github.com/RobustRoundRobin/quorum@v20.10.0+incompatible/permission/permission_test.go (about) 1 package permission 2 3 import ( 4 "crypto/ecdsa" 5 "encoding/json" 6 "errors" 7 "fmt" 8 "io/ioutil" 9 "log" 10 "math/big" 11 "os" 12 "strconv" 13 "testing" 14 15 "github.com/ethereum/go-ethereum/accounts" 16 "github.com/ethereum/go-ethereum/accounts/abi/bind" 17 "github.com/ethereum/go-ethereum/accounts/abi/bind/backends" 18 "github.com/ethereum/go-ethereum/accounts/keystore" 19 "github.com/ethereum/go-ethereum/common" 20 "github.com/ethereum/go-ethereum/consensus/ethash" 21 "github.com/ethereum/go-ethereum/core" 22 "github.com/ethereum/go-ethereum/core/types" 23 "github.com/ethereum/go-ethereum/crypto" 24 "github.com/ethereum/go-ethereum/eth" 25 "github.com/ethereum/go-ethereum/internal/ethapi" 26 "github.com/ethereum/go-ethereum/miner" 27 "github.com/ethereum/go-ethereum/node" 28 "github.com/ethereum/go-ethereum/p2p" 29 "github.com/ethereum/go-ethereum/params" 30 pbind "github.com/ethereum/go-ethereum/permission/bind" 31 "github.com/stretchr/testify/assert" 32 ) 33 34 const ( 35 arbitraryNetworkAdminOrg = "NETWORK_ADMIN" 36 arbitraryNetworkAdminRole = "NETWORK_ADMIN_ROLE" 37 arbitraryOrgAdminRole = "ORG_ADMIN_ROLE" 38 arbitraryNode1 = "enode://ac6b1096ca56b9f6d004b779ae3728bf83f8e22453404cc3cef16a3d9b96608bc67c4b30db88e0a5a6c6390213f7acbe1153ff6d23ce57380104288ae19373ef@127.0.0.1:21000?discport=0&raftport=50401" 39 arbitraryNode2 = "enode://0ba6b9f606a43a95edc6247cdb1c1e105145817be7bcafd6b2c0ba15d58145f0dc1a194f70ba73cd6f4cdd6864edc7687f311254c7555cc32e4d45aeb1b80416@127.0.0.1:21001?discport=0&raftport=50402" 40 arbitraryNode3 = "enode://579f786d4e2830bbcc02815a27e8a9bacccc9605df4dc6f20bcc1a6eb391e7225fff7cb83e5b4ecd1f3a94d8b733803f2f66b7e871961e7b029e22c155c3a778@127.0.0.1:21002?discport=0&raftport=50403" 41 arbitraryNode4 = "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404" 42 arbitraryOrgToAdd = "ORG1" 43 arbitrarySubOrg = "SUB1" 44 arbitrartNewRole1 = "NEW_ROLE_1" 45 arbitrartNewRole2 = "NEW_ROLE_2" 46 orgCacheSize = 4 47 roleCacheSize = 4 48 nodeCacheSize = 2 49 accountCacheSize = 4 50 ) 51 52 var ErrAccountsLinked = errors.New("Accounts linked to the role. Cannot be removed") 53 var ErrPendingApproval = errors.New("Pending approvals for the organization. Approve first") 54 var ErrAcctBlacklisted = errors.New("Blacklisted account. Operation not allowed") 55 var ErrNodeBlacklisted = errors.New("Blacklisted node. Operation not allowed") 56 57 var ( 58 guardianKey *ecdsa.PrivateKey 59 guardianAccount accounts.Account 60 backend bind.ContractBackend 61 permUpgrAddress, permInterfaceAddress, permImplAddress, voterManagerAddress, 62 nodeManagerAddress, roleManagerAddress, accountManagerAddress, orgManagerAddress common.Address 63 ethereum *eth.Ethereum 64 stack *node.Node 65 guardianAddress common.Address 66 ) 67 68 func TestMain(m *testing.M) { 69 setup() 70 ret := m.Run() 71 teardown() 72 os.Exit(ret) 73 } 74 75 func setup() { 76 var err error 77 t := log.New(os.Stdout, "", 0) 78 79 ksdir, _, err := tmpKeyStore(false) 80 defer os.RemoveAll(ksdir) 81 82 if err != nil { 83 t.Fatalf("failed to create keystore: %v\n", err) 84 } 85 nodeKey, _ := crypto.GenerateKey() 86 guardianKey, _ = crypto.GenerateKey() 87 88 // Create a network-less protocol stack and start an Ethereum service within 89 stack, err = node.New(&node.Config{ 90 DataDir: "", 91 KeyStoreDir: ksdir, 92 UseLightweightKDF: true, 93 P2P: p2p.Config{ 94 PrivateKey: nodeKey, 95 }, 96 }) 97 98 ksbackend := stack.AccountManager().Backends(keystore.KeyStoreType)[0].