def test_plugin_and_or_rule_same_role_trustee_no_endorser(write_auth_req_validator, write_request_validation, signatures, amount): validate( auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False), AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), ]), AuthConstraintOr(auth_constraints=[ AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False), AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), ]) ]), valid_actions=[ Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3}, is_owner=False, amount=2, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3}, is_owner=False, amount=2, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3}, is_owner=False, amount=None, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3}, is_owner=False, amount=None, extra_sigs=True), ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=False, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_plugin_and_or_rule_same_role(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False), AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), ]), AuthConstraintOr(auth_constraints=[ AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False), AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), ]) ]), valid_actions=[ ({ TRUSTEE: 2, STEWARD: 3 }, False, 2), ({ TRUSTEE: 3, STEWARD: 3 }, False, 2), ({ TRUSTEE: 2, STEWARD: 3 }, True, 2), ({ TRUSTEE: 3, STEWARD: 3 }, True, 2), ({ TRUSTEE: 2, STEWARD: 3 }, False, None), ({ TRUSTEE: 3, STEWARD: 3 }, False, None), ({ TRUSTEE: 2, STEWARD: 3 }, True, None), ({ TRUSTEE: 3, STEWARD: 3 }, True, None), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_or_error_msg_not_enough_amount_multiple_metadata_fields(write_auth_req_validator): set_auth_constraint(write_auth_req_validator, AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False, metadata=OrderedDict([ (PLUGIN_FIELD, 10), ("aaa", "bbb") ])) ])) req, actions = build_req_and_action(Action(author=STEWARD, endorser=None, sigs={STEWARD: 1}, is_owner=True, amount=5, extra_sigs=False)) with pytest.raises(UnauthorizedClientRequest) as excinfo: write_auth_req_validator.validate(req, actions) expected = os.linesep.join([ "Rule for this action is: 1 TRUSTEE signature is required OR 1 STEWARD signature is required with additional metadata new_field 10 aaa bbb", "Failed checks:", "Constraint: 1 TRUSTEE signature is required, Error: Not enough TRUSTEE signatures", "Constraint: 1 STEWARD signature is required with additional metadata new_field 10 aaa bbb, Error: not enough amount in plugin field" ]) assert expected in str(excinfo.value.args[0])
def test_plugin_or_rule_one_amount_diff_roles_owner_no_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 1}), ]), valid_actions=[ Action(author=IDENTITY_OWNER, endorser=None, sigs={IDENTITY_OWNER: 1}, is_owner=True, amount=1, extra_sigs=False) ], author=IDENTITY_OWNER, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_or_rule_one_amount_all_roles_owner_no_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, amount, off_ledger_signature): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False), AuthConstraint(role='*', sig_count=1, need_to_be_owner=True, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: '3'}), ]), valid_actions=[ Action(author=IDENTITY_OWNER, endorser=None, sigs={IDENTITY_OWNER: s}, is_owner=True, amount=3, extra_sigs=False) for s in range(1, MAX_SIG_COUNT + 1) ], author=IDENTITY_OWNER, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_or_rule_one_amount_same_role_endorser_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False), AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: '2'}), ]), valid_actions=[ Action(author=ENDORSER, endorser=ENDORSER, sigs={ENDORSER: s}, is_owner=owner, amount=amount, extra_sigs=True) for s in range(1, 4) for owner in [True, False] for amount in [2, None, 0] ], author=ENDORSER, endorser=ENDORSER, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_or_rule_all_amount(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}), ]), valid_actions=[ ({TRUSTEE: 1}, False, 1), ({TRUSTEE: 2}, False, 1), ({TRUSTEE: 3}, False, 1), ({TRUSTEE: 1}, True, 1), ({TRUSTEE: 2}, True, 1), ({TRUSTEE: 3}, True, 1), ({STEWARD: 1}, False, 2), ({STEWARD: 2}, False, 2), ({STEWARD: 3}, False, 2), ({STEWARD: 1}, True, 