From c5ce2f3b0156509dde3f47ac783c921844236f06 Mon Sep 17 00:00:00 2001 From: Keenan Nemetz Date: Fri, 31 May 2024 15:13:56 -0700 Subject: [PATCH] feat: Add authentication for ACP (#2649) ## Relevant issue(s) Resolves #2017 ## Description This PR adds ACP identity authentication via HTTP. Notable changes: - `acp/identity` has been replaced with the `acp.Identity` struct - `identity.PrivateKey` is the private key of the identity - `identity.PublicKey` is the public key of the identity - `identity.Address` is the bech32 formatted address for the identity - keys are all `secp256k1` - `http` can authenticate requests using a jwt bearer token - ~a random `audience` value is generated on every http server startup~ - audience must be set to the defradb host name - ~api route `/audience` returns the random audience value~ - `http.Client` will create a signed token if an `acp.PrivateKeyIdentity` is set - jwt token subject is the identity public key - `cli` `--identity` flag is now a hex encoded private key Todo: - [x] ensure acp docs are updated ## Tasks - [x] I made sure the code is well commented, particularly hard-to-understand areas. - [x] I made sure the repository-held documentation is changed accordingly. - [x] I made sure the pull request title adheres to the conventional commit style (the subset used in the project can be found in [tools/configs/chglog/config.yml](tools/configs/chglog/config.yml)). - [x] I made sure to discuss its limitations such as threats to validity, vulnerability to mistake and misuse, robustness to invalidation of assumptions, resource requirements, ... ## How has this been tested? `make test` Specify the platform(s) on which this was tested: - MacOS --- acp/README.md | 67 ++++++--- acp/identity/identity.go | 63 +++++--- cli/acp_policy_add.go | 9 +- cli/client.go | 3 +- cli/collection.go | 3 +- cli/collection_create.go | 3 +- cli/collection_delete.go | 3 +- cli/collection_get.go | 2 +- cli/collection_list_doc_ids.go | 2 +- cli/collection_update.go | 2 +- cli/request.go | 2 +- cli/utils.go | 14 +- crypto/crypto.go | 18 ++- docs/website/references/cli/defradb_client.md | 2 +- .../references/cli/defradb_client_acp.md | 2 +- .../cli/defradb_client_acp_policy.md | 2 +- .../cli/defradb_client_acp_policy_add.md | 11 +- .../references/cli/defradb_client_backup.md | 2 +- .../cli/defradb_client_backup_export.md | 2 +- .../cli/defradb_client_backup_import.md | 2 +- .../cli/defradb_client_collection.md | 2 +- .../cli/defradb_client_collection_create.md | 5 +- .../cli/defradb_client_collection_delete.md | 5 +- .../cli/defradb_client_collection_describe.md | 2 +- .../cli/defradb_client_collection_docIDs.md | 4 +- .../cli/defradb_client_collection_get.md | 4 +- .../cli/defradb_client_collection_patch.md | 2 +- .../cli/defradb_client_collection_update.md | 4 +- .../references/cli/defradb_client_dump.md | 2 +- .../references/cli/defradb_client_index.md | 2 +- .../cli/defradb_client_index_create.md | 2 +- .../cli/defradb_client_index_drop.md | 2 +- .../cli/defradb_client_index_list.md | 2 +- .../references/cli/defradb_client_p2p.md | 2 +- .../cli/defradb_client_p2p_collection.md | 2 +- .../cli/defradb_client_p2p_collection_add.md | 2 +- .../defradb_client_p2p_collection_getall.md | 2 +- .../defradb_client_p2p_collection_remove.md | 2 +- .../references/cli/defradb_client_p2p_info.md | 2 +- .../cli/defradb_client_p2p_replicator.md | 2 +- .../defradb_client_p2p_replicator_delete.md | 2 +- .../defradb_client_p2p_replicator_getall.md | 2 +- .../cli/defradb_client_p2p_replicator_set.md | 2 +- .../references/cli/defradb_client_query.md | 4 +- .../references/cli/defradb_client_schema.md | 2 +- .../cli/defradb_client_schema_add.md | 2 +- .../cli/defradb_client_schema_describe.md | 2 +- .../cli/defradb_client_schema_migration.md | 2 +- .../defradb_client_schema_migration_down.md | 2 +- .../defradb_client_schema_migration_reload.md | 2 +- ...db_client_schema_migration_set-registry.md | 2 +- .../defradb_client_schema_migration_set.md | 2 +- .../cli/defradb_client_schema_migration_up.md | 2 +- .../cli/defradb_client_schema_patch.md | 2 +- .../cli/defradb_client_schema_set-active.md | 2 +- .../references/cli/defradb_client_tx.md | 2 +- .../cli/defradb_client_tx_commit.md | 2 +- .../cli/defradb_client_tx_create.md | 2 +- .../cli/defradb_client_tx_discard.md | 2 +- .../references/cli/defradb_client_view.md | 2 +- .../references/cli/defradb_client_view_add.md | 2 +- examples/schema/permissioned/users.graphql | 2 +- go.mod | 48 +++--- go.sum | 95 ++++++------ http/auth.go | 115 ++++++++++++++ http/auth_test.go | 140 ++++++++++++++++++ http/client.go | 6 +- http/client_collection.go | 5 +- http/errors.go | 20 +-- http/handler.go | 4 +- http/http_client.go | 27 +++- http/middleware.go | 27 ---- http/openapi.go | 14 +- http/utils.go | 10 +- internal/db/db.go | 4 +- internal/db/fetcher/mocks/fetcher.go | 2 +- internal/db/permission/check.go | 2 +- internal/db/permission/register.go | 2 +- net/peer_test.go | 32 +++- tests/clients/cli/wrapper_cli.go | 5 +- tests/integration/acp.go | 4 +- .../integration/acp/add_policy/basic_test.go | 4 +- .../acp/add_policy/with_empty_args_test.go | 7 +- .../with_extra_perms_and_relations_test.go | 2 +- .../acp/add_policy/with_extra_perms_test.go | 2 +- .../add_policy/with_extra_relations_test.go | 2 +- .../with_invalid_creator_arg_test.go | 17 ++- .../add_policy/with_managed_relation_test.go | 2 +- .../add_policy/with_multi_policies_test.go | 20 +-- .../with_multiple_resources_test.go | 2 +- .../acp/add_policy/with_no_perms_test.go | 8 +- .../acp/add_policy/with_no_resources_test.go | 6 +- .../acp/add_policy/with_perm_expr_test.go | 4 +- .../with_permissionless_owner_test.go | 6 +- .../add_policy/with_unused_relations_test.go | 2 +- tests/integration/acp/fixture.go | 23 ++- tests/integration/acp/index/create_test.go | 8 +- tests/integration/acp/index/fixture.go | 4 +- tests/integration/acp/index/query_test.go | 12 +- .../acp/index/query_with_relation_test.go | 6 +- tests/integration/acp/p2p/replicator_test.go | 4 +- tests/integration/acp/p2p/subscribe_test.go | 4 +- tests/integration/acp/query/fixture.go | 6 +- .../acp/register_and_delete_test.go | 20 +-- .../integration/acp/register_and_read_test.go | 20 +-- .../acp/register_and_update_test.go | 28 ++-- .../add_dpi/accept_basic_dpi_fmts_test.go | 4 +- .../accept_extra_permissions_on_dpi_test.go | 6 +- .../accept_managed_relation_on_dpi_test.go | 2 +- ...ept_mixed_resources_on_partial_dpi_test.go | 2 +- .../schema/add_dpi/accept_multi_dpis_test.go | 4 +- .../accept_multi_resources_on_dpi_test.go | 4 +- ...cept_same_resource_on_diff_schemas_test.go | 2 +- .../reject_empty_arg_on_schema_test.go | 4 +- .../reject_invalid_arg_type_on_schema_test.go | 4 +- ...ect_invalid_owner_read_perm_on_dpi_test.go | 10 +- ...alid_owner_read_perm_symbol_on_dpi_test.go | 6 +- ...ct_invalid_owner_write_perm_on_dpi_test.go | 10 +- ...lid_owner_write_perm_symbol_on_dpi_test.go | 6 +- .../schema/add_dpi/reject_missing_dpi_test.go | 6 +- .../reject_missing_id_arg_on_schema_test.go | 4 +- .../reject_missing_perms_on_dpi_test.go | 2 +- ...ect_missing_resource_arg_on_schema_test.go | 4 +- .../reject_missing_resource_on_dpi_test.go | 2 +- ...ect_mixed_resources_on_partial_dpi_test.go | 2 +- .../updates/remove/policy_test.go | 4 +- tests/integration/test_case.go | 9 +- tests/integration/utils2.go | 19 ++- 128 files changed, 803 insertions(+), 406 deletions(-) create mode 100644 http/auth.go create mode 100644 http/auth_test.go diff --git a/acp/README.md b/acp/README.md index 697a60a0c2..29244103fa 100644 --- a/acp/README.md +++ b/acp/README.md @@ -145,9 +145,31 @@ Here are some valid expression examples. Assuming these `expr` are under a requi - `expr: owner +reader` - `expr: owner+reader` - ## DAC Usage CLI: +### Authentication + +To perform authenticated operations you will need to generate a `secp256k1` key pair. + +The command below will generate a new secp256k1 private key and print the 256 bit X coordinate as a hexadecimal value. + +```sh +openssl ecparam -name secp256k1 -genkey | openssl ec -text -noout | head -n5 | tail -n3 | tr -d '\n:\ ' +``` + +Copy the private key hex from the output. + +```sh +read EC key +e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac +``` + +Use the private key to generate authentication tokens for each request. + +```sh +defradb client ... --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac +``` + ### Adding a Policy: We have in `examples/dpi_policy/user_dpi_policy.yml`: @@ -176,14 +198,13 @@ resources: CLI Command: ```sh -defradb client acp policy add -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j -f examples/dpi_policy/user_dpi_policy.yml - +defradb client acp policy add -f examples/dpi_policy/user_dpi_policy.yml --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac ``` Result: ```json { - "PolicyID": "24ab8cba6d6f0bcfe4d2712c7d95c09dd1b8076ea5a8896476413fd6c891c18c" + "PolicyID": "50d354a91ab1b8fce8a0ae4693de7616fb1d82cfc540f25cfbe11eb0195a5765" } ``` @@ -192,7 +213,7 @@ Result: We have in `examples/schema/permissioned/users.graphql`: ```graphql type Users @policy( - id: "24ab8cba6d6f0bcfe4d2712c7d95c09dd1b8076ea5a8896476413fd6c891c18c", + id: "50d354a91ab1b8fce8a0ae4693de7616fb1d82cfc540f25cfbe11eb0195a5765", resource: "users" ) { name: String @@ -230,7 +251,7 @@ Result: ], "Indexes": [], "Policy": { - "ID": "24ab8cba6d6f0bcfe4d2712c7d95c09dd1b8076ea5a8896476413fd6c891c18c", + "ID": "50d354a91ab1b8fce8a0ae4693de7616fb1d82cfc540f25cfbe11eb0195a5765", "ResourceName": "users" } } @@ -242,7 +263,7 @@ Result: CLI Command: ```sh -defradb client collection create -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name Users '[{ "name": "SecretShahzad" }, { "name": "SecretLone" }]' +defradb client collection create --name Users '[{ "name": "SecretShahzad" }, { "name": "SecretLone" }]' --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac ``` ### Create public documents (without identity) @@ -255,7 +276,7 @@ defradb client collection create --name Users '[{ "name": "PublicShahzad" }, { ### Get all docIDs without an identity (shows only public): CLI Command: ```sh -defradb client collection docIDs -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j +defradb client collection docIDs --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac ``` Result: @@ -273,7 +294,7 @@ Result: ### Get all docIDs with an identity (shows public and owned documents): ```sh -defradb client collection docIDs -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j +defradb client collection docIDs --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac ``` Result: @@ -300,7 +321,7 @@ Result: ### Access the private document (including field names): CLI Command: ```sh -defradb client collection get -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name Users "bae-a5830219-b8e7-5791-9836-2e494816fc0a" +defradb client collection get --name Users "bae-a5830219-b8e7-5791-9836-2e494816fc0a" --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac ``` Result: @@ -325,7 +346,7 @@ Error: ### Accessing the private document with wrong identity: CLI Command: ```sh -defradb client collection get -i cosmos1x25hhksxhu86r45hqwk28dd70qzux3262hdrll --name Users "bae-a5830219-b8e7-5791-9836-2e494816fc0a" +defradb client collection get --name Users "bae-a5830219-b8e7-5791-9836-2e494816fc0a" --identity 4d092126012ebaf56161716018a71630d99443d9d5217e9d8502bb5c5456f2c5 ``` Error: @@ -336,7 +357,7 @@ Error: ### Update private document: CLI Command: ```sh -defradb client collection update -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name Users --docID "bae-a5830219-b8e7-5791-9836-2e494816fc0a" --updater '{ "name": "SecretUpdatedShahzad" }' +defradb client collection update --name Users --docID "bae-a5830219-b8e7-5791-9836-2e494816fc0a" --updater '{ "name": "SecretUpdatedShahzad" }' --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac ``` Result: @@ -352,7 +373,7 @@ Result: #### Check if it actually got updated: CLI Command: ```sh -defradb client collection get -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name Users "bae-a5830219-b8e7-5791-9836-2e494816fc0a" +defradb client collection get --name Users "bae-a5830219-b8e7-5791-9836-2e494816fc0a" --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac ``` Result: @@ -368,7 +389,7 @@ Result: ### Delete private document: CLI Command: ```sh -defradb client collection delete -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name Users --docID "bae-a5830219-b8e7-5791-9836-2e494816fc0a" +defradb client collection delete --name Users --docID "bae-a5830219-b8e7-5791-9836-2e494816fc0a" --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac ``` Result: @@ -384,7 +405,7 @@ Result: #### Check if it actually got deleted: CLI Command: ```sh -defradb client collection get -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name Users "bae-a5830219-b8e7-5791-9836-2e494816fc0a" +defradb client collection get --name Users "bae-a5830219-b8e7-5791-9836-2e494816fc0a" --identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac ``` Error: @@ -408,9 +429,21 @@ Error: ## DAC Usage HTTP: -HTTP requests work similar to their CLI counter parts, the main difference is that the identity will just be specified within the Auth Header like so: `Authorization: Basic `. -Note: The `Basic` label will change to `Bearer ` after JWS Authentication Tokens are supported. +### Authentication + +To perform authenticated operations you will need to build and sign a JWT token with the following required fields: + +- `sub` public key of the identity +- `aud` host name of the defradb api + +> The `exp` and `nbf` fields should also be set to short-lived durations. + +The JWT must be signed with the `secp256k1` private key of the identity you wish to perform actions as. + +The signed token must be set on the `Authorization` header of the HTTP request with the `bearer ` prefix prepended to it. + +If authentication fails for any reason a `403` forbidden response will be returned. ## _AAC DPI Rules (coming soon)_ ## _AAC Usage: (coming soon)_ diff --git a/acp/identity/identity.go b/acp/identity/identity.go index 108c183748..66fec280db 100644 --- a/acp/identity/identity.go +++ b/acp/identity/identity.go @@ -8,34 +8,51 @@ // by the Apache License, Version 2.0, included in the file // licenses/APL.txt. -/* -Package identity provides defradb identity. -*/ - package identity -import "github.com/sourcenetwork/immutable" +import ( + cosmosSecp256k1 "github.com/cosmos/cosmos-sdk/crypto/keys/secp256k1" + "github.com/cosmos/cosmos-sdk/types" + "github.com/decred/dcrd/dcrec/secp256k1/v4" + "github.com/sourcenetwork/immutable" +) -// Identity is the unique identifier for an actor. -type Identity string +// None specifies an anonymous actor. +var None = immutable.None[Identity]() -var ( - // None is an empty identity. - None = immutable.None[Identity]() -) +// Identity describes a unique actor. +type Identity struct { + // PublicKey is the actor's public key. + PublicKey *secp256k1.PublicKey + // PrivateKey is the actor's private key. + PrivateKey *secp256k1.PrivateKey + // Address is the actor's unique address. + // + // The address is derived from the actor's public key. + Address string +} + +// FromPrivateKey returns a new identity using the given private key. +func FromPrivateKey(privateKey *secp256k1.PrivateKey) immutable.Option[Identity] { + pubKey := privateKey.PubKey() + return immutable.Some(Identity{ + Address: AddressFromPublicKey(pubKey), + PublicKey: pubKey, + PrivateKey: privateKey, + }) +} -// New makes a new identity if the input is not empty otherwise, returns None. -func New(identity string) immutable.Option[Identity] { - // TODO-ACP: There will be more validation once sourcehub gets some utilities. - // Then a validation function would do the validation, will likely do outside this function. - // https://github.com/sourcenetwork/defradb/issues/2358 - if identity == "" { - return None - } - return immutable.Some(Identity(identity)) +// FromPublicKey returns a new identity using the given public key. +func FromPublicKey(publicKey *secp256k1.PublicKey) immutable.Option[Identity] { + return immutable.Some(Identity{ + Address: AddressFromPublicKey(publicKey), + PublicKey: publicKey, + }) } -// String returns the string representation of the identity. -func (i Identity) String() string { - return string(i) +// AddressFromPublicKey returns the unique address of the given public key. +func AddressFromPublicKey(publicKey *secp256k1.PublicKey) string { + pub := cosmosSecp256k1.PubKey{Key: publicKey.SerializeCompressed()} + // conversion from well known types should never cause a panic + return types.MustBech32ifyAddressBytes("cosmos", pub.Address().Bytes()) } diff --git a/cli/acp_policy_add.go b/cli/acp_policy_add.go index bca5e95abd..b0db4f63c0 100644 --- a/cli/acp_policy_add.go +++ b/cli/acp_policy_add.go @@ -37,7 +37,8 @@ Notes: - Learn more about [ACP & DPI Rules](/acp/README.md) Example: add from an argument string: - defradb client acp policy add -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j ' + defradb client acp policy add -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f \ +' description: A Valid DefraDB Policy Interface actor: @@ -61,10 +62,12 @@ resources: ' Example: add from file: - defradb client acp policy add -i cosmos17r39df0hdcrgnmmw4mvu7qgk5nu888c7uvv37y -f policy.yml + defradb client acp policy add -f policy.yml \ + -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f Example: add from file, verbose flags: - defradb client acp policy add --identity cosmos1kpw734v54g0t0d8tcye8ee5jc3gld0tcr2q473 --file policy.yml + defradb client acp policy add --file policy.yml \ + --identity 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f Example: add from stdin: cat policy.yml | defradb client acp policy add - diff --git a/cli/client.go b/cli/client.go index 06460ca70d..d6ae8256dd 100644 --- a/cli/client.go +++ b/cli/client.go @@ -38,7 +38,8 @@ Execute queries, add schema types, obtain node info, etc.