fixed merge conflict

Signed-off-by: Michael Boyd <[email protected]>

README.md

@@ -149,18 +149,18 @@ If you made changes in both indy-plenum and indy-node, you need to do the follow
 - Indy-plenum is based on [RBFT](https://pakupaku.me/plaublin/rbft/5000a297.pdf) protocol
 - Please have a look at documents and diagrams in [docs/source](docs/source) folder
 - Please have a look at documents and diagrams in Plenum's [docs](https://github.com/hyperledger/indy-plenum/tree/master/docs) folder, or on https://indy.readthedocs.io/projects/plenum :
-    - [Technical Overview of Plenum](https://github.com/hyperledger/indy-plenum/blob/master/docs/main.md)
-    - [Plenum Consensus Algorithm Diagram](https://github.com/hyperledger/indy-plenum/blob/master/docs/diagrams/consensus-protocol.png)
-    - [Glossary](https://github.com/hyperledger/indy-plenum/blob/master/docs/glossary.md)
-    - [Storages](https://github.com/hyperledger/indy-plenum/blob/master/docs/storage.md)
-    - [Request Handling](https://github.com/hyperledger/indy-plenum/blob/master/docs/request_handling.md)
-    - [Catchup](https://github.com/hyperledger/indy-plenum/blob/master/docs/catchup.md)
-    - [Catchup Diagram](https://github.com/hyperledger/indy-plenum/blob/master/docs/diagrams/catchup-procedure.png)
-    - [Plugins](https://github.com/hyperledger/indy-plenum/blob/master/docs/plugins.md)
+    - [Technical Overview of Plenum](https://github.com/hyperledger/indy-plenum/blob/master/docs/source/main.md)
+    - [Plenum Consensus Algorithm Diagram](https://github.com/hyperledger/indy-plenum/blob/master/docs/source/diagrams/consensus-protocol.png)
+    - [Glossary](https://github.com/hyperledger/indy-plenum/blob/master/docs/source/glossary.md)
+    - [Storages](https://github.com/hyperledger/indy-plenum/blob/master/docs/source/storage.md)
+    - [Request Handling](https://github.com/hyperledger/indy-plenum/blob/master/docs/source/request_handling.md)
+    - [Catchup](https://github.com/hyperledger/indy-plenum/blob/master/docs/source/catchup.md)
+    - [Catchup Diagram](https://github.com/hyperledger/indy-plenum/blob/master/docs/source/diagrams/catchup-procedure.png)
+    - [Plugins](https://github.com/hyperledger/indy-plenum/blob/master/docs/source/plugins.md)
 - Relationship between Entities and Transactions: [relationship diagram](docs/source/relationship-diagram.png)
 - Supported transactions and their format: [transactions](docs/source/transactions.md)
 - Supported requests (write, read) and their format: [requests](docs/source/requests.md)
-- [Network roles and permissions](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0)
+- [Network roles and permissions](https://github.com/hyperledger/indy-node/blob/master/docs/source/auth_rules.md)
 - [Indy file folder structure guideline](docs/source/indy-file-structure-guideline.md)
 - [Helper Scripts](docs/source/helper-scripts.md)
 - [Pool Upgrade](docs/source/pool-upgrade.md)

build-scripts/ubuntu-1604/build-3rd-parties.sh

@@ -42,4 +42,4 @@ function build_from_pypi {
 #   build_from_pypi <pypi-name> <version>
 
 build_from_pypi timeout-decorator 0.4.0
-
+build_from_pypi distro 1.3.0

build-scripts/ubuntu-1604/prepare-package.sh

@@ -39,6 +39,7 @@ sed -i -r "s~indy-plenum-[a-z]+~indy-plenum~" "$repo/setup.py"
 echo -e "Adapt the dependencies for the Canonical archive"
 sed -i "s~python-dateutil~python3-dateutil~" "$repo/setup.py"
 sed -i "s~timeout-decorator~python3-timeout-decorator~" "$repo/setup.py"
+sed -i "s~distro~python3-distro~" "$repo/setup.py"
 