2), ({STEWARD: 2}, True, 2), ({STEWARD: 3}, True, 2), ({ENDORSER: 1}, True, 3), ({ENDORSER: 2}, True, 3), ({ENDORSER: 3}, True, 3), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_plugin_complex_with_or_rule_with_not_allowed_trustee_no_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, off_ledger_signature, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraintForbidden(), AuthConstraint(role="*", sig_count=1, need_to_be_owner=False, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[ Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1}, is_owner=owner, amount=2, extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1) for owner in [True, False] ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_or_rule_one_amount_diff_roles(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 1}), ]), valid_actions=[ ({ENDORSER: 1}, False, None), ({ENDORSER: 2}, False, None), ({ENDORSER: 3}, False, None), ({ENDORSER: 1}, True, None), ({ENDORSER: 2}, True, None), ({ENDORSER: 3}, True, None), ({IDENTITY_OWNER: 1}, True, 1), ({IDENTITY_OWNER: 2}, True, 1), ({IDENTITY_OWNER: 3}, True, 1), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_plugin_or_rule_diff_amount_same_role(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUST_ANCHOR, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=TRUST_ANCHOR, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), ]), valid_actions=[ ({ TRUST_ANCHOR: 2 }, True, 2), ({ TRUST_ANCHOR: 3 }, True, 1), ({ TRUST_ANCHOR: 2 }, False, 2), ({ TRUST_ANCHOR: 3 }, False, 1), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_authorize_with_or_constraint_with_one_fail(composite_authorizer, req_auth): composite_authorizer.authorize( req_auth, AuthConstraintOr( [AuthConstraint(STEWARD, 1), AuthConstraint(TRUSTEE, 1)]), None)
def test_not_authorized_with_or_constraint(composite_authorizer, req_auth): with pytest.raises(AuthValidationError): composite_authorizer.authorize( req_auth, AuthConstraintOr( [AuthConstraint(TRUSTEE, 1), AuthConstraint(TRUSTEE, 1)]), None)
def test_str_for_auth_constraint_or(): constraint = AuthConstraintOr([ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True) ]) assert str(constraint) == '1 TRUSTEE signature is required and needs to be owner ' \ 'OR ' \ '1 STEWARD signature is required and needs to be owner'
def test_authorize_with_or_constraint_with_one_fail(composite_authorizer, req_auth): composite_authorizer.authorize( req_auth, AuthConstraintOr([ AuthConstraint("SomeRole", 1), AuthConstraint("SomeOtherRole", 1) ]), None)
def constraints(): role_constraints = [ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True) ] and_constraint = AuthConstraintAnd(role_constraints) or_constraint = AuthConstraintOr(role_constraints) return role_constraints[0], and_constraint, or_constraint
def test_plugin_or_rule_all_amount_trustee_no_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: '1'}), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: '2'}), AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: '3'}), ]), valid_actions=[ Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s}, is_owner=owner, amount=1, extra_sigs=True) for s in range(1, 4) for owner in [True, False] ] + [ Action(author=TRUSTEE, endorser=None, sigs={ TRUSTEE: s1, STEWARD: s2 }, is_owner=owner, amount=2, extra_sigs=True) for s1 in range(1, 4) for s2 in range(1, 4) for owner in [True, False] ] + [ Action(author=TRUSTEE, endorser=None, sigs={ TRUSTEE: s1, ENDORSER: s2 }, is_owner=True, amount=3, extra_sigs=True) for s1 in range(1, 4) for s2 in range(1, 4) ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_and_or_rule_diff_role_trustee_no_endorser(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate( auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), ]), AuthConstraintOr(auth_constraints=[ AuthConstraint(role=ENDORSER, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=IDENTITY_OWNER, sig_count=3, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}), ]) ]), valid_actions=[Action(author=TRUSTEE, endorser=None, sigs={ENDORSER: 3, TRUSTEE: s}, is_owner=owner, amount=3, extra_sigs=True) for s in range(2, 4) for owner in [True, False]] + [Action(author=TRUSTEE, endorser=None, sigs={STEWARD: s1, ENDORSER: 3, TRUSTEE: s2}, is_owner=owner, amount=3, extra_sigs=True) for s1 in range(2, 4) for s2 in range(1, MAX_SIG_COUNT + 1) for owner in [True, False]] + [Action(author=TRUSTEE, endorser=None, sigs={STEWARD: s1, IDENTITY_OWNER: 3, TRUSTEE: s2}, is_owner=True, amount=3, extra_sigs=True) for s1 in range(2, 4) for s2 in range(1, MAX_SIG_COUNT + 1)], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_plugin_or_rule_diff_amount_same_role_endorser_no_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=ENDORSER, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: '2'}), AuthConstraint(role=ENDORSER, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: '1'}), ]), valid_actions=[ Action(author=ENDORSER, endorser=None, sigs={ENDORSER: 2}, is_owner=True, amount=2, extra_sigs=True), Action(author=ENDORSER, endorser=None, sigs={ENDORSER: 3}, is_owner=True, amount=1, extra_sigs=True), Action(author=ENDORSER, endorser=None, sigs={ENDORSER: 2}, is_owner=False, amount=2, extra_sigs=True), Action(author=ENDORSER, endorser=None, sigs={ENDORSER: 3}, is_owner=False, amount=1, extra_sigs=True) ], author=ENDORSER, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_complex_with_or_rule_with_not_allowed(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraintForbidden(), AuthConstraint(role="*", sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[(signature, owner, 2) for signature in signatures if signature for owner in [True, False]], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_check_equal(constraints): same_role, same_and, same_or = constraints """ The same constraints as from fixture but should have not the same id """ role_constraints = [ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True) ] and_constraint = AuthConstraintAnd(role_constraints) or_constraint = AuthConstraintOr(role_constraints) assert id(same_role) != id(role_constraints[0]) assert id(same_or) != id(or_constraint) assert id(same_and) != id(and_constraint) assert same_role == role_constraints[0] assert same_or == or_constraint assert same_and == and_constraint
def test_plugin_or_rule_diff_amount_same_role_owner_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=ENDORSER, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=ENDORSER, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), ]), valid_actions=[ Action(author=IDENTITY_OWNER, endorser=ENDORSER, sigs={ IDENTITY_OWNER: s, ENDORSER: 2 }, is_owner=owner, amount=2, extra_sigs=True) for s in range(1, 4) for owner in [True, False] ] + [ Action(author=IDENTITY_OWNER, endorser=ENDORSER, sigs={ IDENTITY_OWNER: s, ENDORSER: 3 }, is_owner=owner, amount=1, extra_sigs=True) for s in range(1, 4) for owner in [True, False] ], author=IDENTITY_OWNER, endorser=ENDORSER, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_or_rule_one_amount_all_roles_owner_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, amount, off_ledger_signature): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False), AuthConstraint(role='*', sig_count=1, need_to_be_owner=True, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: '3'}), ]), valid_actions=[ Action(author=IDENTITY_OWNER, endorser=ENDORSER, sigs={ IDENTITY_OWNER: s1, ENDORSER: s2 }, is_owner=owner, amount=amount, extra_sigs=True) for s1 in range(1, 4) for s2 in range(1, 4) for owner in [True, False] for amount in [0, None] ] + [ Action(author=IDENTITY_OWNER, endorser=ENDORSER, sigs={ IDENTITY_OWNER: s1, ENDORSER: s2 }, is_owner=True, amount=3, extra_sigs=True) for s1 in range(1, 4) for s2 in range(1, 4) ], author=IDENTITY_OWNER, endorser=ENDORSER, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_or_rule_one_amount_all_roles(write_auth_req_validator, write_request_validation, signatures, is_owner, amount, off_ledger_signature): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False), AuthConstraint(role='*', sig_count=1, need_to_be_owner=True, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: 3}), ]), valid_actions=[({ENDORSER: 1}, False, None), ({ENDORSER: 2}, False, None), ({ENDORSER: 3}, False, None), ({ENDORSER: 1}, True, None), ({ENDORSER: 2}, True, None), ({ENDORSER: 3}, True, None), ] + [(signature, True, 3) for signature in signatures if signature], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def