def test_init_state_from_ledger(config_ledger, config_state, config_req_handler, constraint_serializer, prepare_request): req_count = 1 action, constraint, request = prepare_request txn = reqToTxn(request) txn[TXN_METADATA][TXN_METADATA_SEQ_NO] = 1 """Add txn to ledger""" config_ledger.appendTxns([txn]) config_ledger.commitTxns(req_count) init_state_from_ledger = functools.partial( Node.init_state_from_ledger, FakeSomething(update_txn_with_extra_data=lambda txn: txn)) """Check that txn is not exist in state""" assert config_state.get(config.make_state_path_for_auth_rule( action.get_action_id()), isCommitted=False) is None assert config_state.get(config.make_state_path_for_auth_rule( action.get_action_id()), isCommitted=True) is None txns_from_ledger = [t for t in config_ledger.getAllTxn()] """Check, that txn exist in ledger""" assert len(txns_from_ledger) == 1 assert get_payload_data(txns_from_ledger[0][1]) == get_payload_data(txn) """Emulating node starting""" init_state_from_ledger(config_state, config_ledger, config_req_handler) """Check that txn was added into state""" from_state = config_state.get(config.make_state_path_for_auth_rule( action.get_action_id()), isCommitted=True) assert constraint_serializer.deserialize(from_state) == constraint
def test_revert_uncommitted_state(config_req_handler, constraint_serializer, prepare_request, fake_replica): action, constraint, request = prepare_request req_count = 1 state_root_hash_before = config_req_handler.state.headHash config_req_handler.apply(request, int(time.time())) """ Check, that request exist in uncommitted state """ from_state = config_req_handler.state.get( config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=False) assert constraint_serializer.deserialize(from_state) == constraint fake_replica.revert(CONFIG_LEDGER_ID, state_root_hash_before, req_count) """ Txn is reverted from ledger and state """ assert len(config_req_handler.ledger.uncommittedTxns) == 0 from_state = config_req_handler.state.get( config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=False) assert from_state is None
def test_get_all_auth_rule_transactions_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = TRUST_ANCHOR constraint = generate_constraint_list(auth_constraints=[ generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD) ]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) auth_key = ConfigReqHandler.get_auth_key(resp[0][0][OPERATION]) resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle) expect = { config.make_state_path_for_auth_rule(key).decode(): constraint.as_dict if constraint is not None else {} for key, constraint in auth_map.items() } expect[config.make_state_path_for_auth_rule( auth_key).decode()] = constraint result = resp[0][1]["result"][DATA] assert result == expect
def test_revert_uncommitted_state(write_manager, db_manager, constraint_serializer, prepare_request, fake_ordering_service, tmpdir_factory): action, constraint, request = prepare_request req_count = 1 state_root_hash_before = db_manager.get_state(CONFIG_LEDGER_ID).headHash write_manager.apply_request(request, int(time.time())) """ Check, that request exist in uncommitted state """ from_state = db_manager.get_state(CONFIG_LEDGER_ID).get( config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=False) assert constraint_serializer.deserialize(from_state) == constraint fake_ordering_service.l_revert(CONFIG_LEDGER_ID, state_root_hash_before, req_count) """ Txn is reverted from ledger and state """ assert len(db_manager.get_ledger(CONFIG_LEDGER_ID).uncommittedTxns) == 0 from_state = db_manager.get_state(CONFIG_LEDGER_ID).get( config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=False) assert from_state is None
