def test_authorization(looper, mint_tokens, sdk_wallet_trustee, sdk_pool_handle, helpers, input_param, address, sdk_wallet_trustees, sdk_wallet_stewards, sdk_wallet_clients, sdk_wallet_trust_anchors): helpers.general.do_set_fees(set_fees, fill_auth_map=False) sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=ATTRIB, field="*", new_value="*", constraint=input_param.auth_constraint.as_dict) for req in input_param.valid_requests: _send_request(looper, helpers, req.fees, req.wallets, address, req.owner, sdk_wallet_trustee, sdk_wallet_trustees, sdk_wallet_stewards, sdk_wallet_clients, sdk_wallet_trust_anchors) for req in input_param.invalid_requests: with pytest.raises(RequestRejectedException, match="UnauthorizedClientRequest"): _send_request(looper, helpers, req.fees, req.wallets, address, req.owner, sdk_wallet_trustee, sdk_wallet_trustees, sdk_wallet_stewards, sdk_wallet_clients, sdk_wallet_trust_anchors)
def test_nym_without_fees_but_required(fees, helpers, nodeSetWithIntegratedTokenPlugin, sdk_wallet_steward, sdk_pool_handle, sdk_wallet_trustee, mint_tokens, address_main, looper): """ Steps: 1. Send auth_rule txn with fees in metadata 2. Send nym without fees and check, that it will be rejected """ helpers.general.do_set_fees(fees, fill_auth_map=False) original_action = add_new_identity_owner original_constraint = auth_map.get(add_new_identity_owner.get_action_id()) original_constraint.set_metadata({'fees': NYM_FEES_ALIAS}) sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=NYM, field=original_action.field, new_value=original_action.value, old_value=None, constraint=original_constraint.as_dict) with pytest.raises(RequestRejectedException, match="Fees are required for this txn type"): helpers.general.do_nym()
def test_validation_nym_with_fees_more_than_required(fees, helpers, nodeSetWithIntegratedTokenPlugin, address_main, sdk_pool_handle, sdk_wallet_trustee, mint_tokens, looper): """ Steps: 1. Checks that nym with fees will be rejected, because fees are not set 2. Send auth_rule txn with fees in metadata and set fees for pool 3. Resend nym with fees more than required and check, that it will be rejected """ current_amount = get_amount_from_token_txn(mint_tokens) seq_no = 1 with pytest.raises(RequestRejectedException, match="Fees are not required for this txn type"): current_amount, seq_no, _ = send_and_check_nym_with_fees(helpers, {FEES: fees}, seq_no, looper, [address_main], current_amount) helpers.general.do_set_fees(fees, fill_auth_map=False) original_action = add_new_identity_owner original_constraint = auth_map.get(add_new_identity_owner.get_action_id()) original_constraint.set_metadata({'fees': NYM_FEES_ALIAS}) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=NYM, field=original_action.field, new_value=original_action.value, old_value=None, constraint=original_constraint.as_dict) with pytest.raises(RequestRejectedException, match="ExtraFundsError"): current_amount, seq_no, _ = send_and_check_nym_with_fees(helpers, {FEES: {NYM_FEES_ALIAS: fees[NYM_FEES_ALIAS] + 1}}, seq_no, looper, [address_main], current_amount) ensure_all_nodes_have_same_data(looper, nodeSetWithIntegratedTokenPlugin)
def test_auth_rule_transaction_for_edit(looper, sdk_wallet_trustee, sdk_pool_handle): sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX)
def test_add_metadata_with_existed_fees_alias(looper, helpers, sdk_wallet_trustee, sdk_pool_handle, nodeSetWithIntegratedTokenPlugin): fees_alias = '3333' current_fees = helpers.general.do_get_fees() assert fees_alias not in current_fees[FEES] helpers.general.do_set_fees({fees_alias: 42}, fill_auth_map=False) current_fees = helpers.general.do_get_fees() assert fees_alias in current_fees[FEES] constraint = copy.deepcopy(auth_map.one_trustee_constraint) constraint.set_metadata({FEES_FIELD_NAME: fees_alias}) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=STEWARD, old_value=None, constraint=constraint.as_dict) key = generate_key(auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=STEWARD,) auth_rule = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, **key)[0][1] assert auth_rule['result']['data'][0][CONSTRAINT]['metadata'][FEES_FIELD_NAME] == fees_alias
