github.com/jpmorganchase/quorum@v21.1.0+incompatible/permission/core/cache_test.go (about) 1 package core 2 3 import ( 4 "fmt" 5 "math/big" 6 "strconv" 7 "testing" 8 9 "github.com/ethereum/go-ethereum/common" 10 "github.com/ethereum/go-ethereum/crypto" 11 "github.com/ethereum/go-ethereum/params" 12 testifyassert "github.com/stretchr/testify/assert" 13 ) 14 15 var ( 16 NETWORKADMIN = "NWADMIN" 17 ORGADMIN = "OADMIN" 18 NODE1 = "enode://ac6b1096ca56b9f6d004b779ae3728bf83f8e22453404cc3cef16a3d9b96608bc67c4b30db88e0a5a6c6390213f7acbe1153ff6d23ce57380104288ae19373ef@127.0.0.1:21000?discport=0&raftport=50401" 19 NODE2 = "enode://0ba6b9f606a43a95edc6247cdb1c1e105145817be7bcafd6b2c0ba15d58145f0dc1a194f70ba73cd6f4cdd6864edc7687f311254c7555cc32e4d45aeb1b80416@127.0.0.1:21001?discport=0&raftport=50402" 20 ) 21 22 var Acct1 = common.BytesToAddress([]byte("permission")) 23 var Acct2 = common.BytesToAddress([]byte("perm-test")) 24 25 func TestSetSyncStatus(t *testing.T) { 26 assert := testifyassert.New(t) 27 28 SetSyncStatus() 29 30 // check if the value is set properly by calling Get 31 syncStatus := GetSyncStatus() 32 assert.True(syncStatus, fmt.Sprintf("Expected syncstatus %v . Got %v ", true, syncStatus)) 33 } 34 35 func TestSetDefaults(t *testing.T) { 36 assert := testifyassert.New(t) 37 38 SetDefaults(NETWORKADMIN, ORGADMIN, false) 39 40 // get the default values and confirm the same 41 networkAdminRole, orgAdminRole, defaultAccess := GetDefaults() 42 43 assert.True(networkAdminRole == NETWORKADMIN, fmt.Sprintf("Expected network admin role %v, got %v", NETWORKADMIN, networkAdminRole)) 44 assert.True(orgAdminRole == ORGADMIN, fmt.Sprintf("Expected network admin role %v, got %v", ORGADMIN, orgAdminRole)) 45 assert.True(defaultAccess == FullAccess, fmt.Sprintf("Expected network admin role %v, got %v", FullAccess, defaultAccess)) 46 47 SetNetworkBootUpCompleted() 48 SetQIP714BlockReached() 49 networkAdminRole, orgAdminRole, defaultAccess = GetDefaults() 50 assert.True(defaultAccess == ReadOnly, fmt.Sprintf("Expected network admin role %v, got %v", ReadOnly, defaultAccess)) 51 } 52 53 func TestOrgCache_UpsertOrg(t *testing.T) { 54 assert := testifyassert.New(t) 55 56 OrgInfoMap = NewOrgCache(params.DEFAULT_ORGCACHE_SIZE) 57 58 //add a org and get the org details 59 OrgInfoMap.UpsertOrg(NETWORKADMIN, "", NETWORKADMIN, big.NewInt(1), OrgApproved) 60 orgInfo, err := OrgInfoMap.GetOrg(NETWORKADMIN) 61 assert.True(err == nil, "errors encountered") 62 63 assert.False(orgInfo == nil, fmt.Sprintf("Expected org details, got nil")) 64 assert.True(orgInfo.OrgId == NETWORKADMIN, fmt.Sprintf("Expected org id %v, got %v", NETWORKADMIN, orgInfo.OrgId)) 65 66 // update org status to suspended 67 OrgInfoMap.UpsertOrg(NETWORKADMIN, "", NETWORKADMIN, big.NewInt(1), OrgSuspended) 68 orgInfo, err = OrgInfoMap.GetOrg(NETWORKADMIN) 69 assert.True(err == nil, "errors encountered") 70 71 assert.True(orgInfo.Status == OrgSuspended, fmt.Sprintf("Expected org status %v, got %v", OrgSuspended, orgInfo.Status)) 72 73 //add