def test_init_state_from_ledger(config_ledger, config_state,
config_req_handler, constraint_serializer,
prepare_request):
req_count = 1
action, constraint, request = prepare_request
txn = reqToTxn(request)
txn[TXN_METADATA][TXN_METADATA_SEQ_NO] = 1
"""Add txn to ledger"""
config_ledger.appendTxns([txn])
config_ledger.commitTxns(req_count)
init_state_from_ledger = functools.partial(
Node.init_state_from_ledger,
FakeSomething(update_txn_with_extra_data=lambda txn: txn))
"""Check that txn is not exist in state"""
assert config_state.get(config.make_state_path_for_auth_rule(
action.get_action_id()),
isCommitted=False) is None
assert config_state.get(config.make_state_path_for_auth_rule(
action.get_action_id()),
isCommitted=True) is None
txns_from_ledger = [t for t in config_ledger.getAllTxn()]
"""Check, that txn exist in ledger"""
assert len(txns_from_ledger) == 1
assert get_payload_data(txns_from_ledger[0][1]) == get_payload_data(txn)
"""Emulating node starting"""
init_state_from_ledger(config_state, config_ledger, config_req_handler)
"""Check that txn was added into state"""
from_state = config_state.get(config.make_state_path_for_auth_rule(
action.get_action_id()),
isCommitted=True)
assert constraint_serializer.deserialize(from_state) == constraint
def test_revert_uncommitted_state(config_req_handler, constraint_serializer,
prepare_request, fake_replica):
action, constraint, request = prepare_request
req_count = 1
state_root_hash_before = config_req_handler.state.headHash
config_req_handler.apply(request, int(time.time()))
"""
Check, that request exist in uncommitted state
"""
from_state = config_req_handler.state.get(
config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=False)
assert constraint_serializer.deserialize(from_state) == constraint
fake_replica.revert(CONFIG_LEDGER_ID, state_root_hash_before, req_count)
"""
Txn is reverted from ledger and state
"""
assert len(config_req_handler.ledger.uncommittedTxns) == 0
from_state = config_req_handler.state.get(
config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=False)
assert from_state is None
def test_get_all_auth_rule_transactions_after_write(looper, sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = TRUST_ANCHOR
constraint = generate_constraint_list(auth_constraints=[
generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)
])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=auth_action,
auth_type=auth_type,
field=field,
new_value=new_value,
constraint=constraint)
auth_key = ConfigReqHandler.get_auth_key(resp[0][0][OPERATION])
resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee,
sdk_pool_handle)
expect = {
config.make_state_path_for_auth_rule(key).decode():
constraint.as_dict if constraint is not None else {}
for key, constraint in auth_map.items()
}
expect[config.make_state_path_for_auth_rule(
auth_key).decode()] = constraint
result = resp[0][1]["result"][DATA]
assert result == expect
def test_revert_uncommitted_state(write_manager, db_manager,
constraint_serializer, prepare_request,
fake_ordering_service, tmpdir_factory):
action, constraint, request = prepare_request
req_count = 1
state_root_hash_before = db_manager.get_state(CONFIG_LEDGER_ID).headHash
write_manager.apply_request(request, int(time.time()))
"""
Check, that request exist in uncommitted state
"""
from_state = db_manager.get_state(CONFIG_LEDGER_ID).get(
config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=False)
assert constraint_serializer.deserialize(from_state) == constraint
fake_ordering_service.l_revert(CONFIG_LEDGER_ID, state_root_hash_before,
req_count)
"""
Txn is reverted from ledger and state
"""
assert len(db_manager.get_ledger(CONFIG_LEDGER_ID).uncommittedTxns) == 0
from_state = db_manager.get_state(CONFIG_LEDGER_ID).get(
config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=False)
assert from_state is None
def test_init_state_from_ledger(write_manager,
db_manager,
constraint_serializer,
prepare_request):
reset_state(db_manager, CONFIG_LEDGER_ID)
req_count = 1
action, constraint, request = prepare_request
txn = reqToTxn(request)
txn[TXN_METADATA][TXN_METADATA_SEQ_NO] = 1
"""Add txn to ledger"""
db_manager.get_ledger(CONFIG_LEDGER_ID).appendTxns([txn])
db_manager.get_ledger(CONFIG_LEDGER_ID).commitTxns(req_count)
# ToDo: ugly fix... Refactor this on pluggable req handler integration phase
init_state_from_ledger = functools.partial(
LedgersBootstrap._init_state_from_ledger,
FakeSomething(
