github.com/jpmorganchase/quorum@v21.1.0+incompatible/permission/permission_test.go (about) 1 package permission 2 3 import ( 4 "crypto/ecdsa" 5 "encoding/json" 6 "errors" 7 "fmt" 8 "io/ioutil" 9 "log" 10 "math/big" 11 "os" 12 "strconv" 13 "testing" 14 15 "github.com/ethereum/go-ethereum/accounts" 16 "github.com/ethereum/go-ethereum/accounts/abi/bind" 17 "github.com/ethereum/go-ethereum/accounts/abi/bind/backends" 18 "github.com/ethereum/go-ethereum/accounts/keystore" 19 "github.com/ethereum/go-ethereum/common" 20 "github.com/ethereum/go-ethereum/common/hexutil" 21 "github.com/ethereum/go-ethereum/consensus/ethash" 22 "github.com/ethereum/go-ethereum/core" 23 "github.com/ethereum/go-ethereum/crypto" 24 "github.com/ethereum/go-ethereum/eth" 25 "github.com/ethereum/go-ethereum/internal/ethapi" 26 "github.com/ethereum/go-ethereum/miner" 27 "github.com/ethereum/go-ethereum/node" 28 "github.com/ethereum/go-ethereum/p2p" 29 "github.com/ethereum/go-ethereum/params" 30 pcore "github.com/ethereum/go-ethereum/permission/core" 31 ptype "github.com/ethereum/go-ethereum/permission/core/types" 32 "github.com/ethereum/go-ethereum/permission/v1" 33 v1bind "github.com/ethereum/go-ethereum/permission/v1/bind" 34 "github.com/ethereum/go-ethereum/permission/v2" 35 v2bind "github.com/ethereum/go-ethereum/permission/v2/bind" 36 "github.com/stretchr/testify/assert" 37 ) 38 39 const ( 40 arbitraryNetworkAdminOrg = "NETWORK_ADMIN" 41 arbitraryNetworkAdminRole = "NETWORK_ADMIN_ROLE" 42 arbitraryOrgAdminRole = "ORG_ADMIN_ROLE" 43 arbitraryNode1 = "enode://ac6b1096ca56b9f6d004b779ae3728bf83f8e22453404cc3cef16a3d9b96608bc67c4b30db88e0a5a6c6390213f7acbe1153ff6d23ce57380104288ae19373ef@127.0.0.1:21000?discport=0&raftport=50401" 44 arbitraryNode2 = "enode://0ba6b9f606a43a95edc6247cdb1c1e105145817be7bcafd6b2c0ba15d58145f0dc1a194f70ba73cd6f4cdd6864edc7687f311254c7555cc32e4d45aeb1b80416@127.0.0.1:21001?discport=0&raftport=50402" 45 arbitraryNode3 = "enode://579f786d4e2830bbcc02815a27e8a9bacccc9605df4dc6f20bcc1a6eb391e7225fff7cb83e5b4ecd1f3a94d8b733803f2f66b7e871961e7b029e22c155c3a778@127.0.0.1:21002?discport=0&raftport=50403" 46 arbitraryNode4 = "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@127.0.0.1:21003?discport=0&raftport=50404" 47 arbitraryNode4withHostName = "enode://3d9ca5956b38557aba991e31cf510d4df641dce9cc26bfeb7de082f0c07abb6ede3a58410c8f249dabeecee4ad3979929ac4c7c496ad20b8cfdd061b7401b4f5@lcoalhost:21003?discport=0&raftport=50404" 48 arbitraryOrgToAdd = "ORG1" 49 arbitrarySubOrg = "SUB1" 50 arbitrartNewRole1 = "NEW_ROLE_1" 51 arbitrartNewRole2 = "NEW_ROLE_2" 52 orgCacheSize = 4 53 roleCacheSize = 4 54 nodeCacheSize = 2 55 accountCacheSize = 4 56 ) 57 58 var ErrAccountsLinked = errors.New("Accounts linked to the role. Cannot be removed") 59 var ErrPendingApproval = errors.New("Pending approvals for the organization. Approve first") 60 var ErrAcctBlacklisted = errors.New("Blacklisted account. Operation not allowed") 61 var ErrNodeBlacklisted = errors.New("Blacklisted node. Operation not allowed") 62 63 var ( 64 guardianKey *ecdsa.PrivateKey 65 guardianAccount accounts.Account 66 contrBackend bind.ContractBackend 67 ethereum *eth.Ethereum 68 stack *node.Node 69 guardianAddress common.Address 70 v2Flag bool 71 72 permUpgrAddress, permInterfaceAddress, permImplAddress, voterManagerAddress, 73 nodeManagerAddress, roleManagerAddress, accountManagerAddress, orgManagerAddress common.Address 74 ) 75 76 func TestMain(m *testing.M) { 77 var v2FlagVer = []bool{false} 78 var ret int 79 for i := range v2FlagVer { 80 v2Flag = v2FlagVer[i] 81 setup() 82 ret = m.Run() 83 teardown() 84 if ret != 0 { 85 os.Exit(ret) 86 } 87 } 88 os.Exit(ret) 89 } 90 91 func setup() { 92 var err error 93 t := log.New(os.Stdout, "", 0) 94 95 ksdir, _, err := tmpKeyStore(false) 96 defer os.RemoveAll(ksdir) 97 98 if err != nil { 99 t.Fatalf("failed to create keystore: %v\n", err) 100 } 101 nodeKey, _ := crypto.GenerateKey() 102 guardianKey, _ = crypto.GenerateKey() 103 104 // Create a network-less protocol stack and start an Ethereum service within 105 stack, err = node.New(&node.Config{ 106 DataDir: "", 107 KeyStoreDir: ksdir, 108 UseLightweightKDF: true, 109 P2P: p2p.Config{ 110 PrivateKey: nodeKey, 111 }, 112 }) 113 114 ksbackend := stack.AccountManager().Backends(keystore.KeyStoreType)[0].(*keystore.KeyStore) 115 guardianAccount, err = ksbackend.ImportECDSA(guardianKey, "foo") 116 guardianAddress = guardianAccount.Address 117 if err != nil { 118 t.Fatal(err) 119 } 120 err = ksbackend.TimedUnlock(guardianAccount, "foo", 0) 121 if err != nil { 122 t.Fatal("failed to unlock") 123 } 124 125 genesisAlloc := map[common.Address]core.GenesisAccount{ 126 guardianAddress: { 127 Balance: big.NewInt(100000000000000), 128 }, 129 } 130 ethConf := ð.Config{ 131 Genesis: &core.Genesis{Config: params.AllEthashProtocolChanges, GasLimit: 10000000000, Alloc: genesisAlloc}, 132 Miner: miner.Config{Etherbase: guardianAddress}, 133 Ethash: ethash.Config{ 134 PowMode: ethash.ModeTest, 135 }, 136 } 137 138 if err = stack.Register(func(ctx *node.ServiceContext) (node.Service, error) { return eth.New(ctx, ethConf) }); err != nil { 139 t.Fatalf("failed to register Ethereum protocol: %v", err) 140 } 141 // Start the Node and assemble the JavaScript console around it 142 if err = stack.Start(); err != nil { 143 t.Fatalf("failed to start test stack: %v", err) 144 } 145 if err := stack.Service(ðereum); err != nil { 146 t.Fatal(err) 147 } 148 contrBackend = backends.NewSimulatedBackendFrom(ethereum) 149 150 var permUpgrInstance *v1bind.PermUpgr 151 var permUpgrInstanceE *v2bind.PermUpgr 152 153 guardianTransactor := bind.NewKeyedTransactor(guardianKey) 154 155 if v2Flag { 156 permUpgrAddress, _, permUpgrInstanceE, err = v2bind.DeployPermUpgr(guardianTransactor, contrBackend, guardianAddress) 157 if err != nil { 158 t.Fatal(err) 159 } 160 permInterfaceAddress, _, _, err = v2bind.DeployPermInterface(guardianTransactor, contrBackend, permUpgrAddress) 161 if err != nil { 162 t.Fatal(err) 163 } 164 nodeManagerAddress, _, _, err = v2bind.DeployNodeManager(guardianTransactor, contrBackend, permUpgrAddress) 165 if err != nil { 166 t.Fatal(err) 167 } 168 roleManagerAddress, _, _, err = v2bind.DeployRoleManager(guardianTransactor, contrBackend, permUpgrAddress) 169 if err != nil { 170 t.Fatal(err) 171 } 172 accountManagerAddress, _, _, err = v2bind.DeployAcctManager(guardianTransactor, contrBackend, permUpgrAddress) 173 if err != nil { 174 t.Fatal(err) 175 } 176 orgManagerAddress, _, _, err = v2bind.DeployOrgManager(guardianTransactor, contrBackend, permUpgrAddress) 177 if err != nil { 178 t.Fatal(err) 179 } 180 voterManagerAddress, _, _, err = v2bind.DeployVoterManager(guardianTransactor, contrBackend, permUpgrAddress) 181 if err != nil { 182 t.Fatal(err) 183 } 184 permImplAddress, _, _, err = v2bind.DeployPermImpl(guardianTransactor, contrBackend, permUpgrAddress, orgManagerAddress, roleManagerAddress, accountManagerAddress, voterManagerAddress, nodeManagerAddress) 185 if err != nil { 186 t.Fatal(err) 187 } 188 // call init 189 if _, err := permUpgrInstanceE.Init(guardianTransactor, permInterfaceAddress, permImplAddress); err != nil { 190 t.Fatal(err) 191 } 192 } else { 193 permUpgrAddress, _, permUpgrInstance, err = v1bind.DeployPermUpgr(guardianTransactor, contrBackend, guardianAddress) 194 if err != nil { 195 t.Fatal(err) 196 } 197 permInterfaceAddress, _, _, err = v1bind.DeployPermInterface(guardianTransactor, contrBackend, permUpgrAddress) 198 if err != nil { 199 t.Fatal(err) 200 } 201 nodeManagerAddress, _, _, err = v1bind.DeployNodeManager(guardianTransactor, contrBackend, permUpgrAddress) 202 if err != nil { 203 t.Fatal(err) 204 } 205 roleManagerAddress, _, _, err = v1bind.DeployRoleManager(guardianTransactor, contrBackend, permUpgrAddress) 206 if err != nil { 207 t.Fatal(err) 208 } 209 accountManagerAddress, _, _, err = v1bind.DeployAcctManager(guardianTransactor, contrBackend, permUpgrAddress) 210 if err != nil { 211 t.Fatal(err) 212 } 213 orgManagerAddress, _, _, err = v1bind.DeployOrgManager(guardianTransactor, contrBackend, permUpgrAddress) 214 if err != nil { 215 t.Fatal(err) 216 } 217 voterManagerAddress, _, _, err = v1bind.DeployVoterManager(guardianTransactor, contrBackend, permUpgrAddress) 218 if err != nil { 219 t.Fatal(err) 220 } 221 permImplAddress, _, _, err = v1bind.DeployPermImpl(guardianTransactor, contrBackend, permUpgrAddress, orgManagerAddress, roleManagerAddress, accountManagerAddress, voterManagerAddress, nodeManagerAddress) 222 if err != nil { 223 t.Fatal(err) 224 } 225 // call init 226 if _, err := permUpgrInstance.Init(guardianTransactor, permInterfaceAddress, permImplAddress); err != nil { 227 t.Fatal(err) 228 } 229 } 230 fmt.Printf("current block is %v\n", ethereum.BlockChain().CurrentBlock().Number().Int64()) 231 } 232 233 func teardown() { 234 235 } 236 237 func TestPermissionCtrl_AfterStart(t *testing.T) { 238 testObject := typicalPermissionCtrl(t, v2Flag) 239 240 err := testObject.AfterStart() 241 242 assert.NoError(t, err) 243 if testObject.IsV2Permission() { 244 var contract *v2.Init 245 contract, _ = testObject.contract.(*v2.Init) 246 assert.NotNil(t, contract.PermOrg) 247 assert.NotNil(t, contract.PermRole) 248 assert.NotNil(t, contract.PermNode) 249 assert.NotNil(t, contract.PermAcct) 250 assert.NotNil(t, contract.PermInterf) 251 assert.NotNil(t, contract.PermUpgr) 252 } else { 253 var contract *v1.Init 254 contract, _ = testObject.contract.(*v1.Init) 255 assert.NotNil(t, contract.PermOrg) 256 assert.NotNil(t, contract.PermRole) 257 assert.NotNil(t, contract.PermNode) 258 assert.NotNil(t, contract.PermAcct) 259 assert.NotNil(t, contract.PermInterf) 260 assert.NotNil(t, contract.PermUpgr) 261 } 262 263 isNetworkInitialized, err := testObject.contract.GetNetworkBootStatus() 264 assert.NoError(t, err) 265 assert.True(t, isNetworkInitialized) 266 } 267 268 func TestPermissionCtrl_PopulateInitPermissions_AfterNetworkIsInitialized(t *testing.T) { 269 testObject := typicalPermissionCtrl(t, v2Flag) 270 assert.NoError(t, testObject.AfterStart()) 271 272 err := testObject.populateInitPermissions(orgCacheSize, roleCacheSize, nodeCacheSize, accountCacheSize) 273 274 assert.NoError(t, err) 275 276 // assert cache 277 assert.Equal(t, 1, len(pcore.OrgInfoMap.GetOrgList())) 278 cachedOrg := pcore.OrgInfoMap.GetOrgList()[0] 279 assert.Equal(t, arbitraryNetworkAdminOrg, cachedOrg.OrgId) 280 