 # create manifest file
 repourl=$(git --git-dir $repo/.git --work-tree $repo config --get remote.origin.url)

docs/source/auth_rules.md

@@ -4,10 +4,12 @@
 | NYM              |`role` |`<empty>`       | TRUSTEE   | TRUSTEE|Adding new TRUSTEE|
 | NYM              |`role` |`<empty>`       | STEWARD   | TRUSTEE|Adding new STEWARD|
 | NYM              |`role` |`<empty>`       | TRUST_ANCHOR| TRUSTEE, STEWARD|Adding new TRUST_ANCHOR|
+| NYM              |`role` |`<empty>`       | NETWORK_MONITOR| TRUSTEE, STEWARD|Adding new NETWORK_MONITOR|
 | NYM              |`role` |`<empty>`       |`<empty>`  | TRUSTEE, STEWARD, TRUST_ANCHOR| Adding new Identity Owner|
 | NYM              |`role` | TRUSTEE        |`<empty>`  | TRUSTEE | Blacklisting Trustee|
 | NYM              |`role` | STEWARD        |`<empty>`  | TRUSTEE | Blacklisting Steward|
 | NYM              |`role` | TRUST_ANCHOR   |`<empty>`  | TRUSTEE | Blacklisting Trust anchor|
+| NYM              |`role` | NETWORK_MONITOR|`<empty>`  | TRUSTEE, STEWARD | Blacklisting user with NETWORK_MONITOR role| 
 | NYM              |`verkey`|`*`|`*`| Owner of this nym | Key Rotation|
 | SCHEMA           |`*`|`*`|`*`| TRUSTEE, STEWARD, TRUST_ANCHOR | Adding new Schema|
 | SCHEMA           |`*`|`*`|`*`| No one can edit existing Schema | Editing Schema|
@@ -25,7 +27,7 @@
 | POOL_UPGRADE     |`action`|`start`|`cancel`|TRUSTEE| Canceling upgrade procedure|
 | POOL_RESTART     |`action`|`*`|`*`|TRUSTEE| Restarting pool command|
 | POOL_CONFIG      |`action`|`*`|`*`|TRUSTEE| Pool config command (like a `read only` option)| 
-| VALIDATOR_INFO   |`*`|`*`|`*`| TRUSTEE, STEWARD| Getting validator_info from pool|
+| VALIDATOR_INFO   |`*`|`*`|`*`| TRUSTEE, STEWARD, NETWORK_MONITOR| Getting validator_info from pool|
 
 
 ### Also, there is a some optional rules for case if in config option ANYONE_CAN_WRITE is set to True:
@@ -52,5 +54,3 @@
 |REVOC_REG_DEF|`*`|`*`|`*`| Only owners can edit existing REVOC_REG_DEF| Editing REVOC_REG_DEF|
 |REVOC_REG_ENTRY|`*`|`*`|`*`| Only the owner of the corresponding REVOC_REG_DEF can create new REVOC_REG_ENTRY| Adding new REVOC_REG_ENTRY|
 |REVOC_REG_ENTRY|`*`|`*`|`*`| Only owners can edit existing REVOC_REG_ENTRY| Adding new REVOC_REG_ENTRY|
-
-

docs/source/requests-new.md

@@ -31,7 +31,7 @@ then have a look at [transactions](transactions.md).
 
 [indy-sdk](https://github.com/hyperledger/indy-sdk) expects the format as specified below.
 
-See [roles and permissions](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0) on the roles and who can create each type of transactions.
+See [roles and permissions](https://github.com/hyperledger/indy-node/blob/master/docs/auth_rules.md) on the roles and who can create each type of transactions.
 
 
 ## Base Client-to-Node and Node-to-Node serialization 
@@ -404,7 +404,7 @@ The format of each request-specific data for each type of request.
 
 ### NYM
 Creates a new NYM record for a specific user, trust anchor, steward or trustee.
-Note that only trustees and stewards can create new trust anchors and trustee can be created only by other trusties (see [roles](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0)).
+Note that only trustees and stewards can create new trust anchors and trustee can be created only by other trusties (see [roles](https://github.com/hyperledger/indy-node/blob/master/docs/auth_rules.md)).
 
 The request can be used for 
 creation of new DIDs, setting and rotation of verification key, setting and changing of roles.
@@ -425,7 +425,7 @@ creation of new DIDs, setting and rotation of verification key, setting and chan
     - 2 (STEWARD)
     - 101 (TRUST_ANCHOR)
 
-  A TRUSTEE can change any Nym's role to None, this stopping it from making any writes (see [roles](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0)).
+  A TRUSTEE can change any Nym's role to None, this stopping it from making any writes (see [roles](https://github.com/hyperledger/indy-node/blob/master/docs/auth_rules.md)).
 