db_manager=db_manager,
write_manager=write_manager,
_update_txn_with_extra_data=lambda txn: txn))
"""Check that txn is not exist in state"""
assert db_manager.get_state(CONFIG_LEDGER_ID).get(config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=False) is None
assert db_manager.get_state(CONFIG_LEDGER_ID).get(config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=True) is None
txns_from_ledger = [t for t in db_manager.get_ledger(CONFIG_LEDGER_ID).getAllTxn()]
"""Check, that txn exist in ledger"""
assert len(txns_from_ledger) == 1
assert get_payload_data(txns_from_ledger[0][1]) == get_payload_data(txn)
"""Emulating node starting"""
init_state_from_ledger(CONFIG_LEDGER_ID)
"""Check that txn was added into state"""
from_state = db_manager.get_state(CONFIG_LEDGER_ID) .get(
config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=True)
assert constraint_serializer.deserialize(from_state) == constraint
def test_get_one_auth_rule_transaction_after_write(looper,
sdk_wallet_trustee,
sdk_pool_handle):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = TRUST_ANCHOR
constraint = generate_constraint_list(auth_constraints=[generate_constraint_entity(role=TRUSTEE),
generate_constraint_entity(role=STEWARD)])
resp = sdk_send_and_check_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value,
constraint=constraint)
dict_auth_key = generate_key(auth_action=auth_action, auth_type=auth_type,
field=field, new_value=new_value)
str_key = ConfigReqHandler.get_auth_key(dict_auth_key)
resp = sdk_get_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle,
dict_auth_key)
print(config.make_state_path_for_auth_rule(str_key))
result = resp[0][1]["result"][DATA][config.make_state_path_for_auth_rule(str_key).decode()]
assert result == constraint
assert resp[0][1]["result"][STATE_PROOF]
def test_get_one_auth_rule_transaction(looper, sdk_wallet_trustee,
sdk_pool_handle):
key = generate_key()
str_key = ConfigReqHandler.get_auth_key(key)
req, resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee,
sdk_pool_handle, key)[0]
assert auth_map.get(str_key).as_dict == \
resp["result"][DATA][config.make_state_path_for_auth_rule(str_key).decode()]
def _get_auth_rule(self, key):
path = config.make_state_path_for_auth_rule(key)
map_data, proof = self._get_value_from_state(path, with_proof=True)
if map_data:
data = self.constraint_serializer.deserialize(map_data)
else:
data = self.write_req_validator.auth_map[key]
action_obj = split_action_id(key)
return [self.make_auth_rule_data(data, action_obj)], proof
def _get_all_auth_rules(self):
data = self.write_req_validator.auth_map.copy()
result = {}
for key in self.write_req_validator.auth_map:
path = config.make_state_path_for_auth_rule(key)
state_constraint, _ = self.get_value_from_state(path)
result[path] = self.constraint_serializer.deserialize(state_constraint).as_dict \
if state_constraint \
else data[key].as_dict
return result
def test_get_all_auth_rule_transactions(looper,
sdk_wallet_trustee,
sdk_pool_handle):
resp = sdk_get_auth_rule_request(looper,
sdk_wallet_trustee,
sdk_pool_handle)
expect = {config.make_state_path_for_auth_rule(key).decode(): constraint.as_dict
for key, constraint in auth_map.items()}
result = resp[0][1]["result"][DATA]
assert result == expect
def test_uncommitted_state_after_apply(write_manager, db_manager,
constraint_serializer, prepare_request):
action, constraint, request = prepare_request
write_manager.apply_request(request, int(time.time()))
assert len(db_manager.get_ledger(CONFIG_LEDGER_ID).uncommittedTxns) == 1
assert db_manager.get_state(CONFIG_LEDGER_ID).committedHeadHash != \
db_manager.get_state(CONFIG_LEDGER_ID).headHash
from_state = db_manager.get_state(CONFIG_LEDGER_ID).get(
config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=False)
assert constraint_serializer.deserialize(from_state) == constraint
def test_update_state(write_manager, db_manager, prepare_request,
constraint_serializer):
action, constraint, request = prepare_request
head_hash_before = db_manager.get_state(CONFIG_LEDGER_ID).headHash
txn = reqToTxn(request)
write_manager.update_state(txn, isCommitted=False)
head_hash_after = db_manager.get_state(CONFIG_LEDGER_ID).headHash
from_state = db_manager.get_state(CONFIG_LEDGER_ID).get(
config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=False)
assert constraint_serializer.deserialize(from_state) == constraint
assert head_hash_after != head_hash_before