assert.Equal(t, arbitraryNetworkAdminOrg, cachedOrg.FullOrgId) 281 assert.Equal(t, arbitraryNetworkAdminOrg, cachedOrg.UltimateParent) 282 assert.Equal(t, "", cachedOrg.ParentOrgId) 283 assert.Equal(t, pcore.OrgApproved, cachedOrg.Status) 284 assert.Equal(t, 0, len(cachedOrg.SubOrgList)) 285 assert.Equal(t, big.NewInt(1), cachedOrg.Level) 286 287 assert.Equal(t, 1, len(pcore.RoleInfoMap.GetRoleList())) 288 cachedRole := pcore.RoleInfoMap.GetRoleList()[0] 289 assert.Equal(t, arbitraryNetworkAdminOrg, cachedRole.OrgId) 290 assert.Equal(t, arbitraryNetworkAdminRole, cachedRole.RoleId) 291 assert.True(t, cachedRole.Active) 292 assert.True(t, cachedRole.IsAdmin) 293 assert.True(t, cachedRole.IsVoter) 294 assert.Equal(t, pcore.FullAccess, cachedRole.Access) 295 296 assert.Equal(t, 0, len(pcore.NodeInfoMap.GetNodeList())) 297 298 assert.Equal(t, 1, len(pcore.AcctInfoMap.GetAcctList())) 299 cachedAccount := pcore.AcctInfoMap.GetAcctList()[0] 300 assert.Equal(t, arbitraryNetworkAdminOrg, cachedAccount.OrgId) 301 assert.Equal(t, arbitraryNetworkAdminRole, cachedAccount.RoleId) 302 assert.Equal(t, pcore.AcctActive, cachedAccount.Status) 303 assert.True(t, cachedAccount.IsOrgAdmin) 304 assert.Equal(t, guardianAddress, cachedAccount.AcctId) 305 } 306 307 func typicalQuorumControlsAPI(t *testing.T) *QuorumControlsAPI { 308 pc := typicalPermissionCtrl(t, v2Flag) 309 if !assert.NoError(t, pc.AfterStart()) { 310 t.Fail() 311 } 312 if !assert.NoError(t, pc.populateInitPermissions(orgCacheSize, roleCacheSize, nodeCacheSize, accountCacheSize)) { 313 t.Fail() 314 } 315 return NewQuorumControlsAPI(pc) 316 } 317 318 func TestQuorumControlsAPI_ListAPIs(t *testing.T) { 319 testObject := typicalQuorumControlsAPI(t) 320 321 orgDetails, err := testObject.GetOrgDetails(arbitraryNetworkAdminOrg) 322 assert.NoError(t, err) 323 assert.Equal(t, orgDetails.AcctList[0].AcctId, guardianAddress) 324 assert.Equal(t, orgDetails.RoleList[0].RoleId, arbitraryNetworkAdminRole) 325 326 orgDetails, err = testObject.GetOrgDetails("XYZ") 327 assert.Equal(t, err, errors.New("Org does not exist")) 328 329 // test NodeList 330 assert.Equal(t, len(testObject.NodeList()), 0) 331 // test AcctList 332 assert.True(t, len(testObject.AcctList()) > 0, fmt.Sprintf("expected non zero account list")) 333 // test OrgList 334 assert.True(t, len(testObject.OrgList()) > 0, fmt.Sprintf("expected non zero org list")) 335 // test RoleList 336 assert.True(t, len(testObject.RoleList()) > 0, fmt.Sprintf("expected non zero org list")) 337 } 338 339 func TestQuorumControlsAPI_OrgAPIs(t *testing.T) { 340 testObject := typicalQuorumControlsAPI(t) 341 invalidTxa := ethapi.SendTxArgs{From: getArbitraryAccount()} 342 343 // test AddOrg 344 orgAdminKey, _ := crypto.GenerateKey() 345 orgAdminAddress := crypto.PubkeyToAddress(orgAdminKey.PublicKey) 346 347 txa := ethapi.SendTxArgs{From: guardianAddress} 348 _, err := testObject.AddOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, invalidTxa) 349 assert.Equal(t, err, errors.New("Invalid account id")) 350 351 _, err = testObject.AddOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, txa) 352 assert.NoError(t, err) 353 354 _, err = testObject.AddOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, txa) 355 assert.Equal(t, err, ErrPendingApproval) 356 357 _, err = testObject.ApproveOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, invalidTxa) 358 assert.Equal(t, err, errors.New("Invalid account id")) 359 360 _, err = testObject.ApproveOrg("XYZ", arbitraryNode1, orgAdminAddress, txa) 361 assert.Equal(t, err, errors.New("Nothing to approve")) 362 363 _, err = testObject.ApproveOrg(arbitraryOrgToAdd, arbitraryNode1, orgAdminAddress, txa) 364 assert.NoError(t, err) 365 366 pcore.OrgInfoMap.UpsertOrg(arbitraryOrgToAdd, "", arbitraryOrgToAdd, big.NewInt(1), pcore.OrgApproved) 367 _, err = testObject.UpdateOrgStatus(arbitraryOrgToAdd, uint8(SuspendOrg), invalidTxa) 368 assert.Equal(t, err, errors.New("Invalid account id")) 369 370 _, err = testObject.UpdateOrgStatus(arbitraryOrgToAdd, uint8(SuspendOrg), txa) 371 assert.NoError(t, err) 372 373 pcore.OrgInfoMap.UpsertOrg(arbitraryOrgToAdd, "", arbitraryOrgToAdd, big.NewInt(1), pcore.OrgSuspended) 374 _, err = testObject.ApproveOrgStatus(arbitraryOrgToAdd, uint8(SuspendOrg), invalidTxa) 375 assert.Equal(t, err, errors.New("Invalid account id")) 376 377 _, err = testObject.ApproveOrgStatus(arbitraryOrgToAdd, uint8(SuspendOrg), txa) 378 assert.NoError(t, err) 379 380 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, arbitrarySubOrg, "", invalidTxa) 381 assert.Equal(t, err, errors.New("Invalid account id")) 382 383 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, arbitrarySubOrg, "", txa) 384 assert.NoError(t, err) 385 pcore.OrgInfoMap.UpsertOrg(arbitrarySubOrg, arbitraryNetworkAdminOrg, arbitraryNetworkAdminOrg, big.NewInt(2), pcore.OrgApproved) 386 387 suborg := "ABC.12345" 388 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, suborg, "", txa) 389 assert.Equal(t, err, errors.New("Org id cannot contain special characters")) 390 391 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, "", "", txa) 392 assert.Equal(t, err, errors.New("Invalid input")) 393 394 // caching tests - cache size for org is 4. add 