def test_init_state_from_ledger(write_manager, db_manager, constraint_serializer, prepare_request): reset_state(db_manager, CONFIG_LEDGER_ID) req_count = 1 action, constraint, request = prepare_request txn = reqToTxn(request) txn[TXN_METADATA][TXN_METADATA_SEQ_NO] = 1 """Add txn to ledger""" db_manager.get_ledger(CONFIG_LEDGER_ID).appendTxns([txn]) db_manager.get_ledger(CONFIG_LEDGER_ID).commitTxns(req_count) # ToDo: ugly fix... Refactor this on pluggable req handler integration phase init_state_from_ledger = functools.partial( LedgersBootstrap._init_state_from_ledger, FakeSomething( db_manager=db_manager, write_manager=write_manager, _update_txn_with_extra_data=lambda txn: txn)) """Check that txn is not exist in state""" assert db_manager.get_state(CONFIG_LEDGER_ID).get(config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=False) is None assert db_manager.get_state(CONFIG_LEDGER_ID).get(config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=True) is None txns_from_ledger = [t for t in db_manager.get_ledger(CONFIG_LEDGER_ID).getAllTxn()] """Check, that txn exist in ledger""" assert len(txns_from_ledger) == 1 assert get_payload_data(txns_from_ledger[0][1]) == get_payload_data(txn) """Emulating node starting""" init_state_from_ledger(CONFIG_LEDGER_ID) """Check that txn was added into state""" from_state = db_manager.get_state(CONFIG_LEDGER_ID) .get( config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=True) assert constraint_serializer.deserialize(from_state) == constraint
def test_get_one_auth_rule_transaction_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = TRUST_ANCHOR constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) dict_auth_key = generate_key(auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value) str_key = ConfigReqHandler.get_auth_key(dict_auth_key) resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, dict_auth_key) print(config.make_state_path_for_auth_rule(str_key)) result = resp[0][1]["result"][DATA][config.make_state_path_for_auth_rule(str_key).decode()] assert result == constraint assert resp[0][1]["result"][STATE_PROOF]
def test_get_one_auth_rule_transaction(looper, sdk_wallet_trustee, sdk_pool_handle): key = generate_key() str_key = ConfigReqHandler.get_auth_key(key) req, resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, key)[0] assert auth_map.get(str_key).as_dict == \ resp["result"][DATA][config.make_state_path_for_auth_rule(str_key).decode()]
def _get_auth_rule(self, key): path = config.make_state_path_for_auth_rule(key) map_data, proof = self._get_value_from_state(path, with_proof=True) if map_data: data = self.constraint_serializer.deserialize(map_data) else: data = self.write_req_validator.auth_map[key] action_obj = split_action_id(key) return [self.make_auth_rule_data(data, action_obj)], proof
def _get_all_auth_rules(self): data = self.write_req_validator.auth_map.copy() result = {} for key in self.write_req_validator.auth_map: path = config.make_state_path_for_auth_rule(key) state_constraint, _ = self.get_value_from_state(path) result[path] = self.constraint_serializer.deserialize(state_constraint).as_dict \ if state_constraint \ else data[key].as_dict return result
def test_get_all_auth_rule_transactions(looper, sdk_wallet_trustee, sdk_pool_handle): resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle) expect = {config.make_state_path_for_auth_rule(key).decode(): constraint.as_dict for key, constraint in auth_map.items()} result = resp[0][1]["result"][DATA] assert result == expect
def test_uncommitted_state_after_apply(write_manager, db_manager, constraint_serializer, prepare_request): action, constraint, request = prepare_request write_manager.apply_request(request, int(time.time())) assert len(db_manager.get_ledger(CONFIG_LEDGER_ID).uncommittedTxns) == 1 assert db_manager.get_state(CONFIG_LEDGER_ID).committedHeadHash != \ db_manager.get_state(CONFIG_LEDGER_ID).headHash from_state = db_manager.get_state(CONFIG_LEDGER_ID).get( config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=False) assert constraint_serializer.deserialize(from_state) == constraint
def test_update_state(write_manager, db_manager, prepare_request, constraint_serializer): action, constraint, request = prepare_request head_hash_before = db_manager.get_state(CONFIG_LEDGER_ID).headHash txn = reqToTxn(request) write_manager.update_state(txn, isCommitted=False) head_hash_after = db_manager.get_state(CONFIG_LEDGER_ID).headHash from_state = db_manager.get_state(CONFIG_LEDGER_ID).get( config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=False) assert constraint_serializer.deserialize(from_state) == constraint assert head_hash_after != head_hash_before
