def test_auth_rule_after_get_auth_rule_as_is( looper, sdk_pool_handle, sdk_wallet_trustee ): # get all auth rules auth_rules_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee ) auth_rules = auth_rules_resp[0][1][RESULT][DATA] for rule in auth_rules: # prepare action key dict_key = dict(rule) dict_key.pop(CONSTRAINT) # prepare "operation" to send AUTH_RULE txn op = dict(rule) op[TXN_TYPE] = AUTH_RULE # send AUTH_RULE txn req_obj = sdk_gen_request(op, identifier=sdk_wallet_trustee[1]) req = sdk_sign_and_submit_req_obj(looper, sdk_pool_handle, sdk_wallet_trustee, req_obj) sdk_get_and_check_replies(looper, [req]) # send GET_AUTH_RULE get_response = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, **dict_key) # check response result = get_response[0][1]["result"][DATA] assert len(result) == 1 _check_key(dict_key, result[0]) assert rule[CONSTRAINT] == result[0][CONSTRAINT] assert get_response[0][1]["result"][STATE_PROOF]
def test_auth_rule_after_get_auth_rule_as_is_using_sdk( looper, sdk_pool_handle, sdk_wallet_trustee ): # get all auth rules auth_rules_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee ) auth_rules = auth_rules_resp[0][1][RESULT][DATA] for rule in auth_rules: # prepare action key dict_key = dict(rule) dict_key.pop(CONSTRAINT) # prepare AUTH_RULE request req_json = build_auth_rule_request_json( looper, sdk_wallet_trustee[1], **rule ) # send AUTH_RULE txn req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_trustee, req_json) sdk_get_and_check_replies(looper, [req]) # send GET_AUTH_RULE get_response = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, **dict_key) # check response result = get_response[0][1]["result"][DATA] assert len(result) == 1 _check_key(dict_key, result[0]) assert rule[CONSTRAINT] == result[0][CONSTRAINT] assert get_response[0][1]["result"][STATE_PROOF]
def test_get_auth_rule_transaction_unique_for_anyone_can_write_map_is_rejected( looper, sdk_wallet_trustee, sdk_pool_handle): key = generate_key(auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value='*') with pytest.raises( RequestNackedException, match=r"Unknown authorization rule: key '1--ADD--role--\*--\*' " "is not found in authorization map"): sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, **key)
def test_auth_rules_transaction_without_changes(looper, sdk_wallet_trustee, sdk_pool_handle): before_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee) sdk_send_and_check_auth_rules_request( looper, sdk_pool_handle, sdk_wallet_trustee, rules=before_resp[0][1][RESULT][DATA]) after_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee) assert before_resp[0][1]["result"][DATA] == after_resp[0][1]["result"][ DATA]
def test_get_all_auth_rule_transactions_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = TRUST_ANCHOR constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) str_auth_key = ConfigReqHandler.get_auth_key(resp[0][0][OPERATION]) resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee ) result = resp[0][1]["result"][DATA] for rule in result: key = ConfigReqHandler.get_auth_key(rule) if auth_map[key] is None: assert {} == rule[CONSTRAINT] elif key == str_auth_key: assert constraint == rule[CONSTRAINT] else: assert auth_map[key].as_dict == rule[CONSTRAINT]
def test_get_one_auth_rule_transaction_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = TRUST_ANCHOR constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) dict_auth_key = generate_key(auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value) resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, **dict_auth_key ) result = resp[0][1]["result"][DATA] assert len(result) == 1 _check_key(dict_auth_key, result[0]) assert constraint == result[0][CONSTRAINT] assert resp[0][1]["result"][STATE_PROOF]
def test_get_all_auth_rule_transactions_after_write(looper, sdk_wallet_trustee, sdk_pool_handle): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = ENDORSER auth_constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) resp = sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=auth_constraint) auth_key = StaticAuthRuleHelper.get_auth_key(resp[0][0][OPERATION]) resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee) result = resp[0][1]["result"][DATA] full_auth_map = OrderedDict(auth_map) full_auth_map.update(sovtoken_auth_map) full_auth_map.update(sovtokenfees_auth_map) full_auth_map[auth_key] = ConstraintCreator.create_constraint(auth_constraint) for i, (auth_key, constraint) in enumerate(full_auth_map.items()): rule = result[i] assert auth_key == StaticAuthRuleHelper.get_auth_key(rule) if constraint is None: assert {} == rule[CONSTRAINT] else: assert constraint.as_dict == rule[CONSTRAINT]
def test_reject_all_rules_from_auth_rules_txn(looper, sdk_wallet_trustee, sdk_pool_handle): _, before_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee)[0] rules = [ generate_auth_rule(ADD_PREFIX, NYM, ROLE, "wrong_new_value"), generate_auth_rule(EDIT_PREFIX, NYM, ROLE, TRUST_ANCHOR, TRUSTEE) ] with pytest.raises(RequestNackedException): sdk_send_and_check_auth_rules_request(looper, sdk_pool_handle, sdk_wallet_trustee, rules=rules) _, after_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee)[0] assert before_resp["result"][DATA] == after_resp["result"][DATA]
