Skip to content

Commit

Permalink
Merge pull request #1641 from Toktar/up-34-add-ledger-freeze
Browse files Browse the repository at this point in the history
UP-34: Add LEDGERS_FREEZE and GET_FROZEN_LEDGERS transactions
  • Loading branch information
Toktar authored Feb 12, 2021
2 parents 09d78df + 90c1da8 commit 4d1ab46
Show file tree
Hide file tree
Showing 25 changed files with 333 additions and 18 deletions.
4 changes: 3 additions & 1 deletion indy_common/auth.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
from indy_common.config_util import getConfig
from plenum.common.constants import TRUSTEE, STEWARD, NODE
from plenum.common.constants import TRUSTEE, STEWARD, NODE, LEDGERS_FREEZE
from stp_core.common.log import getlogger

from indy_common.constants import OWNER, POOL_UPGRADE, ENDORSER, NYM, \
Expand Down Expand Up @@ -62,6 +62,8 @@ def generate_auth_map(valid_roles):
{TRUSTEE: []},
'{}_<any>_<any>_<any>'.format(VALIDATOR_INFO):
{TRUSTEE: [], STEWARD: []},
'{}_<any>_<any>_<any>'.format(LEDGERS_FREEZE):
{TRUSTEE: []},
}
return auth_map

Expand Down
11 changes: 10 additions & 1 deletion indy_common/authorize/auth_map.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
REVOC_REG_DEF, ATTRIB, AUTH_RULES, JSON_LD_CONTEXT, RICH_SCHEMA, RICH_SCHEMA_MAPPING, \
RICH_SCHEMA_ENCODING, RICH_SCHEMA_CRED_DEF, RICH_SCHEMA_PRES_DEF
from plenum.common.constants import TRUSTEE, STEWARD, VERKEY, TXN_AUTHOR_AGREEMENT, TXN_AUTHOR_AGREEMENT_AML, \
TXN_AUTHOR_AGREEMENT_DISABLE
TXN_AUTHOR_AGREEMENT_DISABLE, LEDGERS_FREEZE

edit_role_actions = {} # type: Dict[str, Dict[str, AuthActionEdit]]
for role_from in accepted_roles:
Expand Down Expand Up @@ -236,6 +236,11 @@
old_value='*',
new_value='*')

edit_frozen_ledgers = AuthActionEdit(txn_type=LEDGERS_FREEZE,
field='*',
old_value='*',
new_value='*')

# Anyone constraint
anyone_constraint = AuthConstraint(role='*',
sig_count=1)
Expand All @@ -254,6 +259,9 @@
# One Trustee constraint
one_trustee_constraint = AuthConstraint(TRUSTEE, 1)

# Three Trustee constraint
three_trustee_constraint = AuthConstraint(TRUSTEE, 3)

# Steward or Trustee constraint
steward_or_trustee_constraint = AuthConstraintOr([AuthConstraint(STEWARD, 1),
AuthConstraint(TRUSTEE, 1)])
Expand Down Expand Up @@ -324,6 +332,7 @@
(add_revoc_reg_entry.get_action_id(), endorser_or_steward_or_trustee_owner_constraint),
(edit_revoc_reg_def.get_action_id(), owner_constraint),
(edit_revoc_reg_entry.get_action_id(), owner_constraint),
(edit_frozen_ledgers.get_action_id(), three_trustee_constraint),
])

# Edit Trustee:
Expand Down
2 changes: 1 addition & 1 deletion indy_common/types.py
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,7 @@ class ClientOperationField(PClientOperationField):
RICH_SCHEMA_CRED_DEF: ClientRichSchemaCredDefOperation(),
RICH_SCHEMA_PRES_DEF: ClientRichSchemaPresDefOperation(),
GET_RICH_SCHEMA_OBJECT_BY_ID: ClientGetRichSchemaObjectByIdOperation(),
GET_RICH_SCHEMA_OBJECT_BY_METADATA: ClientGetRichSchemaObjectByMetadataOperation(),
GET_RICH_SCHEMA_OBJECT_BY_METADATA: ClientGetRichSchemaObjectByMetadataOperation()
}