4 sub orgs 395 // this will result in cache eviction 396 // get org details after this 397 for i := 0; i < orgCacheSize; i++ { 398 subOrgId := "TESTSUBORG" + strconv.Itoa(i) 399 _, err = testObject.AddSubOrg(arbitraryNetworkAdminOrg, subOrgId, "", txa) 400 assert.NoError(t, err) 401 pcore.OrgInfoMap.UpsertOrg(subOrgId, arbitraryNetworkAdminOrg, arbitraryNetworkAdminOrg, big.NewInt(2), pcore.OrgApproved) 402 } 403 404 assert.Equal(t, orgCacheSize, len(pcore.OrgInfoMap.GetOrgList())) 405 406 orgDetails, err := testObject.GetOrgDetails(arbitraryNetworkAdminOrg) 407 assert.Equal(t, orgDetails.AcctList[0].AcctId, guardianAddress) 408 assert.Equal(t, orgDetails.RoleList[0].RoleId, arbitraryNetworkAdminRole) 409 } 410 411 func testConnectionAllowed(t *testing.T, q *QuorumControlsAPI, url string, expected bool) { 412 enode, ip, port, raftPort, err := ptype.GetNodeDetails(url, false, false) 413 if q.permCtrl.IsV2Permission() { 414 assert.NoError(t, err) 415 connAllowed := q.ConnectionAllowed(enode, ip, port, raftPort) 416 assert.Equal(t, expected, connAllowed) 417 } else { 418 assert.Equal(t, isNodePermissionedV1(url, enode, enode, "INCOMING"), expected) 419 } 420 } 421 422 func TestQuorumControlsAPI_NodeAPIs(t *testing.T) { 423 testObject := typicalQuorumControlsAPI(t) 424 invalidTxa := ethapi.SendTxArgs{From: getArbitraryAccount()} 425 txa := ethapi.SendTxArgs{From: guardianAddress} 426 427 testObject.permCtrl.isRaft = true 428 _, err := testObject.AddNode(arbitraryNetworkAdminOrg, arbitraryNode2, invalidTxa) 429 assert.Equal(t, err, errors.New("Invalid account id")) 430 testConnectionAllowed(t, testObject, arbitraryNode2, false) 431 432 _, err = testObject.AddNode(arbitraryNetworkAdminOrg, arbitraryNode2, txa) 433 assert.NoError(t, err) 434 pcore.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, pcore.NodeApproved) 435 testConnectionAllowed(t, testObject, arbitraryNode2, true) 436 437 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(SuspendNode), invalidTxa) 438 assert.Equal(t, err, errors.New("Invalid account id")) 439 440 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(SuspendNode), txa) 441 assert.NoError(t, err) 442 pcore.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, pcore.NodeDeactivated) 443 testConnectionAllowed(t, testObject, arbitraryNode2, false) 444 445 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(ActivateSuspendedNode), txa) 446 assert.NoError(t, err) 447 pcore.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, pcore.NodeApproved) 448 testConnectionAllowed(t, testObject, arbitraryNode2, true) 449 450 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(BlacklistNode), txa) 451 assert.NoError(t, err) 452 pcore.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, pcore.NodeBlackListed) 453 454 _, err = testObject.UpdateNodeStatus(arbitraryNetworkAdminOrg, arbitraryNode2, uint8(ActivateSuspendedNode), txa) 455 assert.Equal(t, err, ErrNodeBlacklisted) 456 457 _, err = testObject.RecoverBlackListedNode(arbitraryNetworkAdminOrg, arbitraryNode2, invalidTxa) 458 assert.Equal(t, err, errors.New("Invalid account id")) 459 460 _, err = testObject.RecoverBlackListedNode(arbitraryNetworkAdminOrg, arbitraryNode2, txa) 461 assert.NoError(t, err) 462 pcore.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, pcore.NodeRecoveryInitiated) 463 464 _, err = testObject.ApproveBlackListedNodeRecovery(arbitraryNetworkAdminOrg, arbitraryNode2, invalidTxa) 465 assert.Equal(t, err, errors.New("Invalid account id")) 466 467 _, err = testObject.ApproveBlackListedNodeRecovery(arbitraryNetworkAdminOrg, arbitraryNode2, txa) 468 assert.NoError(t, err) 469 pcore.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode2, pcore.NodeApproved) 470 471 // caching tests - cache size for Node is 3. add 2 nodes which will 472 // result in Node eviction from cache. get evicted Node details using api 473 _, err = testObject.AddNode(arbitraryNetworkAdminOrg, arbitraryNode3, txa) 474 assert.NoError(t, err) 475 pcore.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode3, pcore.NodeApproved) 476 477 testObject.permCtrl.isRaft = true 478 _, err = testObject.AddNode(arbitraryNetworkAdminOrg, arbitraryNode4withHostName, txa) 479 assert.Equal(t, err, ptype.ErrHostNameNotSupported) 480 481 _, err = testObject.AddNode(arbitraryNetworkAdminOrg, arbitraryNode4, txa) 482 assert.NoError(t, err) 483 pcore.NodeInfoMap.UpsertNode(arbitraryNetworkAdminOrg, arbitraryNode4, pcore.NodeApproved) 484 485 assert.Equal(t, nodeCacheSize, len(pcore.NodeInfoMap.GetNodeList())) 486 nodeInfo, err := pcore.NodeInfoMap.GetNodeByUrl(arbitraryNode4) 487 assert.True(t, err == nil, "Node fetch returned error") 488 assert.Equal(t, pcore.NodeApproved, nodeInfo.Status) 489 } 490 491 func testTransactionAllowed(t *testing.T, q *QuorumControlsAPI, txa ethapi.SendTxArgs, expected bool) { 492 actAllowed := q.TransactionAllowed(txa) 493 assert.Equal(t, expected, actAllowed) 494 } 495 496 func TestQuorumControlsAPI_TransactionAllowed(t *testing.T) { 497 testObject := typicalQuorumControlsAPI(t) 498 499 if testObject.permCtrl.IsV2Permission() { 500 501 acct := getArbitraryAccount() 502 txa := ethapi.SendTxArgs{From: guardianAddress} 503 payload := hexutil.Bytes(([]byte("0x43d3e767000000000000000000000000000000000000000000000000000000000000000a"))[:]) 504 value := hexutil.Big(*(big.NewInt(10))) 505 506 transactionTxa := ethapi.SendTxArgs{From: acct, To: &guardianAddress, Value: &value} 507 contractCallTxa := ethapi.SendTxArgs{From: acct, To: &guardianAddress, Data: &payload} 508 contractCreateTxa := ethapi.SendTxArgs{From: acct, To: &common.Address{}, Data: &payload} 509 510 for i := 0; i < 8; i++ { 511 roleId := arbitrartNewRole1 + strconv.Itoa(i) 512 _, err := testObject.AddNewRole(arbitraryNetworkAdminOrg, roleId, uint8(i), false, false, txa) 513 assert.NoError(t, err) 514 pcore.RoleInfoMap.UpsertRole(arbitraryNetworkAdminOrg, roleId, false, false, pcore.AccessType(uint8(i)), true) 515 516 if i == 0 { 517 _, err = testObject.AddAccountToOrg(acct, arbitraryNetworkAdminOrg, roleId, txa) 518 assert.NoError(t, err) 519 } else { 520 _, err = testObject.ChangeAccountRole(acct, arbitraryNetworkAdminOrg, roleId, txa) 521 assert.NoError(t, err) 522 } 523 524 switch pcore.AccessType(uint8(i)) { 525 case pcore.ReadOnly: 526 testTransactionAllowed(t, testObject, transactionTxa, false) 527 testTransactionAllowed(t, testObject, contractCallTxa, false) 528 testTransactionAllowed(t, testObject, contractCreateTxa, false) 529 530 case pcore.Transact: 531 testTransactionAllowed(t, testObject, transactionTxa, true) 532 testTransactionAllowed(t, testObject, contractCallTxa, false) 533 testTransactionAllowed(t, testObject, contractCreateTxa, false) 534 535 case pcore.ContractDeploy: 536 testTransactionAllowed(t, testObject, transactionTxa, false) 537 testTransactionAllowed(t, testObject, contractCallTxa, false) 538 testTransactionAllowed(t, testObject, contractCreateTxa, true) 539 540 case pcore.FullAccess: 541 testTransactionAllowed(t, testObject, transactionTxa, true) 542 testTransactionAllowed(t, testObject, contractCallTxa, true) 543 testTransactionAllowed(t, testObject, contractCreateTxa, true) 544 545 case pcore.ContractCall: 546 testTransactionAllowed(t, testObject, transactionTxa, false) 547 testTransactionAllowed(t, testObject, contractCallTxa, true) 548 testTransactionAllowed(t, testObject, contractCreateTxa, false) 549 550 case pcore.TransactAndContractCall: 551 testTransactionAllowed(t, testObject, transactionTxa, true) 552 testTransactionAllowed(t, testObject, contractCallTxa, true) 553 testTransactionAllowed(t, testObject, contractCreateTxa, false) 554 555 case pcore.TransactAndContractDeploy: 556 testTransactionAllowed(t, testObject, transactionTxa, true) 557 testTransactionAllowed(t, testObject, contractCallTxa, false) 558 testTransactionAllowed(t, testObject, contractCreateTxa, true) 559 case pcore.ContractCallAndDeploy: 560 testTransactionAllowed(t, testObject, transactionTxa, false) 561 testTransactionAllowed(t, testObject, contractCallTxa, true) 562 testTransactionAllowed(t, testObject, contractCreateTxa, true) 563 564 } 565 566 } 567 } 568 569 } 570 571 func TestQuorumControlsAPI_RoleAndAccountsAPIs(t *testing.T) { 572 testObject := typicalQuorumControlsAPI(t) 573 invalidTxa := ethapi.SendTxArgs{From: getArbitraryAccount()} 574 acct := getArbitraryAccount() 575 txa := ethapi.SendTxArgs{From: guardianAddress, To: &acct} 576 577 pcore.SetNetworkBootUpCompleted() 578 pcore.SetQIP714BlockReached() 579 580 _, err := testObject.AssignAdminRole(arbitraryNetworkAdminOrg, acct, arbitraryNetworkAdminRole, invalidTxa) 581 assert.Equal(t, err, errors.New("Invalid account id")) 582 583 _, err = testObject.AssignAdminRole(arbitraryNetworkAdminOrg, acct, arbitraryNetworkAdminRole, txa) 584 pcore.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitraryNetworkAdminRole, acct, true, pcore.AcctPendingApproval) 585 586 _, err = testObject.ApproveAdminRole(arbitraryNetworkAdminOrg, acct, invalidTxa) 587 assert.Equal(t, err, errors.New("Invalid account id")) 588 testTransactionAllowed(t, testObject, ethapi.SendTxArgs{From: acct, To: &acct}, false) 589 590 _, err = testObject.ApproveAdminRole(arbitraryNetworkAdminOrg, acct, invalidTxa) 591 assert.Equal(t, err, errors.New("Invalid account id")) 592 593 _, err = testObject.ApproveAdminRole(arbitraryNetworkAdminOrg, acct, txa) 594 assert.NoError(t, err) 595 pcore.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitraryNetworkAdminRole, acct, true, pcore.AcctActive) 596 testTransactionAllowed(t, testObject, ethapi.SendTxArgs{From: acct, To: &acct}, true) 597 598 _, err = testObject.AddNewRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, uint8(pcore.FullAccess), false, false, invalidTxa) 599 assert.Equal(t, err, errors.New("Invalid account id")) 600 601 _, err = testObject.AddNewRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, uint8(pcore.FullAccess), false, false, txa) 602 assert.NoError(t, err) 603 pcore.RoleInfoMap.UpsertRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, false, false, pcore.FullAccess, true) 604 605 acct = getArbitraryAccount() 606 _, err = testObject.AddAccountToOrg(acct, arbitraryNetworkAdminOrg, arbitrartNewRole1, invalidTxa) 607 assert.Equal(t, err, errors.New("Invalid account id")) 608 609 _, err = testObject.AddAccountToOrg(acct, arbitraryNetworkAdminOrg, arbitrartNewRole1, txa) 610 assert.NoError(t, err) 611 pcore.