def test_reject_auth_rule_transaction(looper, sdk_wallet_steward, sdk_pool_handle): with pytest.raises(RequestRejectedException) as e: sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_steward ) e.match('Not enough TRUSTEE signatures')
def send_and_check_auth_rule(looper, sdk_pool_handle, sdk_wallet_trustee): auth_constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=ENDORSER, constraint=auth_constraint)
def test_reject_auth_rule_transaction(looper, sdk_wallet_steward, sdk_pool_handle): with pytest.raises(RequestRejectedException) as e: sdk_send_and_check_auth_rule_request(looper, sdk_wallet_steward, sdk_pool_handle) e.match('UnauthorizedClientRequest') e.match('can not do this action')
def test_auth_rule_transaction_with_large_constraint(looper, sdk_wallet_trustee, sdk_pool_handle): constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, constraint=constraint)
def test_auth_mint(helpers, addresses, looper, sdk_wallet_trustee, sdk_pool_handle): """ 1. Send a MINT_PUBLIC txn from 3 TRUSTEE 2. Change the auth rule for adding MINT_PUBLIC to 1 STEWARD signature 3. Send a transfer from 3 TRUSTEE, check that auth validation failed. 4. Send and check that a MINT_PUBLIC request with STEWARD signature pass. 5. Change the auth rule to a default value. 6. Send and check a MINT_PUBLIC txn from 3 TRUSTEE. """ outputs = [{ADDRESS: addresses[0], AMOUNT: 1000}] helpers.general.do_mint(outputs) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=MINT_PUBLIC, field='*', new_value='*', constraint=AuthConstraint( role=STEWARD, sig_count=1, need_to_be_owner=False).as_dict) outputs = [{ADDRESS: addresses[0], AMOUNT: 1000}] with pytest.raises(RequestRejectedException, match="Not enough STEWARD signatures"): helpers.general.do_mint(outputs) steward_do_mint(helpers, outputs) sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=MINT_PUBLIC, field='*', new_value='*', constraint=sovtoken_auth_map[add_mint.get_action_id()].as_dict) helpers.general.do_mint(outputs) resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee) full_auth_map = OrderedDict(auth_map) full_auth_map.update(sovtoken_auth_map) result = resp[0][1]["result"][DATA] for i, (auth_key, constraint) in enumerate(full_auth_map.items()): rule = result[i] assert auth_key == StaticAuthRuleHelper.get_auth_key(rule) if constraint is None: assert {} == rule[CONSTRAINT] else: assert constraint.as_dict == rule[CONSTRAINT]
def test_reqnack_auth_rule_transaction_with_wrong_key(looper, sdk_wallet_trustee, sdk_pool_handle): with pytest.raises(RequestNackedException) as e: sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_type="*") e.match("InvalidClientRequest") e.match("is not found in authorization map")
def test_auth_xfer(helpers, addresses, looper, sdk_wallet_trustee, sdk_pool_handle, mint_tokens, new_client_wallet, txnPoolNodeSet, sdk_wallet_steward): """ 1. Send a transfer txn XFER_PUBLIC from client 2. Change the auth rule for adding XFER_PUBLIC to 1 STEWARD signature 3. Send a transfer from client, check that auth validation failed. 4. Send and check that a transfer request with STEWARD signature pass. 5. Change the auth rule to a default value. 6. Send and check a transfer txn from client. """ transfer_count = 10 client_wallet = (new_client_wallet[0], new_client_wallet[1]) do_transfer(txnPoolNodeSet, sdk_pool_handle, helpers, looper, client_wallet, addresses[:2], transfer_count) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=XFER_PUBLIC, field='*', new_value='*', constraint=AuthConstraint( role=STEWARD, sig_count=1, need_to_be_owner=False).as_dict) with pytest.raises(RequestRejectedException, match="Not enough STEWARD signatures"): do_transfer(txnPoolNodeSet, sdk_pool_handle, helpers, looper, client_wallet, addresses[:2], transfer_count) do_transfer(txnPoolNodeSet, sdk_pool_handle, helpers, looper, sdk_wallet_steward, addresses[:2], transfer_count, sign=True) sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=XFER_PUBLIC, field='*', new_value='*', constraint=sovtoken_auth_map[add_xfer.get_action_id()].as_dict) do_transfer(txnPoolNodeSet, sdk_pool_handle, helpers, looper, client_wallet, addresses[:2], transfer_count)