# TODO: it is a workaround because INDY-338, `operations` must be a class
Expand Down
7 changes: 7 additions & 0 deletions indy_node/server/node_bootstrap.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
from indy_node.server.request_handlers.config_req_handlers.auth_rule.auth_rule_handler import AuthRuleHandler
from indy_node.server.request_handlers.config_req_handlers.auth_rule.auth_rule_handler_1_9_1 import AuthRuleHandler191
from indy_node.server.request_handlers.config_req_handlers.auth_rule.auth_rules_handler import AuthRulesHandler
from indy_node.server.request_handlers.config_req_handlers.ledgers_freeze_handler import LedgersFreezeHandler
from indy_node.server.request_handlers.config_req_handlers.node_upgrade_handler import NodeUpgradeHandler
from indy_node.server.request_handlers.config_req_handlers.pool_config_handler import PoolConfigHandler
from indy_node.server.request_handlers.config_req_handlers.pool_upgrade_handler import PoolUpgradeHandler
Expand Down Expand Up @@ -45,6 +46,7 @@
from indy_node.server.request_handlers.read_req_handlers.get_attribute_handler import GetAttributeHandler
from indy_node.server.request_handlers.read_req_handlers.get_auth_rule_handler import GetAuthRuleHandler
from indy_node.server.request_handlers.read_req_handlers.get_claim_def_handler import GetClaimDefHandler
from plenum.server.request_handlers.ledgers_freeze.get_frozen_ledgers_handler import GetFrozenLedgersHandler
from indy_node.server.request_handlers.read_req_handlers.get_nym_handler import GetNymHandler
from indy_node.server.request_handlers.read_req_handlers.get_revoc_reg_def_handler import GetRevocRegDefHandler
from indy_node.server.request_handlers.read_req_handlers.get_revoc_reg_delta_handler import GetRevocRegDeltaHandler
Expand Down Expand Up @@ -197,6 +199,9 @@ def _register_config_req_handlers(self):
get_taa_aml_handler = GetTxnAuthorAgreementAmlHandler(database_manager=self.node.db_manager)
get_taa_handler = GetTxnAuthorAgreementHandler(database_manager=self.node.db_manager)
node_upgrade_handler = NodeUpgradeHandler(database_manager=self.node.db_manager)
ledgers_freeze_handler = LedgersFreezeHandler(database_manager=self.node.db_manager,
write_req_validator=self.node.write_req_validator)
get_frozen_ledgers_handler = GetFrozenLedgersHandler(database_manager=self.node.db_manager)
# Register write handlers
self.node.write_manager.register_req_handler(auth_rule_handler)
self.node.write_manager.register_req_handler(auth_rules_handler)
Expand All @@ -206,10 +211,12 @@ def _register_config_req_handlers(self):
self.node.write_manager.register_req_handler(taa_handler)
self.node.write_manager.register_req_handler(taa_disable_handler)
self.node.write_manager.register_req_handler(node_upgrade_handler)
self.node.write_manager.register_req_handler(ledgers_freeze_handler)
# Register read handlers
self.node.read_manager.register_req_handler(get_auth_rule_handler)
self.node.read_manager.register_req_handler(get_taa_aml_handler)
self.node.read_manager.register_req_handler(get_taa_handler)
self.node.read_manager.register_req_handler(get_frozen_ledgers_handler)
# Register write handlers for a version
self.node.write_manager.register_req_handler_with_version(auth_rule_handler_1_9_1,
version="1.9.1")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ def static_validation(self, request: Request):
self._validate_request_type(request)
self._static_validation_for_rule(operation, identifier, req_id)

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
self._validate_request_type(request)
self.write_req_validator.validate(request,
[AuthActionEdit(txn_type=AUTH_RULE,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ def static_validation(self, request: Request):
for rule in operation.get(RULES):
self._static_validation_for_rule(rule, identifier, req_id)