def test_auth_mint(helpers, addresses, looper, sdk_wallet_trustee, sdk_pool_handle): """ 1. Send a MINT_PUBLIC txn from 3 TRUSTEE 2. Change the auth rule for adding MINT_PUBLIC to 1 STEWARD signature 3. Send a transfer from 3 TRUSTEE, check that auth validation failed. 4. Send and check that a MINT_PUBLIC request with STEWARD signature pass. 5. Change the auth rule to a default value. 6. Send and check a MINT_PUBLIC txn from 3 TRUSTEE. """ outputs = [{ADDRESS: addresses[0], AMOUNT: 1000}] helpers.general.do_mint(outputs) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=MINT_PUBLIC, field='*', new_value='*', constraint=AuthConstraint( role=STEWARD, sig_count=1, need_to_be_owner=False).as_dict) outputs = [{ADDRESS: addresses[0], AMOUNT: 1000}] with pytest.raises(RequestRejectedException, match="Not enough STEWARD signatures"): helpers.general.do_mint(outputs) steward_do_mint(helpers, outputs) sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=MINT_PUBLIC, field='*', new_value='*', constraint=sovtoken_auth_map[add_mint.get_action_id()].as_dict) helpers.general.do_mint(outputs) resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee) full_auth_map = OrderedDict(auth_map) full_auth_map.update(sovtoken_auth_map) result = resp[0][1]["result"][DATA] for i, (auth_key, constraint) in enumerate(full_auth_map.items()): rule = result[i] assert auth_key == StaticAuthRuleHelper.get_auth_key(rule) if constraint is None: assert {} == rule[CONSTRAINT] else: assert constraint.as_dict == rule[CONSTRAINT]
def test_get_one_auth_rule_transaction(looper, sdk_wallet_trustee, sdk_pool_handle): key = generate_key() str_key = ConfigReqHandler.get_auth_key(key) req, resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, **key)[0] for resp_rule in resp[RESULT][DATA]: _check_key(key, resp_rule) assert auth_map.get(str_key).as_dict == resp_rule[CONSTRAINT]
def test_get_one_auth_rule_transaction(looper, sdk_wallet_trustee, sdk_pool_handle): key = generate_key() str_key = ConfigReqHandler.get_auth_key(key) req, resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, **key)[0] result = resp["result"][DATA][0] assert len(resp["result"][DATA]) == 1 _check_key(key, result) assert result[CONSTRAINT] == auth_map.get(str_key).as_dict
def test_auth_rule_after_get_auth_rule_as_is_except_constraint( looper, sdk_wallet_trustee, sdk_pool_handle ): constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE), generate_constraint_entity(role=STEWARD)]) # get all auth rules auth_rules_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee ) auth_rules = auth_rules_resp[0][1][RESULT][DATA] rule = auth_rules[0] # prepare action key dict_key = dict(rule) dict_key.pop(CONSTRAINT) # prepare "operation" to send AUTH_RULE txn op = dict(rule) op[TXN_TYPE] = AUTH_RULE op[CONSTRAINT] = constraint # send AUTH_RULE txn req_obj = sdk_gen_request(op, identifier=sdk_wallet_trustee[1]) req = sdk_sign_and_submit_req_obj(looper, sdk_pool_handle, sdk_wallet_trustee, req_obj) sdk_get_and_check_replies(looper, [req]) # send GET_AUTH_RULE get_response = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, **dict_key ) # check response result = get_response[0][1]["result"][DATA] assert len(result) == 1 _check_key(dict_key, result[0]) assert constraint == result[0][CONSTRAINT] assert get_response[0][1]["result"][STATE_PROOF]
def test_get_one_disabled_auth_rule_transaction(looper, sdk_wallet_trustee, sdk_pool_handle): key = generate_key(auth_action=EDIT_PREFIX, auth_type=SCHEMA, field='*', old_value='*', new_value='*') req, resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, **key )[0] result = resp["result"][DATA] assert len(result) == 1 _check_key(key, result[0]) assert {} == result[0][CONSTRAINT]
def test_get_all_auth_rule_transactions(looper, sdk_wallet_trustee, sdk_pool_handle): resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee) result = resp[0][1]["result"][DATA] for i, (auth_key, constraint) in enumerate(auth_map.items()): rule = result[i] assert auth_key == ConfigReqHandler.get_auth_key(rule) if constraint is None: assert {} == rule[CONSTRAINT] else: assert constraint.as_dict == rule[CONSTRAINT]
def test_get_all_auth_rule_transactions(looper, sdk_wallet_trustee, sdk_pool_handle): resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee) result = resp[0][1]["result"][DATA] full_auth_map = OrderedDict(auth_map) full_auth_map.update(sovtoken_auth_map) full_auth_map.update(sovtokenfees_auth_map) for i, (auth_key, constraint) in enumerate(full_auth_map.items()): rule = result[i] assert auth_key == StaticAuthRuleHelper.get_auth_key(rule) if constraint is None: assert {} == rule[CONSTRAINT] else: assert constraint.as_dict == rule[CONSTRAINT]