changed_auth_rule(looper, sdk_pool_handle, sdk_wallet_trustee, fees_set): constraint = AuthConstraintOr(auth_constraints=[AuthConstraint(role='*', sig_count=1, off_ledger_signature=True, metadata={FEES_FIELD_NAME: txn_type_to_alias[NYM]}), AuthConstraint(role=TRUSTEE, sig_count=1) ]) req = build_auth_rule_request_json( looper, sdk_wallet_trustee[1], auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, old_value=None, new_value=NEW_ROLE, constraint=constraint.as_dict ) req = json.loads(req) req[OPERATION][CONSTRAINT]['auth_constraints'][0][OFF_LEDGER_SIGNATURE] = True req = json.dumps(req) sdk_send_and_check_req_json(looper, sdk_pool_handle, sdk_wallet_trustee, req)
def test_plugin_or_error_msg_not_enough_amount(write_auth_req_validator): set_auth_constraint( write_auth_req_validator, AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 10}), ])) req, actions = build_req_and_action(signatures={STEWARD: 1}, need_to_be_owner=True, amount=5) with pytest.raises(UnauthorizedClientRequest) as excinfo: write_auth_req_validator.validate(req, actions) expected = os.linesep.join([ "Rule for this action is: 1 TRUSTEE signature is required OR 1 STEWARD signature is required with additional metadata new_field 10", "Failed checks:", "Constraint: 1 TRUSTEE signature is required, Error: Not enough TRUSTEE signatures", "Constraint: 1 STEWARD signature is required with additional metadata new_field 10, Error: not enough amount in plugin field" ]) assert expected in str(excinfo.value.args[0])
# Anyone constraint anyone_constraint = AuthConstraint(role='*', sig_count=1) # Owner constraint owner_constraint = AuthConstraint(role='*', sig_count=1, need_to_be_owner=True) # Steward owner constraint steward_owner_constraint = AuthConstraint(STEWARD, 1, need_to_be_owner=True) # One Trustee constraint one_trustee_constraint = AuthConstraint(TRUSTEE, 1) # Steward or Trustee constraint steward_or_trustee_constraint = AuthConstraintOr( [AuthConstraint(STEWARD, 1), AuthConstraint(TRUSTEE, 1)]) # Trust Anchor, Steward or Trustee constraint trust_anchor_or_steward_or_trustee_constraint = AuthConstraintOr([ AuthConstraint(TRUSTEE, 1), AuthConstraint(STEWARD, 1), AuthConstraint(TRUST_ANCHOR, 1) ]) # Trustee or owner steward trustee_or_owner_steward = AuthConstraintOr([ AuthConstraint(TRUSTEE, 1), AuthConstraint(STEWARD, 1, need_to_be_owner=True) ]) trust_anchor_or_steward_or_trustee_owner_constraint = AuthConstraintOr([
def test_plugin_and_or_rule_diff_role(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), ]), AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUST_ANCHOR, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=IDENTITY_OWNER, sig_count=3, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}), ]) ]), valid_actions=[ ({ TRUSTEE: 2, TRUST_ANCHOR: 3 }, False, 3), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, False, 3), ({ TRUSTEE: 2, TRUST_ANCHOR: 3 }, True, 3), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, True, 3), ({ TRUSTEE: 2, IDENTITY_OWNER: 3 }, True, 3), ({ TRUSTEE: 3, IDENTITY_OWNER: 3 }, True, 3), ({ STEWARD: 2, TRUST_ANCHOR: 3 }, False, 3), ({ STEWARD: 3, TRUST_ANCHOR: 3 }, False, 3), ({ STEWARD: 2, TRUST_ANCHOR: 3 }, True, 3), ({ STEWARD: 3, TRUST_ANCHOR: 3 }, True, 3), ({ STEWARD: 2, IDENTITY_OWNER: 3 }, True, 3), ({ STEWARD: 3, IDENTITY_OWNER: 3 }, True, 3), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_complex(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ # 1st AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraintOr(auth_constraints=[ AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraint(role=TRUST_ANCHOR, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), ]), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraint(role=TRUST_ANCHOR, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), ]) ]), # 2d AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}) ]), # 3d AuthConstraintAnd(auth_constraints=[ AuthConstraint( role=TRUSTEE, sig_count=3, need_to_be_owner=False), AuthConstraintOr(auth_constraints=[ AuthConstraint( role=STEWARD, sig_count=2, need_to_be_owner=False), AuthConstraint( role=TRUST_ANCHOR, sig_count=2, need_to_be_owner=True), ]) ]), # 4th AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 2}) ]), ]), valid_actions=[ # 1st ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 1 }, False, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 1 }, False, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 2 }, False, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 2 }, False, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 3 }, False, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 1 }, False, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 3 }, False, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 1 }, True, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 1 }, True, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 2 }, True, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 2 }, True, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 3 }, True, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 1 }, True, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 3 }, True, 1), ({ TRUSTEE: 3, STEWARD: 2 }, False, 1), ({ TRUSTEE: 3, STEWARD: 3 }, False, 1), ({ TRUSTEE: 3, STEWARD: 2 }, True, 1), ({ TRUSTEE: 3, STEWARD: 3 }, True, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, False, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, False, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, True, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, True, 1), # 2d ({ TRUSTEE: 3, IDENTITY_OWNER: 1 }, True, 3), ({ TRUSTEE: 3, IDENTITY_OWNER: 2 }, True, 3), ({ TRUSTEE: 3, IDENTITY_OWNER: 3 }, True, 3), # 3d ({ TRUSTEE: 3, STEWARD: 2 }, False, None), ({ TRUSTEE: 3, STEWARD: 3 }, False, None), ({ TRUSTEE: 3, STEWARD: 2 }, True, None), ({ TRUSTEE: 3, STEWARD: 3 }, True, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, False, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, False, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, True, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, True, None), # 4th ({ TRUSTEE: 2, IDENTITY_OWNER: 1 }, True, 2), ({ TRUSTEE: 2, IDENTITY_OWNER: 2 }, True, 2), ({ TRUSTEE: 2, IDENTITY_OWNER: 3 }, True, 2), ({ TRUSTEE: 3, IDENTITY_OWNER: 1 }, True, 2), ({ TRUSTEE: 3, IDENTITY_OWNER: 2 }, True, 2), ({ TRUSTEE: 3, IDENTITY_OWNER: 3 }, True, 2), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
old_value='start', new_value='cancel') poolRestart = AuthActionAdd(txn_type=POOL_RESTART, field='action', value='*') poolConfig = AuthActionAdd(txn_type=POOL_CONFIG, field='action', value='*') validatorInfo = AuthActionAdd(txn_type=VALIDATOR_INFO, field='*', value='*') authMap = { addNewTrustee.get_action_id(): AuthConstraint(TRUSTEE, 1), addNewSteward.get_action_id(): AuthConstraint(TRUSTEE, 1), addNewTrustAnchor.get_action_id(): AuthConstraintOr([AuthConstraint(TRUSTEE, 1), AuthConstraint(STEWARD, 1)]), addNewIdentityOwner.get_action_id(): AuthConstraintOr([ AuthConstraint(TRUSTEE, 1), AuthConstraint(STEWARD, 1), AuthConstraint(TRUST_ANCHOR, 1) ]), blacklistingTrustee.get_action_id(): AuthConstraint(TRUSTEE, 1), blacklistingSteward.get_action_id(): AuthConstraint(TRUSTEE, 1), blacklistingTrustAnchor.get_action_id(): AuthConstraint(TRUSTEE, 1), keyRotation.get_action_id(): AuthConstraint(role='*', sig_count=1, need_to_be_owner=True), addSchema.get_action_id():
anyone_constraint = AuthConstraint(role='*', sig_count=1) # Owner constraint owner_constraint = AuthConstraint(role='*', sig_count=1, need_to_be_owner=True) # Steward owner constraint steward_owner_constraint = AuthConstraint(STEWARD, 1, need_to_be_owner=True) # One Trustee constraint one_trustee_constraint = AuthConstraint(TRUSTEE, 1) # Steward or Trustee constraint steward_or_trustee_constraint = AuthConstraintOr([AuthConstraint(STEWARD, 1), AuthConstraint(TRUSTEE, 1)]) # Trust Anchor, Steward or Trustee constraint trust_anchor_or_steward_or_trustee_constraint = AuthConstraintOr([AuthConstraint(TRUSTEE, 1), AuthConstraint(STEWARD, 1), AuthConstraint(TRUST_ANCHOR, 1)]) # Trustee or owner steward trustee_or_owner_steward = AuthConstraintOr([AuthConstraint(TRUSTEE, 1), AuthConstraint(STEWARD, 1, need_to_be_owner=True)]) auth_map = { add_new_trustee.get_action_id(): one_trustee_constraint, add_new_steward.get_action_id(): one_trustee_constraint, add_new_trust_anchor.get_action_id(): steward_or_trustee_constraint, add_new_network_monitor.get_action_id(): steward_or_trustee_constraint,