def test_auth_rule_for_raw_attrib_works(looper, sdk_wallet_trustee, sdk_pool_handle, sdk_user_wallet_a, sdk_wallet_trust_anchor): _, did_cl = sdk_user_wallet_a # We can add and modify attribs data = dict() data['a'] = {'John': 'Snow'} data = json.dumps(data) sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl) sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl) sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=EDIT_PREFIX, auth_type=ATTRIB, field='*', new_value='*', old_value='*', constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict) # We still can add, but cannot edit attrib data = dict() data['b'] = {'John': 'Snow'} data = json.dumps(data) sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl) with pytest.raises(RequestRejectedException) as e: sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl) e.match('Not enough STEWARD signatures') sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=ADD_PREFIX, auth_type=ATTRIB, field='*', new_value='*', constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict) # We cannot add or edit attrib data = dict() data['c'] = {'John': 'Snow'} data = json.dumps(data) with pytest.raises(RequestRejectedException) as e: sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl) e.match('Not enough STEWARD signatures') with pytest.raises(RequestRejectedException) as e: sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, data, did_cl) e.match('Not enough STEWARD signatures')
def test_reqnack_auth_rule_add_transaction_with_wrong_format( looper, sdk_wallet_trustee, sdk_pool_handle): with pytest.raises(RequestNackedException) as e: sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, old_value="*") e.match("InvalidClientRequest") e.match("Transaction for change authentication " "rule for {}={} must not contain field {}".format( AUTH_ACTION, ADD_PREFIX, OLD_VALUE))
def test_auth_rule_for_enc_attrib_works(looper, sdk_wallet_trustee, sdk_pool_handle, sdk_user_wallet_a, sdk_wallet_trust_anchor): _, did_cl = sdk_user_wallet_a set_attrib_auth_to_none(looper, sdk_wallet_trustee, sdk_pool_handle) # We can add and modify attribs data = secretBox.encrypt(json.dumps({'name': 'Jaime'}).encode()).hex() sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data) sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data) sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=EDIT_PREFIX, auth_type=ATTRIB, field='*', new_value='*', old_value='*', constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict) # We still can add, but cannot edit attrib data = secretBox.encrypt(json.dumps({'name': 'Cersei'}).encode()).hex() sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data) with pytest.raises(RequestRejectedException) as e: sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data) e.match('Not enough STEWARD signatures') sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=ADD_PREFIX, auth_type=ATTRIB, field='*', new_value='*', constraint=AuthConstraint(role=STEWARD, sig_count=1).as_dict) # We cannot add or edit attrib data = secretBox.encrypt(json.dumps({'name': 'Tywin'}).encode()).hex() with pytest.raises(RequestRejectedException) as e: sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data) e.match('Not enough STEWARD signatures') with pytest.raises(RequestRejectedException) as e: sdk_add_attribute_and_check(looper, sdk_pool_handle, sdk_wallet_trust_anchor, None, did_cl, enc=data) e.match('Not enough STEWARD signatures')