`, return setContextDB(cmd) }, } - cmd.PersistentFlags().StringVarP(&identity, "identity", "i", "", "ACP Identity") + cmd.PersistentFlags().StringVarP(&identity, "identity", "i", "", + "Hex formatted private key used to authenticate with ACP") cmd.PersistentFlags().Uint64Var(&txID, "tx", 0, "Transaction ID") return cmd } diff --git a/cli/collection.go b/cli/collection.go index cdf3d41f5a..ad7f54ec5c 100644 --- a/cli/collection.go +++ b/cli/collection.go @@ -80,7 +80,8 @@ func MakeCollectionCommand() *cobra.Command { }, } cmd.PersistentFlags().Uint64Var(&txID, "tx", 0, "Transaction ID") - cmd.PersistentFlags().StringVarP(&identity, "identity", "i", "", "ACP Identity") + cmd.PersistentFlags().StringVarP(&identity, "identity", "i", "", + "Hex formatted private key used to authenticate with ACP") cmd.PersistentFlags().StringVar(&name, "name", "", "Collection name") cmd.PersistentFlags().StringVar(&schemaRoot, "schema", "", "Collection schema Root") cmd.PersistentFlags().StringVar(&versionID, "version", "", "Collection version ID") diff --git a/cli/collection_create.go b/cli/collection_create.go index df7d8794b5..994911a14c 100644 --- a/cli/collection_create.go +++ b/cli/collection_create.go @@ -30,7 +30,8 @@ Example: create from string: defradb client collection create --name User '{ "name": "Bob" }' Example: create from string, with identity: - defradb client collection create -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name User '{ "name": "Bob" }' + defradb client collection create --name User '{ "name": "Bob" }' \ + -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f Example: create multiple from string: defradb client collection create --name User '[{ "name": "Alice" }, { "name": "Bob" }]' diff --git a/cli/collection_delete.go b/cli/collection_delete.go index a9776d1985..c3abfcd80e 100644 --- a/cli/collection_delete.go +++ b/cli/collection_delete.go @@ -28,7 +28,8 @@ Example: delete by docID: defradb client collection delete --name User --docID bae-123 Example: delete by docID with identity: - defradb client collection delete -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name User --docID bae-123 + defradb client collection delete --name User --docID bae-123 \ + -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f Example: delete by filter: defradb client collection delete --name User --filter '{ "_gte": { "points": 100 } }' diff --git a/cli/collection_get.go b/cli/collection_get.go index 9ad5566f62..5a310a148c 100644 --- a/cli/collection_get.go +++ b/cli/collection_get.go @@ -27,7 +27,7 @@ Example: defradb client collection get --name User bae-123 Example to get a private document we must use an identity: - defradb client collection get -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name User bae-123 + defradb client collection get -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f --name User bae-123 `, Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { diff --git a/cli/collection_list_doc_ids.go b/cli/collection_list_doc_ids.go index 168bb74a5a..bc6b298f32 100644 --- a/cli/collection_list_doc_ids.go +++ b/cli/collection_list_doc_ids.go @@ -26,7 +26,7 @@ Example: list all docID(s): defradb client collection docIDs --name User Example: list all docID(s), with an identity: - defradb client collection docIDs -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name User + defradb client collection docIDs -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f --name User `, RunE: func(cmd *cobra.Command, args []string) error { col, ok := tryGetContextCollection(cmd) diff --git a/cli/collection_update.go b/cli/collection_update.go index 3e676edce9..fb7e352249 100644 --- a/cli/collection_update.go +++ b/cli/collection_update.go @@ -37,7 +37,7 @@ Example: update by docID: --docID bae-123 --updater '{ "verified": true }' Example: update private docID, with identity: - defradb client collection update -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name User \ + defradb client collection update -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f --name User \ --docID bae-123 --updater '{ "verified": true }' `, Args: cobra.RangeArgs(0, 1), diff --git a/cli/request.go b/cli/request.go index 3dba0c197d..796a5091c0 100644 --- a/cli/request.go +++ b/cli/request.go @@ -38,7 +38,7 @@ Do a query request from a file by using the '-f' flag. Example command: defradb client query -f request.graphql Do a query request from a file and with an identity. Example command: - defradb client query -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j -f request.graphql + defradb client query -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f -f request.graphql Or it can be sent via stdin by using the '-' special syntax. Example command: cat request.graphql | defradb client query - diff --git a/cli/utils.go b/cli/utils.go index 8c394d79eb..c82bba0990 100644 --- a/cli/utils.go +++ b/cli/utils.go @@ -12,11 +12,13 @@ package cli import ( "context" + "encoding/hex" "encoding/json" "os" "path/filepath" "syscall" + "github.com/decred/dcrd/dcrec/secp256k1/v4" "github.com/spf13/cobra" "github.com/spf13/viper" "golang.org/x/term" @@ -139,12 +141,16 @@ func setContextTransaction(cmd *cobra.Command, txId uint64) error { } // setContextIdentity sets the identity for the current command context. -func setContextIdentity(cmd *cobra.Command, identity string) error { - // TODO-ACP: `https://github.com/sourcenetwork/defradb/issues/2358` do the validation here. - if identity == "" { +func setContextIdentity(cmd *cobra.Command, privateKeyHex string) error { + if privateKeyHex == "" { return nil } - ctx := db.SetContextIdentity(cmd.Context(), acpIdentity.New(identity)) + data, err := hex.DecodeString(privateKeyHex) + if err != nil { + return err + } + privKey := secp256k1.PrivKeyFromBytes(data) + ctx := db.SetContextIdentity(cmd.Context(), acpIdentity.FromPrivateKey(privKey)) cmd.SetContext(ctx) return nil } diff --git a/crypto/crypto.go b/crypto/crypto.go index 2e2bc333c1..acf374adb2 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -13,13 +13,18 @@ package crypto import ( "crypto/ed25519" "crypto/rand" + + "github.com/decred/dcrd/dcrec/secp256k1/v4" ) +// GenerateSecp256k1 generates a new secp256k1 private key. +func GenerateSecp256k1() (*secp256k1.PrivateKey, error) { + return secp256k1.GeneratePrivateKey() +} + // GenerateAES256 generates a new random AES-256 bit key. func GenerateAES256() ([]byte, error) { - data := make([]byte, 32) - _, err := rand.Read(data) - return data, err + return RandomBytes(32) } // GenerateEd25519 generates a new random Ed25519 private key. @@ -27,3 +32,10 @@ func GenerateEd25519() (ed25519.PrivateKey, error) { _, priv, err := ed25519.GenerateKey(rand.Reader) return priv, err } + +// RandomBytes returns a random slice of bytes of the given size. +func RandomBytes(size int) ([]byte, error) { + data := make([]byte, size) + _, err := rand.Read(data) + return data, err +} diff --git a/docs/website/references/cli/defradb_client.md b/docs/website/references/cli/defradb_client.md index 73c029153f..592f267e72 100644 --- a/docs/website/references/cli/defradb_client.md +++ b/docs/website/references/cli/defradb_client.md @@ -11,7 +11,7 @@ Execute queries, add schema types, obtain node info, etc. ``` -h, --help help for client - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --tx uint Transaction ID ``` diff --git a/docs/website/references/cli/defradb_client_acp.md b/docs/website/references/cli/defradb_client_acp.md index b8d92ee2bd..d80da76887 100644 --- a/docs/website/references/cli/defradb_client_acp.md +++ b/docs/website/references/cli/defradb_client_acp.md @@ -19,7 +19,7 @@ Learn more about [ACP](/acp/README.md) ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_acp_policy.md b/docs/website/references/cli/defradb_client_acp_policy.md index 3330a7e3dc..8374c92c15 100644 --- a/docs/website/references/cli/defradb_client_acp_policy.md +++ b/docs/website/references/cli/defradb_client_acp_policy.md @@ -15,7 +15,7 @@ Interact with the acp policy features of DefraDB instance ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_acp_policy_add.md b/docs/website/references/cli/defradb_client_acp_policy_add.md index 6b1e1865f6..ed2938e28e 100644 --- a/docs/website/references/cli/defradb_client_acp_policy_add.md +++ b/docs/website/references/cli/defradb_client_acp_policy_add.md @@ -15,7 +15,8 @@ Notes: - Learn more about [ACP & DPI Rules](/acp/README.md) Example: add from an argument string: - defradb client acp policy add -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j ' + defradb client acp policy add -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f \ +' description: A Valid DefraDB Policy Interface actor: @@ -39,10 +40,12 @@ resources: ' Example: add from file: - defradb client acp policy add -i cosmos17r39df0hdcrgnmmw4mvu7qgk5nu888c7uvv37y -f policy.yml + defradb client acp policy add -f policy.yml \ + -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f Example: add from file, verbose flags: - defradb client acp policy add --identity cosmos1kpw734v54g0t0d8tcye8ee5jc3gld0tcr2q473 --file policy.yml + defradb client acp policy add --file policy.yml \ + --identity 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f Example: add from stdin: cat policy.yml | defradb client acp policy add - @@ -63,7 +66,7 @@ defradb client acp policy add [-i --identity] [policy] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_backup.md b/docs/website/references/cli/defradb_client_backup.md index a75f1edd43..11bdb78c23 100644 --- a/docs/website/references/cli/defradb_client_backup.md +++ b/docs/website/references/cli/defradb_client_backup.md @@ -16,7 +16,7 @@ Currently only supports JSON format. ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_backup_export.md b/docs/website/references/cli/defradb_client_backup_export.md index 5a4aa314cf..07a3e1bd85 100644 --- a/docs/website/references/cli/defradb_client_backup_export.md +++ b/docs/website/references/cli/defradb_client_backup_export.md @@ -30,7 +30,7 @@ defradb client backup export [-c --collections | -p --pretty | -f --format] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_collection.md b/docs/website/references/cli/defradb_client_collection.md index 24242d0966..bd732d0b07 100644 --- a/docs/website/references/cli/defradb_client_collection.md +++ b/docs/website/references/cli/defradb_client_collection.md @@ -11,7 +11,7 @@ Create, read, update, and delete documents within a collection. ``` --get-inactive Get inactive collections as well as active -h, --help help for collection - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --name string Collection name --schema string Collection schema Root --tx uint Transaction ID diff --git a/docs/website/references/cli/defradb_client_collection_create.md b/docs/website/references/cli/defradb_client_collection_create.md index c44c99e6c0..425be82753 100644 --- a/docs/website/references/cli/defradb_client_collection_create.md +++ b/docs/website/references/cli/defradb_client_collection_create.md @@ -10,7 +10,8 @@ Example: create from string: defradb client collection create --name User '{ "name": "Bob" }' Example: create from string, with identity: - defradb client collection create -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name User '{ "name": "Bob" }' + defradb client collection create --name User '{ "name": "Bob" }' \ + -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f Example: create multiple from string: defradb client collection create --name User '[{ "name": "Alice" }, { "name": "Bob" }]' @@ -37,7 +38,7 @@ defradb client collection create [-i --identity] [flags] ``` --get-inactive Get inactive collections as well as active - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_collection_delete.md b/docs/website/references/cli/defradb_client_collection_delete.md index 93fd056f76..af36d60e15 100644 --- a/docs/website/references/cli/defradb_client_collection_delete.md +++ b/docs/website/references/cli/defradb_client_collection_delete.md @@ -10,7 +10,8 @@ Example: delete by docID: defradb client collection delete --name User --docID bae-123 Example: delete by docID with identity: - defradb client collection delete -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name User --docID bae-123 + defradb client collection delete --name User --docID bae-123 \ + -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f Example: delete by filter: defradb client collection delete --name User --filter '{ "_gte": { "points": 100 } }' @@ -32,7 +33,7 @@ defradb client collection delete [-i --identity] [--filter --docID [flags] ``` --get-inactive Get inactive collections as well as active - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_collection_patch.md b/docs/website/references/cli/defradb_client_collection_patch.md index 13596cf36b..d27306cc43 100644 --- a/docs/website/references/cli/defradb_client_collection_patch.md +++ b/docs/website/references/cli/defradb_client_collection_patch.md @@ -34,7 +34,7 @@ defradb client collection patch [patch] [flags] ``` --get-inactive Get inactive collections as well as active - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_collection_update.md b/docs/website/references/cli/defradb_client_collection_update.md index b23575bbe7..37ef8249a6 100644 --- a/docs/website/references/cli/defradb_client_collection_update.md +++ b/docs/website/references/cli/defradb_client_collection_update.md @@ -18,7 +18,7 @@ Example: update by docID: --docID bae-123 --updater '{ "verified": true }' Example: update private docID, with identity: - defradb client collection update -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j --name User \ + defradb client collection update -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f --name User \ --docID bae-123 --updater '{ "verified": true }' @@ -39,7 +39,7 @@ defradb client collection update [-i --identity] [--filter --docID --fields [-n - ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_index_drop.md b/docs/website/references/cli/defradb_client_index_drop.md index 40a2bf4067..1ccf845e02 100644 --- a/docs/website/references/cli/defradb_client_index_drop.md +++ b/docs/website/references/cli/defradb_client_index_drop.md @@ -24,7 +24,7 @@ defradb client index drop -c --collection -n --name [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_index_list.md b/docs/website/references/cli/defradb_client_index_list.md index dbae25798a..ad66d3524b 100644 --- a/docs/website/references/cli/defradb_client_index_list.md +++ b/docs/website/references/cli/defradb_client_index_list.md @@ -26,7 +26,7 @@ defradb client index list [-c --collection ] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p.md b/docs/website/references/cli/defradb_client_p2p.md index 4801449245..8896ed0b29 100644 --- a/docs/website/references/cli/defradb_client_p2p.md +++ b/docs/website/references/cli/defradb_client_p2p.md @@ -15,7 +15,7 @@ Interact with the DefraDB P2P system ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p_collection.md b/docs/website/references/cli/defradb_client_p2p_collection.md index 0882eb93bc..d0eea4ee83 100644 --- a/docs/website/references/cli/defradb_client_p2p_collection.md +++ b/docs/website/references/cli/defradb_client_p2p_collection.md @@ -16,7 +16,7 @@ The selected collections synchronize their events on the pubsub network. ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p_collection_add.md b/docs/website/references/cli/defradb_client_p2p_collection_add.md index 72258df075..c9e4d60a79 100644 --- a/docs/website/references/cli/defradb_client_p2p_collection_add.md +++ b/docs/website/references/cli/defradb_client_p2p_collection_add.md @@ -27,7 +27,7 @@ defradb client p2p collection add [collectionIDs] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p_collection_getall.md b/docs/website/references/cli/defradb_client_p2p_collection_getall.md index 9e181e41d9..82f9cd9588 100644 --- a/docs/website/references/cli/defradb_client_p2p_collection_getall.md +++ b/docs/website/references/cli/defradb_client_p2p_collection_getall.md @@ -20,7 +20,7 @@ defradb client p2p collection getall [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p_collection_remove.md b/docs/website/references/cli/defradb_client_p2p_collection_remove.md index c08ef717ed..6faffa5204 100644 --- a/docs/website/references/cli/defradb_client_p2p_collection_remove.md +++ b/docs/website/references/cli/defradb_client_p2p_collection_remove.md @@ -27,7 +27,7 @@ defradb client p2p collection remove [collectionIDs] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p_info.md b/docs/website/references/cli/defradb_client_p2p_info.md index 55c55e24ab..22e6e44288 100644 --- a/docs/website/references/cli/defradb_client_p2p_info.md +++ b/docs/website/references/cli/defradb_client_p2p_info.md @@ -19,7 +19,7 @@ defradb client p2p info [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p_replicator.md b/docs/website/references/cli/defradb_client_p2p_replicator.md index cfa84ea2f3..2ab9a6391a 100644 --- a/docs/website/references/cli/defradb_client_p2p_replicator.md +++ b/docs/website/references/cli/defradb_client_p2p_replicator.md @@ -16,7 +16,7 @@ A replicator replicates one or all collection(s) from one node to another. ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p_replicator_delete.md b/docs/website/references/cli/defradb_client_p2p_replicator_delete.md index 0ee748feeb..9977d9811c 100644 --- a/docs/website/references/cli/defradb_client_p2p_replicator_delete.md +++ b/docs/website/references/cli/defradb_client_p2p_replicator_delete.md @@ -25,7 +25,7 @@ defradb client p2p replicator delete [-c, --collection] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p_replicator_getall.md b/docs/website/references/cli/defradb_client_p2p_replicator_getall.md index 470f692bfc..0bca40baa0 100644 --- a/docs/website/references/cli/defradb_client_p2p_replicator_getall.md +++ b/docs/website/references/cli/defradb_client_p2p_replicator_getall.md @@ -24,7 +24,7 @@ defradb client p2p replicator getall [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_p2p_replicator_set.md b/docs/website/references/cli/defradb_client_p2p_replicator_set.md index 52917a7150..7f8623b96e 100644 --- a/docs/website/references/cli/defradb_client_p2p_replicator_set.md +++ b/docs/website/references/cli/defradb_client_p2p_replicator_set.md @@ -25,7 +25,7 @@ defradb client p2p replicator set [-c, --collection] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_query.md b/docs/website/references/cli/defradb_client_query.md index 2dcea07526..ec868456b1 100644 --- a/docs/website/references/cli/defradb_client_query.md +++ b/docs/website/references/cli/defradb_client_query.md @@ -13,7 +13,7 @@ Do a query request from a file by using the '-f' flag. Example command: defradb client query -f request.graphql Do a query request from a file and with an identity. Example command: - defradb client query -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j -f request.graphql + defradb client query -i 028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f -f request.graphql Or it can be sent via stdin by using the '-' special syntax. Example command: cat request.graphql | defradb client query - @@ -37,7 +37,7 @@ defradb client query [-i --identity] [request] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema.md b/docs/website/references/cli/defradb_client_schema.md index c69bdaee8f..4ad3289b35 100644 --- a/docs/website/references/cli/defradb_client_schema.md +++ b/docs/website/references/cli/defradb_client_schema.md @@ -15,7 +15,7 @@ Make changes, updates, or look for existing schema types. ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_add.md b/docs/website/references/cli/defradb_client_schema_add.md index 9e70bb1f17..c10496112e 100644 --- a/docs/website/references/cli/defradb_client_schema_add.md +++ b/docs/website/references/cli/defradb_client_schema_add.md @@ -36,7 +36,7 @@ defradb client schema add [schema] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_describe.md b/docs/website/references/cli/defradb_client_schema_describe.md index 06cb28479d..1a0abbc964 100644 --- a/docs/website/references/cli/defradb_client_schema_describe.md +++ b/docs/website/references/cli/defradb_client_schema_describe.md @@ -35,7 +35,7 @@ defradb client schema describe [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_migration.md b/docs/website/references/cli/defradb_client_schema_migration.md index a7d492d535..3660095f0f 100644 --- a/docs/website/references/cli/defradb_client_schema_migration.md +++ b/docs/website/references/cli/defradb_client_schema_migration.md @@ -15,7 +15,7 @@ Make set or look for existing schema migrations on a DefraDB node. ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_migration_down.md b/docs/website/references/cli/defradb_client_schema_migration_down.md index c457a61992..82f2168b04 100644 --- a/docs/website/references/cli/defradb_client_schema_migration_down.md +++ b/docs/website/references/cli/defradb_client_schema_migration_down.md @@ -32,7 +32,7 @@ defradb client schema migration down --collection [fl ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_migration_reload.md b/docs/website/references/cli/defradb_client_schema_migration_reload.md index e4d1b77cdf..c74d4987b7 100644 --- a/docs/website/references/cli/defradb_client_schema_migration_reload.md +++ b/docs/website/references/cli/defradb_client_schema_migration_reload.md @@ -19,7 +19,7 @@ defradb client schema migration reload [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_migration_set-registry.md b/docs/website/references/cli/defradb_client_schema_migration_set-registry.md index f920a37216..f554ac5f48 100644 --- a/docs/website/references/cli/defradb_client_schema_migration_set-registry.md +++ b/docs/website/references/cli/defradb_client_schema_migration_set-registry.md @@ -25,7 +25,7 @@ defradb client schema migration set-registry [collectionID] [cfg] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_migration_set.md b/docs/website/references/cli/defradb_client_schema_migration_set.md index 66062fe4e8..fde006cb05 100644 --- a/docs/website/references/cli/defradb_client_schema_migration_set.md +++ b/docs/website/references/cli/defradb_client_schema_migration_set.md @@ -32,7 +32,7 @@ defradb client schema migration set [src] [dst] [cfg] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_migration_up.md b/docs/website/references/cli/defradb_client_schema_migration_up.md index 5174bf5ce0..fb6352c2f6 100644 --- a/docs/website/references/cli/defradb_client_schema_migration_up.md +++ b/docs/website/references/cli/defradb_client_schema_migration_up.md @@ -32,7 +32,7 @@ defradb client schema migration up --collection [flag ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_patch.md b/docs/website/references/cli/defradb_client_schema_patch.md index 6c884d0a0f..a47ffc633c 100644 --- a/docs/website/references/cli/defradb_client_schema_patch.md +++ b/docs/website/references/cli/defradb_client_schema_patch.md @@ -35,7 +35,7 @@ defradb client schema patch [schema] [migration] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_schema_set-active.md b/docs/website/references/cli/defradb_client_schema_set-active.md index 5e9daf911b..efc4dee955 100644 --- a/docs/website/references/cli/defradb_client_schema_set-active.md +++ b/docs/website/references/cli/defradb_client_schema_set-active.md @@ -20,7 +20,7 @@ defradb client schema set-active [versionID] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_tx.md b/docs/website/references/cli/defradb_client_tx.md index e9ffb95d3b..acc23bba4a 100644 --- a/docs/website/references/cli/defradb_client_tx.md +++ b/docs/website/references/cli/defradb_client_tx.md @@ -15,7 +15,7 @@ Create, commit, and discard DefraDB transactions ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_tx_commit.md b/docs/website/references/cli/defradb_client_tx_commit.md index d641d03691..7775cb5287 100644 --- a/docs/website/references/cli/defradb_client_tx_commit.md +++ b/docs/website/references/cli/defradb_client_tx_commit.md @@ -19,7 +19,7 @@ defradb client tx commit [id] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_tx_create.md b/docs/website/references/cli/defradb_client_tx_create.md index 633c82b6e4..2c3c7e5278 100644 --- a/docs/website/references/cli/defradb_client_tx_create.md +++ b/docs/website/references/cli/defradb_client_tx_create.md @@ -21,7 +21,7 @@ defradb client tx create [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_tx_discard.md b/docs/website/references/cli/defradb_client_tx_discard.md index a61bbc5fa1..dfbee4733c 100644 --- a/docs/website/references/cli/defradb_client_tx_discard.md +++ b/docs/website/references/cli/defradb_client_tx_discard.md @@ -19,7 +19,7 @@ defradb client tx discard [id] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_view.md b/docs/website/references/cli/defradb_client_view.md index 15dd2034cb..498b11a59e 100644 --- a/docs/website/references/cli/defradb_client_view.md +++ b/docs/website/references/cli/defradb_client_view.md @@ -15,7 +15,7 @@ Manage (add) views withing a running DefraDB instance ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/docs/website/references/cli/defradb_client_view_add.md b/docs/website/references/cli/defradb_client_view_add.md index ee5e94f6df..e50c16d7f6 100644 --- a/docs/website/references/cli/defradb_client_view_add.md +++ b/docs/website/references/cli/defradb_client_view_add.md @@ -25,7 +25,7 @@ defradb client view add [query] [sdl] [transform] [flags] ### Options inherited from parent commands ``` - -i, --identity string ACP Identity + -i, --identity string Hex formatted private key used to authenticate with ACP --keyring-backend string Keyring backend to use. Options are file or system (default "file") --keyring-namespace string Service name to use when using the system backend (default "defradb") --keyring-path string Path to store encrypted keys when using the file backend (default "keys") diff --git a/examples/schema/permissioned/users.graphql b/examples/schema/permissioned/users.graphql index 771e6da2c9..69923d2351 100644 --- a/examples/schema/permissioned/users.graphql +++ b/examples/schema/permissioned/users.graphql @@ -10,7 +10,7 @@ # The policy must be a valid DPI, learn more about the DefraDB Policy Interface [DPI](/acp/README.md) type Users @policy( - id: "24ab8cba6d6f0bcfe4d2712c7d95c09dd1b8076ea5a8896476413fd6c891c18c", + id: "50d354a91ab1b8fce8a0ae4693de7616fb1d82cfc540f25cfbe11eb0195a5765", resource: "users" ) { name: String diff --git a/go.mod b/go.mod index 7933128def..6b166e3369 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,9 @@ go 1.21.3 require ( github.com/bits-and-blooms/bitset v1.13.0 github.com/bxcodec/faker v2.0.1+incompatible + github.com/cosmos/cosmos-sdk v0.50.6 github.com/cosmos/gogoproto v1.4.12 + github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 github.com/evanphx/json-patch/v5 v5.9.0 github.com/fxamacker/cbor/v2 v2.6.0 github.com/getkin/kin-openapi v0.124.0 @@ -51,7 +53,7 @@ require ( go.opentelemetry.io/otel/metric v1.26.0 go.opentelemetry.io/otel/sdk/metric v1.26.0 go.uber.org/zap v1.27.0 - golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 + golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 golang.org/x/term v0.20.0 google.golang.org/grpc v1.64.0 google.golang.org/protobuf v1.34.1 @@ -59,15 +61,15 @@ require ( require ( buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.31.0-20230802163732-1c33ebd9ecfa.1 // indirect - cosmossdk.io/api v0.7.3 // indirect + cosmossdk.io/api v0.7.4 // indirect cosmossdk.io/collections v0.4.0 // indirect cosmossdk.io/core v0.11.0 // indirect cosmossdk.io/depinject v1.0.0-alpha.4 // indirect cosmossdk.io/errors v1.0.1 // indirect cosmossdk.io/log v1.3.1 // indirect cosmossdk.io/math v1.3.0 // indirect - cosmossdk.io/store v1.0.2 // indirect - cosmossdk.io/x/tx v0.13.1 // indirect + cosmossdk.io/store v1.1.0 // indirect + cosmossdk.io/x/tx v0.13.2 // indirect filippo.io/edwards25519 v1.0.0 // indirect github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect github.com/99designs/keyring v1.2.1 // indirect @@ -86,7 +88,7 @@ require ( github.com/bytecodealliance/wasmtime-go/v15 v15.0.0 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash v1.1.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cockroachdb/errors v1.11.1 // indirect github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b // indirect github.com/cockroachdb/pebble v1.1.0 // indirect @@ -98,12 +100,11 @@ require ( github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cosmos/btcutil v1.0.5 // indirect github.com/cosmos/cosmos-db v1.0.2 // indirect - github.com/cosmos/cosmos-proto v1.0.0-beta.4 // indirect - github.com/cosmos/cosmos-sdk v0.50.5 // indirect + github.com/cosmos/cosmos-proto v1.0.0-beta.5 // indirect github.com/cosmos/go-bip39 v1.0.0 // indirect github.com/cosmos/gogogateway v1.2.0 // indirect github.com/cosmos/gorocksdb v1.2.0 // indirect - github.com/cosmos/iavl v1.0.1 // indirect + github.com/cosmos/iavl v1.1.2 // indirect github.com/cosmos/ics23/go v0.10.0 // indirect github.com/cosmos/ledger-cosmos-go v0.13.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect @@ -111,7 +112,6 @@ require ( github.com/danieljoos/wincred v1.2.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect - github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect github.com/dgraph-io/badger/v2 v2.2007.4 // indirect github.com/dgraph-io/ristretto v0.1.1 // indirect @@ -162,7 +162,7 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-hclog v1.5.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-metrics v0.5.2 // indirect + github.com/hashicorp/go-metrics v0.5.3 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.5.2 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect @@ -216,7 +216,7 @@ require ( github.com/libp2p/go-netroute v0.2.1 // indirect github.com/libp2p/go-reuseport v0.4.0 // indirect github.com/libp2p/go-yamux/v4 v4.0.1 // indirect - github.com/linxGnu/grocksdb v1.8.12 // indirect + github.com/linxGnu/grocksdb v1.8.14 // indirect github.com/lmittmann/tint v1.0.4 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect @@ -247,16 +247,16 @@ require ( github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 // indirect github.com/pelletier/go-toml/v2 v2.1.0 // indirect github.com/perimeterx/marshmallow v1.1.5 // indirect - github.com/petermattis/goid v0.0.0-20230904192822-1876fd5063bc // indirect + github.com/petermattis/goid v0.0.0-20231207134359-e60b3f734c67 // indirect github.com/piprate/json-gold v0.5.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/polydawn/refmt v0.89.0 // indirect github.com/pquerna/cachecontrol v0.1.0 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.6.0 // indirect - github.com/prometheus/common v0.47.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.52.2 // indirect + github.com/prometheus/procfs v0.13.0 // indirect github.com/quic-go/qpack v0.4.0 // indirect github.com/quic-go/quic-go v0.42.0 // indirect github.com/quic-go/webtransport-go v0.6.0 // indirect @@ -300,21 +300,21 @@ require ( go.uber.org/fx v1.20.1 // indirect go.uber.org/mock v0.4.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.23.0 // indirect - golang.org/x/sync v0.6.0 // indirect + golang.org/x/crypto v0.23.0 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.14.0 // indirect - golang.org/x/tools v0.18.0 // indirect + golang.org/x/text v0.15.0 // indirect + golang.org/x/tools v0.20.0 // indirect gonum.org/v1/gonum v0.14.0 // indirect google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect gotest.tools/v3 v3.5.1 // indirect - lukechampine.com/blake3 v1.2.1 // indirect + lukechampine.com/blake3 v1.3.0 // indirect nhooyr.io/websocket v1.8.7 // indirect pgregory.net/rapid v1.1.0 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/go.sum b/go.sum index b46681e784..508d0fa72f 100644 --- a/go.sum +++ b/go.sum @@ -4,8 +4,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT cloud.google.com/go v0.31.