(*keystore.KeyStore) 99 guardianAccount, err = ksbackend.ImportECDSA(guardianKey, "foo") 100 guardianAddress = guardianAccount.Address 101 if err != nil { 102 t.Fatal(err) 103 } 104 err = ksbackend.TimedUnlock(guardianAccount, "foo", 0) 105 if err != nil { 106 t.Fatal("failed to unlock") 107 } 108 109 genesisAlloc := map[common.Address]core.GenesisAccount{ 110 guardianAddress: { 111 Balance: big.NewInt(100000000000000), 112 }, 113 } 114 ethConf := ð.Config{ 115 Genesis: &core.Genesis{Config: params.AllEthashProtocolChanges, GasLimit: 10000000000, Alloc: genesisAlloc}, 116 Miner: miner.Config{Etherbase: guardianAddress}, 117 Ethash: ethash.Config{ 118 PowMode: ethash.ModeTest, 119 }, 120 } 121 122 if err = stack.Register(func(ctx *node.ServiceContext) (node.Service, error) { return eth.New(ctx, ethConf) }); err != nil { 123 t.Fatalf("failed to register Ethereum protocol: %v", err) 124 } 125 // Start the node and assemble the JavaScript console around it 126 if err = stack.Start(); err != nil { 127 t.Fatalf("failed to start test stack: %v", err) 128 } 129 if err := stack.Service(ðereum); err != nil { 130 t.Fatal(err) 131 } 132 backend = backends.NewSimulatedBackendFrom(ethereum) 133 134 var permUpgrInstance *pbind.PermUpgr 135 136 guardianTransactor := bind.NewKeyedTransactor(guardianKey) 137 138 permUpgrAddress, _, permUpgrInstance, err = pbind.DeployPermUpgr(guardianTransactor, backend, guardianAddress) 139 if err != nil { 140 t.Fatal(err) 141 } 142 permInterfaceAddress, _, _, err = pbind.DeployPermInterface(guardianTransactor, backend, permUpgrAddress) 143 if err != nil { 144 t.Fatal(err) 145 } 146 nodeManagerAddress, _, _, err = pbind.DeployNodeManager(guardianTransactor, backend, permUpgrAddress) 147 if err != nil { 148 t.Fatal(err) 149 } 150 roleManagerAddress, _, _, err = pbind.DeployRoleManager(guardianTransactor, backend, permUpgrAddress) 151 if err != nil { 152 t.Fatal(err) 153 } 154 accountManagerAddress, _, _, err = pbind.DeployAcctManager(guardianTransactor, backend, permUpgrAddress) 155 if err != nil { 156 t.Fatal(err) 157 } 158 orgManagerAddress, _, _, err = pbind.DeployOrgManager(guardianTransactor, backend, permUpgrAddress) 159 if err != nil { 160 t.Fatal(err) 161 } 162 voterManagerAddress, _, _, err = pbind.DeployVoterManager(guardianTransactor, backend, permUpgrAddress) 163 if err != nil { 164 t.Fatal(err) 165 } 166 permImplAddress, _, _, err = pbind.DeployPermImpl(guardianTransactor, backend, permUpgrAddress, orgManagerAddress, roleManagerAddress, accountManagerAddress, voterManagerAddress, nodeManagerAddress) 167 if err != nil { 168 t.Fatal(err) 169 } 170 // call init 171 if _, err := permUpgrInstance.Init(guardianTransactor, permInterfaceAddress, permImplAddress); err != nil { 172 t.Fatal(err) 173 } 174 175 fmt.Printf("current block is %v\n", ethereum.BlockChain().CurrentBlock().Number().Int64()) 176 } 177 178 func teardown() { 179 180 } 181 182 func TestPermissionCtrl_AfterStart(t *testing.T) { 183 testObject := typicalPermissionCtrl(t) 184 185 err := testObject.AfterStart() 186 187 assert.NoError(t, err) 188 assert.NotNil(t, testObject.permOrg) 189 assert.NotNil(t, testObject.permRole) 190 assert.NotNil(t, testObject.permNode) 191 assert.NotNil(t, testObject.permAcct) 192 assert.NotNil(t, testObject.permInterf) 193 assert.NotNil(t, testObject.permUpgr) 194 195 isNetworkInitialized, err := testObject.permInterf.GetNetworkBootStatus(&bind.CallOpts{ 196 Pending: true, 197 }) 198 assert.NoError(t, err) 199 assert.True(t, isNetworkInitialized) 200 } 201 202 func TestPermissionCtrl_PopulateInitPermissions_AfterNetworkIsInitialized(t *testing.T) { 203 testObject := typicalPermissionCtrl(t) 204 assert.NoError(t, testObject.AfterStart()) 205 206 