 - `verkey` (base58-encoded string; optional): 
 

docs/source/requests.md

@@ -31,7 +31,7 @@ then have a look at [transactions](transactions.md).
 
 [indy-sdk](https://github.com/hyperledger/indy-sdk) expects the format as specified below.
 
-See [roles and permissions](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0) on the roles and who can create each type of transactions.
+See [roles and permissions](https://github.com/hyperledger/indy-node/blob/master/docs/auth_rules.md) on the roles and who can create each type of transactions.
 
 ## Common Request Structure
 
@@ -337,7 +337,7 @@ The format of each request-specific data for each type of request.
 
 ### NYM
 Creates a new NYM record for a specific user, trust anchor, steward or trustee.
-Note that only trustees and stewards can create new trust anchors and trustee can be created only by other trusties (see [roles](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0)).
+Note that only trustees and stewards can create new trust anchors and trustee can be created only by other trusties (see [roles](https://github.com/hyperledger/indy-node/blob/master/docs/auth_rules.md)).
 
 The request can be used for 
 creation of new DIDs, setting and rotation of verification key, setting and changing of roles.
@@ -358,7 +358,7 @@ creation of new DIDs, setting and rotation of verification key, setting and chan
     - "2" (STEWARD)
     - "101" (TRUST_ANCHOR)
 
-  A TRUSTEE can change any Nym's role to None, this stopping it from making any writes (see [roles](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0)).
+  A TRUSTEE can change any Nym's role to None, this stopping it from making any writes (see [roles](https://github.com/hyperledger/indy-node/blob/master/docs/auth_rules.md)).
 
 - `verkey` (base58-encoded string, possibly starting with "~"; optional):
 
@@ -534,7 +534,7 @@ So, if the Schema needs to be evolved, a new Schema with a new version or name n
 
      Dictionary with Schema's data:
 
-    - `attr_names`: array of attribute name strings
+    - `attr_names`: array of attribute name strings (125 attributes maximum)
     - `name`: Schema's name string
     - `version`: Schema's version string
 

docs/source/transactions.md

@@ -38,7 +38,7 @@ where key is a sequence number of the transaction and value is the serialized tr
 - All transactions are serialized to MsgPack format
 - All transactions (both transaction log and merkle tree hash stores) are stored in a LevelDB
 - One can use the `read_ledger` script to get transactions for a specified ledger in a readable format (JSON)
-- See [roles and permissions](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0) for a list of roles and they type of transactions they can create.
+- See [roles and permissions](https://github.com/hyperledger/indy-node/blob/master/docs/auth_rules.md) for a list of roles and they type of transactions they can create.
 
 Below you can find the format and description of all supported transactions.
 
@@ -170,7 +170,7 @@ Please note that all these metadata fields may be absent for genesis transaction
 
 #### NYM
 Creates a new NYM record for a specific user, trust anchor, steward or trustee.
-Note that only trustees and stewards can create new trust anchors and a trustee can be created only by other trustees (see [roles](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0)).
+Note that only trustees and stewards can create new trust anchors and a trustee can be created only by other trustees (see [roles](https://github.com/hyperledger/indy-node/blob/master/docs/auth_rules.md)).
 
 The transaction can be used for 
 creation of new DIDs, setting and rotation of verification key, setting and changing of roles.
@@ -191,7 +191,7 @@ creation of new DIDs, setting and rotation of verification key, setting and chan
     - 2 (STEWARD)
     - 101 (TRUST_ANCHOR)
 
-  A TRUSTEE can change any Nym's role to None, thus stopping it from making any further writes (see [roles](https://docs.google.com/spreadsheets/d/1TWXF7NtBjSOaUIBeIH77SyZnawfo91cJ_ns4TR-wsq4/edit#gid=0)).
+  A TRUSTEE can change any Nym's role to None, thus stopping it from making any further writes (see [roles](https://github.com/hyperledger/indy-node/blob/master/docs/auth_rules.md)).
 