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.37.0/go.mod h1:TS1dMSSfndXH133OKGwekG838Om/cQT0BUHV3HcBgoo= -cosmossdk.io/api v0.7.3 h1:V815i8YOwOAQa1rLCsSMjVG5Gnzs02JLq+l7ks8s1jk= -cosmossdk.io/api v0.7.3/go.mod h1:IcxpYS5fMemZGqyYtErK7OqvdM0C8kdW3dq8Q/XIG38= +cosmossdk.io/api v0.7.4 h1:sPo8wKwCty1lht8kgL3J7YL1voJywP3YWuA5JKkBz30= +cosmossdk.io/api v0.7.4/go.mod h1:IcxpYS5fMemZGqyYtErK7OqvdM0C8kdW3dq8Q/XIG38= cosmossdk.io/collections v0.4.0 h1:PFmwj2W8szgpD5nOd8GWH6AbYNi1f2J6akWXJ7P5t9s= cosmossdk.io/collections v0.4.0/go.mod h1:oa5lUING2dP+gdDquow+QjlF45eL1t4TJDypgGd+tv0= cosmossdk.io/core v0.11.0 h1:vtIafqUi+1ZNAE/oxLOQQ7Oek2n4S48SWLG8h/+wdbo= @@ -18,10 +18,10 @@ cosmossdk.io/log v1.3.1 h1:UZx8nWIkfbbNEWusZqzAx3ZGvu54TZacWib3EzUYmGI= cosmossdk.io/log v1.3.1/go.mod h1:2/dIomt8mKdk6vl3OWJcPk2be3pGOS8OQaLUM/3/tCM= cosmossdk.io/math v1.3.0 h1:RC+jryuKeytIiictDslBP9i1fhkVm6ZDmZEoNP316zE= cosmossdk.io/math v1.3.0/go.mod h1:vnRTxewy+M7BtXBNFybkuhSH4WfedVAAnERHgVFhp3k= -cosmossdk.io/store v1.0.2 h1:lSg5BTvJBHUDwswNNyeh4K/CbqiHER73VU4nDNb8uk0= -cosmossdk.io/store v1.0.2/go.mod h1:EFtENTqVTuWwitGW1VwaBct+yDagk7oG/axBMPH+FXs= -cosmossdk.io/x/tx v0.13.1 h1:Mg+EMp67Pz+NukbJqYxuo8uRp7N/a9uR+oVS9pONtj8= -cosmossdk.io/x/tx v0.13.1/go.mod h1:CBCU6fsRVz23QGFIQBb1DNX2DztJCf3jWyEkHY2nJQ0= +cosmossdk.io/store v1.1.0 h1:LnKwgYMc9BInn9PhpTFEQVbL9UK475G2H911CGGnWHk= +cosmossdk.io/store v1.1.0/go.mod h1:oZfW/4Fc/zYqu3JmQcQdUJ3fqu5vnYTn3LZFFy8P8ng= +cosmossdk.io/x/tx v0.13.2 h1:Kh90UH30bhnnUdJH+CmWLyaH8IKdY6BBGY3EkdOk82o= +cosmossdk.io/x/tx v0.13.2/go.mod h1:yhPokDCfXVIuAtyp49IFlWB5YAXUgD7Zek+ZHwsHzvU= dmitri.shuralyov.com/app/changes v0.0.0-20180602232624-0a106ad413e3/go.mod h1:Yl+fi1br7+Rr3LqpNJf1/uxUdtRUV+Tnj0o93V2B9MU= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU= @@ -135,8 +135,8 @@ github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/readline v1.5.1 h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI= @@ -192,10 +192,10 @@ github.com/cosmos/btcutil v1.0.5 h1:t+ZFcX77LpKtDBhjucvnOH8C2l2ioGsBNEQ3jef8xFk= github.com/cosmos/btcutil v1.0.5/go.mod h1:IyB7iuqZMJlthe2tkIFL33xPyzbFYP0XVdS8P5lUPis= github.com/cosmos/cosmos-db v1.0.2 h1:hwMjozuY1OlJs/uh6vddqnk9j7VamLv+0DBlbEXbAKs= github.com/cosmos/cosmos-db v1.0.2/go.mod h1:Z8IXcFJ9PqKK6BIsVOB3QXtkKoqUOp1vRvPT39kOXEA= -github.com/cosmos/cosmos-proto v1.0.0-beta.4 h1:aEL7tU/rLOmxZQ9z4i7mzxcLbSCY48OdY7lIWTLG7oU= -github.com/cosmos/cosmos-proto v1.0.0-beta.4/go.mod h1:oeB+FyVzG3XrQJbJng0EnV8Vljfk9XvTIpGILNU/9Co= -github.com/cosmos/cosmos-sdk v0.50.5 h1:MOEi+DKYgW67YaPgB+Pf+nHbD3V9S/ayitRKJYLfGIA= -github.com/cosmos/cosmos-sdk v0.50.5/go.mod h1:oV/k6GJgXV9QPoM2fsYDPPsyPBgQbdotv532O6Mz1OQ= +github.com/cosmos/cosmos-proto v1.0.0-beta.5 h1:eNcayDLpip+zVLRLYafhzLvQlSmyab+RC5W7ZfmxJLA= +github.com/cosmos/cosmos-proto v1.0.0-beta.5/go.mod h1:hQGLpiIUloJBMdQMMWb/4wRApmI9hjHH05nefC0Ojec= +github.com/cosmos/cosmos-sdk v0.50.6 h1:efR3MsvMHX5sxS3be+hOobGk87IzlZbSpsI2x/Vw3hk= +github.com/cosmos/cosmos-sdk v0.50.6/go.mod h1:lVkRY6cdMJ0fG3gp8y4hFrsKZqF4z7y0M2UXFb9Yt40= github.com/cosmos/go-bip39 v1.0.0 h1:pcomnQdrdH22njcAatO0yWojsUnCO3y2tNoV1cb6hHY= github.com/cosmos/go-bip39 v1.0.0/go.mod h1:RNJv0H/pOIVgxw6KS7QeX2a0Uo0aKUlfhZ4xuwvCdJw= github.com/cosmos/gogogateway v1.2.0 h1:Ae/OivNhp8DqBi/sh2A8a1D0y638GpL3tkmLQAiKxTE= @@ -205,8 +205,8 @@ github.com/cosmos/gogoproto v1.4.12 h1:vB6Lbe/rtnYGjQuFxkPiPYiCybqFT8QvLipDZP8Jp github.com/cosmos/gogoproto v1.4.12/go.mod h1:LnZob1bXRdUoqMMtwYlcR3wjiElmlC+FkjaZRv1/eLY= github.com/cosmos/gorocksdb v1.2.0 h1:d0l3jJG8M4hBouIZq0mDUHZ+zjOx044J3nGRskwTb4Y= github.com/cosmos/gorocksdb v1.2.0/go.mod h1:aaKvKItm514hKfNJpUJXnnOWeBnk2GL4+Qw9NHizILw= -github.com/cosmos/iavl v1.0.1 h1:D+mYbcRO2wptYzOM1Hxl9cpmmHU1ZEt9T2Wv5nZTeUw= -github.com/cosmos/iavl v1.0.1/go.mod h1:8xIUkgVvwvVrBu81scdPty+/Dx9GqwHnAvXz4cwF7RY= +github.com/cosmos/iavl v1.1.2 h1:zL9FK7C4L/P4IF1Dm5fIwz0WXCnn7Bp1M2FxH0ayM7Y= +github.com/cosmos/iavl v1.1.2/go.mod h1:jLeUvm6bGT1YutCaL2fIar/8vGUE8cPZvh/gXEWDaDM= github.com/cosmos/ics23/go v0.10.0 h1:iXqLLgp2Lp+EdpIuwXTYIQU+AiHj9mOC2X9ab++bZDM= github.com/cosmos/ics23/go v0.10.0/go.mod h1:ZfJSmng/TBNTBkFemHHHj5YY7VAU/MBU980F4VU1NG0= github.com/cosmos/ledger-cosmos-go v0.13.3 h1:7ehuBGuyIytsXbd4MP43mLeoN2LTOEnk5nvue4rK+yM= @@ -233,8 +233,8 @@ github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c h1:pFUpOrbxDR github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c/go.mod h1:6UhI8N9EjYm1c2odKpFpAYeR8dsBeM7PtzQhRgxRr9U= github.com/decred/dcrd/crypto/blake256 v1.0.1 h1:7PltbUIQB7u/FfZ39+DGa/ShuMyJ5ilcvdfma9wOH6Y= github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 h1:8UrgZ3GkP4i/CLijOJx79Yu+etlyjdBU4sfcs2WYQMs= -github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg= +github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE= github.com/dgraph-io/badger v1.6.2 h1:mNw0qs90GVgGGWylh0umH5iag1j6n/PeJtNvL6KY/x8= @@ -517,8 +517,8 @@ github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-metrics v0.5.2 h1:ErEYO2f//CjKsUDw4SmLzelsK6L3ZmOAR/4P9iS7ruY= -github.com/hashicorp/go-metrics v0.5.2/go.mod h1:KEjodfebIOuBYSAe/bHTm+HChmKSxAOXPBieMLYozDE= +github.com/hashicorp/go-metrics v0.5.3 h1:M5uADWMOGCTUNU1YuC4hfknOeHNaX54LDm4oYSucoNE= +github.com/hashicorp/go-metrics v0.5.3/go.mod h1:KEjodfebIOuBYSAe/bHTm+HChmKSxAOXPBieMLYozDE= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= @@ -752,8 +752,8 @@ github.com/libp2p/zeroconf/v2 v2.2.0 h1:Cup06Jv6u81HLhIj1KasuNM/RHHrJ8T7wOTS4+Tv github.com/libp2p/zeroconf/v2 v2.2.0/go.mod h1:fuJqLnUwZTshS3U/bMRJ3+ow/v9oid1n0DmyYyNO1Xs= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= -github.com/linxGnu/grocksdb v1.8.12 h1:1/pCztQUOa3BX/1gR3jSZDoaKFpeHFvQ1XrqZpSvZVo= -github.com/linxGnu/grocksdb v1.8.12/go.mod h1:xZCIb5Muw+nhbDK4Y5UJuOrin5MceOuiXkVUR7vp4WY= +github.com/linxGnu/grocksdb v1.8.14 h1:HTgyYalNwBSG/1qCQUIott44wU5b2Y9Kr3z7SK5OfGQ= +github.com/linxGnu/grocksdb v1.8.14/go.mod h1:QYiYypR2d4v63Wj1adOOfzglnoII0gLj3PNh4fZkcFA= github.com/lmittmann/tint v1.0.4 h1:LeYihpJ9hyGvE0w+K2okPTGUdVLfng1+nDNVR4vWISc= github.com/lmittmann/tint v1.0.4/go.mod h1:HIS3gSy7qNwGCj+5oRjAutErFBl4BzdQP6cJZ0NfMwE= github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= @@ -930,8 +930,8 @@ github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9 github.com/perimeterx/marshmallow v1.1.5 h1:a2LALqQ1BlHM8PZblsDdidgv1mWi1DgC2UmX50IvK2s= github.com/perimeterx/marshmallow v1.1.5/go.mod h1:dsXbUu8CRzfYP5a87xpp0xq9S3u0Vchtcl8we9tYaXw= github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o= -github.com/petermattis/goid v0.0.0-20230904192822-1876fd5063bc h1:8bQZVK1X6BJR/6nYUPxQEP+ReTsceJTKizeuwjWOPUA= -github.com/petermattis/goid v0.0.0-20230904192822-1876fd5063bc/go.mod h1:pxMtw7cyUw6B2bRH0ZBANSPg+AoSud1I1iyJHI69jH4= +github.com/petermattis/goid v0.0.0-20231207134359-e60b3f734c67 h1:jik8PHtAIsPlCRJjJzl4udgEf7hawInF9texMeO2jrU= +github.com/petermattis/goid v0.0.0-20231207134359-e60b3f734c67/go.mod h1:pxMtw7cyUw6B2bRH0ZBANSPg+AoSud1I1iyJHI69jH4= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pingcap/errors v0.11.4 h1:lFuQV/oaUMGcD2tqt+01ROSmJs75VG1ToEOkZIZ4nE4= @@ -959,16 +959,16 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= +github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= -github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.0.0-20180801064454-c7de2306084e/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= @@ -976,8 +976,8 @@ github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt2 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.47.0 h1:p5Cz0FNHo7SnWOmWmoRozVcjEp0bIVU8cV7OShpjL1k= -github.com/prometheus/common v0.47.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/common v0.52.2 h1:LW8Vk7BccEdONfrJBDffQGRtpSzi5CQaRZGtboOO2ck= +github.com/prometheus/common v0.52.2/go.mod h1:lrWtQx+iDfn2mbH5GUzlH9TSHyfZpHkSiG1W7y3sF2Q= github.com/prometheus/procfs v0.0.0-20180725123919-05ee40e3a273/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -985,8 +985,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.3.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o= +github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g= github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A= github.com/quic-go/quic-go v0.42.0 h1:uSfdap0eveIl8KXnipv9K7nlwZ5IqLlYOpJ58u5utpM= @@ -1268,13 +1268,13 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= -golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ= -golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= +golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0 h1:985EYyeCOxTpcgOTJpflJUwOeEz0CQOdPt73OzpE9F8= +golang.org/x/exp v0.0.0-20240404231335-c0f41cb1a7a0/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1293,8 +1293,8 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1331,8 +1331,8 @@ golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181203162652-d668ce993890/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1349,8 +1349,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180810173357-98c5dad5d1a0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1434,8 +1434,9 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1466,8 +1467,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1501,8 +1502,8 @@ google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUE google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 h1:RFiFrvy37/mpSpdySBDrUdipW/dHwsRwh3J3+A9VgT4= google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda h1:LI5DOvAxUPMv/50agcLLoo+AdWc1irS9Rzz4vPuD1V4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.16.0/go.mod h1:0JHn/cJsOMiMfNA9+DeHDlAU7KAAB5GDlYFpa9MZMio= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= @@ -1583,8 +1584,8 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -lukechampine.com/blake3 v1.2.1 h1:YuqqRuaqsGV71BV/nm9xlI0MKUv4QC54jQnBChWbGnI= -lukechampine.com/blake3 v1.2.1/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k= +lukechampine.com/blake3 v1.3.0 h1:sJ3XhFINmHSrYCgl958hscfIa3bw8x4DqMP3u1YvoYE= +lukechampine.com/blake3 v1.3.0/go.mod h1:0OFRp7fBtAylGVCO40o87sbupkyIGgbpv1+M1k1LM6k= nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= nhooyr.io/websocket v1.8.7 h1:usjR2uOr/zjjkVMy0lW+PPohFok7PCow5sDjLgX4P4g= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= diff --git a/http/auth.go b/http/auth.go new file mode 100644 index 0000000000..994e9a4220 --- /dev/null +++ b/http/auth.go @@ -0,0 +1,115 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package http + +import ( + "encoding/hex" + "net/http" + "strings" + "time" + + "github.com/decred/dcrd/dcrec/secp256k1/v4" + "github.com/lestrrat-go/jwx/v2/jwa" + "github.com/lestrrat-go/jwx/v2/jws" + "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/sourcenetwork/immutable" + + acpIdentity "github.com/sourcenetwork/defradb/acp/identity" + "github.com/sourcenetwork/defradb/internal/db" +) + +const ( + // authHeaderName is the name of the authorization header. + // This header should contain an ACP identity. + authHeaderName = "Authorization" + // authSchemaPrefix is the prefix added to the + // authorization header value. + authSchemaPrefix = "Bearer " + // authTokenExpiration is the default expiration time for auth tokens. + authTokenExpiration = time.Minute * 15 +) + +var authTokenSignatureScheme = jwa.ES256K + +// buildAuthToken returns a new jwt auth token with the subject and audience set +// to the given values. Default expiration and not before values will also be set. +func buildAuthToken(identity acpIdentity.Identity, audience string) (jwt.Token, error) { + if identity.PublicKey == nil { + return nil, ErrMissingIdentityPublicKey + } + subject := hex.EncodeToString(identity.PublicKey.SerializeCompressed()) + now := time.Now() + return jwt.NewBuilder(). + Subject(subject). + Audience([]string{audience}). + Expiration(now.Add(authTokenExpiration)). + NotBefore(now). + Build() +} + +// signAuthToken returns a signed jwt auth token that can be used to authenticate the +// actor identified by the given identity with a defraDB node identified by the given audience. +func signAuthToken(identity acpIdentity.Identity, token jwt.Token) ([]byte, error) { + if identity.PrivateKey == nil { + return nil, ErrMissingIdentityPrivateKey + } + return jwt.Sign(token, jwt.WithKey(authTokenSignatureScheme, identity.PrivateKey.ToECDSA())) +} + +// buildAndSignAuthToken returns a signed jwt auth token that can be used to authenticate the +// actor identified by the given identity with a defraDB node identified by the given audience. +func buildAndSignAuthToken(identity acpIdentity.Identity, audience string) ([]byte, error) { + token, err := buildAuthToken(identity, audience) + if err != nil { + return nil, err + } + return signAuthToken(identity, token) +} + +// verifyAuthToken verifies that the jwt auth token is valid and that the signature +// matches the identity of the subject. +func verifyAuthToken(data []byte, audience string) (immutable.Option[acpIdentity.Identity], error) { + token, err := jwt.Parse(data, jwt.WithVerify(false), jwt.WithAudience(audience)) + if err != nil { + return immutable.None[acpIdentity.Identity](), err + } + subject, err := hex.DecodeString(token.Subject()) + if err != nil { + return immutable.None[acpIdentity.Identity](), err + } + pubKey, err := secp256k1.ParsePubKey(subject) + if err != nil { + return immutable.None[acpIdentity.Identity](), err + } + _, err = jws.Verify(data, jws.WithKey(authTokenSignatureScheme, pubKey.ToECDSA())) + if err != nil { + return immutable.None[acpIdentity.Identity](), err + } + return acpIdentity.FromPublicKey(pubKey), nil +} + +// AuthMiddleware authenticates an actor and sets their identity for all subsequent actions. +func AuthMiddleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + token := strings.TrimPrefix(req.Header.Get(authHeaderName), authSchemaPrefix) + if token == "" { + next.ServeHTTP(rw, req) + return + } + identity, err := verifyAuthToken([]byte(token), strings.ToLower(req.Host)) + if err != nil { + http.Error(rw, "forbidden", http.StatusForbidden) + return + } + ctx := db.SetContextIdentity(req.Context(), identity) + next.ServeHTTP(rw, req.WithContext(ctx)) + }) +} diff --git a/http/auth_test.go b/http/auth_test.go new file mode 100644 index 0000000000..0ea9705efd --- /dev/null +++ b/http/auth_test.go @@ -0,0 +1,140 @@ +// Copyright 2024 Democratized Data Foundation +// +// Use of this software is governed by the Business Source License +// included in the file licenses/BSL.txt. +// +// As of the Change Date specified in that file, in accordance with +// the Business Source License, use of this software will be governed +// by the Apache License, Version 2.0, included in the file +// licenses/APL.txt. + +package http + +import ( + "encoding/hex" + "testing" + "time" + + "github.com/lestrrat-go/jwx/v2/jwt" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + acpIdentity "github.com/sourcenetwork/defradb/acp/identity" + "github.com/sourcenetwork/defradb/crypto" +) + +func TestBuildAuthToken(t *testing.T) { + privKey, err := crypto.GenerateSecp256k1() + require.NoError(t, err) + + identity := acpIdentity.FromPrivateKey(privKey) + token, err := buildAuthToken(identity.Value(), "abc123") + require.NoError(t, err) + + subject := hex.EncodeToString(privKey.PubKey().SerializeCompressed()) + assert.Equal(t, subject, token.Subject()) + + assert.True(t, token.NotBefore().Before(time.Now())) + assert.True(t, token.Expiration().After(time.Now())) + assert.Equal(t, []string{"abc123"}, token.Audience()) +} + +func TestSignAuthTokenErrorsWithPublicIdentity(t *testing.T) { + privKey, err := crypto.GenerateSecp256k1() + require.NoError(t, err) + + identity := acpIdentity.FromPublicKey(privKey.PubKey()) + token, err := buildAuthToken(identity.Value(), "abc123") + require.NoError(t, err) + + _, err = signAuthToken(identity.Value(), token) + assert.ErrorIs(t, err, ErrMissingIdentityPrivateKey) +} + +func TestVerifyAuthToken(t *testing.T) { + privKey, err := crypto.GenerateSecp256k1() + require.NoError(t, err) + + identity := acpIdentity.FromPrivateKey(privKey) + token, err := buildAndSignAuthToken(identity.Value(), "abc123") + require.NoError(t, err) + + actual, err := verifyAuthToken(token, "abc123") + require.NoError(t, err) + + expected := acpIdentity.FromPublicKey(privKey.PubKey()) + assert.Equal(t, expected.Value().Address, actual.Value().Address) +} + +func TestVerifyAuthTokenErrorsWithNonMatchingAudience(t *testing.T) { + privKey, err := crypto.GenerateSecp256k1() + require.NoError(t, err) + + identity := acpIdentity.FromPrivateKey(privKey) + token, err := buildAndSignAuthToken(identity.Value(), "valid") + require.NoError(t, err) + + _, err = verifyAuthToken(token, "invalid") + assert.Error(t, err) +} + +func TestVerifyAuthTokenErrorsWithWrongPublicKey(t *testing.T) { + privKey, err := crypto.GenerateSecp256k1() + require.NoError(t, err) + + otherKey, err := crypto.GenerateSecp256k1() + require.NoError(t, err) + + identity := acpIdentity.FromPrivateKey(privKey) + token, err := buildAuthToken(identity.Value(), "123abc") + require.NoError(t, err) + + // override subject + subject := hex.EncodeToString(otherKey.PubKey().SerializeCompressed()) + err = token.Set(jwt.SubjectKey, subject) + require.NoError(t, err) + + data, err := signAuthToken(identity.Value(), token) + require.NoError(t, err) + + _, err = verifyAuthToken(data, "123abc") + assert.Error(t, err) +} + +func TestVerifyAuthTokenErrorsWithExpired(t *testing.T) { + privKey, err := crypto.GenerateSecp256k1() + require.NoError(t, err) + + identity := acpIdentity.FromPrivateKey(privKey) + token, err := buildAuthToken(identity.Value(), "123abc") + require.NoError(t, err) + + // override expiration + err = token.Set(jwt.ExpirationKey, time.Now().Add(-15*time.Minute)) + require.NoError(t, err) + + data, err := signAuthToken(identity.Value(), token) + require.NoError(t, err) + + _, err = verifyAuthToken(data, "123abc") + assert.Error(t, err) +} + +func TestVerifyAuthTokenErrorsWithNotBefore(t *testing.T) { + privKey, err := crypto.GenerateSecp256k1() + require.NoError(t, err) + + identity := acpIdentity.FromPrivateKey(privKey) + token, err := buildAuthToken(identity.Value(), "123abc") + require.NoError(t, err) + + // override not before + err = token.Set(jwt.NotBeforeKey, time.Now().Add(15*time.Minute)) + require.NoError(t, err) + + data, err := signAuthToken(identity.Value(), token) + require.NoError(t, err) + + _, err = verifyAuthToken(data, "123abc") + assert.Error(t, err) +} diff --git a/http/client.go b/http/client.go index 7616653f71..49982bad2a 100644 --- a/http/client.go +++ b/http/client.go @@ -354,7 +354,11 @@ func (c *Client) ExecRequest( result.GQL.Errors = []error{err} return result } - c.http.setDefaultHeaders(req) + err = c.http.setDefaultHeaders(req) + if err != nil { + result.GQL.Errors = []error{err} + return result + } res, err := c.http.client.Do(req) if err != nil { diff --git a/http/client_collection.go b/http/client_collection.go index 68b76c6a9e..59b2cf79b6 100644 --- a/http/client_collection.go +++ b/http/client_collection.go @@ -311,7 +311,10 @@ func (c *Collection) GetAllDocIDs( return nil, err } - c.http.setDefaultHeaders(req) + err = c.http.setDefaultHeaders(req) + if err != nil { + return nil, err + } res, err := c.http.client.Do(req) if err != nil { diff --git a/http/errors.go b/http/errors.go index ef25d06421..d4a72df516 100644 --- a/http/errors.go +++ b/http/errors.go @@ -27,15 +27,17 @@ const ( // This list is incomplete. Undefined errors may also be returned. // Errors returned from this package may be tested against these errors with errors.Is. var ( - ErrNoListener = errors.New("cannot serve with no listener") - ErrNoEmail = errors.New("email address must be specified for tls with autocert") - ErrInvalidRequestBody = errors.New("invalid request body") - ErrStreamingNotSupported = errors.New("streaming not supported") - ErrMigrationNotFound = errors.New("migration not found") - ErrMissingRequest = errors.New("missing request") - ErrInvalidTransactionId = errors.New("invalid transaction id") - ErrP2PDisabled = errors.New("p2p network is disabled") - ErrMethodIsNotImplemented = errors.New(errMethodIsNotImplemented) + ErrNoListener = errors.New("cannot serve with no listener") + ErrNoEmail = errors.New("email address must be specified for tls with autocert") + ErrInvalidRequestBody = errors.New("invalid request body") + ErrStreamingNotSupported = errors.New("streaming not supported") + ErrMigrationNotFound = errors.New("migration not found") + ErrMissingRequest = errors.New("missing request") + ErrInvalidTransactionId = errors.New("invalid transaction id") + ErrP2PDisabled = errors.New("p2p network is disabled") + ErrMethodIsNotImplemented = errors.New(errMethodIsNotImplemented) + ErrMissingIdentityPrivateKey = errors.New("identity has no private key") + ErrMissingIdentityPublicKey = errors.New("identity has no public key") ) type errorResponse struct { diff --git a/http/handler.go b/http/handler.go index 80afcc5a3e..3ec33d9b2a 100644 --- a/http/handler.go +++ b/http/handler.go @@ -75,13 +75,12 @@ func NewHandler(db client.DB) (*Handler, error) { return nil, err } txs := &sync.Map{} - mux := chi.NewMux() mux.Route("/api/"+Version, func(r chi.Router) { r.Use( ApiMiddleware(db, txs), TransactionMiddleware, - IdentityMiddleware, + AuthMiddleware, ) r.Handle("/*", router) }) @@ -89,7 +88,6 @@ func NewHandler(db client.DB) (*Handler, error) { responseJSON(rw, http.StatusOK, router.OpenAPI()) }) mux.Handle("/*", playgroundHandler) - return &Handler{ db: db, mux: mux, diff --git a/http/http_client.go b/http/http_client.go index 972e96e94d..b3dfcb9e3f 100644 --- a/http/http_client.go +++ b/http/http_client.go @@ -12,6 +12,7 @@ package http import ( "encoding/json" + "errors" "fmt" "io" "net/http" @@ -34,14 +35,13 @@ func newHttpClient(rawURL string) (*httpClient, error) { if err != nil { return nil, err } - client := httpClient{ + return &httpClient{ client: http.DefaultClient, baseURL: baseURL.JoinPath("/api/v0"), - } - return &client, nil + }, nil } -func (c *httpClient) setDefaultHeaders(req *http.Request) { +func (c *httpClient) setDefaultHeaders(req *http.Request) error { req.Header.Set("Accept", "application/json") req.Header.Set("Content-Type", "application/json") @@ -50,14 +50,25 @@ func (c *httpClient) setDefaultHeaders(req *http.Request) { req.Header.Set(txHeaderName, fmt.Sprintf("%d", txn.ID())) } id := db.GetContextIdentity(req.Context()) - if id.HasValue() { - req.Header.Add(authHeaderName, authSchemaPrefix+id.Value().String()) + if !id.HasValue() { + return nil + } + token, err := buildAndSignAuthToken(id.Value(), strings.ToLower(c.baseURL.Host)) + if errors.Is(err, ErrMissingIdentityPrivateKey) { + return nil + } + if err != nil { + return err } + req.Header.Set(authHeaderName, fmt.Sprintf("%s%s", authSchemaPrefix, token)) + return nil } func (c *httpClient) request(req *http.Request) ([]byte, error) { - c.setDefaultHeaders(req) - + err := c.setDefaultHeaders(req) + if err != nil { + return nil, err + } res, err := c.client.Do(req) if err != nil { return nil, err diff --git a/http/middleware.go b/http/middleware.go index d37a7d3962..d02c3d6470 100644 --- a/http/middleware.go +++ b/http/middleware.go @@ -21,7 +21,6 @@ import ( "github.com/go-chi/cors" "golang.org/x/exp/slices" - acpIdentity "github.com/sourcenetwork/defradb/acp/identity" "github.com/sourcenetwork/defradb/client" "github.com/sourcenetwork/defradb/datastore" "github.com/sourcenetwork/defradb/internal/db" @@ -31,12 +30,6 @@ const ( // txHeaderName is the name of the transaction header. // This header should contain a valid transaction id. txHeaderName = "x-defradb-tx" - // authHeaderName is the name of the authorization header. - // This header should contain an ACP identity. - authHeaderName = "Authorization" - // Using Basic right now, but this will soon change to 'Bearer' as acp authentication - // gets implemented: https://github.com/sourcenetwork/defradb/issues/2017 - authSchemaPrefix = "Basic " ) type contextKey string @@ -123,23 +116,3 @@ func CollectionMiddleware(next http.Handler) http.Handler { next.ServeHTTP(rw, req.WithContext(ctx)) }) } - -func IdentityMiddleware(next http.Handler) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { - authHeader := req.Header.Get(authHeaderName) - if authHeader == "" { - next.ServeHTTP(rw, req) - return - } - - identity := strings.TrimPrefix(authHeader, authSchemaPrefix) - // If expected schema prefix was not found, or empty, then assume no identity. - if identity == authHeader || identity == "" { - next.ServeHTTP(rw, req) - return - } - - ctx := db.SetContextIdentity(req.Context(), acpIdentity.New(identity)) - next.ServeHTTP(rw, req.WithContext(ctx)) - }) -} diff --git a/http/openapi.go b/http/openapi.go index 698a88796e..f6816376ae 100644 --- a/http/openapi.go +++ b/http/openapi.go @@ -87,6 +87,13 @@ func NewOpenAPISpec() (*openapi3.T, error) { Value: txnHeaderParam, } + // add authentication schemes + securitySchemes := openapi3.SecuritySchemes{ + "bearerToken": &openapi3.SecuritySchemeRef{ + Value: openapi3.NewJWTSecurityScheme(), + }, + } + return &openapi3.T{ OpenAPI: "3.0.3", Info: &openapi3.Info{ @@ -105,9 +112,10 @@ func NewOpenAPISpec() (*openapi3.T, error) { URL: "https://docs.source.network", }, Components: &openapi3.Components{ - Schemas: schemas, - Responses: responses, - Parameters: parameters, + Schemas: schemas, + Responses: responses, + Parameters: parameters, + SecuritySchemes: securitySchemes, }, Tags: openapi3.Tags{ &openapi3.Tag{ diff --git a/http/utils.go b/http/utils.go index a67afef476..81aeac1b05 100644 --- a/http/utils.go +++ b/http/utils.go @@ -28,10 +28,16 @@ func requestJSON(req *http.Request, out any) error { return json.Unmarshal(data, out) } -func responseJSON(rw http.ResponseWriter, status int, out any) { +// responseJSON writes a json response with the given status and data +// to the response writer. Any errors encountered will be logged. +func responseJSON(rw http.ResponseWriter, status int, data any) { rw.Header().Add("Content-Type", "application/json") rw.WriteHeader(status) - json.NewEncoder(rw).Encode(out) //nolint:errcheck + + err := json.NewEncoder(rw).Encode(data) + if err != nil { + log.ErrorE("failed to write response", err) + } } func parseError(msg any) error { diff --git a/internal/db/db.go b/internal/db/db.go index af40627e2b..4379928c82 100644 --- a/internal/db/db.go +++ b/internal/db/db.go @@ -168,12 +168,12 @@ func (db *db) AddPolicy( return client.AddPolicyResult{}, client.ErrPolicyAddFailureNoACP } identity := GetContextIdentity(ctx) + policyID, err := db.acp.Value().AddPolicy( ctx, - identity.Value().String(), + identity.Value().Address, policy, ) - if err != nil { return client.AddPolicyResult{}, err } diff --git a/internal/db/fetcher/mocks/fetcher.go b/internal/db/fetcher/mocks/fetcher.go index 99fee65c47..b60385d110 100644 --- a/internal/db/fetcher/mocks/fetcher.go +++ b/internal/db/fetcher/mocks/fetcher.go @@ -3,8 +3,8 @@ package mocks import ( - client "github.com/sourcenetwork/defradb/client" acp "github.com/sourcenetwork/defradb/acp" + client "github.com/sourcenetwork/defradb/client" context "context" diff --git a/internal/db/permission/check.go b/internal/db/permission/check.go index 36dce10489..4d5e9f5ed0 100644 --- a/internal/db/permission/check.go +++ b/internal/db/permission/check.go @@ -78,7 +78,7 @@ func CheckAccessOfDocOnCollectionWithACP( hasAccess, err := acpSystem.CheckDocAccess( ctx, permission, - identity.Value().String(), + identity.Value().Address, policyID, resourceName, docID, diff --git a/internal/db/permission/register.go b/internal/db/permission/register.go index a46e5eef34..bbe9a2e713 100644 --- a/internal/db/permission/register.go +++ b/internal/db/permission/register.go @@ -40,7 +40,7 @@ func RegisterDocOnCollectionWithACP( if policyID, resourceName, hasPolicy := isPermissioned(collection); hasPolicy && identity.HasValue() { return acpSystem.RegisterDocObject( ctx, - identity.Value().String(), + identity.Value().Address, policyID, resourceName, docID, diff --git a/net/peer_test.go b/net/peer_test.go index fdd1feb583..e708ff0708 100644 --- a/net/peer_test.go +++ b/net/peer_test.go @@ -12,10 +12,12 @@ package net import ( "context" + "encoding/hex" "fmt" "testing" "time" + "github.com/decred/dcrd/dcrec/secp256k1/v4" "github.com/ipfs/go-cid" ds "github.com/ipfs/go-datastore" libp2p "github.com/libp2p/go-libp2p" @@ -371,11 +373,17 @@ func TestSetReplicatorWithACollectionSpecifiedThatHasPolicy_ReturnError(t *testi types: - actor ` - ctx = db.SetContextIdentity(ctx, acpIdentity.New("cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969")) + + privKeyBytes, err := hex.DecodeString("028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f") + require.NoError(t, err) + privKey := secp256k1.PrivKeyFromBytes(privKeyBytes) + identity := acpIdentity.FromPrivateKey(privKey) + + ctx = db.SetContextIdentity(ctx, identity) policyResult, err := d.AddPolicy(ctx, policy) policyID := policyResult.PolicyID require.NoError(t, err) - require.Equal(t, "fc3a0a39c73949c70a79e02b8d928028e9cbcc772ba801463a6acdcf2f256cd4", policyID) + require.Equal(t, "7bef56a54eae563eafdc48c57cf37075351498ebb5a200f59cf9b8c6f8149606", policyID) schema := fmt.Sprintf(` type User @policy(id: "%s", resource: "user") { @@ -422,11 +430,17 @@ func TestSetReplicatorWithSomeCollectionThatHasPolicyUsingAllCollectionsByDefaul types: - actor ` - ctx = db.SetContextIdentity(ctx, acpIdentity.New("cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969")) + + privKeyBytes, err := hex.DecodeString("028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f") + require.NoError(t, err) + privKey := secp256k1.PrivKeyFromBytes(privKeyBytes) + identity := acpIdentity.FromPrivateKey(privKey) + + ctx = db.SetContextIdentity(ctx, identity) policyResult, err := d.AddPolicy(ctx, policy) policyID := policyResult.PolicyID require.NoError(t, err) - require.Equal(t, "fc3a0a39c73949c70a79e02b8d928028e9cbcc772ba801463a6acdcf2f256cd4", policyID) + require.Equal(t, "7bef56a54eae563eafdc48c57cf37075351498ebb5a200f59cf9b8c6f8149606", policyID) schema := fmt.Sprintf(` type User @policy(id: "%s", resource: "user") { @@ -781,11 +795,17 @@ func TestAddP2PCollectionsWithPermissionedCollection_Error(t *testing.T) { types: - actor ` - ctx = db.SetContextIdentity(ctx, acpIdentity.New("cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969")) + + privKeyBytes, err := hex.DecodeString("028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f") + require.NoError(t, err) + privKey := secp256k1.PrivKeyFromBytes(privKeyBytes) + identity := acpIdentity.FromPrivateKey(privKey) + + ctx = db.SetContextIdentity(ctx, identity) policyResult, err := d.AddPolicy(ctx, policy) policyID := policyResult.PolicyID require.NoError(t, err) - require.Equal(t, "fc3a0a39c73949c70a79e02b8d928028e9cbcc772ba801463a6acdcf2f256cd4", policyID) + require.Equal(t, "7bef56a54eae563eafdc48c57cf37075351498ebb5a200f59cf9b8c6f8149606", policyID) schema := fmt.Sprintf(` type User @policy(id: "%s", resource: "user") { diff --git a/tests/clients/cli/wrapper_cli.go b/tests/clients/cli/wrapper_cli.go index 44ed7f22bc..ab3dd9ace4 100644 --- a/tests/clients/cli/wrapper_cli.go +++ b/tests/clients/cli/wrapper_cli.go @@ -12,6 +12,7 @@ package cli import ( "context" + "encoding/hex" "fmt" "io" "strings" @@ -58,8 +59,8 @@ func (w *cliWrapper) executeStream(ctx context.Context, args []string) (io.ReadC args = append(args, "--tx", fmt.Sprintf("%d", tx.ID())) } id := db.GetContextIdentity(ctx) - if id.HasValue() { - args = append(args, "--identity", id.Value().String()) + if id.HasValue() && id.Value().PrivateKey != nil { + args = append(args, "--identity", hex.EncodeToString(id.Value().PrivateKey.Serialize())) } args = append(args, "--url", w.address) diff --git a/tests/integration/acp.go b/tests/integration/acp.go index b02d83eed7..ccfba9ed0d 100644 --- a/tests/integration/acp.go +++ b/tests/integration/acp.go @@ -29,7 +29,7 @@ type AddPolicy struct { Policy string // The policy creator identity, i.e. actor creating the policy. - Identity string + Identity immutable.Option[acpIdentity.Identity] // The expected policyID generated based on the Policy loaded in to the ACP system. ExpectedPolicyID string @@ -52,7 +52,7 @@ func addPolicyACP( } for _, node := range getNodes(action.NodeID, s.nodes) { - ctx := db.SetContextIdentity(s.ctx, acpIdentity.New(action.Identity)) + ctx := db.SetContextIdentity(s.ctx, action.Identity) policyResult, err := node.AddPolicy(ctx, action.Policy) if err == nil { diff --git a/tests/integration/acp/add_policy/basic_test.go b/tests/integration/acp/add_policy/basic_test.go index fdf53f02cc..9adc54996b 100644 --- a/tests/integration/acp/add_policy/basic_test.go +++ b/tests/integration/acp/add_policy/basic_test.go @@ -46,7 +46,7 @@ func TestACP_AddPolicy_BasicYAML_ValidPolicyID(t *testing.T) { `, - ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + ExpectedPolicyID: "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3", }, }, } @@ -91,7 +91,7 @@ func TestACP_AddPolicy_BasicJSON_ValidPolicyID(t *testing.T) { } `, - ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + ExpectedPolicyID: "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3", }, }, } diff --git a/tests/integration/acp/add_policy/with_empty_args_test.go