err := testObject.populateInitPermissions(orgCacheSize, roleCacheSize, nodeCacheSize, accountCacheSize) 207 208 assert.NoError(t, err) 209 210 // assert cache 211 assert.Equal(t, 1, len(types.OrgInfoMap.GetOrgList())) 212 cachedOrg := types.OrgInfoMap.GetOrgList()[0] 213 assert.Equal(t, arbitraryNetworkAdminOrg, cachedOrg.OrgId) 214 assert.Equal(t, arbitraryNetworkAdminOrg, cachedOrg.FullOrgId) 215 assert.Equal(t, arbitraryNetworkAdminOrg, cachedOrg.UltimateParent) 216 assert.Equal(t, "", cachedOrg.ParentOrgId) 217 assert.Equal(t, types.OrgApproved, cachedOrg.Status) 218 assert.Equal(t, 0, len(cachedOrg.SubOrgList)) 219 assert.Equal(t, big.NewInt(1), cachedOrg.Level) 220 221 assert.Equal(t, 1, len(types.RoleInfoMap.GetRoleList())) 222 cachedRole := types.RoleInfoMap.GetRoleList()[0] 223 assert.Equal(t, arbitraryNetworkAdminOrg, cachedRole.OrgId) 224 assert.Equal(t, arbitraryNetworkAdminRole, cachedRole.RoleId) 225 assert.True(t, cachedRole.Active) 226 assert.True(t, cachedRole.IsAdmin) 227 assert.True(t, cachedRole.IsVoter) 228 assert.Equal(t, types.FullAccess, cachedRole.Access) 229 230 assert.Equal(t, 0, len(types.NodeInfoMap.GetNodeList())) 231 232 assert.Equal(t, 1, len(types.AcctInfoMap.GetAcctList())) 233 cachedAccount := types.AcctInfoMap.GetAcctList()[0] 234 assert.Equal(t, arbitraryNetworkAdminOrg, cachedAccount.OrgId) 235 assert.Equal(t, arbitraryNetworkAdminRole, cachedAccount.RoleId) 236 assert.Equal(t, types.AcctActive, cachedAccount.Status) 237 assert.True(t, cachedAccount.IsOrgAdmin) 238 assert.Equal(t, guardianAddress, cachedAccount.AcctId) 239 } 240 241 func typicalQuorumControlsAPI(t *testing.T) *QuorumControlsAPI { 242 pc := typicalPermissionCtrl(t) 243 if !assert.NoError(t, pc.AfterStart()) { 244 t.Fail() 245 } 246 if !assert.NoError(t, pc.populateInitPermissions(orgCacheSize, roleCacheSize, nodeCacheSize, accountCacheSize)) { 247 t.Fail() 248 } 249 return NewQuorumControlsAPI(pc) 250 } 251 252 func TestQuorumControlsAPI_ListAPIs(t *testing.T) { 253 testObject := typicalQuorumControlsAPI(t) 254 255 orgDetails, err := testObject.GetOrgDetails(arbitraryNetworkAdminOrg) 256 assert.NoError(t, err) 257 assert.Equal(t, orgDetails.AcctList[0].AcctId, guardianAddress) 258 assert.Equal(t, orgDetails.RoleList[0].RoleId, arbitraryNetworkAdminRole) 259 260 orgDetails, err = testObject.GetOrgDetails("XYZ") 261 assert.Equal(t, err, errors.New("Org does not exist")) 262 263 // test NodeList 264 assert.Equal(t, len(testObject.NodeList()), 0) 265 // test AcctList 266 assert.True(t, len(testObject.AcctList()) > 0, fmt.Sprintf("expected non zero account list")) 267 // test OrgList 268 assert.True(t, len(testObject.OrgList()) > 0, fmt.Sprintf("expected non zero org list")) 269 // test RoleList 270 assert.True(t, len(testObject.RoleList()) > 0, fmt.Sprintf("expected non zero org list")) 271 } 272 273 func TestQuorumControlsAPI_OrgAPIs(t *testing.T) { 274 testObject := typicalQuorumControlsAPI(t) 275 invalidTxa := ethapi.SendTxArgs{From: getArbitraryAccount()} 276 277 // test AddOrg 278 orgAdminKey, _ := crypto.GenerateKey() 279 orgAdminAddress := crypto.PubkeyToAddress(orgAdminKey.PublicKey) 280 281 txa := ethapi.SendTxArgs{From: guardianAddress} 282 _, err := testObject.AddOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, invalidTxa) 283 assert.Equal(t, err, errors.New("Invalid account id")) 284 285 _, err = testObject.AddOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, txa) 286 assert.NoError(t, err) 287 288 _, err = testObject.AddOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, txa) 289 assert.Equal(t, err, ErrPendingApproval) 290 291 _, err = testObject.ApproveOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, invalidTxa) 292 assert.Equal(t, err, errors.New("Invalid account id")) 293 294 _, err = testObject.ApproveOrg("XYZ", arbitraryNode1, orgAdminAddress, txa) 295 assert.Equal(t, err, errors.New("Nothing to approve")) 296 297 _, err = testObject.ApproveOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, txa) 298 assert.NoError(t, err) 299 300 types.OrgInfoMap.UpsertOrg(arbitraryOrgToAdd, "", arbitraryOrgToAdd, big.NewInt(1), types.OrgApproved) 301 _, err = testObject.UpdateOrgStatus(arbitraryOrgToAdd, uint8(SuspendOrg), invalidTxa) 302 assert.Equal(t, err, errors.New("Invalid account id")) 303 304 _, err = testObject.UpdateOrgStatus(arbitraryOrgToAdd, uint8(SuspendOrg), txa) 305 assert.NoError(t, err) 306 307 types.OrgInfoMap.UpsertOrg(arbitraryOrgToAdd, "", arbitraryOrgToAdd, big.NewInt(1), types.OrgSuspended) 308 _, err = testObject.ApproveOrgStatus(arbitraryOrgToAdd, uint8(SuspendOrg), invalidTxa) 309 assert.Equal(t, err, errors.New("Invalid account id")) 310 311 _, err = testObject.ApproveOrgStatus(arbitraryOrgToAdd, uint8(SuspendOrg), txa) 312 assert.NoError(t, err) 313 314 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, arbitrarySubOrg, "", invalidTxa) 315 assert.Equal(t, err, errors.New("Invalid account id")) 316 317 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, arbitrarySubOrg, "", txa) 318 assert.NoError(t, err) 319 types.OrgInfoMap.UpsertOrg(arbitrarySubOrg, arbitraryNetworkAdminOrg, arbitraryNetworkAdminOrg, big.NewInt(2), types.OrgApproved) 320 321 suborg := "ABC.12345" 322 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, suborg, "", txa) 323 assert.Equal(t, err, errors.New("Org id cannot contain special characters")) 324 325 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, "", "", txa) 326 assert.Equal(t, err, errors.New("Invalid input")) 327 328 // caching tests - cache size for org is 4. add 4 sub orgs 329 // this will result in cache eviction 330 // get org details after this 331 for i := 0; i < orgCacheSize; i++ { 332 subOrgId := "TESTSUBORG" + strconv.Itoa(i) 333 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, subOrgId, "", txa) 334 assert.NoError(t, err) 335 types.OrgInfoMap.UpsertOrg(subOrgId, arbitraryNetworkAdminOrg, arbitraryNetworkAdminOrg, big.NewInt(2), types.OrgApproved) 336 } 337 338 assert.Equal(t, orgCacheSize, len(types.OrgInfoMap.GetOrgList())) 339 340 orgDetails, err := testObject.GetOrgDetails(arbitraryNetworkAdminOrg) 341 assert.Equal(t, orgDetails.AcctList[0].AcctId, guardianAddress) 342 assert.Equal(t, orgDetails.RoleList[0].RoleId, arbitraryNetworkAdminRole) 343 } 344 345 func TestQuorumControlsAPI_NodeAPIs(t *testing.T) { 346 testObject := typicalQuorumControlsAPI(t) 347 invalidTxa := ethapi.SendTxArgs{From: getArbitraryAccount()} 348 txa := ethapi.SendTxArgs{From: guardianAddress} 349 350 _, err := testObject.AddNode(arbitraryNetworkAdminOrg, arbitraryNode2, invalidTxa) 351 assert.Equal(t, err, errors.New("Invalid account id")) 352 353 _, err = testObject.AddNode(arbitraryNetworkAdminOrg, arbitraryNode2, txa) 354 assert.NoError(t, err) 355 types.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, types.NodeApproved) 356 357 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(SuspendNode), invalidTxa) 358 assert.Equal(t, err, errors.New("Invalid account id")) 359 360 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(SuspendNode), txa) 361 assert.NoError(t, err) 362 types.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, types.NodeDeactivated) 363 364 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(ActivateSuspendedNode), txa) 365 assert.NoError(t, err) 366 types.