 - `verkey` (base58-encoded string, possibly starting with "~"; optional):
 

indy_common/auth.py

@@ -4,7 +4,7 @@
 
 from indy_common.constants import OWNER, POOL_UPGRADE, TRUST_ANCHOR, NYM, \
     POOL_CONFIG, SCHEMA, CLAIM_DEF, \
-    POOL_RESTART, VALIDATOR_INFO
+    POOL_RESTART, VALIDATOR_INFO, NETWORK_MONITOR
 from indy_common.roles import Roles
 
 logger = getlogger()
@@ -71,7 +71,7 @@ def generate_auth_map(valid_roles, anyone_can_write=None):
 
 
 class Authoriser:
-    ValidRoles = (TRUSTEE, STEWARD, TRUST_ANCHOR, None)
+    ValidRoles = (TRUSTEE, STEWARD, TRUST_ANCHOR, NETWORK_MONITOR, None)
 
     auth_map = None
 

indy_common/authorize/auth_map.py

@@ -1,7 +1,7 @@
 from indy_common.authorize.auth_actions import AuthActionAdd, AuthActionEdit
 from indy_common.authorize.auth_constraints import AuthConstraint, AuthConstraintOr
 from indy_common.constants import TRUST_ANCHOR, POOL_CONFIG, VALIDATOR_INFO, POOL_UPGRADE, POOL_RESTART, NODE, \
-    CLAIM_DEF, SCHEMA, NYM, ROLE
+    CLAIM_DEF, SCHEMA, NYM, ROLE, NETWORK_MONITOR
 from plenum.common.constants import TRUSTEE, STEWARD, VERKEY
 
 
@@ -17,6 +17,10 @@
                                   field=ROLE,
                                   value=TRUST_ANCHOR)
 
+addNewNetworkMonitor = AuthActionAdd(txn_type=NYM,
+                                     field=ROLE,
+                                     value=NETWORK_MONITOR)
+
 
 addNewIdentityOwner = AuthActionAdd(txn_type=NYM,
                                     field=ROLE,
@@ -38,6 +42,11 @@
                                          old_value=TRUST_ANCHOR,
                                          new_value='')
 
+blacklistingNetworkMonitor = AuthActionEdit(txn_type=NYM,
+                                            field=ROLE,
+                                            old_value=NETWORK_MONITOR,
+                                            new_value='')
+
 sameRoleTrustee = AuthActionEdit(txn_type=NYM,
                                  field=ROLE,
                                  old_value=TRUSTEE,
@@ -53,6 +62,11 @@
                                      old_value=TRUST_ANCHOR,
                                      new_value=TRUST_ANCHOR)
 
+sameRoleNetworkMonitor = AuthActionEdit(txn_type=NYM,
+                                        field=ROLE,
+                                        old_value=NETWORK_MONITOR,
+                                        new_value=NETWORK_MONITOR)
+
 sameRoleNone = AuthActionEdit(txn_type=NYM,
                               field=ROLE,
                               old_value='',
@@ -175,13 +189,16 @@
            addNewSteward.get_action_id(): AuthConstraint(TRUSTEE, 1),
            addNewTrustAnchor.get_action_id(): AuthConstraintOr([AuthConstraint(TRUSTEE, 1),
                                                                 AuthConstraint(STEWARD, 1)]),
+           addNewNetworkMonitor.get_action_id(): AuthConstraintOr([AuthConstraint(STEWARD, 1),
+                                                                   AuthConstraint(TRUSTEE, 1)]),
            addNewIdentityOwner.get_action_id(): AuthConstraintOr([AuthConstraint(TRUSTEE, 1),
                                                                   AuthConstraint(STEWARD, 1),
                                                                   AuthConstraint(TRUST_ANCHOR, 1)]),
            blacklistingTrustee.get_action_id(): AuthConstraint(TRUSTEE, 1),
            blacklistingSteward.get_action_id(): AuthConstraint(TRUSTEE, 1),
            blacklistingTrustAnchor.get_action_id(): AuthConstraint(TRUSTEE, 1),
-
+           blacklistingNetworkMonitor.get_action_id(): AuthConstraintOr([AuthConstraint(STEWARD, 1),
+                                                                         AuthConstraint(TRUSTEE, 1)]),
            sameRoleTrustee.get_action_id(): AuthConstraint(role='*',
                                                            sig_count=1,
                                                            need_to_be_owner=True),
@@ -194,6 +211,9 @@
            sameRoleNone.get_action_id(): AuthConstraint(role='*',
                                                         sig_count=1,
                                                         need_to_be_owner=True),
+           sameRoleNetworkMonitor.get_action_id(): AuthConstraint(role="*",
+                                                                  sig_count=1,
+                                                                  need_to_be_owner=True),
            keyRotation.get_action_id(): AuthConstraint(role='*',
                                                        sig_count=1,
                                                        need_to_be_owner=True),
@@ -220,7 +240,8 @@
            poolRestart.get_action_id(): AuthConstraint(TRUSTEE, 1),
            poolConfig.get_action_id(): AuthConstraint(TRUSTEE, 1),
            validatorInfo.get_action_id(): AuthConstraintOr([AuthConstraint(TRUSTEE, 1),
-                                                            AuthConstraint(STEWARD, 1)])}
+                                                            AuthConstraint(STEWARD, 1),
+                                                            AuthConstraint(NETWORK_MONITOR, 1)])}
 