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole1, acct, true, pcore.AcctActive) 612 613 _, err = testObject.RemoveRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, invalidTxa) 614 assert.Equal(t, err, errors.New("Invalid account id")) 615 616 _, err = testObject.RemoveRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, txa) 617 assert.Equal(t, err, ErrAccountsLinked) 618 619 _, err = testObject.AddNewRole(arbitraryNetworkAdminOrg, arbitrartNewRole2, uint8(pcore.FullAccess), false, false, txa) 620 assert.NoError(t, err) 621 pcore.RoleInfoMap.UpsertRole(arbitraryNetworkAdminOrg, arbitrartNewRole2, false, false, pcore.FullAccess, true) 622 623 _, err = testObject.ChangeAccountRole(acct, arbitraryNetworkAdminOrg, arbitrartNewRole2, invalidTxa) 624 assert.Equal(t, err, errors.New("Invalid account id")) 625 626 _, err = testObject.ChangeAccountRole(acct, arbitraryNetworkAdminOrg, arbitrartNewRole2, txa) 627 assert.NoError(t, err) 628 629 _, err = testObject.RemoveRole(arbitraryNetworkAdminOrg, arbitrartNewRole1, txa) 630 assert.Equal(t, err, ErrAccountsLinked) 631 632 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(SuspendAccount), invalidTxa) 633 assert.Equal(t, err, errors.New("Invalid account id")) 634 635 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(SuspendAccount), txa) 636 assert.NoError(t, err) 637 pcore.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, pcore.AcctSuspended) 638 testTransactionAllowed(t, testObject, ethapi.SendTxArgs{From: acct, To: &acct}, false) 639 640 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(ActivateSuspendedAccount), txa) 641 assert.NoError(t, err) 642 pcore.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, pcore.AcctActive) 643 644 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(BlacklistAccount), txa) 645 assert.NoError(t, err) 646 pcore.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, pcore.AcctBlacklisted) 647 testTransactionAllowed(t, testObject, ethapi.SendTxArgs{From: acct, To: &acct}, false) 648 649 _, err = testObject.UpdateAccountStatus(arbitraryNetworkAdminOrg, acct, uint8(ActivateSuspendedAccount), txa) 650 assert.Equal(t, err, ErrAcctBlacklisted) 651 652 _, err = testObject.RecoverBlackListedAccount(arbitraryNetworkAdminOrg, acct, invalidTxa) 653 assert.Equal(t, err, errors.New("Invalid account id")) 654 655 _, err = testObject.RecoverBlackListedAccount(arbitraryNetworkAdminOrg, acct, txa) 656 assert.NoError(t, err) 657 pcore.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, pcore.AcctRecoveryInitiated) 658 _, err = testObject.ApproveBlackListedAccountRecovery(arbitraryNetworkAdminOrg, acct, txa) 659 assert.NoError(t, err) 660 pcore.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole2, acct, true, pcore.AcctActive) 661 662 // check role cache. the cache size is set to 4 663 // insert 4 records and then retrieve the 1st role 664 for i := 0; i < roleCacheSize; i++ { 665 roleId := "TESTROLE" + strconv.Itoa(i) 666 _, err = testObject.AddNewRole(arbitraryNetworkAdminOrg, roleId, uint8(pcore.FullAccess), false, false, txa) 667 assert.NoError(t, err) 668 pcore.RoleInfoMap.UpsertRole(arbitraryNetworkAdminOrg, roleId, false, false, pcore.FullAccess, true) 669 } 670 671 assert.Equal(t, roleCacheSize, len(pcore.RoleInfoMap.GetRoleList())) 672 roleInfo, err := pcore.RoleInfoMap.GetRole(arbitraryNetworkAdminOrg, arbitrartNewRole1) 673 assert.True(t, err == nil, "error encountered") 674 675 assert.Equal(t, roleInfo.RoleId, arbitrartNewRole1) 676 677 // check account cache 678 var AccountArray [4]common.Address 679 AccountArray[0] = common.StringToAddress("0fbdc686b912d7722dc86510934589e0aaf3b55a") 680 AccountArray[1] = common.StringToAddress("9186eb3d20cbd1f5f992a950d808c4495153abd5") 681 AccountArray[2] = common.StringToAddress("0638e1574728b6d862dd5d3a3e0942c3be47d996") 682 AccountArray[3] = common.StringToAddress("ae9bc6cd5145e67fbd1887a5145271fd182f0ee7") 683 684 for i := 0; i < accountCacheSize; i++ { 685 _, err = testObject.AddAccountToOrg(AccountArray[i], arbitraryNetworkAdminOrg, arbitrartNewRole1, txa) 686 assert.NoError(t, err) 687 pcore.AcctInfoMap.UpsertAccount(arbitraryNetworkAdminOrg, arbitrartNewRole1, AccountArray[i], false, pcore.AcctActive) 688 } 689 assert.Equal(t, accountCacheSize, len(pcore.AcctInfoMap.GetAcctList())) 690 691 acctInfo, err := pcore.AcctInfoMap.GetAccount(acct) 692 assert.True(t, err == nil, "error encountered") 693 assert.True(t, acctInfo != nil, "account details nil") 694 } 695 696 func getArbitraryAccount() common.Address { 697 acctKey, _ := crypto.GenerateKey() 698 return crypto.PubkeyToAddress(acctKey.PublicKey) 699 } 700 701 func typicalPermissionCtrl(t *testing.T, v2Flag bool) *PermissionCtrl { 702 pconfig := &ptype.PermissionConfig{ 703 UpgrdAddress: permUpgrAddress, 704 InterfAddress: permInterfaceAddress, 705 ImplAddress: permImplAddress, 706 NodeAddress: nodeManagerAddress, 707 AccountAddress: accountManagerAddress, 708 RoleAddress: roleManagerAddress, 709 VoterAddress: voterManagerAddress, 710 OrgAddress: orgManagerAddress, 711 NwAdminOrg: arbitraryNetworkAdminOrg, 712 NwAdminRole: arbitraryNetworkAdminRole, 713 OrgAdminRole: arbitraryOrgAdminRole, 714 Accounts: []common.Address{ 715 guardianAddress, 716 }, 717 SubOrgDepth: big.NewInt(10), 718 SubOrgBreadth: big.NewInt(10), 719 } 720 if v2Flag { 721 pconfig.PermissionsModel = ptype.PERMISSION_V2 722 } else { 723 pconfig.PermissionsModel = ptype.PERMISSION_V1 724 } 725 testObject, err := NewQuorumPermissionCtrl(stack, pconfig, false) 726 if err != nil { 727 t.Fatal(err) 728 } 729 730 testObject.ethClnt = contrBackend 731 testObject.eth = ethereum 732 733 // set contract and backend's contract as asyncStart won't get called 734 testObject.contract = NewPermissionContractService(testObject.ethClnt, testObject.IsV2Permission(), testObject.key, testObject.permConfig, false, false) 735 if v2Flag { 736 b := testObject.backend.