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, types.NodeApproved) 367 368 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(BlacklistNode), txa) 369 assert.NoError(t, err) 370 types.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, types.NodeBlackListed) 371 372 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(ActivateSuspendedNode), txa) 373 assert.Equal(t, err, ErrNodeBlacklisted) 374 375 _, err = testObject.RecoverBlackListedNode(arbitraryNetworkAdminOrg, arbitraryNode2, invalidTxa) 376 assert.Equal(t, err, errors.New("Invalid account id")) 377 378 _, err = testObject.RecoverBlackListedNode(arbitraryNetworkAdminOrg, arbitraryNode2, txa) 379 assert.NoError(t, err) 380 types.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, types.NodeRecoveryInitiated) 381 382 _, err = testObject.ApproveBlackListedNodeRecovery(arbitraryNetworkAdminOrg, arbitraryNode2, invalidTxa) 383 assert.Equal(t, err, errors.New("Invalid account id")) 384 385 _, err = testObject.ApproveBlackListedNodeRecovery(arbitraryNetworkAdminOrg, arbitraryNode2, txa) 386 assert.NoError(t, err) 387 types.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, types.NodeApproved) 388 389 // caching tests - cache size for node is 3. add 2 nodes which will 390 // result in node eviction from cache. get evicted node details using api 391 _, err = testObject.AddNode(arbitraryNetworkAdminOrg, arbitraryNode3, txa) 392 assert.NoError(t, err) 393 types.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode3, types.NodeApproved) 394 395 _, err = testObject.AddNode(arbitraryNetworkAdminOrg, arbitraryNode4, txa) 396 assert.NoError(t, err) 397 types.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode4, types.NodeApproved) 398 399 assert.Equal(t, nodeCacheSize, len(types.NodeInfoMap.GetNodeList())) 400 nodeInfo, err := types.NodeInfoMap.GetNodeByUrl(arbitraryNode4) 401 assert.True(t, err == nil, "node fetch returned error") 402 assert.Equal(t, types.NodeApproved, nodeInfo.Status) 403 } 404 405 func TestQuorumControlsAPI_RoleAndAccountsAPIs(t *testing.T) { 406 testObject := typicalQuorumControlsAPI(t) 407 invalidTxa := ethapi.SendTxArgs{From: getArbitraryAccount()} 408 txa := ethapi.SendTxArgs{From: guardianAddress} 409 acct := getArbitraryAccount() 410 411 _, err := testObject.AssignAdminRole(arbitraryNetworkAdminOrg, acct, arbitraryNetworkAdminRole, invalidTxa) 412 assert.Equal(t, err, errors.New("Invalid account id")) 413 414 _, err = testObject.AssignAdminRole(arbitraryNetworkAdminOrg, acct, arbitraryNetworkAdminRole, txa) 415 types.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitraryNetworkAdminRole, acct, true, types.AcctPendingApproval) 416 417 _, err = testObject.ApproveAdminRole(arbitraryNetworkAdminOrg, acct, invalidTxa) 418 assert.Equal(t, err, errors.New("Invalid account id")) 419 420 _, err = testObject.ApproveAdminRole(arbitraryNetworkAdminOrg, acct, invalidTxa) 421 assert.Equal(t, err, errors.New("Invalid account id")) 422 423 _, err = testObject.ApproveAdminRole(arbitraryNetworkAdminOrg, acct, txa) 424 assert.NoError(t, err) 425 types.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitraryNetworkAdminRole, acct, true, types.AcctActive) 426 427 _, err = testObject.AddNewRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, uint8(types.FullAccess), false, false, invalidTxa) 428 assert.Equal(t, err, errors.New("Invalid account id")) 429 430 _, err = testObject.AddNewRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, uint8(types.FullAccess), false, false, txa) 431 assert.NoError(t, err) 432 types.RoleInfoMap.UpsertRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, false, false, types.FullAccess, true) 433 434 acct = getArbitraryAccount() 435 _, err = testObject.AddAccountToOrg(acct, arbitraryNetworkAdminOrg, arbitrartNewRole1, invalidTxa) 436 assert.Equal(t, err, errors.New("Invalid account id")) 437 438 _, err = testObject.AddAccountToOrg(acct, arbitraryNetworkAdminOrg, arbitrartNewRole1, txa) 439 assert.NoError(t, err) 440 types.