, 2),
({
TRUSTEE: 3,
IDENTITY_OWNER: 1
}, True, 2),
({
TRUSTEE: 3,
IDENTITY_OWNER: 2
}, True, 2),
({
TRUSTEE: 3,
IDENTITY_OWNER: 3
}, True, 2),
],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_str_not_any_7_sig_not_owner():
constraint = AuthConstraint(role=TRUSTEE,
sig_count=7,
need_to_be_owner=False)
assert str(constraint) == '7 TRUSTEE signatures are required'
value='start')
cancelUpgrade = AuthActionEdit(txn_type=POOL_UPGRADE,
field='action',
old_value='start',
new_value='cancel')
poolRestart = AuthActionAdd(txn_type=POOL_RESTART, field='action', value='*')
poolConfig = AuthActionAdd(txn_type=POOL_CONFIG, field='action', value='*')
validatorInfo = AuthActionAdd(txn_type=VALIDATOR_INFO, field='*', value='*')
authMap = {
addNewTrustee.get_action_id():
AuthConstraint(TRUSTEE, 1),
addNewSteward.get_action_id():
AuthConstraint(TRUSTEE, 1),
addNewTrustAnchor.get_action_id():
AuthConstraintOr([AuthConstraint(TRUSTEE, 1),
AuthConstraint(STEWARD, 1)]),
addNewIdentityOwner.get_action_id():
AuthConstraintOr([
AuthConstraint(TRUSTEE, 1),
AuthConstraint(STEWARD, 1),
AuthConstraint(TRUST_ANCHOR, 1)
]),
blacklistingTrustee.get_action_id():
AuthConstraint(TRUSTEE, 1),
blacklistingSteward.get_action_id():
AuthConstraint(TRUSTEE, 1),
def test_plugin_or_rule_all_amount(write_auth_req_validator,
write_request_validation, signatures,
is_owner, amount):
validate(auth_constraint=AuthConstraintOr(auth_constraints=[
AuthConstraint(role=TRUSTEE,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 1}),
AuthConstraint(role=STEWARD,
sig_count=1,
need_to_be_owner=False,
metadata={PLUGIN_FIELD: 2}),
AuthConstraint(role=TRUST_ANCHOR,
sig_count=1,
need_to_be_owner=True,
metadata={PLUGIN_FIELD: 3}),
]),
valid_actions=[
({
TRUSTEE: 1
}, False, 1),
({
TRUSTEE: 2
}, False, 1),
({
TRUSTEE: 3
}, False, 1),
({
TRUSTEE: 1
}, True, 1),
({
TRUSTEE: 2
}, True, 1),
({
TRUSTEE: 3
}, True, 1),
({
STEWARD: 1
}, False, 2),
({
STEWARD: 2
}, False, 2),
({
STEWARD: 3
}, False, 2),
({
STEWARD: 1
}, True, 2),
({
STEWARD: 2
}, True, 2),
({
STEWARD: 3
}, True, 2),
({
TRUST_ANCHOR: 1
}, True, 3),
({
TRUST_ANCHOR: 2
}, True, 3),
({
TRUST_ANCHOR: 3
}, True, 3),
],
all_signatures=signatures,
is_owner=is_owner,
amount=amount,
write_auth_req_validator=write_auth_req_validator,
write_request_validation=write_request_validation)
def test_str_not_any_1_sig_owner():
constraint = AuthConstraint(role=TRUSTEE,
sig_count=1,
need_to_be_owner=True)
assert str(
constraint) == '1 TRUSTEE signature is required and needs to be owner'
def test_str_any_1_sig_not_owner():
constraint = AuthConstraint(role='*', sig_count=1, need_to_be_owner=False)
assert str(constraint) == '1 signature of any role is required'
def test_str_any_1_sig_owner():
constraint = AuthConstraint(role="*", sig_count=1, need_to_be_owner=True)
assert str(constraint
) == '1 signature of any role is required and needs to be owner'
