def test_plugin_and_rule(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[ ({ TRUSTEE: 2, STEWARD: 3 }, False, 2), ({ TRUSTEE: 3, STEWARD: 3 }, False, 2), ({ TRUSTEE: 2, STEWARD: 3 }, True, 2), ({ TRUSTEE: 3, STEWARD: 3 }, True, 2), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_and_rule_trustee_no_endorser(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: '2'}), AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: '2'}) ]), valid_actions=[ Action(author=TRUSTEE, endorser=None, sigs={ TRUSTEE: s, STEWARD: 3 }, is_owner=owner, amount=2, extra_sigs=True) for s in range(2, 4) for owner in [True, False] ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_not_authorize_with_and_constraint(composite_authorizer, req_auth): with pytest.raises(AuthValidationError): composite_authorizer.authorize( req_auth, AuthConstraintAnd( [AuthConstraint(STEWARD, 1), AuthConstraint(TRUSTEE, 1)]), None)
def test_plugin_and_or_rule_same_role_trustee_no_endorser(write_auth_req_validator, write_request_validation, signatures, amount): validate( auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False), AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), ]), AuthConstraintOr(auth_constraints=[ AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False), AuthConstraint(role=STEWARD, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), ]) ]), valid_actions=[ Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3}, is_owner=False, amount=2, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3}, is_owner=False, amount=2, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, STEWARD: 3}, is_owner=False, amount=None, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, STEWARD: 3}, is_owner=False, amount=None, extra_sigs=True), ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=False, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_str_for_auth_constraint_and(): constraint = AuthConstraintAnd([ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True) ]) assert str(constraint) == '1 TRUSTEE signature is required and needs to be owner ' \ 'AND ' \ '1 STEWARD signature is required and needs to be owner'
def test_not_authorize_with_and_constraint(composite_authorizer, req_auth): with pytest.raises(AuthValidationError): composite_authorizer.authorize( req_auth, AuthConstraintAnd([ AuthConstraint("SomeRole", 1), AuthConstraint("SomeOtherRole", 1) ]), None)
def test_plugin_or_and_rule_diff_roles_trustee_no_endorser(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False), ]), AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False), ]), AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=ENDORSER, sig_count=2, need_to_be_owner=True, metadata={PLUGIN_FIELD: 2}), ]), AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=IDENTITY_OWNER, sig_count=3, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}), ]), ]), valid_actions=[Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3}, is_owner=False, amount=None, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3}, is_owner=True, amount=None, extra_sigs=True)] + [Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1, STEWARD: s2}, is_owner=owner, amount=None, extra_sigs=True) for s1 in range(1, 4) for s2 in range(2, 4) for owner in [True, False]] + [Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1, ENDORSER: s2}, is_owner=True, amount=2, extra_sigs=True) for s1 in range(1, 4) for s2 in range(2, 4)] + [Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 2, IDENTITY_OWNER: 3}, is_owner=True, amount=3, extra_sigs=True), Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: 3, IDENTITY_OWNER: 3}, is_owner=True, amount=3, extra_sigs=True)], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def constraints(): role_constraints = [ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True) ] and_constraint = AuthConstraintAnd(role_constraints) or_constraint = AuthConstraintOr(role_constraints) return role_constraints[0], and_constraint, or_constraint
def test_plugin_complex_with_and_rule_with_not_allowed(write_auth_req_validator, write_request_validation, signatures, is_owner, off_ledger_signature, amount): validate( auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintForbidden(), AuthConstraint(role="*", sig_count=1, need_to_be_owner=False, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_check_equal(constraints): same_role, same_and, same_or = constraints """ The same constraints as from fixture but should have not the same id """ role_constraints = [ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True) ] and_constraint = AuthConstraintAnd(role_constraints) or_constraint = AuthConstraintOr(role_constraints) assert id(same_role) != id(role_constraints[0]) assert id(same_or) != id(or_constraint) assert id(same_and) != id(and_constraint) assert same_role == role_constraints[0] assert same_or == or_constraint assert same_and == and_constraint