another org and check get org list 74 OrgInfoMap.UpsertOrg(ORGADMIN, "", ORGADMIN, big.NewInt(1), OrgApproved) 75 orgList := OrgInfoMap.GetOrgList() 76 assert.True(len(orgList) == 2, fmt.Sprintf("Expected 2 entries, got %v", len(orgList))) 77 78 //add sub org and check get orglist 79 OrgInfoMap.UpsertOrg("SUB1", ORGADMIN, ORGADMIN, big.NewInt(2), OrgApproved) 80 orgList = OrgInfoMap.GetOrgList() 81 assert.True(len(orgList) == 3, fmt.Sprintf("Expected 3 entries, got %v", len(orgList))) 82 83 //suspend the sub org and check get orglist 84 OrgInfoMap.UpsertOrg("SUB1", ORGADMIN, ORGADMIN, big.NewInt(2), OrgSuspended) 85 orgList = OrgInfoMap.GetOrgList() 86 assert.True(len(orgList) == 3, fmt.Sprintf("Expected 3 entries, got %v", len(orgList))) 87 } 88 89 func TestNodeCache_UpsertNode(t *testing.T) { 90 assert := testifyassert.New(t) 91 92 NodeInfoMap = NewNodeCache(params.DEFAULT_NODECACHE_SIZE) 93 94 // add a node into the cache and validate 95 NodeInfoMap.UpsertNode(NETWORKADMIN, NODE1, NodeApproved) 96 nodeInfo, err := NodeInfoMap.GetNodeByUrl(NODE1) 97 assert.True(err == nil, fmt.Sprintf("got errors in node fetch")) 98 99 assert.False(nodeInfo == nil, fmt.Sprintf("Expected node details, got nil")) 100 assert.True(nodeInfo.OrgId == NETWORKADMIN, fmt.Sprintf("Expected org id for node %v, got %v", NETWORKADMIN, nodeInfo.OrgId)) 101 assert.True(nodeInfo.Url == NODE1, fmt.Sprintf("Expected node id %v, got %v", NODE1, nodeInfo.Url)) 102 103 // add another node and validate the list function 104 NodeInfoMap.UpsertNode(ORGADMIN, NODE2, NodeApproved) 105 nodeList := NodeInfoMap.GetNodeList() 106 assert.True(len(nodeList) == 2, fmt.Sprintf("Expected 2 entries, got %v", len(nodeList))) 107 108 // check node details update by updating node status 109 NodeInfoMap.UpsertNode(ORGADMIN, NODE2, NodeDeactivated) 110 nodeInfo, err = NodeInfoMap.GetNodeByUrl(NODE2) 111 assert.True(err == nil, fmt.Sprintf("got errors in node fetch")) 112 113 assert.True(nodeInfo.Status == NodeDeactivated, fmt.Sprintf("Expected node status %v, got %v", NodeDeactivated, nodeInfo.Status)) 114 } 115 116 func TestRoleCache_UpsertRole(t *testing.T) { 117 assert := testifyassert.New(t) 118 119 RoleInfoMap = NewRoleCache(params.DEFAULT_ROLECACHE_SIZE) 120 121 // add a role into the cache and validate 122 RoleInfoMap.UpsertRole(NETWORKADMIN, NETWORKADMIN, true, true, FullAccess, true) 123 roleInfo, err := RoleInfoMap.GetRole(NETWORKADMIN, NETWORKADMIN) 124 assert.True(err == nil, "errors encountered") 125 assert.False(roleInfo == nil, fmt.Sprintf("Expected role details, got nil")) 126 assert.True(roleInfo.OrgId == NETWORKADMIN, fmt.Sprintf("Expected org id for node %v, got %v", NETWORKADMIN, roleInfo.OrgId)) 127 assert.True(roleInfo.RoleId == NETWORKADMIN, fmt.Sprintf("Expected node id %v, got %v", NETWORKADMIN, roleInfo.RoleId)) 128 129 // add another role and validate the list function 130 RoleInfoMap.UpsertRole(ORGADMIN, ORGADMIN, true, true, FullAccess, true) 131 roleList := RoleInfoMap.GetRoleList() 132 assert.True(len(roleList) == 