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
self._validate_request_type(request)
self.write_req_validator.validate(request,
[AuthActionEdit(txn_type=AUTH_RULES,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
from typing import Optional

from indy_common.authorize.auth_actions import AuthActionEdit
from indy_common.authorize.auth_request_validator import WriteRequestValidator
from plenum.common.constants import LEDGERS_FREEZE
from plenum.common.request import Request
from plenum.server.database_manager import DatabaseManager
from plenum.server.request_handlers.ledgers_freeze.ledgers_freeze_handler import LedgersFreezeHandler as PLedgersFreezeHandler


class LedgersFreezeHandler(PLedgersFreezeHandler):

def __init__(self, database_manager: DatabaseManager,
write_req_validator: WriteRequestValidator):
super().__init__(database_manager)
self.write_req_validator = write_req_validator

def authorize(self, request):
self.write_req_validator.validate(request,
[AuthActionEdit(txn_type=LEDGERS_FREEZE,
field='*',
old_value='*',
new_value='*')])
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ def __init__(self, database_manager: DatabaseManager):
def update_state(self, txn, prev_result, request, is_committed=False):
pass

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
pass

def static_validation(self, request: Request):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ def __init__(self, database_manager: DatabaseManager,
def static_validation(self, request: Request):
self._validate_request_type(request)

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
self._validate_request_type(request)
action = '*'
status = '*'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ def static_validation(self, request: Request):
"{} not a valid schedule since {}".
format(schedule, msg))

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
self._validate_request_type(request)
identifier, req_id, operation = get_request_data(request)
status = '*'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ def static_validation(self, request: Request):
'Attribute field must be dict while adding it as a row field'.
format(TARGET_NYM))

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
self._validate_request_type(request)

identifier, req_id, operation = get_request_data(request)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ def __init__(self, database_manager: DatabaseManager,
def static_validation(self, request: Request):
pass

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
# we can not add a Claim Def with existent ISSUER_DID
# sine a Claim Def needs to be identified by seqNo
self._validate_request_type(request)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ def update_state(self, txn, prev_result, request, is_committed=False):
def static_validation(self, request):
pass

def dynamic_validation(self, request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request, req_pp_time: Optional[int]):
pass

def gen_state_key(self, txn):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ def static_validation(self, request: Request):
"{} not a valid role".
format(role))

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
self._validate_request_type(request)
operation = request.operation

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def static_validation(self, request: Request):
"Expected: 'did:marker:signature_type:schema_ref' or "
"'did:marker:signature_type:schema_ref:tag'".format(CRED_DEF_ID))

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
self._validate_request_type(request)
operation = request.operation
cred_def_id = operation.get(CRED_DEF_ID)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def __init__(self, database_manager: DatabaseManager,
def static_validation(self, request: Request):
pass

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
self._validate_request_type(request)
rev_reg_tags = request.operation[REVOC_REG_DEF_ID]
author_did, req_id, operation = get_request_data(request)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ def do_static_validation_json_ld(self, content_as_dict, request):
raise InvalidClientRequest(request.identifier, request.reqId,
"content's @id must be equal to id={}".format(request.operation[RS_ID]))

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
self._validate_request_type(request)

rs_id = request.operation[RS_ID]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def __init__(self, database_manager: DatabaseManager,
def static_validation(self, request: Request):
pass

def dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
def additional_dynamic_validation(self, request: Request, req_pp_time: Optional[int]):
# we can not add a Schema with already existent NAME and VERSION
# sine a Schema needs to be identified by seqNo
self._validate_request_type(request)
Expand Down
79 changes: 79 additions & 0 deletions indy_node/test/auth_rule/auth_framework/edit_frozen_ledgers.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
import pytest
from plenum.common.constants import STEWARD, TRUSTEE_STRING, LEDGERS_FREEZE

from indy_node.server.request_handlers.action_req_handlers.pool_restart_handler import PoolRestartHandler

from indy_common.authorize.auth_actions import EDIT_PREFIX
from indy_common.authorize.auth_constraints import AuthConstraint
from indy_node.test.auth_rule.auth_framework.basic import AuthTest
from plenum.common.exceptions import RequestRejectedException
from plenum.test.freeze_ledgers.helper import sdk_send_freeze_ledgers
from plenum.test.pool_transactions.helper import sdk_add_new_nym