def test_get_one_disabled_auth_rule_transaction(looper, sdk_wallet_trustee,
sdk_pool_handle):
key = generate_key(auth_action=EDIT_PREFIX,
auth_type=SCHEMA,
field='*',
old_value='*',
new_value='*')
str_key = ConfigReqHandler.get_auth_key(key)
req, resp = sdk_get_auth_rule_request(looper, sdk_wallet_trustee,
sdk_pool_handle, key)[0]
assert {} == resp["result"][DATA][config.make_state_path_for_auth_rule(
str_key).decode()]
def test_update_state(config_req_handler, prepare_request,
constraint_serializer):
action, constraint, request = prepare_request
head_hash_before = config_req_handler.state.headHash
txn = reqToTxn(request)
config_req_handler.updateState([txn], isCommitted=False)
head_hash_after = config_req_handler.state.headHash
from_state = config_req_handler.state.get(
config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=False)
assert constraint_serializer.deserialize(from_state) == constraint
assert head_hash_after != head_hash_before
def test_uncommitted_state_after_apply(config_req_handler,
constraint_serializer, prepare_request):
action, constraint, request = prepare_request
config_req_handler.apply(request, int(time.time()))
assert len(config_req_handler.ledger.uncommittedTxns) == 1
assert config_req_handler.state.committedHeadHash != \
config_req_handler.state.headHash
from_state = config_req_handler.state.get(
config.make_state_path_for_auth_rule(action.get_action_id()),
isCommitted=False)
assert constraint_serializer.deserialize(from_state) == constraint
def _get_all_auth_rules(self):
data = self.write_req_validator.auth_map.copy()
result = []
for key in self.write_req_validator.auth_map:
path = config.make_state_path_for_auth_rule(key)
state_constraint, _ = self.get_value_from_state(path)
if state_constraint:
value = self.constraint_serializer.deserialize(state_constraint)
else:
value = data[key]
action_obj = split_action_id(key)
result.append(self.make_get_auth_rule_result(value, action_obj))
return result
def _find_auth_constraint(self, action_id, auth_map):
am_id = self._find_auth_constraint_key(action_id, auth_map)
if am_id:
constraint = self.get_from_state(
key=config.make_state_path_for_auth_rule(am_id))
if not constraint:
return auth_map.get(am_id)
logger.debug("Using auth constraint from state")
if self.metrics:
self.from_state_count += 1
self.metrics.add_event(MetricsName.AUTH_RULES_FROM_STATE_COUNT,
self.from_state_count)
return constraint
def _get_all_auth_rules(self):
data = self.write_req_validator.auth_map.copy()
result = {}
for key in self.write_req_validator.auth_map:
path = config.make_state_path_for_auth_rule(key)
state_constraint, _ = self.get_value_from_state(path)
if state_constraint:
value = self.constraint_serializer.deserialize(state_constraint)
else:
value = data[key]
value_dict = value.as_dict if value is not None else {}
result[path] = value_dict
return result
def test_config_strategy_constraint_not_found(state, state_serializer):
state_action_id = "1--2--3--4--5"
test_action_id = "1--2--3--4--50"
constraint = AuthConstraint(role=TRUSTEE,
sig_count=1,
need_to_be_owner=True)
auth_map = {state_action_id: constraint}
state.set(config.make_state_path_for_auth_rule(state_action_id),
state_serializer.serialize(constraint))
strategy = ConfigLedgerAuthStrategy(auth_map=auth_map,
state=state,
serializer=state_serializer)
from_state = strategy.get_auth_constraint(test_action_id)
assert from_state is None
def _get_auth_rule(self, key):
multi_sig = None
if self._bls_store:
root_hash = self.state.committedHeadHash
encoded_root_hash = state_roots_serializer.serialize(bytes(root_hash))
multi_sig = self._bls_store.get(encoded_root_hash)
path = config.make_state_path_for_auth_rule(key)
map_data, proof = self.get_value_from_state(path, with_proof=True, multi_sig=multi_sig)
if map_data:
data = self.constraint_serializer.deserialize(map_data)
else:
data = self.write_req_validator.auth_map[key]
action_obj = split_action_id(key)
return [self.make_get_auth_rule_result(data, action_obj)], proof
def _get_auth_rule(self, key):
multi_sig = None
if self.bls_store:
root_hash = self.state.committedHeadHash
encoded_root_hash = state_roots_serializer.serialize(bytes(root_hash))
multi_sig = self.bls_store.get(encoded_root_hash)
path = config.make_state_path_for_auth_rule(key)
map_data, proof = self.get_value_from_state(path, with_proof=True, multi_sig=multi_sig)
if map_data:
data = self.constraint_serializer.deserialize(map_data)
else:
data = self.write_req_validator.auth_map[key]
data_dict = data.as_dict if data is not None else {}
return {path: data_dict}, proof
def test_catching_up_auth_rule_txn(looper, txnPoolNodeSet, sdk_wallet_trustee,
sdk_wallet_steward, sdk_pool_handle):
delayed_node = txnPoolNodeSet[-1]
wh, _ = sdk_wallet_trustee
new_steward_did, new_steward_verkey = create_verkey_did(looper, wh)
changed_constraint = AuthConstraint(role=STEWARD, sig_count=1)
action = AuthActionAdd(txn_type=NYM, field=ROLE, value=STEWARD)
with pytest.raises(RequestRejectedException,
match="Not enough TRUSTEE signatures"):
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward2',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey)
with delay_rules_without_processing(delayed_node.nodeIbStasher, cDelay(),
pDelay(), ppDelay()):
sdk_send_and_check_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=ADD_PREFIX,
auth_type=action.txn_type,
field=action.field,
new_value=action.value,
old_value=None,
constraint=changed_constraint.as_dict)
sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee,
'newSteward2')
delayed_node.start_catchup()
looper.run(
eventually(
lambda: assertExp(delayed_node.mode == Mode.participating)))
sdk_add_new_nym(looper,
sdk_pool_handle,
sdk_wallet_steward,
'newSteward3',
STEWARD_STRING,
dest=new_steward_did,
verkey=new_steward_verkey)
ensure_all_nodes_have_same_data(looper, txnPoolNodeSet)
config_state = delayed_node.states[CONFIG_LEDGER_ID]
from_state = config_state.get(config.make_state_path_for_auth_rule(
action.get_action_id()),
isCommitted=True)
assert changed_constraint == ConstraintsSerializer(
config_state_serializer).deserialize(from_state)
def test_config_strategy_get_constraint_from_state(state, state_serializer):
action_id = "1--2--3--4--5"
constraint_to_state = AuthConstraint(role=TRUSTEE,
sig_count=1,
need_to_be_owner=True)
constraint_to_map = AuthConstraint(role=TRUSTEE,
sig_count=5,
need_to_be_owner=False)
auth_map = {action_id: constraint_to_map}
state.set(config.make_state_path_for_auth_rule(action_id),
state_serializer.serialize(constraint_to_state))
strategy = ConfigLedgerAuthStrategy(auth_map=auth_map,
state=state,
serializer=state_serializer)
from_state = strategy.get_auth_constraint(action_id)
assert from_state != constraint_to_map
assert from_state == constraint_to_state
def _find_auth_constraint(self, action_id, auth_map, from_local=False):
am_id = self._find_auth_constraint_key(action_id, auth_map)
if am_id:
# ToDo: ugly fix for case if ANYONE_CAN_WRITE set to True.
# There is a similar key for anyone_can_write map and auth_map too.
# In future we erase anyone_can_write map.
if from_local:
return auth_map.get(am_id)
constraint = self.get_from_state(
key=config.make_state_path_for_auth_rule(am_id))
if not constraint:
return auth_map.get(am_id)
logger.debug("Using auth constraint from state")
if self.metrics:
self.from_state_count += 1
self.metrics.add_event(MetricsName.AUTH_RULES_FROM_STATE_COUNT,
self.from_state_count)
return constraint
def test_auth_rule_state_format(looper, sdk_pool_handle, sdk_wallet_trustee,
txnPoolNodeSet, off_ledger_signature):
auth_action = ADD_PREFIX
auth_type = NYM
field = ROLE
new_value = ENDORSER
constraint = {
CONSTRAINT_ID: ConstraintsEnum.ROLE_CONSTRAINT_ID,
ROLE: "*",
SIG_COUNT: 1,
NEED_TO_BE_OWNER: False,
METADATA: {}
}
if off_ledger_signature:
constraint[OFF_LEDGER_SIGNATURE] = off_ledger_signature
sdk_send_and_check_auth_rule_request(looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_action=auth_action,
auth_type=auth_type,
field=field,
new_value=new_value,
constraint=constraint)
state = txnPoolNodeSet[0].db_manager.get_database(CONFIG_LEDGER_ID).state
key = generate_key(auth_action, auth_type, field, new_value)
path = config.make_state_path_for_auth_rule(
StaticAuthRuleHelper.get_auth_key(key))
state_constraint = config_state_serializer.deserialize(state.get(path))
assert state_constraint == constraint
_, before_resp = sdk_send_and_check_get_auth_rule_request(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
auth_type=auth_type,
auth_action=auth_action,
field=field,
new_value=new_value)[0]
for rule in before_resp["result"][DATA]:
if rule[CONSTRAINT][CONSTRAINT_ID] == 'ROLE' and off_ledger_signature:
assert OFF_LEDGER_SIGNATURE in rule[CONSTRAINT]
def update_auth_constraint(self, auth_key: str, constraint):
self.state.set(config.make_state_path_for_auth_rule(auth_key),
self.constraint_serializer.serialize(constraint))