def test_plugin_and_or_rule_diff_role(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), ]), AuthConstraintOr(auth_constraints=[ AuthConstraint(role=TRUST_ANCHOR, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=IDENTITY_OWNER, sig_count=3, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}), ]) ]), valid_actions=[ ({ TRUSTEE: 2, TRUST_ANCHOR: 3 }, False, 3), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, False, 3), ({ TRUSTEE: 2, TRUST_ANCHOR: 3 }, True, 3), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, True, 3), ({ TRUSTEE: 2, IDENTITY_OWNER: 3 }, True, 3), ({ TRUSTEE: 3, IDENTITY_OWNER: 3 }, True, 3), ({ STEWARD: 2, TRUST_ANCHOR: 3 }, False, 3), ({ STEWARD: 3, TRUST_ANCHOR: 3 }, False, 3), ({ STEWARD: 2, TRUST_ANCHOR: 3 }, True, 3), ({ STEWARD: 3, TRUST_ANCHOR: 3 }, True, 3), ({ STEWARD: 2, IDENTITY_OWNER: 3 }, True, 3), ({ STEWARD: 3, IDENTITY_OWNER: 3 }, True, 3), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_plugin_complex(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ # 1st AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraintOr(auth_constraints=[ AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraint(role=TRUST_ANCHOR, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), ]), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), AuthConstraint(role=TRUST_ANCHOR, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 1}), ]) ]), # 2d AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: 3}), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 3}) ]), # 3d AuthConstraintAnd(auth_constraints=[ AuthConstraint( role=TRUSTEE, sig_count=3, need_to_be_owner=False), AuthConstraintOr(auth_constraints=[ AuthConstraint( role=STEWARD, sig_count=2, need_to_be_owner=False), AuthConstraint( role=TRUST_ANCHOR, sig_count=2, need_to_be_owner=True), ]) ]), # 4th AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: 2}) ]), ]), valid_actions=[ # 1st ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 1 }, False, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 1 }, False, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 2 }, False, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 2 }, False, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 3 }, False, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 1 }, False, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 3 }, False, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 1 }, True, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 1 }, True, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 2 }, True, 1), ({ TRUSTEE: 3, STEWARD: 2, TRUST_ANCHOR: 2 }, True, 1), ({ TRUSTEE: 3, STEWARD: 1, TRUST_ANCHOR: 3 }, True, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 1 }, True, 1), ({ TRUSTEE: 3, STEWARD: 3, TRUST_ANCHOR: 3 }, True, 1), ({ TRUSTEE: 3, STEWARD: 2 }, False, 1), ({ TRUSTEE: 3, STEWARD: 3 }, False, 1), ({ TRUSTEE: 3, STEWARD: 2 }, True, 1), ({ TRUSTEE: 3, STEWARD: 3 }, True, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, False, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, False, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, True, 1), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, True, 1), # 2d ({ TRUSTEE: 3, IDENTITY_OWNER: 1 }, True, 3), ({ TRUSTEE: 3, IDENTITY_OWNER: 2 }, True, 3), ({ TRUSTEE: 3, IDENTITY_OWNER: 3 }, True, 3), # 3d ({ TRUSTEE: 3, STEWARD: 2 }, False, None), ({ TRUSTEE: 3, STEWARD: 3 }, False, None), ({ TRUSTEE: 3, STEWARD: 2 }, True, None), ({ TRUSTEE: 3, STEWARD: 3 }, True, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, False, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, False, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 2 }, True, None), ({ TRUSTEE: 3, TRUST_ANCHOR: 3 }, True, None), # 4th ({ TRUSTEE: 2, IDENTITY_OWNER: 1 }, True, 2), ({ TRUSTEE: 2, IDENTITY_OWNER: 2 }, True, 2), ({ TRUSTEE: 2, IDENTITY_OWNER: 3 }, True, 2), ({ TRUSTEE: 3, IDENTITY_OWNER: 1 }, True, 2), ({ TRUSTEE: 3, IDENTITY_OWNER: 2 }, True, 2), ({ TRUSTEE: 3, IDENTITY_OWNER: 3 }, True, 2), ], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_authorize_with_and_constraint(composite_authorizer, req_auth): composite_authorizer.authorize(req_auth, AuthConstraintAnd([AuthConstraint("SomeRole", 1), AuthConstraint("SomeRole", 1)]), None)