(*v2.Backend) 737 b.Contr = testObject.contract.(*v2.Init) 738 } else { 739 b := testObject.backend.(*v1.Backend) 740 b.Contr = testObject.contract.(*v1.Init) 741 } 742 743 go func() { 744 testObject.errorChan <- nil 745 }() 746 return testObject 747 } 748 749 func tmpKeyStore(encrypted bool) (string, *keystore.KeyStore, error) { 750 d, err := ioutil.TempDir("", "Eth-keystore-test") 751 if err != nil { 752 return "", nil, err 753 } 754 newKs := keystore.NewPlaintextKeyStore 755 if encrypted { 756 newKs = func(kd string) *keystore.KeyStore { 757 return keystore.NewKeyStore(kd, keystore.LightScryptN, keystore.LightScryptP) 758 } 759 } 760 return d, newKs(d), err 761 } 762 763 func TestPermissionCtrl_whenUpdateFile(t *testing.T) { 764 testObject := typicalPermissionCtrl(t, v2Flag) 765 assert.NoError(t, testObject.AfterStart()) 766 767 err := testObject.populateInitPermissions(orgCacheSize, roleCacheSize, nodeCacheSize, accountCacheSize) 768 assert.NoError(t, err) 769 770 d, _ := ioutil.TempDir("", "qdata") 771 defer os.RemoveAll(d) 772 773 testObject.dataDir = d 774 ptype.UpdatePermissionedNodes(testObject.node, d, arbitraryNode1, ptype.NodeAdd, true) 775 776 permFile, _ := os.Create(d + "/" + "permissioned-nodes.json") 777 778 ptype.UpdateFile("testFile", arbitraryNode2, ptype.NodeAdd, false) 779 ptype.UpdateFile(permFile.Name(), arbitraryNode2, ptype.NodeAdd, false) 780 ptype.UpdateFile(permFile.Name(), arbitraryNode2, ptype.NodeAdd, true) 781 ptype.UpdateFile(permFile.Name(), arbitraryNode2, ptype.NodeAdd, true) 782 ptype.UpdateFile(permFile.Name(), arbitraryNode1, ptype.NodeAdd, false) 783 ptype.UpdateFile(permFile.Name(), arbitraryNode1, ptype.NodeDelete, false) 784 ptype.UpdateFile(permFile.Name(), arbitraryNode1, ptype.NodeDelete, false) 785 786 blob, err := ioutil.ReadFile(permFile.Name()) 787 var nodeList []string 788 if err := json.Unmarshal(blob, &nodeList); err != nil { 789 t.Fatal("Failed to load nodes list from file", "fileName", permFile, "err", err) 790 return 791 } 792 assert.Equal(t, len(nodeList), 1) 793 ptype.UpdatePermissionedNodes(testObject.node, d, arbitraryNode1, ptype.NodeAdd, true) 794 ptype.UpdatePermissionedNodes(testObject.node, d, arbitraryNode1, ptype.NodeDelete, true) 795 796 blob, err = ioutil.ReadFile(permFile.Name()) 797 if err := json.Unmarshal(blob, &nodeList); err != nil { 798 t.Fatal("Failed to load nodes list from file", "fileName", permFile, "err", err) 799 return 800 } 801 assert.Equal(t, len(nodeList), 1) 802 803 ptype.UpdateDisallowedNodes(d, arbitraryNode2, ptype.NodeAdd) 804 ptype.UpdateDisallowedNodes(d, arbitraryNode2, ptype.NodeDelete) 805 blob, err = ioutil.ReadFile(d + "/" + "disallowed-nodes.json") 806 if err := json.Unmarshal(blob, &nodeList); err != nil { 807 t.Fatal("Failed to load nodes list from file", "fileName", permFile, "err", err) 808 return 809 } 810 assert.Equal(t, len(nodeList), 0) 811 812 } 813 814 func TestParsePermissionConfig(t *testing.T) { 815 d, _ := ioutil.TempDir("", "qdata") 816 defer os.RemoveAll(d) 817 818 _, err := ptype.ParsePermissionConfig(d) 819 assert.True(t, err != nil, "expected file not there error") 820 821 fileName := d + "/permission-config.json" 822 _, err = os.Create(fileName) 823 _, err = ptype.ParsePermissionConfig(d) 824 assert.True(t, err != nil, "expected unmarshalling error") 825 826 // write permission-config.json into the temp dir 827 var tmpPermCofig ptype.PermissionConfig 828 tmpPermCofig.NwAdminOrg = arbitraryNetworkAdminOrg 829 tmpPermCofig.NwAdminRole = arbitraryNetworkAdminRole 830 tmpPermCofig.OrgAdminRole = arbitraryOrgAdminRole 831 tmpPermCofig.InterfAddress = common.Address{} 832 tmpPermCofig.ImplAddress = common.Address{} 833 tmpPermCofig.UpgrdAddress = common.Address{} 834 tmpPermCofig.VoterAddress = common.Address{} 835 tmpPermCofig.RoleAddress = common.Address{} 836 tmpPermCofig.OrgAddress = common.Address{} 837 tmpPermCofig.NodeAddress = common.Address{} 838 tmpPermCofig.SubOrgBreadth = new(big.Int) 839 tmpPermCofig.SubOrgDepth = new(big.Int) 840 841 blob, err := json.Marshal(tmpPermCofig) 842 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 843 t.Fatal("Error writing new Node info to file", "fileName", fileName, "err", err) 844 } 845 _, err = ptype.ParsePermissionConfig(d) 846 assert.True(t, err != nil, "permission model not given error") 847 848 _ = os.Remove(fileName) 849 tmpPermCofig.PermissionsModel = "ABCD" 850 blob, _ = json.Marshal(tmpPermCofig) 851 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 