def test_reject_with_unacceptable_role_in_constraint(looper, sdk_wallet_trustee, sdk_pool_handle): constraint = generate_constraint_entity() unacceptable_role = 'olololo' constraint[ROLE] = unacceptable_role with pytest.raises(RequestNackedException) as e: sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, constraint=constraint) e.match('InvalidClientRequest') e.match('Role {} is not acceptable'.format(unacceptable_role))
def test_catching_up_auth_rule_txn(looper, txnPoolNodeSet, sdk_wallet_trustee, sdk_wallet_steward, sdk_pool_handle): delayed_node = txnPoolNodeSet[-1] wh, _ = sdk_wallet_trustee new_steward_did, new_steward_verkey = create_verkey_did(looper, wh) changed_constraint = AuthConstraint(role=STEWARD, sig_count=1) action = AuthActionAdd(txn_type=NYM, field=ROLE, value=STEWARD) with pytest.raises(RequestRejectedException, match="Not enough TRUSTEE signatures"): sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward, 'newSteward2', STEWARD_STRING, dest=new_steward_did, verkey=new_steward_verkey) with delay_rules_without_processing(delayed_node.nodeIbStasher, cDelay(), pDelay(), ppDelay()): sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=action.txn_type, field=action.field, new_value=action.value, old_value=None, constraint=changed_constraint.as_dict) sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward2') delayed_node.start_catchup() looper.run( eventually( lambda: assertExp(delayed_node.mode == Mode.participating))) sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward, 'newSteward3', STEWARD_STRING, dest=new_steward_did, verkey=new_steward_verkey) ensure_all_nodes_have_same_data(looper, txnPoolNodeSet) config_state = delayed_node.states[CONFIG_LEDGER_ID] from_state = config_state.get(config.make_state_path_for_auth_rule( action.get_action_id()), isCommitted=True) assert changed_constraint == ConstraintsSerializer( config_state_serializer).deserialize(from_state)
def prepare_auth_map(looper, sdk_wallet_trustee, sdk_pool_handle): wh, _ = sdk_wallet_trustee did1, verkey1 = create_verkey_did(looper, wh) """Adding new steward for old auth rules""" add_new_nym(looper, sdk_pool_handle, [sdk_wallet_trustee], 'newSteward1', STEWARD_STRING, dest=did1, verkey=verkey1) sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=STEWARD, old_value=None, constraint=auth_constraint.as_dict)
def test_get_all_auth_rule_transactions_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = TRUST_ANCHOR constraint = generate_constraint_list(auth_constraints=[ generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD) ]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) auth_key = ConfigReqHandler.get_auth_key(resp[0][0][OPERATION]) resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle) expect = {key: constraint.as_dict for key, constraint in auth_map.items()} expect[auth_key] = constraint result = resp[0][1]["result"][DATA] assert result == expect
def test_use_modified_rules_from_uncommitted(looper, txnPoolNodeSet, sdk_wallet_trustee, sdk_wallet_steward, sdk_pool_handle): node_stashers = [n.nodeIbStasher for n in txnPoolNodeSet] wh, _ = sdk_wallet_trustee new_steward_did, new_steward_verkey = create_verkey_did(looper, wh) changed_constraint = AuthConstraint(role=STEWARD, sig_count=1) with delay_rules(node_stashers, cDelay()): r_auth = sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=STEWARD, old_value=None, constraint=changed_constraint.as_dict, no_wait=True) looper.runFor(waits.expectedPrePrepareTime(len(txnPoolNodeSet))) r_add_steward = sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward, 'newSteward2', STEWARD_STRING, dest=new_steward_did, verkey=new_steward_verkey, no_wait=True) sdk_get_and_check_replies(looper, [r_auth]) sdk_get_and_check_replies(looper, [r_add_steward])
