From f0dfe57d544a9b75811966c4397ed08ee2ab02a7 Mon Sep 17 00:00:00 2001 From: Andrew Nikitin Date: Wed, 16 Jan 2019 11:10:20 +0300 Subject: [PATCH 1/2] [INDY-1939] Add tests for demotes checking Signed-off-by: Andrew Nikitin --- indy_common/authorize/auth_map.py | 8 ++ .../auth/test_auth_nym_with_new_auth_map.py | 40 ++++++++++ indy_node/test/conftest.py | 2 +- indy_node/test/nym_txn/conftest.py | 6 ++ .../nym_txn/test_demote_network_monitor.py | 72 +++++++++++++++++ .../test/nym_txn/test_nym_blacklisting.py | 77 +++++++++++++++++++ 6 files changed, 204 insertions(+), 1 deletion(-) create mode 100644 indy_node/test/nym_txn/conftest.py create mode 100644 indy_node/test/nym_txn/test_demote_network_monitor.py create mode 100644 indy_node/test/nym_txn/test_nym_blacklisting.py diff --git a/indy_common/authorize/auth_map.py b/indy_common/authorize/auth_map.py index 1506d3945..67594f022 100644 --- a/indy_common/authorize/auth_map.py +++ b/indy_common/authorize/auth_map.py @@ -62,6 +62,11 @@ old_value=TRUST_ANCHOR, new_value=TRUST_ANCHOR) +sameRoleNetworkMonitor = AuthActionEdit(txn_type=NYM, + field=ROLE, + old_value=NETWORK_MONITOR, + new_value=NETWORK_MONITOR) + sameRoleNone = AuthActionEdit(txn_type=NYM, field=ROLE, old_value='', @@ -206,6 +211,9 @@ sameRoleNone.get_action_id(): AuthConstraint(role='*', sig_count=1, need_to_be_owner=True), + sameRoleNetworkMonitor.get_action_id(): AuthConstraint(role="*", + sig_count=1, + need_to_be_owner=True), keyRotation.get_action_id(): AuthConstraint(role='*', sig_count=1, need_to_be_owner=True), diff --git a/indy_common/test/auth/test_auth_nym_with_new_auth_map.py b/indy_common/test/auth/test_auth_nym_with_new_auth_map.py index 65b970769..f77383df6 100644 --- a/indy_common/test/auth/test_auth_nym_with_new_auth_map.py +++ b/indy_common/test/auth/test_auth_nym_with_new_auth_map.py @@ -94,3 +94,43 @@ def test_change_verkey(write_request_validation, req, is_owner): old_value="_verkey".format(req.identifier), new_value='new_value', is_owner=is_owner)]) + + +def test_same_role_trustee(write_request_validation, req, is_owner): + authorized = is_owner + assert authorized == write_request_validation(req, + [AuthActionEdit(txn_type=NYM, + field=ROLE, + old_value=TRUSTEE, + new_value=TRUSTEE, + is_owner=is_owner)]) + + +def test_same_role_steward(write_request_validation, req, is_owner): + authorized = is_owner + assert authorized == write_request_validation(req, + [AuthActionEdit(txn_type=NYM, + field=ROLE, + old_value=STEWARD, + new_value=STEWARD, + is_owner=is_owner)]) + + +def test_same_role_trust_acnhor(write_request_validation, req, is_owner): + authorized = is_owner + assert authorized == write_request_validation(req, + [AuthActionEdit(txn_type=NYM, + field=ROLE, + old_value=TRUST_ANCHOR, + new_value=TRUST_ANCHOR, + is_owner=is_owner)]) + + +def test_same_role_network_monitor(write_request_validation, req, is_owner): + authorized = is_owner + assert authorized == write_request_validation(req, + [AuthActionEdit(txn_type=NYM, + field=ROLE, + old_value=NETWORK_MONITOR, + new_value=NETWORK_MONITOR, + is_owner=is_owner)]) diff --git a/indy_node/test/conftest.py b/indy_node/test/conftest.py index 33bde3a0e..55fd594ea 100644 --- a/indy_node/test/conftest.py +++ b/indy_node/test/conftest.py @@ -35,7 +35,7 @@ from plenum.test.conftest import sdk_pool_handle as plenum_pool_handle, sdk_pool_data, sdk_wallet_steward, \ sdk_wallet_handle, sdk_wallet_data, sdk_steward_seed, sdk_wallet_client, sdk_wallet_trustee, \ sdk_trustee_seed, trustee_data, sdk_client_seed, poolTxnClientData, poolTxnClientNames, \ - sdk_wallet_stewards, create_node_and_not_start + sdk_wallet_stewards, create_node_and_not_start, sdk_wallet_handle Logger.setLogLevel(logging.NOTSET) diff --git a/indy_node/test/nym_txn/conftest.py b/indy_node/test/nym_txn/conftest.py new file mode 100644 index 000000000..549a54307 --- /dev/null +++ b/indy_node/test/nym_txn/conftest.py @@ -0,0 +1,6 @@ +import pytest + + +@pytest.fixture(scope="function", params=[False, True]) +def with_verkey(request): + return request.param diff --git a/indy_node/test/nym_txn/test_demote_network_monitor.py b/indy_node/test/nym_txn/test_demote_network_monitor.py new file mode 100644 index 000000000..3fbaac2f5 --- /dev/null +++ b/indy_node/test/nym_txn/test_demote_network_monitor.py @@ -0,0 +1,72 @@ +import pytest +from indy import did + +from indy_common.constants import NETWORK_MONITOR +from indy_node.test.validator_info.helper import sdk_get_validator_info +from plenum.common.constants import STEWARD_STRING +from plenum.common.exceptions import RequestRejectedException +from plenum.test.helper import sdk_sign_and_submit_op, sdk_get_and_check_replies +from plenum.test.pool_transactions.helper import sdk_add_new_nym + + +def test_network_monitor_suspension_by_another_steward(looper, + sdk_pool_handle, + sdk_wallet_steward, + sdk_wallet_trustee, + sdk_wallet_handle, + with_verkey): + new_steward_did, new_steward_verkey = looper.loop.run_until_complete( + did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) + new_network_monitor_did, new_network_monitor_verkey = looper.loop.run_until_complete( + did.create_and_store_my_did(sdk_wallet_steward[0], "{}")) + """Adding new steward""" + sdk_add_new_nym(looper, sdk_pool_handle, + sdk_wallet_trustee, 'newSteward', STEWARD_STRING, verkey=new_steward_verkey, dest=new_steward_did) + """Adding NETWORK_MONITOR role by first steward""" + op = {'type': '1', + 'dest': new_network_monitor_did, + 'role': NETWORK_MONITOR, + 'verkey': new_network_monitor_verkey} + req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, new_steward_did), op) + sdk_get_and_check_replies(looper, [req]) + """Check that get_validator_info command works for NETWORK_MONITOR role""" + sdk_get_validator_info(looper, (sdk_wallet_handle, new_network_monitor_did), sdk_pool_handle) + op = {'type': '1', + 'dest': new_network_monitor_did, + 'role': None} + if with_verkey: + op['verkey'] = new_network_monitor_verkey + """Blacklisting network_monitor by new steward""" + req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, new_steward_did), op) + if with_verkey: + with pytest.raises(RequestRejectedException): + sdk_get_and_check_replies(looper, [req]) + else: + sdk_get_and_check_replies(looper, [req]) + with pytest.raises(RequestRejectedException): + sdk_get_validator_info(looper, (sdk_wallet_handle, new_network_monitor_did), sdk_pool_handle) + + +def test_network_monitor_suspension_by_itself(looper, + sdk_pool_handle, + sdk_wallet_steward, + sdk_wallet_handle, + with_verkey): + new_network_monitor_did, new_network_monitor_verkey = looper.loop.run_until_complete( + did.create_and_store_my_did(sdk_wallet_steward[0], "{}")) + """Adding NETWORK_MONITOR role by steward""" + op = {'type': '1', + 'dest': new_network_monitor_did, + 'role': NETWORK_MONITOR, + 'verkey': new_network_monitor_verkey} + req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, sdk_wallet_steward[1]), op) + sdk_get_and_check_replies(looper, [req]) + op = {'type': '1', + 'dest': new_network_monitor_did, + 'role': None} + if with_verkey: + op['verkey'] = new_network_monitor_verkey + """Blacklisting network_monitor by itself""" + req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, new_network_monitor_did), op) + with pytest.raises(RequestRejectedException): + sdk_get_and_check_replies(looper, [req]) \ No newline at end of file diff --git a/indy_node/test/nym_txn/test_nym_blacklisting.py b/indy_node/test/nym_txn/test_nym_blacklisting.py new file mode 100644 index 000000000..1a94f8489 --- /dev/null +++ b/indy_node/test/nym_txn/test_nym_blacklisting.py @@ -0,0 +1,77 @@ +import pytest +from indy import did + +from indy_common.constants import TRUST_ANCHOR_STRING +from plenum.common.constants import TRUSTEE_STRING, STEWARD_STRING +from plenum.common.exceptions import RequestRejectedException +from plenum.test.helper import sdk_get_and_check_replies, sdk_sign_and_submit_op +from plenum.test.pool_transactions.helper import sdk_add_new_nym + + +def test_steward_suspension_by_another_trustee(looper, + sdk_pool_handle, + sdk_wallet_trustee, + sdk_wallet_handle, + with_verkey): + new_trustee_did, new_trustee_verkey = looper.loop.run_until_complete( + did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) + new_steward_did, new_steward_verkey = looper.loop.run_until_complete( + did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) + """Adding new steward""" + sdk_add_new_nym(looper, sdk_pool_handle, + sdk_wallet_trustee, 'newSteward', STEWARD_STRING, verkey=new_steward_verkey, dest=new_steward_did) + """Adding new trustee""" + sdk_add_new_nym(looper, sdk_pool_handle, + sdk_wallet_trustee, 'newTrustee', TRUSTEE_STRING, verkey=new_trustee_verkey, dest=new_trustee_did) + op = {'type': '1', + 'dest': new_steward_did, + 'role': None} + if with_verkey: + op['verkey'] = new_steward_verkey + """Blacklisting new steward by new trustee""" + req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, new_trustee_did), op) + if with_verkey: + with pytest.raises(RequestRejectedException): + sdk_get_and_check_replies(looper, [req]) + else: + sdk_get_and_check_replies(looper, [req]) + + +def test_steward_cannot_work_after_demote(looper, + sdk_pool_handle, + sdk_wallet_trustee, + sdk_wallet_handle): + new_steward_did, new_steward_verkey = looper.loop.run_until_complete( + did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) + new_ta_did, new_ta_verkey = looper.loop.run_until_complete( + did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) + new_ta_2_did, new_ta_2_verkey = looper.loop.run_until_complete( + did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) + """Adding new steward""" + sdk_add_new_nym(looper, sdk_pool_handle, + sdk_wallet_trustee, + 'newSteward', + STEWARD_STRING, + verkey=new_steward_verkey, dest=new_steward_did) + """Adding new TA""" + sdk_add_new_nym(looper, sdk_pool_handle, + (sdk_wallet_handle, new_steward_did), + 'newSteward', + TRUST_ANCHOR_STRING, + verkey=new_ta_verkey, dest=new_ta_did) + """Demote new steward""" + op = {'type': '1', + 'dest': new_steward_did, + 'role': None} + """Blacklisting new steward by trustee""" + req = sdk_sign_and_submit_op(looper, sdk_pool_handle, sdk_wallet_trustee, op) + sdk_get_and_check_replies(looper, [req]) + + """Try to add new TA by previous demoted steward""" + with pytest.raises(RequestRejectedException): + sdk_add_new_nym(looper, sdk_pool_handle, + (sdk_wallet_handle, new_steward_did), + 'newSteward', + TRUST_ANCHOR_STRING, + verkey=new_ta_2_verkey, dest=new_ta_2_did) + From 0e7fa926b026f891a034536f976b40d3cb75bd35 Mon Sep 17 00:00:00 2001 From: Andrew Nikitin Date: Wed, 16 Jan 2019 15:44:22 +0300 Subject: [PATCH 2/2] [INDY-1939] review comments Signed-off-by: Andrew Nikitin --- .../test/nym_txn/test_demote_network_monitor.py | 10 ++++++++-- indy_node/test/nym_txn/test_nym_blacklisting.py | 13 +++++++++---- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/indy_node/test/nym_txn/test_demote_network_monitor.py b/indy_node/test/nym_txn/test_demote_network_monitor.py index 3fbaac2f5..19e2c6018 100644 --- a/indy_node/test/nym_txn/test_demote_network_monitor.py +++ b/indy_node/test/nym_txn/test_demote_network_monitor.py @@ -19,9 +19,11 @@ def test_network_monitor_suspension_by_another_steward(looper, did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) new_network_monitor_did, new_network_monitor_verkey = looper.loop.run_until_complete( did.create_and_store_my_did(sdk_wallet_steward[0], "{}")) + """Adding new steward""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward', STEWARD_STRING, verkey=new_steward_verkey, dest=new_steward_did) + """Adding NETWORK_MONITOR role by first steward""" op = {'type': '1', 'dest': new_network_monitor_did, @@ -29,14 +31,16 @@ def test_network_monitor_suspension_by_another_steward(looper, 