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole1, acct, true, types.AcctActive) 441 442 _, err = testObject.RemoveRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, invalidTxa) 443 assert.Equal(t, err, errors.New("Invalid account id")) 444 445 _, err = testObject.RemoveRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, txa) 446 assert.Equal(t, err, ErrAccountsLinked) 447 448 _, err = testObject.AddNewRole(arbitraryNetworkAdminOrg, arbitrartNewRole2, uint8(types.FullAccess), false, false, txa) 449 assert.NoError(t, err) 450 types.RoleInfoMap.UpsertRole(arbitraryNetworkAdminOrg, arbitrartNewRole2, false, false, types.FullAccess, true) 451 452 _, err = testObject.ChangeAccountRole(acct, arbitraryNetworkAdminOrg, arbitrartNewRole2, invalidTxa) 453 assert.Equal(t, err, errors.New("Invalid account id")) 454 455 _, err = testObject.ChangeAccountRole(acct, arbitraryNetworkAdminOrg, arbitrartNewRole2, txa) 456 assert.NoError(t, err) 457 458 _, err = testObject.RemoveRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, txa) 459 assert.Equal(t, err, ErrAccountsLinked) 460 461 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(SuspendAccount), invalidTxa) 462 assert.Equal(t, err, errors.New("Invalid account id")) 463 464 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(SuspendAccount), txa) 465 assert.NoError(t, err) 466 types.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, types.AcctSuspended) 467 468 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(ActivateSuspendedAccount), txa) 469 assert.NoError(t, err) 470 types.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, types.AcctActive) 471 472 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(BlacklistAccount), txa) 473 assert.NoError(t, err) 474 types.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, types.AcctBlacklisted) 475 476 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(ActivateSuspendedAccount), txa) 477 assert.Equal(t, err, ErrAcctBlacklisted) 478 479 _, err = testObject.RecoverBlackListedAccount(arbitraryNetworkAdminOrg, acct, invalidTxa) 480 assert.Equal(t, err, errors.New("Invalid account id")) 481 482 _, err = testObject.RecoverBlackListedAccount(arbitraryNetworkAdminOrg, acct, txa) 483 assert.NoError(t, err) 484 types.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, types.AcctRecoveryInitiated) 485 _, err = testObject.ApproveBlackListedAccountRecovery(arbitraryNetworkAdminOrg, acct, txa) 486 assert.NoError(t, err) 487 types.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, types.AcctActive) 488 489 // check role cache. the cache size is set to 4 490 // insert 4 records and then retrieve the 1st role 491 for i := 0; i < roleCacheSize; i++ { 492 roleId := "TESTROLE" + strconv.Itoa(i) 493 _, err = testObject.AddNewRole(arbitraryNetworkAdminOrg, roleId, uint8(types.FullAccess), false, false, txa) 494 assert.NoError(t, err) 495 types.RoleInfoMap.UpsertRole(arbitraryNetworkAdminOrg, roleId, false, false, types.FullAccess, true) 496 } 497 498 assert.Equal(t, roleCacheSize, len(types.RoleInfoMap.GetRoleList())) 499 roleInfo, err := types.RoleInfoMap.GetRole(arbitraryNetworkAdminOrg, arbitrartNewRole1) 500 assert.True(t, err == nil, "error encountered") 501 502 assert.Equal(t, roleInfo.RoleId, arbitrartNewRole1) 503 