def test_get_all_auth_rule_transactions_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = ENDORSER auth_constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=auth_constraint) auth_key = StaticAuthRuleHelper.get_auth_key(resp[0][0][OPERATION]) resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee) result = resp[0][1]["result"][DATA] full_auth_map = OrderedDict(auth_map) full_auth_map.update(sovtoken_auth_map) full_auth_map.update(sovtokenfees_auth_map) full_auth_map[auth_key] = ConstraintCreator.create_constraint(auth_constraint) for i, (auth_key, constraint) in enumerate(full_auth_map.items()): rule = result[i] assert auth_key == StaticAuthRuleHelper.get_auth_key(rule) if constraint is None: assert {} == rule[CONSTRAINT] else: assert constraint.as_dict == rule[CONSTRAINT]
def test_get_one_auth_rule_transaction_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = TRUST_ANCHOR constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) dict_auth_key = generate_key(auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value) resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, **dict_auth_key ) result = resp[0][1]["result"][DATA] assert len(result) == 1 _check_key(dict_auth_key, result[0]) assert constraint == result[0][CONSTRAINT] assert resp[0][1]["result"][STATE_PROOF]
def test_get_all_auth_rule_transactions_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = TRUST_ANCHOR constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) str_auth_key = ConfigReqHandler.get_auth_key(resp[0][0][OPERATION]) resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee ) result = resp[0][1]["result"][DATA] for rule in result: key = ConfigReqHandler.get_auth_key(rule) if auth_map[key] is None: assert {} == rule[CONSTRAINT] elif key == str_auth_key: assert constraint == rule[CONSTRAINT] else: assert auth_map[key].as_dict == rule[CONSTRAINT]
def test_get_one_auth_rule_transaction_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = TRUST_ANCHOR constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) dict_auth_key = generate_key(auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value) str_key = ConfigReqHandler.get_auth_key(dict_auth_key) resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee, sdk_pool_handle, dict_auth_key) print(config.make_state_path_for_auth_rule(str_key)) result = resp[0][1]["result"][DATA][config.make_state_path_for_auth_rule(str_key).decode()] assert result == constraint assert resp[0][1]["result"][STATE_PROOF]
def test_add_metadata_with_not_existed_alias(looper, helpers, sdk_wallet_trustee, sdk_pool_handle, nodeSetWithIntegratedTokenPlugin): fees_alias = "add_new_steward" current_fees = helpers.general.do_get_fees() assert fees_alias not in current_fees[FEES] constraint = copy.deepcopy(auth_map.one_trustee_constraint) constraint.set_metadata({FEES_FIELD_NAME: fees_alias}) with pytest.raises(RequestRejectedException, match="does not exist in current fees".format(fees_alias)): sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=STEWARD, old_value=None, constraint=constraint.as_dict)
def test_node_txn_promote_by_endorser(txnPoolNodeSet, sdk_pool_handle, sdk_wallet_trustee, looper, sdk_wallet_handle): validators_before = get_pool_validator_count(txnPoolNodeSet) new_end_did, new_end_verkey = looper.loop.run_until_complete( did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) # Step 1. Demote node using default auth rule demote_node(looper, sdk_wallet_trustee, sdk_pool_handle, txnPoolNodeSet[-1]) # Check, that node was demoted assert validators_before - get_pool_validator_count( txnPoolNodeSet[:-1]) == 1 # Step 2. Add new Endorser sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newEndorser', ENDORSER_STRING, verkey=new_end_verkey, dest=new_end_did) new_constraint = AuthConstraint(ENDORSER, 1) # Step 3. Change auth rule, to allowing endorser promote node back sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX, auth_type=promote_action.txn_type, field=promote_action.field, new_value=promote_action.new_value, old_value=promote_action.old_value, constraint=new_constraint.as_dict) # Step 4. Promote node back, using new Endorser promote_node(looper, (sdk_wallet_handle, new_end_did), sdk_pool_handle, txnPoolNodeSet[-1]) # Check, that all other nodes return previous demoted node back assert validators_before == get_pool_validator_count(txnPoolNodeSet[:-1])