b/tests/integration/acp/add_policy/with_empty_args_test.go index dc530d95b0..6b07ef0f67 100644 --- a/tests/integration/acp/add_policy/with_empty_args_test.go +++ b/tests/integration/acp/add_policy/with_empty_args_test.go @@ -13,6 +13,9 @@ package test_acp_add_policy import ( "testing" + "github.com/sourcenetwork/immutable" + + acpIdentity "github.com/sourcenetwork/defradb/acp/identity" testUtils "github.com/sourcenetwork/defradb/tests/integration" ) @@ -42,7 +45,7 @@ func TestACP_AddPolicy_EmptyPolicyCreator_Error(t *testing.T) { Actions: []any{ testUtils.AddPolicy{ - Identity: "", + Identity: immutable.None[acpIdentity.Identity](), Policy: ` description: a basic policy that satisfies minimum DPI requirements @@ -80,7 +83,7 @@ func TestACP_AddPolicy_EmptyCreatorAndPolicyArgs_Error(t *testing.T) { Actions: []any{ testUtils.AddPolicy{ - Identity: "", + Identity: immutable.None[acpIdentity.Identity](), Policy: "", diff --git a/tests/integration/acp/add_policy/with_extra_perms_and_relations_test.go b/tests/integration/acp/add_policy/with_extra_perms_and_relations_test.go index cd84e3d910..3cdfbddab0 100644 --- a/tests/integration/acp/add_policy/with_extra_perms_and_relations_test.go +++ b/tests/integration/acp/add_policy/with_extra_perms_and_relations_test.go @@ -53,7 +53,7 @@ func TestACP_AddPolicy_ExtraPermissionsAndExtraRelations_ValidPolicyID(t *testin - actor `, - ExpectedPolicyID: "ecfeeebd1b65e6a21b2f1b57006176bcbc6a37ef238f27c7034953f46fe04674", + ExpectedPolicyID: "f29c97dca930c9e93f7ef9e2139c63939c573af96c95af5cb9392861a0111b13", }, }, } diff --git a/tests/integration/acp/add_policy/with_extra_perms_test.go b/tests/integration/acp/add_policy/with_extra_perms_test.go index 8c13555c8d..9b39a3743b 100644 --- a/tests/integration/acp/add_policy/with_extra_perms_test.go +++ b/tests/integration/acp/add_policy/with_extra_perms_test.go @@ -47,7 +47,7 @@ func TestACP_AddPolicy_ExtraPermissions_ValidPolicyID(t *testing.T) { name: actor `, - ExpectedPolicyID: "9d518bb2d5aceb2c8f9b12b909eecd50276c1bd0250069875f265166e6030bb5", + ExpectedPolicyID: "af6795fa4fce1c2b4f9c1252c1cdd758708a45e4fc3097406c008d78c820ee80", }, }, } diff --git a/tests/integration/acp/add_policy/with_extra_relations_test.go b/tests/integration/acp/add_policy/with_extra_relations_test.go index d3e4308c24..acfb848247 100644 --- a/tests/integration/acp/add_policy/with_extra_relations_test.go +++ b/tests/integration/acp/add_policy/with_extra_relations_test.go @@ -51,7 +51,7 @@ func TestACP_AddPolicy_ExtraRelations_ValidPolicyID(t *testing.T) { - actor `, - ExpectedPolicyID: "450c47aa47b7b07820f99e5cb38170dc108a2f12b137946e6b47d0c0a73b607f", + ExpectedPolicyID: "922636974ecbc3c335143e45917832f219dfe4a168a523e7314616b94e7f9ebc", }, }, } diff --git a/tests/integration/acp/add_policy/with_invalid_creator_arg_test.go b/tests/integration/acp/add_policy/with_invalid_creator_arg_test.go index 2e56670add..68cad2b361 100644 --- a/tests/integration/acp/add_policy/with_invalid_creator_arg_test.go +++ b/tests/integration/acp/add_policy/with_invalid_creator_arg_test.go @@ -13,17 +13,25 @@ package test_acp_add_policy import ( "testing" + acpIdentity "github.com/sourcenetwork/defradb/acp/identity" testUtils "github.com/sourcenetwork/defradb/tests/integration" + + "github.com/sourcenetwork/immutable" ) func TestACP_AddPolicy_InvalidCreatorIdentityWithValidPolicy_Error(t *testing.T) { test := testUtils.TestCase{ + // Using an invalid creator is not possible with other client + // types since the token authentication will fail + SupportedClientTypes: immutable.Some([]testUtils.ClientType{ + testUtils.GoClientType, + }), Description: "Test acp, adding policy, with invalid creator, with valid policy, return error", Actions: []any{ testUtils.AddPolicy{ - Identity: "invalid", + Identity: immutable.Some(acpIdentity.Identity{Address: "invalid"}), Policy: ` description: a basic policy that satisfies minimum DPI requirements @@ -57,12 +65,17 @@ func TestACP_AddPolicy_InvalidCreatorIdentityWithValidPolicy_Error(t *testing.T) func TestACP_AddPolicy_InvalidCreatorIdentityWithEmptyPolicy_Error(t *testing.T) { test := testUtils.TestCase{ + // Using an invalid creator is not possible with other client + // types since the token authentication will fail + SupportedClientTypes: immutable.Some([]testUtils.ClientType{ + testUtils.GoClientType, + }), Description: "Test acp, adding policy, with invalid creator, with empty policy, return error", Actions: []any{ testUtils.AddPolicy{ - Identity: "invalid", + Identity: immutable.Some(acpIdentity.Identity{Address: "invalid"}), Policy: "", diff --git a/tests/integration/acp/add_policy/with_managed_relation_test.go b/tests/integration/acp/add_policy/with_managed_relation_test.go index d80c5b1c05..c3bff2c8fd 100644 --- a/tests/integration/acp/add_policy/with_managed_relation_test.go +++ b/tests/integration/acp/add_policy/with_managed_relation_test.go @@ -52,7 +52,7 @@ func TestACP_AddPolicy_WithRelationManagingOtherRelation_ValidPolicyID(t *testin - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, }, } diff --git a/tests/integration/acp/add_policy/with_multi_policies_test.go b/tests/integration/acp/add_policy/with_multi_policies_test.go index 6fbbfb2c39..008f7969e9 100644 --- a/tests/integration/acp/add_policy/with_multi_policies_test.go +++ b/tests/integration/acp/add_policy/with_multi_policies_test.go @@ -46,7 +46,7 @@ func TestACP_AddPolicy_AddMultipleDifferentPolicies_ValidPolicyIDs(t *testing.T) `, - ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + ExpectedPolicyID: "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3", }, testUtils.AddPolicy{ @@ -80,7 +80,7 @@ func TestACP_AddPolicy_AddMultipleDifferentPolicies_ValidPolicyIDs(t *testing.T) - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, }, } @@ -125,7 +125,7 @@ func TestACP_AddPolicy_AddMultipleDifferentPoliciesInDifferentFmts_ValidPolicyID } `, - ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + ExpectedPolicyID: "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3", }, testUtils.AddPolicy{ @@ -159,7 +159,7 @@ func TestACP_AddPolicy_AddMultipleDifferentPoliciesInDifferentFmts_ValidPolicyID - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, }, } @@ -198,7 +198,7 @@ func TestACP_AddPolicy_AddDuplicatePolicyByOtherCreator_ValidPolicyIDs(t *testin Policy: policyUsedByBoth, - ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + ExpectedPolicyID: "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3", }, testUtils.AddPolicy{ @@ -206,7 +206,7 @@ func TestACP_AddPolicy_AddDuplicatePolicyByOtherCreator_ValidPolicyIDs(t *testin Policy: policyUsedByBoth, - ExpectedPolicyID: "551c57323f33decfdc23312e5e1036e3ab85d2414e962814dab9101619dd9ff9", + ExpectedPolicyID: "5cff96a89799f7974906138fb794f670d35ac5df9985621da44f9f3529af1c0b", }, }, } @@ -244,7 +244,7 @@ func TestACP_AddPolicy_AddMultipleDuplicatePolicies_Error(t *testing.T) { `, - ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + ExpectedPolicyID: "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3", }, testUtils.AddPolicy{ @@ -271,7 +271,7 @@ func TestACP_AddPolicy_AddMultipleDuplicatePolicies_Error(t *testing.T) { `, - ExpectedError: "policy dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a: policy exists", + ExpectedError: "policy aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3: policy exists", }, }, } @@ -308,7 +308,7 @@ func TestACP_AddPolicy_AddMultipleDuplicatePoliciesDifferentFmts_Error(t *testin - actor `, - ExpectedPolicyID: "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a", + ExpectedPolicyID: "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3", }, testUtils.AddPolicy{ @@ -342,7 +342,7 @@ func TestACP_AddPolicy_AddMultipleDuplicatePoliciesDifferentFmts_Error(t *testin } `, - ExpectedError: "policy dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a: policy exists", + ExpectedError: "policy aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3: policy exists", }, }, } diff --git a/tests/integration/acp/add_policy/with_multiple_resources_test.go b/tests/integration/acp/add_policy/with_multiple_resources_test.go index 6d6c890452..c7ae18f7ed 100644 --- a/tests/integration/acp/add_policy/with_multiple_resources_test.go +++ b/tests/integration/acp/add_policy/with_multiple_resources_test.go @@ -62,7 +62,7 @@ func TestACP_AddPolicy_MultipleResources_ValidID(t *testing.T) { - actor `, - ExpectedPolicyID: "cf082c11fa812dddaa5093f0ccae66c2b5294efe0a2b50ffdcbc0185adf6adf1", + ExpectedPolicyID: "390239e42550ea5945b9185576b79694f7000a7ce3b301d60afe35572c958cd7", }, }, } diff --git a/tests/integration/acp/add_policy/with_no_perms_test.go b/tests/integration/acp/add_policy/with_no_perms_test.go index 156788ca45..b3b7faa307 100644 --- a/tests/integration/acp/add_policy/with_no_perms_test.go +++ b/tests/integration/acp/add_policy/with_no_perms_test.go @@ -50,7 +50,7 @@ func TestACP_AddPolicy_NoPermissionsOnlyOwner_ValidID(t *testing.T) { `, - ExpectedPolicyID: "b6edfd9d24a79067a2f5960e1369499ebaf4c5ec6747e2f444f33bf9c3915fcb", + ExpectedPolicyID: "39b436f0c28e7ce5ed7e1c592bb578590d62ccfacef0df565ac97520c880c017", }, }, } @@ -87,7 +87,7 @@ func TestACP_AddPolicy_NoPermissionsMultiRelations_ValidID(t *testing.T) { `, - ExpectedPolicyID: "7eb7448daa631cfe33da3a149f5eea716026f54bf23ce1315c594259382c5c57", + ExpectedPolicyID: "07da6260811df769d551e89e02364b3e939cb585696c1a69b626bb8ecdd378f9", }, }, } @@ -119,7 +119,7 @@ func TestACP_AddPolicy_NoPermissionsLabelOnlyOwner_ValidID(t *testing.T) { `, - ExpectedPolicyID: "b6edfd9d24a79067a2f5960e1369499ebaf4c5ec6747e2f444f33bf9c3915fcb", + ExpectedPolicyID: "39b436f0c28e7ce5ed7e1c592bb578590d62ccfacef0df565ac97520c880c017", }, }, } @@ -154,7 +154,7 @@ func TestACP_AddPolicy_NoPermissionsLabelMultiRelations_ValidID(t *testing.T) { `, - ExpectedPolicyID: "7eb7448daa631cfe33da3a149f5eea716026f54bf23ce1315c594259382c5c57", + ExpectedPolicyID: "07da6260811df769d551e89e02364b3e939cb585696c1a69b626bb8ecdd378f9", }, }, } diff --git a/tests/integration/acp/add_policy/with_no_resources_test.go b/tests/integration/acp/add_policy/with_no_resources_test.go index 6b4097584a..8bd6e5268d 100644 --- a/tests/integration/acp/add_policy/with_no_resources_test.go +++ b/tests/integration/acp/add_policy/with_no_resources_test.go @@ -36,7 +36,7 @@ func TestACP_AddPolicy_NoResource_ValidID(t *testing.T) { resources: `, - ExpectedPolicyID: "b72d8ec56ffb141922781d2b1b0803404bef57be0eeec98f1662f3017fc2de35", + ExpectedPolicyID: "e16824022121b55f2b2babbd2ab82960a8837767197e20acf9c577cbb4539991", }, }, } @@ -62,7 +62,7 @@ func TestACP_AddPolicy_NoResourceLabel_ValidID(t *testing.T) { name: actor `, - ExpectedPolicyID: "b72d8ec56ffb141922781d2b1b0803404bef57be0eeec98f1662f3017fc2de35", + ExpectedPolicyID: "e16824022121b55f2b2babbd2ab82960a8837767197e20acf9c577cbb4539991", }, }, } @@ -83,7 +83,7 @@ func TestACP_AddPolicy_PolicyWithOnlySpace_ValidID(t *testing.T) { Policy: " ", - ExpectedPolicyID: "b72d8ec56ffb141922781d2b1b0803404bef57be0eeec98f1662f3017fc2de35", + ExpectedPolicyID: "e16824022121b55f2b2babbd2ab82960a8837767197e20acf9c577cbb4539991", }, }, } diff --git a/tests/integration/acp/add_policy/with_perm_expr_test.go b/tests/integration/acp/add_policy/with_perm_expr_test.go index 177de98ebe..fd31e30840 100644 --- a/tests/integration/acp/add_policy/with_perm_expr_test.go +++ b/tests/integration/acp/add_policy/with_perm_expr_test.go @@ -48,7 +48,7 @@ func TestACP_AddPolicy_PermissionExprWithOwnerInTheEndWithMinus_ValidID(t *testi - actor `, - ExpectedPolicyID: "d74384d99b6732c3a6e0e47c7b75ea19553f643bcca416380530d8ad4e50e529", + ExpectedPolicyID: "fcb989d8bad149e3c4b22f8a69969760187b29ea1c796a3f9d2e16e32f493590", }, }, } @@ -89,7 +89,7 @@ func TestACP_AddPolicy_PermissionExprWithOwnerInTheEndWithMinusNoSpace_ValidID(t - actor `, - ExpectedPolicyID: "f6d5d6d8b0183230fcbdf06cfe14b611f782752d276006ad4622231eeaf60820", + ExpectedPolicyID: "50d8fbaf70a08c2c0e2bf0355a353a8bb06cc4d6e2f3ddbf71d91f9ef5aa49af", }, }, } diff --git a/tests/integration/acp/add_policy/with_permissionless_owner_test.go b/tests/integration/acp/add_policy/with_permissionless_owner_test.go index 0fda8a7468..c6ada1c121 100644 --- a/tests/integration/acp/add_policy/with_permissionless_owner_test.go +++ b/tests/integration/acp/add_policy/with_permissionless_owner_test.go @@ -55,7 +55,7 @@ func TestACP_AddPolicy_PermissionlessOwnerWrite_ValidID(t *testing.T) { - actor `, - ExpectedPolicyID: "af1ee9ffe8558da8455dc1cfc5897028c16c038a053b4cf740dfcef8032d944a", + ExpectedPolicyID: "f7e7b84108ba67bcdeb211ff740eee13b2b6770106dcf0d0436a3a33d8a2f9f0", }, }, } @@ -95,7 +95,7 @@ func TestACP_AddPolicy_PermissionlessOwnerRead_ValidID(t *testing.T) { - actor `, - ExpectedPolicyID: "3ceb4a4be889998496355604b68836bc280dc26dab829af3ec45b63d7767a7f1", + ExpectedPolicyID: "22c3eee3b3d216c01244a47a6aa241a08b767b3ef0a9edfbd30b3575a6bd94f4", }, }, } @@ -135,7 +135,7 @@ func TestACP_AddPolicy_PermissionlessOwnerReadWrite_ValidID(t *testing.T) { - actor `, - ExpectedPolicyID: "af1ee9ffe8558da8455dc1cfc5897028c16c038a053b4cf740dfcef8032d944a", + ExpectedPolicyID: "f7e7b84108ba67bcdeb211ff740eee13b2b6770106dcf0d0436a3a33d8a2f9f0", }, }, } diff --git a/tests/integration/acp/add_policy/with_unused_relations_test.go b/tests/integration/acp/add_policy/with_unused_relations_test.go index fbcec10755..27149ede0c 100644 --- a/tests/integration/acp/add_policy/with_unused_relations_test.go +++ b/tests/integration/acp/add_policy/with_unused_relations_test.go @@ -49,7 +49,7 @@ func TestACP_AddPolicy_UnusedRelation_ValidID(t *testing.T) { `, - ExpectedPolicyID: "e1bb7702f653d4f9a0595d2d97c209fc0da8f315be007bd19545599eed41ae42", + ExpectedPolicyID: "a6d42bfedff5db1feca0313793e4f9540851e3feaefffaebc98a1ee5bb140e45", }, }, } diff --git a/tests/integration/acp/fixture.go b/tests/integration/acp/fixture.go index ae05f780a4..c2a0c8f74b 100644 --- a/tests/integration/acp/fixture.go +++ b/tests/integration/acp/fixture.go @@ -10,7 +10,26 @@ package test_acp +import ( + "encoding/hex" + + "github.com/decred/dcrd/dcrec/secp256k1/v4" + "github.com/sourcenetwork/immutable" + + acpIdentity "github.com/sourcenetwork/defradb/acp/identity" +) + var ( - Actor1Identity = "cosmos1zzg43wdrhmmk89z3pmejwete2kkd4a3vn7w969" - Actor2Identity = "cosmos1x25hhksxhu86r45hqwk28dd70qzux3262hdrll" + Actor1Identity = MustParseIdentity("028d53f37a19afb9a0dbc5b4be30c65731479ee8cfa0c9bc8f8bf198cc3c075f") + Actor2Identity = MustParseIdentity("4d092126012ebaf56161716018a71630d99443d9d5217e9d8502bb5c5456f2c5") ) + +// MustParseIdentity returns an identity that uses the given private key or panics. +func MustParseIdentity(privateKeyHex string) immutable.Option[acpIdentity.Identity] { + privateKeyBytes, err := hex.DecodeString(privateKeyHex) + if err != nil { + panic(err) + } + privateKey := secp256k1.PrivKeyFromBytes(privateKeyBytes) + return acpIdentity.FromPrivateKey(privateKey) +} diff --git a/tests/integration/acp/index/create_test.go b/tests/integration/acp/index/create_test.go index 9c440e25e2..8d6fc4de3f 100644 --- a/tests/integration/acp/index/create_test.go +++ b/tests/integration/acp/index/create_test.go @@ -25,13 +25,13 @@ func TestACP_IndexCreateWithSeparateRequest_OnCollectionWithPolicy_NoError(t *te testUtils.AddPolicy{ Identity: acpUtils.Actor1Identity, Policy: userPolicy, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -71,13 +71,13 @@ func TestACP_IndexCreateWithDirective_OnCollectionWithPolicy_NoError(t *testing. testUtils.AddPolicy{ Identity: acpUtils.Actor1Identity, Policy: userPolicy, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @index diff --git a/tests/integration/acp/index/fixture.go b/tests/integration/acp/index/fixture.go index 49c76e8b22..0f0af7ba1c 100644 --- a/tests/integration/acp/index/fixture.go +++ b/tests/integration/acp/index/fixture.go @@ -10,7 +10,7 @@ package test_acp_index -// policy id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001" +// policy id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd" const userPolicy = ` description: a test policy which marks a collection in a database as a resource @@ -39,7 +39,7 @@ resources: - actor ` -// policy id: "68a4e64d5034b8a0565a90cd36483de0d61e0ea2450cf57c1fa8d27cbbf17c2c" +// policy id: "e3c35f345c844e8c0144d793933ea7287af1930d36e9d7d98e8d930fb9815a4a" const bookAuthorPolicy = ` description: a test policy which marks a collection in a database as a resource diff --git a/tests/integration/acp/index/query_test.go b/tests/integration/acp/index/query_test.go index a7c09cd9e9..6ce7fdc1a2 100644 --- a/tests/integration/acp/index/query_test.go +++ b/tests/integration/acp/index/query_test.go @@ -24,12 +24,12 @@ func TestACPWithIndex_UponQueryingPrivateDocWithoutIdentity_ShouldNotFetch(t *te testUtils.AddPolicy{ Identity: acpUtils.Actor1Identity, Policy: userPolicy, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @index @@ -78,12 +78,12 @@ func TestACPWithIndex_UponQueryingPrivateDocWithIdentity_ShouldFetch(t *testing. testUtils.AddPolicy{ Identity: acpUtils.Actor1Identity, Policy: userPolicy, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @index @@ -136,12 +136,12 @@ func TestACPWithIndex_UponQueryingPrivateDocWithWrongIdentity_ShouldNotFetch(t * testUtils.AddPolicy{ Identity: acpUtils.Actor1Identity, Policy: userPolicy, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @index diff --git a/tests/integration/acp/index/query_with_relation_test.go b/tests/integration/acp/index/query_with_relation_test.go index 614aaa6e84..8a0d8c7d74 100644 --- a/tests/integration/acp/index/query_with_relation_test.go +++ b/tests/integration/acp/index/query_with_relation_test.go @@ -22,12 +22,12 @@ func createAuthorBooksSchemaWithPolicyAndCreateDocs() []any { testUtils.AddPolicy{ Identity: acpUtils.Actor1Identity, Policy: bookAuthorPolicy, - ExpectedPolicyID: "68a4e64d5034b8a0565a90cd36483de0d61e0ea2450cf57c1fa8d27cbbf17c2c", + ExpectedPolicyID: "e3c35f345c844e8c0144d793933ea7287af1930d36e9d7d98e8d930fb9815a4a", }, testUtils.SchemaUpdate{ Schema: ` type Author @policy( - id: "68a4e64d5034b8a0565a90cd36483de0d61e0ea2450cf57c1fa8d27cbbf17c2c", + id: "e3c35f345c844e8c0144d793933ea7287af1930d36e9d7d98e8d930fb9815a4a", resource: "author" ) { name: String @@ -37,7 +37,7 @@ func createAuthorBooksSchemaWithPolicyAndCreateDocs() []any { } type Book @policy( - id: "68a4e64d5034b8a0565a90cd36483de0d61e0ea2450cf57c1fa8d27cbbf17c2c", + id: "e3c35f345c844e8c0144d793933ea7287af1930d36e9d7d98e8d930fb9815a4a", resource: "author" ) { name: String diff --git a/tests/integration/acp/p2p/replicator_test.go b/tests/integration/acp/p2p/replicator_test.go index 9c3b0eca3f..ace55f6a06 100644 --- a/tests/integration/acp/p2p/replicator_test.go +++ b/tests/integration/acp/p2p/replicator_test.go @@ -62,13 +62,13 @@ func TestACP_P2POneToOneReplicatorWithPermissionedCollection_Error(t *testing.T) - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String diff --git a/tests/integration/acp/p2p/subscribe_test.go b/tests/integration/acp/p2p/subscribe_test.go index 610339d24f..c41039e380 100644 --- a/tests/integration/acp/p2p/subscribe_test.go +++ b/tests/integration/acp/p2p/subscribe_test.go @@ -62,13 +62,13 @@ func TestACP_P2PSubscribeAddGetSingleWithPermissionedCollection_Error(t *testing - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String diff --git a/tests/integration/acp/query/fixture.go b/tests/integration/acp/query/fixture.go index ed81ed0633..2b05b48232 100644 --- a/tests/integration/acp/query/fixture.go +++ b/tests/integration/acp/query/fixture.go @@ -58,13 +58,13 @@ func getSetupEmployeeCompanyActions() []any { testUtils.AddPolicy{ Identity: acpUtils.Actor1Identity, Policy: employeeCompanyPolicy, - ExpectedPolicyID: "67607eb2a2a873f4a69eb6876323cee7601d8a4d4fedcc18154aaee65cf38e7f", + ExpectedPolicyID: "6f11799717723307077147736fddccd8a7b5e68d2ec22e2155f0186e0c43a2e2", }, testUtils.SchemaUpdate{ Schema: ` type Employee @policy( - id: "67607eb2a2a873f4a69eb6876323cee7601d8a4d4fedcc18154aaee65cf38e7f", + id: "6f11799717723307077147736fddccd8a7b5e68d2ec22e2155f0186e0c43a2e2", resource: "employees" ) { name: String @@ -73,7 +73,7 @@ func getSetupEmployeeCompanyActions() []any { } type Company @policy( - id: "67607eb2a2a873f4a69eb6876323cee7601d8a4d4fedcc18154aaee65cf38e7f", + id: "6f11799717723307077147736fddccd8a7b5e68d2ec22e2155f0186e0c43a2e2", resource: "companies" ) { name: String diff --git a/tests/integration/acp/register_and_delete_test.go b/tests/integration/acp/register_and_delete_test.go index 5d0baf0762..ef4e80ec22 100644 --- a/tests/integration/acp/register_and_delete_test.go +++ b/tests/integration/acp/register_and_delete_test.go @@ -58,13 +58,13 @@ func TestACP_CreateWithoutIdentityAndDeleteWithoutIdentity_CanDelete(t *testing. - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -151,13 +151,13 @@ func TestACP_CreateWithoutIdentityAndDeleteWithIdentity_CanDelete(t *testing.T) - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -245,13 +245,13 @@ func TestACP_CreateWithIdentityAndDeleteWithIdentity_CanDelete(t *testing.T) { - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -343,13 +343,13 @@ func TestACP_CreateWithIdentityAndDeleteWithoutIdentity_CanNotDelete(t *testing. - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -449,13 +449,13 @@ func TestACP_CreateWithIdentityAndDeleteWithWrongIdentity_CanNotDelete(t *testin - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String diff --git a/tests/integration/acp/register_and_read_test.go b/tests/integration/acp/register_and_read_test.go index a2620b82d7..0ad80c4953 100644 --- a/tests/integration/acp/register_and_read_test.go +++ b/tests/integration/acp/register_and_read_test.go @@ -54,13 +54,13 @@ func TestACP_CreateWithoutIdentityAndReadWithoutIdentity_CanRead(t *testing.T) { - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -142,13 +142,13 @@ func TestACP_CreateWithoutIdentityAndReadWithIdentity_CanRead(t *testing.T) { - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -232,13 +232,13 @@ func TestACP_CreateWithIdentityAndReadWithIdentity_CanRead(t *testing.T) { - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -324,13 +324,13 @@ func TestACP_CreateWithIdentityAndReadWithoutIdentity_CanNotRead(t *testing.T) { - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -408,13 +408,13 @@ func TestACP_CreateWithIdentityAndReadWithWrongIdentity_CanNotRead(t *testing.T) - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String diff --git a/tests/integration/acp/register_and_update_test.go b/tests/integration/acp/register_and_update_test.go index 96810409db..4a51aa6aec 100644 --- a/tests/integration/acp/register_and_update_test.go +++ b/tests/integration/acp/register_and_update_test.go @@ -60,13 +60,13 @@ func TestACP_CreateWithoutIdentityAndUpdateWithoutIdentity_CanUpdate(t *testing. - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -165,13 +165,13 @@ func TestACP_CreateWithoutIdentityAndUpdateWithIdentity_CanUpdate(t *testing.T) - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -271,13 +271,13 @@ func TestACP_CreateWithIdentityAndUpdateWithIdentity_CanUpdate(t *testing.T) { - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -387,13 +387,13 @@ func TestACP_CreateWithIdentityAndUpdateWithoutIdentity_CanNotUpdate(t *testing. - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -505,13 +505,13 @@ func TestACP_CreateWithIdentityAndUpdateWithWrongIdentity_CanNotUpdate(t *testin - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -624,13 +624,13 @@ func TestACP_CreateWithIdentityAndUpdateWithoutIdentityGQL_CanNotUpdate(t *testi - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String @@ -741,13 +741,13 @@ func TestACP_CreateWithIdentityAndUpdateWithWrongIdentityGQL_CanNotUpdate(t *tes - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String diff --git a/tests/integration/acp/schema/add_dpi/accept_basic_dpi_fmts_test.go b/tests/integration/acp/schema/add_dpi/accept_basic_dpi_fmts_test.go index cfc668a25c..a7e9c835f2 100644 --- a/tests/integration/acp/schema/add_dpi/accept_basic_dpi_fmts_test.go +++ b/tests/integration/acp/schema/add_dpi/accept_basic_dpi_fmts_test.go @@ -19,7 +19,7 @@ import ( ) func TestACP_AddDPISchema_BasicYAML_SchemaAccepted(t *testing.T) { - policyIDOfValidDPI := "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a" + policyIDOfValidDPI := "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3" test := testUtils.TestCase{ @@ -113,7 +113,7 @@ func TestACP_AddDPISchema_BasicYAML_SchemaAccepted(t *testing.T) { } func TestACP_AddDPISchema_BasicJSON_SchemaAccepted(t *testing.T) { - policyIDOfValidDPI := "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a" + policyIDOfValidDPI := "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/accept_extra_permissions_on_dpi_test.go b/tests/integration/acp/schema/add_dpi/accept_extra_permissions_on_dpi_test.go index 348736a58c..275caf0864 100644 --- a/tests/integration/acp/schema/add_dpi/accept_extra_permissions_on_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/accept_extra_permissions_on_dpi_test.go @@ -19,7 +19,7 @@ import ( ) func TestACP_AddDPISchema_WithExtraPermsHavingRequiredRelation_AcceptSchema(t *testing.T) { - policyIDOfValidDPI := "16e39e650d4cbd5161ae0c572edad6f7e2950c1c4afa37e427af3c8708e68f0f" + policyIDOfValidDPI := "c137c80b1ad0fc52aa183c3b43dff62d1eefdd04cb0f49ca6a646b545843eece" test := testUtils.TestCase{ @@ -118,7 +118,7 @@ func TestACP_AddDPISchema_WithExtraPermsHavingRequiredRelation_AcceptSchema(t *t } func TestACP_AddDPISchema_WithExtraPermsHavingRequiredRelationInTheEnd_AcceptSchema(t *testing.T) { - policyIDOfValidDPI := "35b6f3db54cfb0f451a4faba77d2c71d8718215caeb5a15a8570dfdba07b694d" + policyIDOfValidDPI := "053f118041543b324f127a57a19e29c26aa95af8fa732ded2cf80e8dd96fa2d3" test := testUtils.TestCase{ @@ -217,7 +217,7 @@ func TestACP_AddDPISchema_WithExtraPermsHavingRequiredRelationInTheEnd_AcceptSch } func TestACP_AddDPISchema_WithExtraPermsHavingNoRequiredRelation_AcceptSchema(t *testing.T) { - policyIDOfValidDPI := "7b6266a93bfb6920bf57884f55c3823a5a5147c4ce445a9fc703b7c1e59b2d12" + policyIDOfValidDPI := "b1758de0d20726e53c9c343382af0f834ed6a10381f96399ce7c39fab607c349" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/accept_managed_relation_on_dpi_test.go b/tests/integration/acp/schema/add_dpi/accept_managed_relation_on_dpi_test.go index 72f622201f..c7b168aea7 100644 --- a/tests/integration/acp/schema/add_dpi/accept_managed_relation_on_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/accept_managed_relation_on_dpi_test.go @@ -19,7 +19,7 @@ import ( ) func TestACP_AddDPISchema_WithManagedRelation_AcceptSchemas(t *testing.T) { - policyIDOfValidDPI := "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001" + policyIDOfValidDPI := "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/accept_mixed_resources_on_partial_dpi_test.go b/tests/integration/acp/schema/add_dpi/accept_mixed_resources_on_partial_dpi_test.go index a991d4b280..5c4f39c034 100644 --- a/tests/integration/acp/schema/add_dpi/accept_mixed_resources_on_partial_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/accept_mixed_resources_on_partial_dpi_test.go @@ -19,7 +19,7 @@ import ( ) func TestACP_AddDPISchema_PartialValidDPIButUseOnlyValidDPIResource_AcceptSchema(t *testing.T) { - policyIDOfPartiallyValidDPI := "d5d411825b2d8fa5a550f1e34153b88b375ed9c9af19ce6d2ba1769e237a45d0" + policyIDOfPartiallyValidDPI := "bfda7dc76b4719a32ff2ef6691646501d14fb139518ff6c05d4be1825b9128ed" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/accept_multi_dpis_test.go b/tests/integration/acp/schema/add_dpi/accept_multi_dpis_test.go index 0ec43706ee..25e41408cf 100644 --- a/tests/integration/acp/schema/add_dpi/accept_multi_dpis_test.go +++ b/tests/integration/acp/schema/add_dpi/accept_multi_dpis_test.go @@ -43,8 +43,8 @@ func TestACP_AddDPISchema_AddDuplicateDPIsByOtherCreatorsUseBoth_AcceptSchema(t - actor ` - const policyIDOfFirstCreatorsDPI string = "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" - const policyIDOfSecondCreatorsDPI string = "d33aa07a28ea19ed07a5256eb7e7f5600b0e0af13254889a7fce60202c4f6c7e" + const policyIDOfFirstCreatorsDPI string = "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" + const policyIDOfSecondCreatorsDPI string = "6d2ec2fd16ed62a1cad05d8e791abe12cbbf9551080c0ca052336b49e635c291" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/accept_multi_resources_on_dpi_test.go b/tests/integration/acp/schema/add_dpi/accept_multi_resources_on_dpi_test.go index 9903bc18d2..97f96d1acd 100644 --- a/tests/integration/acp/schema/add_dpi/accept_multi_resources_on_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/accept_multi_resources_on_dpi_test.go @@ -19,7 +19,7 @@ import ( ) func TestACP_AddDPISchema_WithMultipleResources_AcceptSchema(t *testing.T) { - policyIDOfValidDPI := "f3e521de628fa607ba11af0e9b53e2fb74ca0e6ea33622003d1f43dbae0ce41d" + policyIDOfValidDPI := "6209c5d12fce1fb0db4140ffa9d6b14a4d38133f601ab83f12dbb6ef84ee7da3" test := testUtils.TestCase{ @@ -128,7 +128,7 @@ func TestACP_AddDPISchema_WithMultipleResources_AcceptSchema(t *testing.T) { } func TestACP_AddDPISchema_WithMultipleResourcesBothBeingUsed_AcceptSchema(t *testing.T) { - policyIDOfValidDPI := "f3e521de628fa607ba11af0e9b53e2fb74ca0e6ea33622003d1f43dbae0ce41d" + policyIDOfValidDPI := "6209c5d12fce1fb0db4140ffa9d6b14a4d38133f601ab83f12dbb6ef84ee7da3" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/accept_same_resource_on_diff_schemas_test.go b/tests/integration/acp/schema/add_dpi/accept_same_resource_on_diff_schemas_test.go index 086a69a1b1..aaef9d915d 100644 --- a/tests/integration/acp/schema/add_dpi/accept_same_resource_on_diff_schemas_test.go +++ b/tests/integration/acp/schema/add_dpi/accept_same_resource_on_diff_schemas_test.go @@ -19,7 +19,7 @@ import ( ) func TestACP_AddDPISchema_UseSameResourceOnDifferentSchemas_AcceptSchemas(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" sharedSameResourceName := "users" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_empty_arg_on_schema_test.go b/tests/integration/acp/schema/add_dpi/reject_empty_arg_on_schema_test.go index b23f47e19b..8174ccf7bc 100644 --- a/tests/integration/acp/schema/add_dpi/reject_empty_arg_on_schema_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_empty_arg_on_schema_test.go @@ -17,7 +17,7 @@ import ( ) func TestACP_AddDPISchema_NoArgWasSpecifiedOnSchema_SchemaRejected(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" test := testUtils.TestCase{ @@ -91,7 +91,7 @@ func TestACP_AddDPISchema_NoArgWasSpecifiedOnSchema_SchemaRejected(t *testing.T) } func TestACP_AddDPISchema_SpecifiedArgsAreEmptyOnSchema_SchemaRejected(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_invalid_arg_type_on_schema_test.go b/tests/integration/acp/schema/add_dpi/reject_invalid_arg_type_on_schema_test.go index 94b3fd2dde..028b42f4ac 100644 --- a/tests/integration/acp/schema/add_dpi/reject_invalid_arg_type_on_schema_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_invalid_arg_type_on_schema_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_InvalidPolicyIDArgTypeWasSpecifiedOnSchema_SchemaRejected(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" test := testUtils.TestCase{ @@ -92,7 +92,7 @@ func TestACP_AddDPISchema_InvalidPolicyIDArgTypeWasSpecifiedOnSchema_SchemaRejec } func TestACP_AddDPISchema_InvalidResourceArgTypeWasSpecifiedOnSchema_SchemaRejected(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_invalid_owner_read_perm_on_dpi_test.go b/tests/integration/acp/schema/add_dpi/reject_invalid_owner_read_perm_on_dpi_test.go index 540222d37b..a6140d23d2 100644 --- a/tests/integration/acp/schema/add_dpi/reject_invalid_owner_read_perm_on_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_invalid_owner_read_perm_on_dpi_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_OwnerMissingRequiredReadPermissionOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "782ffee730033ff01a3bdb05a3aa130f08c0914887378b0dfee314be6c3a8dd0" + policyIDOfInvalidDPI := "d3b58e284fb1117eb9c0111105195c910a6873d70695d8d3af3a967632bd5a5c" test := testUtils.TestCase{ @@ -102,7 +102,7 @@ func TestACP_AddDPISchema_OwnerMissingRequiredReadPermissionOnDPI_SchemaRejected } func TestACP_AddDPISchema_OwnerMissingRequiredReadPermissionLabelOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "62d2d65d0304cb9a16bb4f07d1f48c7142911f73bc1db6ee54cdd2c6c7949c73" + policyIDOfInvalidDPI := "6f81aa1e33a6888e041ed7686f21007d09b30ae218fb2ce19071ea2155482b23" test := testUtils.TestCase{ @@ -185,7 +185,7 @@ func TestACP_AddDPISchema_OwnerMissingRequiredReadPermissionLabelOnDPI_SchemaRej } func TestACP_AddDPISchema_OwnerSpecifiedIncorrectlyOnReadPermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "f9fe33e8b2ee18a65d16bdc8017fe829ec13b0797330422639cd9dafac7b00f8" + policyIDOfInvalidDPI := "7f291632f6772e108830d41a5388391fc04cd4f2473d2a759d2a3326ee973848" test := testUtils.TestCase{ @@ -269,7 +269,7 @@ func TestACP_AddDPISchema_OwnerSpecifiedIncorrectlyOnReadPermissionExprOnDPI_Sch } func TestACP_AddDPISchema_OwnerSpecifiedIncorrectlyOnReadPermissionNoSpaceExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "08cc6bed6b9695dd47b6bf1e934ff91975db598631a55c26db9ead1393a77588" + policyIDOfInvalidDPI := "aa4c2b7bc9177a7b1cb808289a7f03564c489cc5c829ef756997cbe47b689a3f" test := testUtils.TestCase{ @@ -353,7 +353,7 @@ func TestACP_AddDPISchema_OwnerSpecifiedIncorrectlyOnReadPermissionNoSpaceExprOn } func TestACP_AddDPISchema_MaliciousOwnerSpecifiedOnReadPermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "fff5c6fc25fbc2a9e5a7251c19b1cb950889281d656e5aeb642ce7c16f181c9b" + policyIDOfInvalidDPI := "f52f9a23643c6d52f4aaf2569885c152f06edc7d95647f88f6c4e8ead757e792" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_invalid_owner_read_perm_symbol_on_dpi_test.go b/tests/integration/acp/schema/add_dpi/reject_invalid_owner_read_perm_symbol_on_dpi_test.go index 29ec5a9ecf..5aaedbdcf3 100644 --- a/tests/integration/acp/schema/add_dpi/reject_invalid_owner_read_perm_symbol_on_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_invalid_owner_read_perm_symbol_on_dpi_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_OwnerRelationWithDifferenceSetOpOnReadPermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "c9bb1811862ded3a4a8a931054bd99ecabde3f41231c6aa2c50e1f1f5af2b5e8" + policyIDOfInvalidDPI := "646063232aca1ae245d59f64e192436e1e843008f496c21eb4070d7d765f6f10" test := testUtils.TestCase{ @@ -103,7 +103,7 @@ func TestACP_AddDPISchema_OwnerRelationWithDifferenceSetOpOnReadPermissionExprOn } func TestACP_AddDPISchema_OwnerRelationWithIntersectionSetOpOnReadPermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "7bff1d8a967df4de99f8daaa2567c660eb6e7b2c554c9a49bf831230e5d9eba6" + policyIDOfInvalidDPI := "3252d478a953afc01782253abd47ad644e2784911ad4418acd802c9002a72c5a" test := testUtils.TestCase{ @@ -188,7 +188,7 @@ func TestACP_AddDPISchema_OwnerRelationWithIntersectionSetOpOnReadPermissionExpr } func TestACP_AddDPISchema_OwnerRelationWithInvalidSetOpOnReadPermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "cc2fab7c299e94e2bd9370708d26ca1262ff3b0d75f9a58d1086658cfec26c65" + policyIDOfInvalidDPI := "e4120157eaf6546994d7301deacb3f313ba7240a90dba9aeaa7b1227292f39cb" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_invalid_owner_write_perm_on_dpi_test.go b/tests/integration/acp/schema/add_dpi/reject_invalid_owner_write_perm_on_dpi_test.go index f3b5877444..36fad20c9b 100644 --- a/tests/integration/acp/schema/add_dpi/reject_invalid_owner_write_perm_on_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_invalid_owner_write_perm_on_dpi_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_OwnerMissingRequiredWritePermissionOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "4256d2b54767cafd0e0a2b39a6faebf44bc99a7fc74ff5b51894f7accf2ef638" + policyIDOfInvalidDPI := "25bfbcab338ce03e1312b7a4dd78f4574156b5ca626c8f894ed101c81d2d31c8" test := testUtils.TestCase{ @@ -102,7 +102,7 @@ func TestACP_AddDPISchema_OwnerMissingRequiredWritePermissionOnDPI_SchemaRejecte } func TestACP_AddDPISchema_OwnerMissingRequiredWritePermissionLabelOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "e8be944571cd6b52faa1e8b75fa339a9f60065b65d78ed126d037722e2512593" + policyIDOfInvalidDPI := "f0c8fc28378030d268ccdab9931e788d8839e0640085e43c1d48deebfe859f34" test := testUtils.TestCase{ @@ -185,7 +185,7 @@ func TestACP_AddDPISchema_OwnerMissingRequiredWritePermissionLabelOnDPI_SchemaRe } func TestACP_AddDPISchema_OwnerSpecifiedIncorrectlyOnWritePermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "34ff30cb9e80993e2b11f86f85c6daa7cd9bf25724e4d5ff0704518d7970d074" + policyIDOfInvalidDPI := "e94d4ca7705564e39014bec198c3e20f5fae86c4dd44297711bd6a2257e579dc" test := testUtils.TestCase{ @@ -269,7 +269,7 @@ func TestACP_AddDPISchema_OwnerSpecifiedIncorrectlyOnWritePermissionExprOnDPI_Sc } func TestACP_AddDPISchema_OwnerSpecifiedIncorrectlyOnWritePermissionNoSpaceExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "2e9fc5805b0442e856e9893fea0f4759d333e442856a230ed741b88670e6426c" + policyIDOfInvalidDPI := "2d185da7b2d40981ce325d71d1d21dbae87690a461d7cb5c4ac753ad213607a3" test := testUtils.TestCase{ @@ -353,7 +353,7 @@ func TestACP_AddDPISchema_OwnerSpecifiedIncorrectlyOnWritePermissionNoSpaceExprO } func TestACP_AddDPISchema_MaliciousOwnerSpecifiedOnWritePermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "3bcd650ac1e69d5efe6c930d05420231a0a69e6018d0f1015e0ecef9869d8dd5" + policyIDOfInvalidDPI := "2ad2dcd971d0e358a8d231970a3aa71b5cd94d38a85034c5cef10cd1c9fd5895" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_invalid_owner_write_perm_symbol_on_dpi_test.go b/tests/integration/acp/schema/add_dpi/reject_invalid_owner_write_perm_symbol_on_dpi_test.go index 96ff618123..07d719b920 100644 --- a/tests/integration/acp/schema/add_dpi/reject_invalid_owner_write_perm_symbol_on_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_invalid_owner_write_perm_symbol_on_dpi_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_OwnerRelationWithDifferenceSetOpOnWritePermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "2e14b379df6008ba577a11ac47d59c09eb0146afc5453e1ac0f40178ac3f5720" + policyIDOfInvalidDPI := "e3fa9d82173e212e4d13e4f96b521dba16644c5dd1b07518fe2e93391ca1c087" test := testUtils.TestCase{ @@ -103,7 +103,7 @@ func TestACP_AddDPISchema_OwnerRelationWithDifferenceSetOpOnWritePermissionExprO } func TestACP_AddDPISchema_OwnerRelationWithIntersectionSetOpOnWritePermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "143546c4da209d67466690bf749899c37cd956f64c128ea7cca0662688f832ac" + policyIDOfInvalidDPI := "5c12fb0c1d7e108f7144f9e21c830478f80d5a4b0108b35fefa17ad83f4aac15" test := testUtils.TestCase{ @@ -188,7 +188,7 @@ func TestACP_AddDPISchema_OwnerRelationWithIntersectionSetOpOnWritePermissionExp } func TestACP_AddDPISchema_OwnerRelationWithInvalidSetOpOnWritePermissionExprOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "b9b4e941be904b0472ab6031628ce08ae4f87314e68972a6cfc114ed449820a4" + policyIDOfInvalidDPI := "3c341a310b63bb689cf501598409f2a07a4b1798057d5634b8c47fe1efd094c9" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_missing_dpi_test.go b/tests/integration/acp/schema/add_dpi/reject_missing_dpi_test.go index c59008edf5..4aa2acb7bc 100644 --- a/tests/integration/acp/schema/add_dpi/reject_missing_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_missing_dpi_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_WhereNoPolicyWasAdded_SchemaRejected(t *testing.T) { - nonExistingPolicyID := "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a" + nonExistingPolicyID := "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3" test := testUtils.TestCase{ @@ -68,8 +68,8 @@ func TestACP_AddDPISchema_WhereNoPolicyWasAdded_SchemaRejected(t *testing.T) { } func TestACP_AddDPISchema_WhereAPolicyWasAddedButLinkedPolicyWasNotAdded_SchemaRejected(t *testing.T) { - policyAdded := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" - incorrectPolicyID := "dfe202ffb4f0fe9b46157c313213a3839e08a6f0a7c3aba55e4724cb49ffde8a" + policyAdded := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" + incorrectPolicyID := "aa664afaf8dff947ba85f4d464662d595af6c1e2466bd11fd6b82ea95b547ea3" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_missing_id_arg_on_schema_test.go b/tests/integration/acp/schema/add_dpi/reject_missing_id_arg_on_schema_test.go index 7a5942f2e6..9f3d90d203 100644 --- a/tests/integration/acp/schema/add_dpi/reject_missing_id_arg_on_schema_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_missing_id_arg_on_schema_test.go @@ -17,7 +17,7 @@ import ( ) func TestACP_AddDPISchema_NoPolicyIDWasSpecifiedOnSchema_SchemaRejected(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" test := testUtils.TestCase{ @@ -91,7 +91,7 @@ func TestACP_AddDPISchema_NoPolicyIDWasSpecifiedOnSchema_SchemaRejected(t *testi } func TestACP_AddDPISchema_SpecifiedPolicyIDArgIsEmptyOnSchema_SchemaRejected(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_missing_perms_on_dpi_test.go b/tests/integration/acp/schema/add_dpi/reject_missing_perms_on_dpi_test.go index 16c6eb1024..22fb305b7b 100644 --- a/tests/integration/acp/schema/add_dpi/reject_missing_perms_on_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_missing_perms_on_dpi_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_MissingRequiredReadPermissionOnDPI_SchemaRejected(t *testing.T) { - policyIDOfInvalidDPI := "7eb7448daa631cfe33da3a149f5eea716026f54bf23ce1315c594259382c5c57" + policyIDOfInvalidDPI := "07da6260811df769d551e89e02364b3e939cb585696c1a69b626bb8ecdd378f9" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_missing_resource_arg_on_schema_test.go b/tests/integration/acp/schema/add_dpi/reject_missing_resource_arg_on_schema_test.go index 45635eae15..d8d67af51f 100644 --- a/tests/integration/acp/schema/add_dpi/reject_missing_resource_arg_on_schema_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_missing_resource_arg_on_schema_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_NoResourceWasSpecifiedOnSchema_SchemaRejected(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" test := testUtils.TestCase{ @@ -94,7 +94,7 @@ func TestACP_AddDPISchema_NoResourceWasSpecifiedOnSchema_SchemaRejected(t *testi } func TestACP_AddDPISchema_SpecifiedResourceArgIsEmptyOnSchema_SchemaRejected(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_missing_resource_on_dpi_test.go b/tests/integration/acp/schema/add_dpi/reject_missing_resource_on_dpi_test.go index 3d50f1c2a7..8261c6759f 100644 --- a/tests/integration/acp/schema/add_dpi/reject_missing_resource_on_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_missing_resource_on_dpi_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_SpecifiedResourceDoesNotExistOnDPI_SchemaRejected(t *testing.T) { - policyIDOfValidDPI := "4f13c5084c3d0e1e5c5db702fceef84c3b6ab948949ca8e27fcaad3fb8bc39f4" + policyIDOfValidDPI := "d5b240c738dba7fe7d8ae55acf257d8e4010c9d8b78e0b1f0bd26741b1ec5663" test := testUtils.TestCase{ diff --git a/tests/integration/acp/schema/add_dpi/reject_mixed_resources_on_partial_dpi_test.go b/tests/integration/acp/schema/add_dpi/reject_mixed_resources_on_partial_dpi_test.go index ba9e06a2b6..b2bcbbf6ae 100644 --- a/tests/integration/acp/schema/add_dpi/reject_mixed_resources_on_partial_dpi_test.go +++ b/tests/integration/acp/schema/add_dpi/reject_mixed_resources_on_partial_dpi_test.go @@ -18,7 +18,7 @@ import ( ) func TestACP_AddDPISchema_PartialValidDPIButUseInValidDPIResource_RejectSchema(t *testing.T) { - policyIDOfPartiallyValidDPI := "d5d411825b2d8fa5a550f1e34153b88b375ed9c9af19ce6d2ba1769e237a45d0" + policyIDOfPartiallyValidDPI := "bfda7dc76b4719a32ff2ef6691646501d14fb139518ff6c05d4be1825b9128ed" test := testUtils.TestCase{ diff --git a/tests/integration/collection_description/updates/remove/policy_test.go b/tests/integration/collection_description/updates/remove/policy_test.go index 1d4de5d399..b52b8112c4 100644 --- a/tests/integration/collection_description/updates/remove/policy_test.go +++ b/tests/integration/collection_description/updates/remove/policy_test.go @@ -52,13 +52,13 @@ func TestColDescrUpdateRemovePolicy_Errors(t *testing.T) { - actor `, - ExpectedPolicyID: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + ExpectedPolicyID: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", }, testUtils.SchemaUpdate{ Schema: ` type Users @policy( - id: "53980e762616fcffbe76307995895e862f87ef3f21d509325d1dc772a770b001", + id: "a42e109f1542da3fef5f8414621a09aa4805bf1ac9ff32ad9940bd2c488ee6cd", resource: "users" ) { name: String diff --git a/tests/integration/test_case.go b/tests/integration/test_case.go index b2f3368339..bea260c773 100644 --- a/tests/integration/test_case.go +++ b/tests/integration/test_case.go @@ -16,6 +16,7 @@ import ( "github.com/lens-vm/lens/host-go/config/model" "github.com/sourcenetwork/immutable" + acpIdentity "github.com/sourcenetwork/defradb/acp/identity" "github.com/sourcenetwork/defradb/client" "github.com/sourcenetwork/defradb/net" "github.com/sourcenetwork/defradb/tests/gen" @@ -218,7 +219,7 @@ type CreateDoc struct { // // If an Identity is provided and the collection has a policy, then the // created document(s) will be owned by this Identity. - Identity string + Identity immutable.Option[acpIdentity.Identity] // The collection in which this document should be created. CollectionID int @@ -247,7 +248,7 @@ type DeleteDoc struct { // // If an Identity is provided and the collection has a policy, then // can also delete private document(s) that are owned by this Identity. - Identity string + Identity immutable.Option[acpIdentity.Identity] // The collection in which this document should be deleted. CollectionID int @@ -280,7 +281,7 @@ type UpdateDoc struct { // // If an Identity is provided and the collection has a policy, then // can also update private document(s) that are owned by this Identity. - Identity string + Identity immutable.Option[acpIdentity.Identity] // The collection in which this document exists. CollectionID int @@ -434,7 +435,7 @@ type Request struct { // // If an Identity is provided and the collection has a policy, then can // operate over private document(s) that are owned by this Identity. - Identity string + Identity immutable.Option[acpIdentity.Identity] // Used to identify the transaction for this to run against. Optional. TransactionID immutable.Option[int] diff --git a/tests/integration/utils2.go b/tests/integration/utils2.go index f5e6156707..708e14450b 100644 --- a/tests/integration/utils2.go +++ b/tests/integration/utils2.go @@ -27,7 +27,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - acpIdentity "github.com/sourcenetwork/defradb/acp/identity" "github.com/sourcenetwork/defradb/client" "github.com/sourcenetwork/defradb/crypto" "github.com/sourcenetwork/defradb/datastore" @@ -851,7 +850,7 @@ func refreshDocuments( continue } - ctx := db.SetContextIdentity(s.ctx, acpIdentity.New(action.Identity)) + ctx := db.SetContextIdentity(s.ctx, action.Identity) // The document may have been mutated by other actions, so to be sure we have the latest // version without having to worry about the individual update mechanics we fetch it. doc, err = collection.Get(ctx, doc.ID(), false) @@ -1206,7 +1205,7 @@ func createDocViaColSave( txn := getTransaction(s, node, immutable.None[int](), action.ExpectedError) ctx := db.SetContextTxn(s.ctx, txn) - ctx = db.SetContextIdentity(ctx, acpIdentity.New(action.Identity)) + ctx = db.SetContextIdentity(ctx, action.Identity) return doc, collections[action.CollectionID].Save(ctx, doc) } @@ -1226,7 +1225,7 @@ func createDocViaColCreate( txn := getTransaction(s, node, immutable.None[int](), action.ExpectedError) ctx := db.SetContextTxn(s.ctx, txn) - ctx = db.SetContextIdentity(ctx, acpIdentity.New(action.Identity)) + ctx = db.SetContextIdentity(ctx, action.Identity) return doc, collections[action.CollectionID].Create(ctx, doc) } @@ -1255,7 +1254,7 @@ func createDocViaGQL( txn := getTransaction(s, node, immutable.None[int](), action.ExpectedError) ctx := db.SetContextTxn(s.ctx, txn) - ctx = db.SetContextIdentity(ctx, acpIdentity.New(action.Identity)) + ctx = db.SetContextIdentity(ctx, action.Identity) result := node.ExecRequest( ctx, @@ -1287,7 +1286,7 @@ func deleteDoc( action DeleteDoc, ) { doc := s.documents[action.CollectionID][action.DocID] - ctx := db.SetContextIdentity(s.ctx, acpIdentity.New(action.Identity)) + ctx := db.SetContextIdentity(s.ctx, action.Identity) var expectedErrorRaised bool actionNodes := getNodes(action.NodeID, s.nodes) @@ -1345,7 +1344,7 @@ func updateDocViaColSave( collections []client.Collection, ) error { cachedDoc := s.documents[action.CollectionID][action.DocID] - ctx := db.SetContextIdentity(s.ctx, acpIdentity.New(action.Identity)) + ctx := db.SetContextIdentity(s.ctx, action.Identity) doc, err := collections[action.CollectionID].Get(ctx, cachedDoc.ID(), true) if err != nil { @@ -1372,7 +1371,7 @@ func updateDocViaColUpdate( collections []client.Collection, ) error { cachedDoc := s.documents[action.CollectionID][action.DocID] - ctx := db.SetContextIdentity(s.ctx, acpIdentity.New(action.Identity)) + ctx := db.SetContextIdentity(s.ctx, action.Identity) doc, err := collections[action.CollectionID].Get(ctx, cachedDoc.ID(), true) if err != nil { @@ -1415,7 +1414,7 @@ func updateDocViaGQL( txn := getTransaction(s, node, immutable.None[int](), action.ExpectedError) ctx := db.SetContextTxn(s.ctx, txn) - ctx = db.SetContextIdentity(ctx, acpIdentity.New(action.Identity)) + ctx = db.SetContextIdentity(ctx, action.Identity) result := node.ExecRequest(ctx, request) if len(result.GQL.Errors) > 0 { @@ -1635,7 +1634,7 @@ func executeRequest( txn := getTransaction(s, node, action.TransactionID, action.ExpectedError) ctx := db.SetContextTxn(s.ctx, txn) - ctx = db.SetContextIdentity(ctx, acpIdentity.New(action.Identity)) + ctx = db.SetContextIdentity(ctx, action.Identity) result := node.ExecRequest(ctx, action.Request)