2, fmt.Sprintf("Expected 2 entries, got %v", len(roleList))) 133 134 // update role status and validate 135 RoleInfoMap.UpsertRole(ORGADMIN, ORGADMIN, true, true, FullAccess, false) 136 roleInfo, err = RoleInfoMap.GetRole(ORGADMIN, ORGADMIN) 137 assert.True(err == nil, "errors encountered") 138 139 assert.True(!roleInfo.Active, fmt.Sprintf("Expected role active status to be %v, got %v", true, roleInfo.Active)) 140 } 141 142 func TestAcctCache_UpsertAccount(t *testing.T) { 143 assert := testifyassert.New(t) 144 145 AcctInfoMap = NewAcctCache(params.DEFAULT_ACCOUNTCACHE_SIZE) 146 147 // add an account into the cache and validate 148 AcctInfoMap.UpsertAccount(NETWORKADMIN, NETWORKADMIN, Acct1, true, AcctActive) 149 acctInfo, err := AcctInfoMap.GetAccount(Acct1) 150 assert.True(err == nil) 151 152 assert.False(acctInfo == nil, fmt.Sprintf("Expected account details, got nil")) 153 assert.True(acctInfo.OrgId == NETWORKADMIN, fmt.Sprintf("Expected org id for the account to be %v, got %v", NETWORKADMIN, acctInfo.OrgId)) 154 assert.True(acctInfo.AcctId == Acct1, fmt.Sprintf("Expected account id %x, got %x", Acct1, acctInfo.AcctId)) 155 156 // add a second account and validate the list function 157 AcctInfoMap.UpsertAccount(ORGADMIN, ORGADMIN, Acct2, true, AcctActive) 158 acctList := AcctInfoMap.GetAcctList() 159 assert.True(len(acctList) == 2, fmt.Sprintf("Expected 2 entries, got %v", len(acctList))) 160 161 // update account status and validate 162 AcctInfoMap.UpsertAccount(ORGADMIN, ORGADMIN, Acct2, true, AcctBlacklisted) 163 acctInfo, err = AcctInfoMap.GetAccount(Acct2) 164 assert.True(err == nil) 165 166 assert.True(acctInfo.Status == AcctBlacklisted, fmt.Sprintf("Expected account status to be %v, got %v", AcctBlacklisted, acctInfo.Status)) 167 168 // validate the list for org and role functions 169 acctList = AcctInfoMap.GetAcctListOrg(NETWORKADMIN) 170 assert.True(len(acctList) == 1, fmt.Sprintf("Expected number of accounts for the org to be 1, got %v", len(acctList))) 171 acctList = AcctInfoMap.GetAcctListRole(NETWORKADMIN, NETWORKADMIN) 172 assert.True(len(acctList) == 1, fmt.Sprintf("Expected number of accounts for the role to be 1, got %v", len(acctList))) 173 } 174 175 func TestGetAcctAccess(t *testing.T) { 176 assert := testifyassert.New(t) 177 178 // default access when the cache is not populated, should return default access 179 SetDefaults(NETWORKADMIN, ORGADMIN, false) 180 SetQIP714BlockReached() 181 SetNetworkBootUpCompleted() 182 access := GetAcctAccess(Acct1) 183 assert.True(access == ReadOnly, fmt.Sprintf("Expected account access to be %v, got %v", ReadOnly, access)) 184 185 // Create an org with two roles and two accounts linked to different roles. Validate account access 186 OrgInfoMap.UpsertOrg(NETWORKADMIN, "", NETWORKADMIN, big.NewInt(1), OrgApproved) 187 RoleInfoMap.UpsertRole(NETWORKADMIN, NETWORKADMIN, true, true, FullAccess, true) 188 RoleInfoMap.UpsertRole(NETWORKADMIN, "ROLE1", true, true, FullAccess, true) 189 