 anyoneCanWriteMap = {anyoneCanAddNYM.get_action_id(): AuthConstraint(role='*',
                                                                      sig_count=1),

indy_common/config.py

@@ -103,3 +103,5 @@
 PACKAGES_TO_HOLD = ['indy-plenum', 'indy-node', 'python3-indy-crypto', 'libindy-crypto']
 
 authPolicy = LOCAL_AUTH_POLICY
+
+SCHEMA_ATTRIBUTES_LIMIT = 125

indy_common/constants.py

@@ -126,6 +126,9 @@
 TRUST_ANCHOR = Roles.TRUST_ANCHOR.value
 TRUST_ANCHOR_STRING = 'TRUST_ANCHOR'
 
+NETWORK_MONITOR = Roles.NETWORK_MONITOR.value
+NETWORK_MONITOR_STRING = 'NETWORK_MONITOR'
+
 # client transaction types
 NODE = IndyTransactions.NODE.value
 NYM = IndyTransactions.NYM.value

indy_common/roles.py

@@ -11,6 +11,7 @@ class Roles(Enum):
     TRUSTEE = Roles.TRUSTEE.value
     STEWARD = Roles.STEWARD.value
     TRUST_ANCHOR = "101"
+    NETWORK_MONITOR = "201"
 
     def __str__(self):
         return self.name

indy_common/test/auth/conftest.py

@@ -9,7 +9,7 @@
 from indy_node.persistence.idr_cache import IdrCache
 from plenum.common.constants import STEWARD, TRUSTEE
 
-from indy_common.constants import TRUST_ANCHOR, LOCAL_AUTH_POLICY
+from indy_common.constants import TRUST_ANCHOR, LOCAL_AUTH_POLICY, NETWORK_MONITOR
 from plenum.common.exceptions import UnauthorizedClientRequest
 from plenum.test.helper import randomOperation
 from plenum.test.testing_utils import FakeSomething
@@ -49,7 +49,9 @@ def idr_cache():
               verkey="steward_identifier_verkey", isCommitted=False)
     cache.set("trust_anchor_identifier", 3, int(time.time()), role=TRUST_ANCHOR,
               verkey="trust_anchor_identifier_verkey", isCommitted=False)
-    cache.set(OTHER_IDENTIFIER, 4, int(time.time()), role='OtherRole',
+    cache.set("network_monitor_identifier", 4, int(time.time()), role=NETWORK_MONITOR,
+              verkey="network_monitor_identifier_verkey", isCommitted=False)
+    cache.set(OTHER_IDENTIFIER, 5, int(time.time()), role='OtherRole',
               verkey="other_verkey", isCommitted=False)
     return cache
 
@@ -64,7 +66,9 @@ def write_auth_req_validator(idr_cache):
     return validator
 
 
-@pytest.fixture(scope='module', params=["trustee_identifier", "steward_identifier", "trust_anchor_identifier", OTHER_IDENTIFIER])
+@pytest.fixture(scope='module', params=["trustee_identifier", "steward_identifier",
+                                        "trust_anchor_identifier", "network_monitor_identifier",
+                                        OTHER_IDENTIFIER])
 def identifier(request):
     return request.param