def test_get_one_disabled_auth_rule_transaction(looper, sdk_wallet_trustee, sdk_pool_handle): key = generate_key(auth_action=EDIT_PREFIX, auth_type=SCHEMA, field='*', old_value='*', new_value='*') str_key = ConfigReqHandler.get_auth_key(key) req, resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, key)[0] assert {} == resp["result"][DATA][config.make_state_path_for_auth_rule( str_key).decode()]
def test_update_state(config_req_handler, prepare_request, constraint_serializer): action, constraint, request = prepare_request head_hash_before = config_req_handler.state.headHash txn = reqToTxn(request) config_req_handler.updateState([txn], isCommitted=False) head_hash_after = config_req_handler.state.headHash from_state = config_req_handler.state.get( config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=False) assert constraint_serializer.deserialize(from_state) == constraint assert head_hash_after != head_hash_before
def test_uncommitted_state_after_apply(config_req_handler, constraint_serializer, prepare_request): action, constraint, request = prepare_request config_req_handler.apply(request, int(time.time())) assert len(config_req_handler.ledger.uncommittedTxns) == 1 assert config_req_handler.state.committedHeadHash != \ config_req_handler.state.headHash from_state = config_req_handler.state.get( config.make_state_path_for_auth_rule(action.get_action_id()), isCommitted=False) assert constraint_serializer.deserialize(from_state) == constraint
def _get_all_auth_rules(self): data = self.write_req_validator.auth_map.copy() result = [] for key in self.write_req_validator.auth_map: path = config.make_state_path_for_auth_rule(key) state_constraint, _ = self.get_value_from_state(path) if state_constraint: value = self.constraint_serializer.deserialize(state_constraint) else: value = data[key] action_obj = split_action_id(key) result.append(self.make_get_auth_rule_result(value, action_obj)) return result
def _find_auth_constraint(self, action_id, auth_map): am_id = self._find_auth_constraint_key(action_id, auth_map) if am_id: constraint = self.get_from_state( key=config.make_state_path_for_auth_rule(am_id)) if not constraint: return auth_map.get(am_id) logger.debug("Using auth constraint from state") if self.metrics: self.from_state_count += 1 self.metrics.add_event(MetricsName.AUTH_RULES_FROM_STATE_COUNT, self.from_state_count) return constraint
def _get_all_auth_rules(self): data = self.write_req_validator.auth_map.copy() result = {} for key in self.write_req_validator.auth_map: path = config.make_state_path_for_auth_rule(key) state_constraint, _ = self.get_value_from_state(path) if state_constraint: value = self.constraint_serializer.deserialize(state_constraint) else: value = data[key] value_dict = value.as_dict if value is not None else {} result[path] = value_dict return result
def test_config_strategy_constraint_not_found(state, state_serializer): state_action_id = "1--2--3--4--5" test_action_id = "1--2--3--4--50" constraint = AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True) auth_map = {state_action_id: constraint} state.set(config.make_state_path_for_auth_rule(state_action_id), state_serializer.serialize(constraint)) strategy = ConfigLedgerAuthStrategy(auth_map=auth_map, state=state, serializer=state_serializer) from_state = strategy.get_auth_constraint(test_action_id) assert from_state is None
def _get_auth_rule(self, key): multi_sig = None if self._bls_store: root_hash = self.state.committedHeadHash encoded_root_hash = state_roots_serializer.serialize(bytes(root_hash)) multi_sig = self._bls_store.get(encoded_root_hash) path = config.make_state_path_for_auth_rule(key) map_data, proof = self.get_value_from_state(path, with_proof=True, multi_sig=multi_sig) if map_data: data = self.constraint_serializer.deserialize(map_data) else: data = self.write_req_validator.auth_map[key] action_obj = split_action_id(key) return [self.make_get_auth_rule_result(data, action_obj)], proof
def _get_auth_rule(self, key): multi_sig = None if self.bls_store: root_hash = self.state.committedHeadHash encoded_root_hash = state_roots_serializer.serialize(bytes(root_hash)) multi_sig = self.bls_store.get(encoded_root_hash) path = config.make_state_path_for_auth_rule(key) map_data, proof = self.get_value_from_state(path, with_proof=True, multi_sig=multi_sig) if map_data: data = self.constraint_serializer.deserialize(map_data) else: data = self.write_req_validator.auth_map[key] data_dict = data.as_dict if data is not None else {} return {path: data_dict}, proof