504 // check account cache 505 var AccountArray [4]common.Address 506 AccountArray[0] = common.StringToAddress("0fbdc686b912d7722dc86510934589e0aaf3b55a") 507 AccountArray[1] = common.StringToAddress("9186eb3d20cbd1f5f992a950d808c4495153abd5") 508 AccountArray[2] = common.StringToAddress("0638e1574728b6d862dd5d3a3e0942c3be47d996") 509 AccountArray[3] = common.StringToAddress("ae9bc6cd5145e67fbd1887a5145271fd182f0ee7") 510 511 for i := 0; i < accountCacheSize; i++ { 512 _, err = testObject.AddAccountToOrg(AccountArray[i], arbitraryNetworkAdminOrg, arbitrartNewRole1, txa) 513 assert.NoError(t, err) 514 types.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole1, AccountArray[i], false, types.AcctActive) 515 } 516 assert.Equal(t, accountCacheSize, len(types.AcctInfoMap.GetAcctList())) 517 518 acctInfo, err := types.AcctInfoMap.GetAccount(acct) 519 assert.True(t, err == nil, "error encountered") 520 assert.True(t, acctInfo != nil, "account details nil") 521 } 522 523 func getArbitraryAccount() common.Address { 524 acctKey, _ := crypto.GenerateKey() 525 return crypto.PubkeyToAddress(acctKey.PublicKey) 526 } 527 528 func typicalPermissionCtrl(t *testing.T) *PermissionCtrl { 529 testObject, err := NewQuorumPermissionCtrl(stack, &types.PermissionConfig{ 530 UpgrdAddress: permUpgrAddress, 531 InterfAddress: permInterfaceAddress, 532 ImplAddress: permImplAddress, 533 NodeAddress: nodeManagerAddress, 534 AccountAddress: accountManagerAddress, 535 RoleAddress: roleManagerAddress, 536 VoterAddress: voterManagerAddress, 537 OrgAddress: orgManagerAddress, 538 NwAdminOrg: arbitraryNetworkAdminOrg, 539 NwAdminRole: arbitraryNetworkAdminRole, 540 OrgAdminRole: arbitraryOrgAdminRole, 541 Accounts: []common.Address{ 542 guardianAddress, 543 }, 544 SubOrgDepth: big.NewInt(10), 545 SubOrgBreadth: big.NewInt(10), 546 }) 547 if err != nil { 548 t.Fatal(err) 549 } 550 testObject.ethClnt = backend 551 testObject.eth = ethereum 552 go func() { 553 testObject.errorChan <- nil 554 }() 555 return testObject 556 } 557 558 func tmpKeyStore(encrypted bool) (string, *keystore.KeyStore, error) { 559 d, err := ioutil.TempDir("", "eth-keystore-test") 560 if err != nil { 561 return "", nil, err 562 } 563 newKs := keystore.NewPlaintextKeyStore 564 if encrypted { 565 newKs = func(kd string) *keystore.KeyStore { 566 return keystore.NewKeyStore(kd, keystore.LightScryptN, keystore.LightScryptP) 567 } 568 } 569 return d, newKs(d), err 570 } 571 572 func TestPermissionCtrl_whenUpdateFile(t *testing.T) { 573 testObject := typicalPermissionCtrl(t) 574 assert.NoError(t, testObject.AfterStart()) 575 576 err := testObject.populateInitPermissions(orgCacheSize, roleCacheSize, nodeCacheSize, accountCacheSize) 577 assert.NoError(t, err) 578 579 d, _ := ioutil.TempDir("", "qdata") 580 defer os.RemoveAll(d) 581 582 testObject.dataDir = d 583 testObject.updatePermissionedNodes(arbitraryNode1, NodeAdd) 584 585 permFile, _ := os.Create(d + "/" + "permissioned-nodes.json") 586 587 testObject.updateFile("testFile", arbitraryNode2, NodeAdd, false) 588 testObject.updateFile(permFile.Name(), arbitraryNode2, NodeAdd, false) 589 testObject.updateFile(permFile.Name(), arbitraryNode2, NodeAdd, true) 590 testObject.updateFile(permFile.Name(), arbitraryNode2, NodeAdd, true) 591 testObject.updateFile(permFile.Name(), arbitraryNode1, NodeAdd, false) 592 testObject.updateFile(permFile.Name(), arbitraryNode1, NodeDelete, false) 593 testObject.updateFile(permFile.Name(), arbitraryNode1, NodeDelete, false) 594 595 blob, err := ioutil.ReadFile(permFile.Name()) 596 var nodeList []string 597 if err := json.Unmarshal(blob, &nodeList); err != nil { 598 t.Fatal("Failed