'verkey': new_network_monitor_verkey} req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, new_steward_did), op) sdk_get_and_check_replies(looper, [req]) + """Check that get_validator_info command works for NETWORK_MONITOR role""" sdk_get_validator_info(looper, (sdk_wallet_handle, new_network_monitor_did), sdk_pool_handle) + + """Blacklisting network_monitor by new steward""" op = {'type': '1', 'dest': new_network_monitor_did, 'role': None} if with_verkey: op['verkey'] = new_network_monitor_verkey - """Blacklisting network_monitor by new steward""" req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, new_steward_did), op) if with_verkey: with pytest.raises(RequestRejectedException): @@ -54,6 +58,7 @@ def test_network_monitor_suspension_by_itself(looper, with_verkey): new_network_monitor_did, new_network_monitor_verkey = looper.loop.run_until_complete( did.create_and_store_my_did(sdk_wallet_steward[0], "{}")) + """Adding NETWORK_MONITOR role by steward""" op = {'type': '1', 'dest': new_network_monitor_did, @@ -61,12 +66,13 @@ def test_network_monitor_suspension_by_itself(looper, 'verkey': new_network_monitor_verkey} req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, sdk_wallet_steward[1]), op) sdk_get_and_check_replies(looper, [req]) + + """Blacklisting network_monitor by itself""" op = {'type': '1', 'dest': new_network_monitor_did, 'role': None} if with_verkey: op['verkey'] = new_network_monitor_verkey - """Blacklisting network_monitor by itself""" req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, new_network_monitor_did), op) with pytest.raises(RequestRejectedException): sdk_get_and_check_replies(looper, [req]) \ No newline at end of file diff --git a/indy_node/test/nym_txn/test_nym_blacklisting.py b/indy_node/test/nym_txn/test_nym_blacklisting.py index 1a94f8489..3491112a6 100644 --- a/indy_node/test/nym_txn/test_nym_blacklisting.py +++ b/indy_node/test/nym_txn/test_nym_blacklisting.py @@ -17,18 +17,21 @@ def test_steward_suspension_by_another_trustee(looper, did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) new_steward_did, new_steward_verkey = looper.loop.run_until_complete( did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) + """Adding new steward""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward', STEWARD_STRING, verkey=new_steward_verkey, dest=new_steward_did) + """Adding new trustee""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newTrustee', TRUSTEE_STRING, verkey=new_trustee_verkey, dest=new_trustee_did) + + """Blacklisting new steward by new trustee""" op = {'type': '1', 'dest': new_steward_did, 'role': None} if with_verkey: op['verkey'] = new_steward_verkey - """Blacklisting new steward by new trustee""" req = sdk_sign_and_submit_op(looper, sdk_pool_handle, (sdk_wallet_handle, new_trustee_did), op) if with_verkey: with pytest.raises(RequestRejectedException): @@ -37,7 +40,7 @@ def test_steward_suspension_by_another_trustee(looper, sdk_get_and_check_replies(looper, [req]) -def test_steward_cannot_work_after_demote(looper, +def test_steward_cannot_create_trust_anchors_after_demote (looper, sdk_pool_handle, sdk_wallet_trustee, sdk_wallet_handle): @@ -47,23 +50,25 @@ def test_steward_cannot_work_after_demote(looper, did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) new_ta_2_did, new_ta_2_verkey = looper.loop.run_until_complete( did.create_and_store_my_did(sdk_wallet_trustee[0], "{}")) + """Adding new steward""" sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_trustee, 'newSteward', STEWARD_STRING, verkey=new_steward_verkey, dest=new_steward_did) + """Adding new TA""" sdk_add_new_nym(looper, sdk_pool_handle, (sdk_wallet_handle, new_steward_did), 'newSteward', TRUST_ANCHOR_STRING, verkey=new_ta_verkey, dest=new_ta_did) - """Demote new steward""" + + """Blacklisting new steward by trustee""" op = {'type': '1', 'dest': new_steward_did, 'role': None} - """Blacklisting new steward by trustee""" req = sdk_sign_and_submit_op(looper, sdk_pool_handle, sdk_wallet_trustee, op) sdk_get_and_check_replies(looper, [req])