AcctInfoMap.UpsertAccount(NETWORKADMIN, NETWORKADMIN, Acct1, true, AcctActive) 190 AcctInfoMap.UpsertAccount(NETWORKADMIN, "ROLE1", Acct2, true, AcctActive) 191 192 access = GetAcctAccess(Acct1) 193 assert.True(access == FullAccess, fmt.Sprintf("Expected account access to be %v, got %v", FullAccess, access)) 194 195 // mark the org as pending suspension. The account access should not change 196 OrgInfoMap.UpsertOrg(NETWORKADMIN, "", NETWORKADMIN, big.NewInt(1), OrgPendingSuspension) 197 access = GetAcctAccess(Acct1) 198 assert.True(access == FullAccess, fmt.Sprintf("Expected account access to be %v, got %v", FullAccess, access)) 199 200 // suspend the org and the account access should be readonly now 201 OrgInfoMap.UpsertOrg(NETWORKADMIN, "", NETWORKADMIN, big.NewInt(1), OrgSuspended) 202 access = GetAcctAccess(Acct1) 203 assert.True(access == ReadOnly, fmt.Sprintf("Expected account access to be %v, got %v", ReadOnly, access)) 204 205 // mark the role as inactive and account access should now nbe read only 206 OrgInfoMap.UpsertOrg(NETWORKADMIN, "", NETWORKADMIN, big.NewInt(1), OrgApproved) 207 RoleInfoMap.UpsertRole(NETWORKADMIN, "ROLE1", true, true, FullAccess, false) 208 access = GetAcctAccess(Acct2) 209 assert.True(access == ReadOnly, fmt.Sprintf("Expected account access to be %v, got %v", ReadOnly, access)) 210 } 211 212 func TestValidateNodeForTxn(t *testing.T) { 213 assert := testifyassert.New(t) 214 // pass the enode as null and the response should be true 215 txnAllowed := ValidateNodeForTxn("", Acct1) 216 assert.True(txnAllowed, "Expected access %v, got %v", true, txnAllowed) 217 218 SetQIP714BlockReached() 219 SetNetworkBootUpCompleted() 220 // if a proper enode id is not passed, return should be false 221 txnAllowed = ValidateNodeForTxn("ABCDE", Acct1) 222 assert.True(!txnAllowed, "Expected access %v, got %v", true, txnAllowed) 223 224 // if cache is not populated but the enode and account details are proper, 225 // should return true 226 txnAllowed = ValidateNodeForTxn(NODE1, Acct1) 227 assert.True(txnAllowed, "Expected access %v, got %v", true, txnAllowed) 228 229 // populate an org, account and node. validate access 230 OrgInfoMap.UpsertOrg(NETWORKADMIN, "", NETWORKADMIN, big.NewInt(1), OrgApproved) 231 NodeInfoMap.UpsertNode(NETWORKADMIN, NODE1, NodeApproved) 232 AcctInfoMap.UpsertAccount(NETWORKADMIN, NETWORKADMIN, Acct1, true, AcctActive) 233 txnAllowed = ValidateNodeForTxn(NODE1, Acct1) 234 assert.True(txnAllowed, "Expected access %v, got %v", true, txnAllowed) 235 236 // test access from a node not linked to the org. should return false 237 OrgInfoMap.UpsertOrg(ORGADMIN, "", ORGADMIN, big.NewInt(1), OrgApproved) 238 NodeInfoMap.UpsertNode(ORGADMIN, NODE2, NodeApproved) 239 AcctInfoMap.UpsertAccount(ORGADMIN, ORGADMIN, Acct2, true, AcctActive) 240 txnAllowed = ValidateNodeForTxn(NODE1, Acct2) 241 assert.True(!txnAllowed, "Expected access %v, got %v", true, txnAllowed) 242 } 243 244 // This is to make sure enode.ParseV4() honors single hexNodeId value eventhough it does follow enode URI scheme 245 func