to load nodes list from file", "fileName", permFile, "err", err) 599 return 600 } 601 assert.Equal(t, len(nodeList), 1) 602 testObject.updatePermissionedNodes(arbitraryNode1, NodeAdd) 603 testObject.updatePermissionedNodes(arbitraryNode1, NodeDelete) 604 605 blob, err = ioutil.ReadFile(permFile.Name()) 606 if err := json.Unmarshal(blob, &nodeList); err != nil { 607 t.Fatal("Failed to load nodes list from file", "fileName", permFile, "err", err) 608 return 609 } 610 assert.Equal(t, len(nodeList), 1) 611 612 testObject.updateDisallowedNodes(arbitraryNode2, NodeAdd) 613 testObject.updateDisallowedNodes(arbitraryNode2, NodeDelete) 614 blob, err = ioutil.ReadFile(d + "/" + "disallowed-nodes.json") 615 if err := json.Unmarshal(blob, &nodeList); err != nil { 616 t.Fatal("Failed to load nodes list from file", "fileName", permFile, "err", err) 617 return 618 } 619 assert.Equal(t, len(nodeList), 0) 620 621 } 622 623 func TestParsePermissionConfig(t *testing.T) { 624 d, _ := ioutil.TempDir("", "qdata") 625 defer os.RemoveAll(d) 626 627 _, err := ParsePermissionConfig(d) 628 assert.True(t, err != nil, "expected file not there error") 629 630 fileName := d + "/permission-config.json" 631 _, err = os.Create(fileName) 632 _, err = ParsePermissionConfig(d) 633 assert.True(t, err != nil, "expected unmarshalling error") 634 635 // write permission-config.json into the temp dir 636 var tmpPermCofig types.PermissionConfig 637 tmpPermCofig.NwAdminOrg = arbitraryNetworkAdminOrg 638 tmpPermCofig.NwAdminRole = arbitraryNetworkAdminRole 639 tmpPermCofig.OrgAdminRole = arbitraryOrgAdminRole 640 tmpPermCofig.InterfAddress = common.Address{} 641 tmpPermCofig.ImplAddress = common.Address{} 642 tmpPermCofig.UpgrdAddress = common.Address{} 643 tmpPermCofig.VoterAddress = common.Address{} 644 tmpPermCofig.RoleAddress = common.Address{} 645 tmpPermCofig.OrgAddress = common.Address{} 646 tmpPermCofig.NodeAddress = common.Address{} 647 tmpPermCofig.SubOrgBreadth = new(big.Int) 648 tmpPermCofig.SubOrgDepth = new(big.Int) 649 650 blob, err := json.Marshal(tmpPermCofig) 651 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 652 t.Fatal("Error writing new node info to file", "fileName", fileName, "err", err) 653 } 654 _, err = ParsePermissionConfig(d) 655 assert.True(t, err != nil, "expected sub org depth not set error") 656 657 _ = os.Remove(fileName) 658 tmpPermCofig.SubOrgBreadth.Set(big.NewInt(4)) 659 tmpPermCofig.SubOrgDepth.Set(big.NewInt(4)) 660 blob, _ = json.Marshal(tmpPermCofig) 661 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 662 t.Fatal("Error writing new node info to file", "fileName", fileName, "err", err) 663 } 664 _, err = ParsePermissionConfig(d) 665 assert.True(t, err != nil, "expected account not given error") 666 667 _ = os.Remove(fileName) 668 tmpPermCofig.Accounts = append(tmpPermCofig.Accounts, common.StringToAddress("0xed9d02e382b34818e88b88a309c7fe71e65f419d")) 669 blob, err = json.Marshal(tmpPermCofig) 670 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 671 t.Fatal("Error writing new node info to file", "fileName", fileName, "err", err) 672 } 673 _, err = ParsePermissionConfig(d) 674 assert.True(t, err != nil, "expected contract address error") 675 676 _ = os.Remove(fileName) 677 tmpPermCofig.InterfAddress = common.StringToAddress("0xed9d02e382b34818e88b88a309c7fe71e65f419d") 678 blob, err = json.Marshal(tmpPermCofig) 679 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 680 t.Fatal("Error writing new node info to file", "fileName", fileName, "err", err) 681 } 682 permConfig, err := ParsePermissionConfig(d) 683 assert.False(t, permConfig.IsEmpty(), "expected non empty object") 684 }