from indy_node.test.helper import build_auth_rule_request_json, sdk_send_and_check_req_json


class EditFrozenLedgersTest(AuthTest):
def __init__(self, env, action_id):
super().__init__(env, action_id)
self.trustee_wallets = [self.trustee_wallet]

def prepare(self):
for i in range(3):
wallet = sdk_add_new_nym(self.looper,
self.sdk_pool_handle,
self.trustee_wallet,
alias='trustee{}'.format(i),
role=TRUSTEE_STRING)
self.trustee_wallets.append(wallet)
self.default_auth_rule = self.get_default_auth_rule()
self.changed_auth_rule = self.get_changed_auth_rule()
for n in self.env.txnPoolNodeSet:
for h in n.action_manager.request_handlers.values():
if isinstance(h, PoolRestartHandler):
h.restarter.handleRestartRequest = lambda *args, **kwargs: True

def run(self):
frozen_ledgers_ids = []

# Step 1. Check default auth rule
sdk_send_freeze_ledgers(self.looper, self.sdk_pool_handle, self.trustee_wallets, frozen_ledgers_ids)
with pytest.raises(RequestRejectedException):
sdk_send_freeze_ledgers(self.looper, self.sdk_pool_handle, [self.new_default_wallet], frozen_ledgers_ids)

# Step 2. Change auth rule
self.send_and_check(self.changed_auth_rule, wallet=self.trustee_wallet)

# Step 3. Check, that we cannot send txn the old way
sdk_send_freeze_ledgers(self.looper, self.sdk_pool_handle, [self.new_default_wallet], frozen_ledgers_ids)
with pytest.raises(RequestRejectedException):
sdk_send_freeze_ledgers(self.looper, self.sdk_pool_handle, self.trustee_wallets, frozen_ledgers_ids)

# Step 4. Check, that we can send restart action in changed way
sdk_send_freeze_ledgers(self.looper, self.sdk_pool_handle, [self.new_default_wallet], frozen_ledgers_ids)

# Step 5. Return default auth rule
self.send_and_check(self.default_auth_rule, self.trustee_wallet)

# Step 6. Check, that default auth rule works
sdk_send_freeze_ledgers(self.looper, self.sdk_pool_handle, self.trustee_wallets, frozen_ledgers_ids)
with pytest.raises(RequestRejectedException):
sdk_send_freeze_ledgers(self.looper, self.sdk_pool_handle, [self.new_default_wallet], frozen_ledgers_ids)

def result(self):
pass

def get_changed_auth_rule(self):
self.new_default_wallet = sdk_add_new_nym(self.looper, self.sdk_pool_handle, self.trustee_wallet, role=STEWARD)
constraint = AuthConstraint(role=STEWARD,
sig_count=1,
need_to_be_owner=False)
return build_auth_rule_request_json(
self.looper, self.trustee_wallet[1],
auth_action=EDIT_PREFIX,
auth_type=LEDGERS_FREEZE,
field='*',
old_value='*',
new_value='*',
constraint=constraint.as_dict
)
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from collections import OrderedDict

from indy_node.test.auth_rule.auth_framework.disable_taa import TAADisableTest
from indy_node.test.auth_rule.auth_framework.edit_frozen_ledgers import EditFrozenLedgersTest
from plenum.common.constants import STEWARD, TRUSTEE, IDENTITY_OWNER

from indy_common.constants import (
Expand Down Expand Up @@ -123,6 +124,7 @@ class TestAuthRuleUsing():
auth_map.change_client_port.get_action_id(): EditNodeClientPortTest,
auth_map.change_bls_key.get_action_id(): EditNodeBlsTest,
auth_map.disable_txn_author_agreement.get_action_id(): TAADisableTest,
auth_map.edit_frozen_ledgers.get_action_id(): EditFrozenLedgersTest,
})

# TODO a workaround until sdk aceepts empty TAA to make possible its deactivation
Expand Down
Loading

0 comments on commit 4d1ab46

Please sign in to comment.