TestValidateNodeForTxn_whenUsingOnlyHexNodeId(t *testing.T) { 246 OrgInfoMap.UpsertOrg(NETWORKADMIN, "", NETWORKADMIN, big.NewInt(1), OrgApproved) 247 NodeInfoMap.UpsertNode(NETWORKADMIN, NODE1, NodeApproved) 248 AcctInfoMap.UpsertAccount(NETWORKADMIN, NETWORKADMIN, Acct1, true, AcctActive) 249 arbitraryPrivateKey, _ := crypto.GenerateKey() 250 hexNodeId := fmt.Sprintf("%x", crypto.FromECDSAPub(&arbitraryPrivateKey.PublicKey)[1:]) 251 252 SetQIP714BlockReached() 253 SetNetworkBootUpCompleted() 254 255 txnAllowed := ValidateNodeForTxn(hexNodeId, Acct1) 256 257 testifyassert.False(t, txnAllowed) 258 } 259 260 // test the cache limit 261 func TestLRUCacheLimit(t *testing.T) { 262 for i := 0; i < params.DEFAULT_ORGCACHE_SIZE; i++ { 263 orgName := "ORG" + strconv.Itoa(i) 264 OrgInfoMap.UpsertOrg(orgName, "", NETWORKADMIN, big.NewInt(1), OrgApproved) 265 } 266 267 o, err := OrgInfoMap.GetOrg("ORG1") 268 testifyassert.True(t, err == nil) 269 testifyassert.True(t, o != nil) 270 } 271 272 func TestCheckIfAdminAccount(t *testing.T) { 273 SetDefaults(NETWORKADMIN, ORGADMIN, false) 274 SetQIP714BlockReached() 275 SetQIP714BlockReached() 276 277 var Acct3 = common.BytesToAddress([]byte("permission-test1")) 278 var Acct4 = common.BytesToAddress([]byte("permission-test2")) 279 var Acct5 = common.BytesToAddress([]byte("permission-test3")) 280 var Acct6 = common.BytesToAddress([]byte("permission-test4")) 281 var Acct7 = common.BytesToAddress([]byte("permission-test5")) 282 var Acct8 = common.BytesToAddress([]byte("permission-test6")) 283 var Acct9 = common.BytesToAddress([]byte("unassigned-account")) 284 285 // Create two orgs, Networkadmin and OADMIN 286 OrgInfoMap.UpsertOrg(NETWORKADMIN, "", NETWORKADMIN, big.NewInt(1), OrgApproved) 287 OrgInfoMap.UpsertOrg(ORGADMIN, "", ORGADMIN, big.NewInt(1), OrgApproved) 288 289 // Insert roles for both orgs one being admin role and the other a normal role 290 RoleInfoMap.UpsertRole(NETWORKADMIN, NETWORKADMIN, true, true, FullAccess, true) 291 RoleInfoMap.UpsertRole(NETWORKADMIN, "ROLE1", true, false, Transact, true) 292 RoleInfoMap.UpsertRole(NETWORKADMIN, "ROLE2", true, true, Transact, false) 293 294 RoleInfoMap.UpsertRole(ORGADMIN, ORGADMIN, true, true, FullAccess, true) 295 RoleInfoMap.UpsertRole(ORGADMIN, "ROLE1", true, false, Transact, true) 296 RoleInfoMap.UpsertRole(ORGADMIN, "ROLE2", true, true, Transact, false) 297 298 // Assign accounts to orgs 299 AcctInfoMap.UpsertAccount(NETWORKADMIN, NETWORKADMIN, Acct1, true, AcctActive) 300 AcctInfoMap.UpsertAccount(NETWORKADMIN, "ROLE1", Acct2, false, AcctActive) 301 AcctInfoMap.UpsertAccount(NETWORKADMIN, "ROLE2", Acct3, true, AcctActive) 302 AcctInfoMap.UpsertAccount(NETWORKADMIN, NETWORKADMIN, Acct4, true, AcctBlacklisted) 303 304 AcctInfoMap.UpsertAccount(ORGADMIN, ORGADMIN, Acct5, true, AcctActive) 305 AcctInfoMap.UpsertAccount(ORGADMIN, "ROLE1", Acct6, false, AcctActive) 306 AcctInfoMap.UpsertAccount(ORGADMIN, "ROLE2", Acct7, true, AcctActive) 307 AcctInfoMap.UpsertAccount(ORGADMIN, ORGADMIN, Acct8, true, AcctBlacklisted) 