def test_catching_up_auth_rule_txn(looper, txnPoolNodeSet, sdk_wallet_trustee, sdk_wallet_steward, sdk_pool_handle): delayed_node = txnPoolNodeSet[-1] wh, _ = sdk_wallet_trustee new_steward_did, new_steward_verkey = create_verkey_did(looper, wh) changed_constraint = AuthConstraint(role=STEWARD, sig_count=1) action = AuthActionAdd(txn_type=NYM, field=ROLE, value=STEWARD) with pytest.raises(RequestRejectedException, match="Not enough TRUSTEE signatures"): sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward, 'newSteward2', STEWARD_STRING, dest=new_steward_did, verkey=new_steward_verkey) with delay_rules_without_processing(delayed_node.nodeIbStasher, cDelay(), pDelay(), ppDelay()): sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=action.txn_type, field=action.field, new_value=action.value, old_value=None, constraint=changed_constraint.as_dict) sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward2') delayed_node.start_catchup() looper.run( eventually( lambda: assertExp(delayed_node.mode == Mode.participating))) sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward, 'newSteward3', STEWARD_STRING, dest=new_steward_did, verkey=new_steward_verkey) ensure_all_nodes_have_same_data(looper, txnPoolNodeSet) config_state = delayed_node.states[CONFIG_LEDGER_ID] from_state = config_state.get(config.make_state_path_for_auth_rule( action.get_action_id()), isCommitted=True) assert changed_constraint == ConstraintsSerializer( config_state_serializer).deserialize(from_state)
def test_config_strategy_get_constraint_from_state(state, state_serializer): action_id = "1--2--3--4--5" constraint_to_state = AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True) constraint_to_map = AuthConstraint(role=TRUSTEE, sig_count=5, need_to_be_owner=False) auth_map = {action_id: constraint_to_map} state.set(config.make_state_path_for_auth_rule(action_id), state_serializer.serialize(constraint_to_state)) strategy = ConfigLedgerAuthStrategy(auth_map=auth_map, state=state, serializer=state_serializer) from_state = strategy.get_auth_constraint(action_id) assert from_state != constraint_to_map assert from_state == constraint_to_state
def _find_auth_constraint(self, action_id, auth_map, from_local=False): am_id = self._find_auth_constraint_key(action_id, auth_map) if am_id: # ToDo: ugly fix for case if ANYONE_CAN_WRITE set to True. # There is a similar key for anyone_can_write map and auth_map too. # In future we erase anyone_can_write map. if from_local: return auth_map.get(am_id) constraint = self.get_from_state( key=config.make_state_path_for_auth_rule(am_id)) if not constraint: return auth_map.get(am_id) logger.debug("Using auth constraint from state") if self.metrics: self.from_state_count += 1 self.metrics.add_event(MetricsName.AUTH_RULES_FROM_STATE_COUNT, self.from_state_count) return constraint
def test_auth_rule_state_format(looper, sdk_pool_handle, sdk_wallet_trustee, txnPoolNodeSet, off_ledger_signature): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = ENDORSER constraint = { CONSTRAINT_ID: ConstraintsEnum.ROLE_CONSTRAINT_ID, ROLE: "*", SIG_COUNT: 1, NEED_TO_BE_OWNER: False, METADATA: {} } if off_ledger_signature: constraint[OFF_LEDGER_SIGNATURE] = off_ledger_signature sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) state = txnPoolNodeSet[0].db_manager.get_database(CONFIG_LEDGER_ID).state key = generate_key(auth_action, auth_type, field, new_value) path = config.make_state_path_for_auth_rule( StaticAuthRuleHelper.get_auth_key(key)) state_constraint = config_state_serializer.deserialize(state.get(path)) assert state_constraint == constraint _, before_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_type=auth_type, auth_action=auth_action, field=field, new_value=new_value)[0] for rule in before_resp["result"][DATA]: if rule[CONSTRAINT][CONSTRAINT_ID] == 'ROLE' and off_ledger_signature: assert OFF_LEDGER_SIGNATURE in rule[CONSTRAINT]
def update_auth_constraint(self, auth_key: str, constraint): self.state.set(config.make_state_path_for_auth_rule(auth_key), self.constraint_serializer.serialize(constraint))