def test_check_rule_for_add_action_changing(looper, sdk_wallet_trustee, sdk_wallet_steward, sdk_pool_handle): wh, _ = sdk_wallet_trustee did1, verkey1 = create_verkey_did(looper, wh) """Adding new steward for old auth rules""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward1', STEWARD_STRING, dest=did1, verkey=verkey1) constraint = AuthConstraint(role=STEWARD, sig_count=1) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=STEWARD, old_value=None, constraint=constraint.as_dict) did2, verkey2 = create_verkey_did(looper, wh) with pytest.raises(RequestRejectedException, match="Not enough STEWARD signatures"): """Adding new steward for changed auth rules""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward2', STEWARD_STRING, dest=did2, verkey=verkey2) """We change auth rules and for now only steward can add new steward""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward, 'newSteward2', STEWARD_STRING, dest=did2, verkey=verkey2)
def test_add_metadata_with_complex_constraint(looper, helpers, sdk_wallet_trustee, sdk_pool_handle, nodeSetWithIntegratedTokenPlugin): fees_alias = "2222" current_fees = helpers.general.do_get_fees() assert fees_alias not in current_fees[FEES] constraint = copy.deepcopy(auth_map.trust_anchor_or_steward_or_trustee_constraint) # set metadata only for the last constraint in OrAuthConstraint constraint.auth_constraints[-1].set_metadata({FEES_FIELD_NAME: fees_alias}) with pytest.raises(RequestRejectedException, match="does not exist in current fees".format(fees_alias)): sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=IDENTITY_OWNER, old_value=None, constraint=constraint.as_dict)
def test_auth_rule_state_format(looper, sdk_pool_handle, sdk_wallet_trustee, txnPoolNodeSet, off_ledger_signature): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = ENDORSER constraint = { CONSTRAINT_ID: ConstraintsEnum.ROLE_CONSTRAINT_ID, ROLE: "*", SIG_COUNT: 1, NEED_TO_BE_OWNER: False, METADATA: {} } if off_ledger_signature: constraint[OFF_LEDGER_SIGNATURE] = off_ledger_signature sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) state = txnPoolNodeSet[0].db_manager.get_database(CONFIG_LEDGER_ID).state key = generate_key(auth_action, auth_type, field, new_value) path = config.make_state_path_for_auth_rule( StaticAuthRuleHelper.get_auth_key(key)) state_constraint = config_state_serializer.deserialize(state.get(path)) assert state_constraint == constraint _, before_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_type=auth_type, auth_action=auth_action, field=field, new_value=new_value)[0] for rule in before_resp["result"][DATA]: if rule[CONSTRAINT][CONSTRAINT_ID] == 'ROLE' and off_ledger_signature: assert OFF_LEDGER_SIGNATURE in rule[CONSTRAINT]
def test_set_fees(helpers, fees, addresses, looper, sdk_wallet_trustee, sdk_pool_handle): """ 1. Send a SET_FEES txn from 3 TRUSTEE 2. Change the auth rule for editing SET_FEES to 1 STEWARD signature 3. Send a transfer from 3 TRUSTEE, check that auth validation failed. 4. Send and check that a SET_FEES request with STEWARD signature pass. 5. Change the auth rule to a default value. 6. Send and check a SET_FEES txn from 3 TRUSTEE. """ set_fees(helpers, fees) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX, auth_type=SET_FEES, field='*', old_value='*', new_value='*', constraint=AuthConstraint( role=STEWARD, sig_count=1, need_to_be_owner=False).as_dict) with pytest.raises(RequestRejectedException, match="Not enough STEWARD signatures"): set_fees(helpers, fees) set_fees(helpers, fees, trustee=False) sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX, auth_type=SET_FEES, field='*', old_value='*', new_value='*', constraint=sovtokenfees_auth_map[edit_fees.get_action_id()].as_dict) set_fees(helpers, fees)