from indy_common.authorize.auth_constraints import ROLE, AuthConstraint, AuthConstraintAnd, AuthConstraintOr from indy_common.constants import NYM from indy_node.test.auth_rule.helper import create_verkey_did, sdk_send_and_check_auth_rule_request from indy_node.test.nym_txn.test_nym_additional import get_nym from plenum.common.constants import STEWARD, STEWARD_STRING, TRUSTEE, TRUSTEE_STRING from plenum.common.exceptions import RequestRejectedException from plenum.common.util import randomString from plenum.test.conftest import sdk_wallet_client from plenum.test.helper import sdk_get_and_check_replies, sdk_send_signed_requests, sdk_sign_request_objects, \ sdk_json_to_request_object, sdk_multi_sign_request_objects from plenum.test.pool_transactions.helper import prepare_nym_request, \ sdk_sign_and_send_prepared_request, sdk_add_new_nym auth_constraint = AuthConstraintOr(auth_constraints=[ AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=STEWARD, sig_count=2), AuthConstraint(role=TRUSTEE, sig_count=1) ]), AuthConstraint(role=TRUSTEE, sig_count=2) ]) @pytest.fixture(scope='module', params=[(2, 0), (3, 0), (1, 2), (1, 3), (2, 1)]) def wallets_for_success(request, sdk_wallet_steward_list, sdk_wallet_trustee_list): return (sdk_wallet_trustee_list[:request.param[0]] + sdk_wallet_steward_list[:request.param[1]]) @pytest.fixture(scope='module', params=[(0, 3), (1, 0), (1, 1)]) def wallets_for_fail(request, sdk_wallet_steward_list,
def test_plugin_complex_trustee_no_endorser(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate( auth_constraint=AuthConstraintOr(auth_constraints=[ # 1st AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: '1'}), AuthConstraintOr(auth_constraints=[ AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: '1'}), AuthConstraint(role=ENDORSER, sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: '1'}), ]), AuthConstraint(role=STEWARD, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: '1'}), AuthConstraint(role=ENDORSER, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: '1'}), ]) ]), # 2d AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=3, need_to_be_owner=False, metadata={PLUGIN_FIELD: '3'}), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: '3'}) ]), # 3d AuthConstraintAnd(auth_constraints=[ AuthConstraint( role=TRUSTEE, sig_count=3, need_to_be_owner=False), AuthConstraintOr(auth_constraints=[ AuthConstraint( role=STEWARD, sig_count=2, need_to_be_owner=False), AuthConstraint( role=ENDORSER, sig_count=2, need_to_be_owner=True), ]) ]), # 4th AuthConstraintAnd(auth_constraints=[ AuthConstraint(role=TRUSTEE, sig_count=2, need_to_be_owner=False, metadata={PLUGIN_FIELD: '2'}), AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=True, metadata={PLUGIN_FIELD: '2'}) ]), ]), valid_actions=[ Action( author=TRUSTEE, endorser=None, sigs={ TRUSTEE: 3, STEWARD: s1, ENDORSER: s2 }, # 1st is_owner=owner, amount=1, extra_sigs=True) for s1 in range(1, 4) for s2 in range(1, 4) for owner in [True, False] ] + [ Action(author=TRUSTEE, endorser=None, sigs={ TRUSTEE: 3, STEWARD: s }, is_owner=owner, amount=1, extra_sigs=True) for s in range(2, 4) for owner in [True, False] ] + [ Action( author=TRUSTEE, endorser=None, sigs={ TRUSTEE: 3, IDENTITY_OWNER: s }, # 2d is_owner=True, amount=3, extra_sigs=True) for s in range(1, 4) ] + [ Action( author=TRUSTEE, endorser=None, sigs={ TRUSTEE: 3, STEWARD: s }, # 3d is_owner=owner, amount=amount, extra_sigs=True) for s in range(2, 4) for owner in [True, False] for amount in [0, None] ] + [ Action(author=TRUSTEE, endorser=None, sigs={ TRUSTEE: 3, ENDORSER: s }, is_owner=owner, amount=amount, extra_sigs=True) for s in range(2, 4) for owner in [True, False] for amount in [0, None] ] + [ Action( author=TRUSTEE, endorser=None, sigs={ TRUSTEE: 2, IDENTITY_OWNER: s }, # 4th is_owner=True, amount=2, extra_sigs=True) for s in range(1, 4) ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
RequestParams(fees=fee_5[1], wallets={STEWARD: 1}), RequestParams(fees=0, wallets={TRUSTEE: 1}), RequestParams(fees=fee_5[1], wallets={ TRUSTEE: 1, STEWARD: 1 }), ], invalid_requests=[ RequestParams(fees=fee_1[1], wallets={STEWARD: 1}), RequestParams(fees=fee_5[1], wallets={TRUSTEE: 1}), RequestParams(fees=fee_5[1], wallets={IDENTITY_OWNER: 1}) ]), # 1 InputParam(auth_constraint=AuthConstraintAnd([ AuthConstraint(STEWARD, 2, metadata={FEES_FIELD_NAME: fee_5[0]}), AuthConstraint(TRUSTEE, 1, metadata={FEES_FIELD_NAME: fee_5[0]}) ]), valid_requests=[ RequestParams(fees=fee_5[1], wallets={ STEWARD: 2, TRUSTEE: 1 }), RequestParams(fees=fee_5[1], wallets={ STEWARD: 3, TRUSTEE: 2 }), ], invalid_requests=[ RequestParams(fees=fee_5[1], wallets={STEWARD: 3}),