308 309 type args struct { 310 acctId common.Address 311 } 312 tests := []struct { 313 name string 314 args args 315 want bool 316 }{ 317 { 318 name: "Network admin account", 319 args: args{Acct1}, 320 want: true, 321 }, 322 { 323 name: "Normal account in Network admin org", 324 args: args{Acct2}, 325 want: false, 326 }, 327 { 328 name: "Account linked to an inactive org admin role - network admin org", 329 args: args{Acct2}, 330 want: false, 331 }, 332 { 333 name: "Network admin account which is blacklisted", 334 args: args{Acct4}, 335 want: false, 336 }, 337 { 338 name: "Org admin account", 339 args: args{Acct5}, 340 want: true, 341 }, 342 { 343 name: "Normal account in in org", 344 args: args{Acct6}, 345 want: false, 346 }, 347 { 348 name: "Account linked to an inactive org admin role in org", 349 args: args{Acct7}, 350 want: false, 351 }, 352 { 353 name: "org admin account which is blacklisted", 354 args: args{Acct8}, 355 want: false, 356 }, 357 { 358 name: "Unassigned account", 359 args: args{Acct9}, 360 want: false, 361 }, 362 } 363 for _, tt := range tests { 364 t.Run(tt.name, func(t *testing.T) { 365 if got := CheckIfAdminAccount(tt.args.acctId); got != tt.want { 366 t.Errorf("CheckIfAdminAccount() = %v, want %v", got, tt.want) 367 } 368 }) 369 } 370 } 371 372 func Test_checkIfOrgActive(t *testing.T) { 373 OrgInfoMap = NewOrgCache(params.DEFAULT_ORGCACHE_SIZE) 374 OrgInfoMap.UpsertOrg("ORG1", "", "ORG1", big.NewInt(1), OrgApproved) 375 OrgInfoMap.UpsertOrg("ORG2", "", "ORG2", big.NewInt(1), OrgPendingSuspension) 376 OrgInfoMap.UpsertOrg("ORG3", "ORG1", "ORG1", big.NewInt(2), OrgApproved) 377 OrgInfoMap.UpsertOrg("ORG4", "ORG2", "ORG2", big.NewInt(2), OrgApproved) 378 OrgInfoMap.UpsertOrg("ORG5", "", "ORG5", big.NewInt(1), OrgSuspended) 379 OrgInfoMap.UpsertOrg("ORG6", "ORG5", "ORG5", big.NewInt(2), OrgApproved) 380 OrgInfoMap.UpsertOrg("ORG7", "ORG5", "ORG5", big.NewInt(2), OrgSuspended) 381 382 type args struct { 383 orgId string 384 } 385 tests := []struct { 386 name string 387 args args 388 want bool 389 }{ 390 { 391 name: "Org is approved", 392 args: args{orgId: "ORG1"}, 393 want: true, 394 }, 395 { 396 name: "Org under suspension", 397 args: args{orgId: "ORG2"}, 398 want: true, 399 }, 400 { 401 name: "Sub org approved", 402 args: args{orgId: "ORG1.ORG3"}, 403 want: true, 404 }, 405 { 406 name: "Sub org approved under a pending suspension org", 407 args: args{orgId: "ORG2.ORG4"}, 408 want: true, 409 }, 410 { 411 name: "Org suspended", 412 args: args{orgId: "ORG5"}, 413 want: false, 414 }, 415 { 416 name: "Approved sub org under a suspended org", 417 args: args{orgId: "ORG5.ORG6"}, 418 want: false, 419 }, 420 { 421 name: "Suspended sub org under a suspended org", 422 args: args{orgId: "ORG5.ORG7"}, 423 want: false, 424 }, 425 } 426 for _, tt := range tests { 427 t.Run(tt.name, func(t *testing.T) { 428 if got := checkIfOrgActive(tt.args.orgId); got != tt.want { 429 t.Errorf("checkIfOrgActive() = %v, want %v", got, tt.want) 430 } 431 }) 432 } 433 }