def test_auth_rule_state_format(looper, sdk_pool_handle, sdk_wallet_trustee, txnPoolNodeSet, off_ledger_signature): auth_action = ADD_PREFIX auth_type = NYM field = ROLE new_value = ENDORSER constraint = { CONSTRAINT_ID: ConstraintsEnum.ROLE_CONSTRAINT_ID, ROLE: "*", SIG_COUNT: 1, NEED_TO_BE_OWNER: False, METADATA: {} } if off_ledger_signature: constraint[OFF_LEDGER_SIGNATURE] = off_ledger_signature sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=auth_action, auth_type=auth_type, field=field, new_value=new_value, constraint=constraint) state = txnPoolNodeSet[0].db_manager.get_database(CONFIG_LEDGER_ID).state key = generate_key(auth_action, auth_type, field, new_value) path = config.make_state_path_for_auth_rule( StaticAuthRuleHelper.get_auth_key(key)) state_constraint = config_state_serializer.deserialize(state.get(path)) assert state_constraint == constraint _, before_resp = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_type=auth_type, auth_action=auth_action, field=field, new_value=new_value)[0] for rule in before_resp["result"][DATA]: if rule[CONSTRAINT][CONSTRAINT_ID] == 'ROLE' and off_ledger_signature: assert OFF_LEDGER_SIGNATURE in rule[CONSTRAINT]
def test_state_proof_returned_for_get_auth_rule(looper, nodeSetWithOneNodeResponding, sdk_wallet_steward, sdk_pool_handle, sdk_wallet_client, send_auth_rule): req = send_auth_rule key = generate_key(auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=ENDORSER) rep = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_client, **key) result = rep[0][1]['result'] expected_data = req[0][0]['operation'] del expected_data['type'] assert DATA in result data = result.get(DATA) assert data assert data[0] == expected_data check_valid_proof(result)
def test_auth_txn_with_deprecated_key(tconf, tdir, allPluginsPath, txnPoolNodeSet, looper, sdk_wallet_trustee, sdk_pool_handle): """ Add to the auth_map a fake rule Send AUTH_RULE txn to change this fake rule (and set the fake key to the config state) Send GET_AUTH_RULE txn and check that the fake rule was changed Remove the fake auth rule from the map Check that we can't get the fake auth rule Restart the last node with its state regeneration Check that nodes data is equal after changing the existing auth rule (restarted node regenerate config state) """ fake_txn_type = "100002" fake_key = AuthActionAdd(txn_type=fake_txn_type, field="*", value="*").get_action_id() fake_constraint = one_trustee_constraint new_auth_constraint = AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False).as_dict # Add to the auth_map a fake rule with extend_auth_map(txnPoolNodeSet, fake_key, fake_constraint): # Send AUTH_RULE txn to change this fake rule (and set the fake key to the config state) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=fake_txn_type, field='*', new_value='*', constraint=new_auth_constraint) # Send GET_AUTH_RULE txn and check that the fake rule was changed result = sdk_send_and_check_get_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_type=fake_txn_type, auth_action=ADD_PREFIX, field="*", new_value="*")[0][1]["result"][DATA][0] assert result[AUTH_TYPE] == fake_txn_type assert result[CONSTRAINT] == new_auth_constraint # Remove the fake auth rule from the map # Check that we can't get the fake auth rule with pytest.raises(RequestNackedException, match="not found in authorization map"): sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=fake_txn_type, field='*', new_value='*', constraint=AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False).as_dict) resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee) assert all(rule[AUTH_TYPE] != fake_txn_type for rule in resp[0][1]["result"][DATA]) with pytest.raises(RequestNackedException, match="not found in authorization map"): sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_type=fake_txn_type, auth_action=ADD_PREFIX, field="*", new_value="*") # Restart the last node with its state regeneration ensure_all_nodes_have_same_data(looper, txnPoolNodeSet) node_to_stop = txnPoolNodeSet[-1] node_state = node_to_stop.states[CONFIG_LEDGER_ID] assert not node_state.isEmpty state_db_path = node_state._kv.db_path node_to_stop.cleanupOnStopping = False node_to_stop.stop() looper.removeProdable(node_to_stop) ensure_node_disconnected(looper, node_to_stop, txnPoolNodeSet[:-1]) shutil.rmtree(state_db_path) config_helper = NodeConfigHelper(node_to_stop.name, tconf, chroot=tdir) restarted_node = TestNode(node_to_stop.name, config_helper=config_helper, config=tconf, pluginPaths=allPluginsPath, ha=node_to_stop.nodestack.ha, cliha=node_to_stop.clientstack.ha) looper.add(restarted_node) txnPoolNodeSet[-1] = restarted_node # Check that nodes data is equal (restarted node regenerate config state) looper.run(checkNodesConnected(txnPoolNodeSet)) ensureElectionsDone(looper, txnPoolNodeSet, customTimeout=30) sdk_send_and_check_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=ADD_PREFIX, auth_type=NYM, field=ROLE, new_value=STEWARD, constraint=AuthConstraint( role=STEWARD, sig_count=2, need_to_be_owner=False).as_dict) ensure_all_nodes_have_same_data(looper, txnPoolNodeSet, custom_timeout=20)