852 t.Fatal("Error writing new Node info to file", "fileName", fileName, "err", err) 853 } 854 855 _, err = ptype.ParsePermissionConfig(d) 856 assert.True(t, err != nil, "invalid permission model error") 857 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 858 t.Fatal("Error writing new Node info to file", "fileName", fileName, "err", err) 859 } 860 861 _ = os.Remove(fileName) 862 tmpPermCofig.PermissionsModel = "v1" 863 blob, _ = json.Marshal(tmpPermCofig) 864 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 865 t.Fatal("Error writing new Node info to file", "fileName", fileName, "err", err) 866 } 867 868 _, err = ptype.ParsePermissionConfig(d) 869 assert.True(t, err != nil, "expected account not given error") 870 871 _ = os.Remove(fileName) 872 tmpPermCofig.Accounts = append(tmpPermCofig.Accounts, common.StringToAddress("0xed9d02e382b34818e88b88a309c7fe71e65f419d")) 873 blob, err = json.Marshal(tmpPermCofig) 874 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 875 t.Fatal("Error writing new Node info to file", "fileName", fileName, "err", err) 876 } 877 878 _, err = ptype.ParsePermissionConfig(d) 879 assert.True(t, err != nil, "expected sub org depth not set error") 880 881 _ = os.Remove(fileName) 882 tmpPermCofig.SubOrgBreadth.Set(big.NewInt(4)) 883 tmpPermCofig.SubOrgDepth.Set(big.NewInt(4)) 884 blob, _ = json.Marshal(tmpPermCofig) 885 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 886 t.Fatal("Error writing new Node info to file", "fileName", fileName, "err", err) 887 } 888 889 _, err = ptype.ParsePermissionConfig(d) 890 assert.True(t, err != nil, "expected contract address error") 891 892 _ = os.Remove(fileName) 893 tmpPermCofig.InterfAddress = common.StringToAddress("0xed9d02e382b34818e88b88a309c7fe71e65f419d") 894 blob, err = json.Marshal(tmpPermCofig) 895 if err := ioutil.WriteFile(fileName, blob, 0644); err != nil { 896 t.Fatal("Error writing new Node info to file", "fileName", fileName, "err", err) 897 } 898 permConfig, err := ptype.ParsePermissionConfig(d) 899 assert.False(t, permConfig.IsEmpty(), "expected non empty object") 900 } 901 902 func TestIsTransactionAllowed_V1(t *testing.T) { 903 testObject := typicalQuorumControlsAPI(t) 904 pcore.PermissionTransactionAllowedFunc = testObject.permCtrl.IsTransactionAllowed 905 var Acct1 = common.BytesToAddress([]byte("permission")) 906 var Acct2 = common.BytesToAddress([]byte("perm-test")) 907 pcore.SetDefaults(arbitraryNetworkAdminRole, arbitraryOrgAdminRole, false) 908 pcore.SetQIP714BlockReached() 909 pcore.SetNetworkBootUpCompleted() 910 pcore.OrgInfoMap = pcore.NewOrgCache(params.DEFAULT_ORGCACHE_SIZE) 911 pcore.RoleInfoMap = pcore.NewRoleCache(params.DEFAULT_ROLECACHE_SIZE) 912 pcore.AcctInfoMap = pcore.NewAcctCache(params.DEFAULT_ACCOUNTCACHE_SIZE) 913 914 pcore.OrgInfoMap.UpsertOrg(arbitraryOrgAdminRole, "", arbitraryOrgAdminRole, big.NewInt(1), pcore.OrgApproved) 915 pcore.RoleInfoMap.UpsertRole(arbitraryOrgAdminRole, "ROLE1", false, false, pcore.Transact, true) 916 pcore.RoleInfoMap.UpsertRole(arbitraryOrgAdminRole, "ROLE2", false, false, pcore.ContractDeploy, true) 917 pcore.RoleInfoMap.UpsertRole(arbitraryOrgAdminRole, "ROLE3", false, false, pcore.FullAccess, true) 918 var Acct3 = common.BytesToAddress([]byte("permission-test1")) 919 var Acct4 = common.BytesToAddress([]byte("permission-test2")) 920 921 pcore.AcctInfoMap.UpsertAccount(arbitraryOrgAdminRole, "ROLE1", Acct1, false, pcore.AcctActive) 922 pcore.AcctInfoMap.UpsertAccount(arbitraryOrgAdminRole, "ROLE2", Acct2, false, pcore.AcctActive) 923 pcore.AcctInfoMap.UpsertAccount(arbitraryOrgAdminRole, "ROLE3", Acct3, false, pcore.AcctActive) 924 925 type args struct { 926 address common.Address 927 transactionType pcore.TransactionType 928 } 929 tests := []struct { 930 name string 931 args args 932 wantErr bool 933 }{ 934 { 935 name: "Account with transact permission calling value transfer", 936 args: args{address: Acct1, transactionType: pcore.ValueTransferTxn}, 937 wantErr: false, 938 }, 939 { 940 name: "Account with transact permission calling value contract call transaction", 941 args: args{address: Acct1, transactionType: pcore.ContractCallTxn}, 942 wantErr: false, 943 }, 944 { 945 name: "Account with transact permission calling contract deploy", 946 args: args{address: Acct1, transactionType: pcore.ContractDeployTxn}, 947 wantErr: true, 948 }, 949 { 950 name: "Account with contract permission deploy calling value transfer", 951 args: args{address: Acct2, transactionType: pcore.ValueTransferTxn}, 952 wantErr: false, 953 }, 954 { 955 name: "Account with contract deploy permission calling value contract call transaction", 956 args: args{address: Acct2, transactionType: pcore.ContractCallTxn}, 957 wantErr: false, 958 }, 959 { 960 name: "Account with contract deploy permission calling contract deploy", 961 args: args{address: Acct2, transactionType: pcore.ContractDeployTxn}, 962 wantErr: false, 963 }, 964 { 965 name: "Account with full permission calling value transfer", 966 args: args{address: Acct3, transactionType: pcore.ValueTransferTxn}, 967 wantErr: false, 968 }, 969 { 970 name: "Account with full permission calling value contract call transaction", 971 args: args{address: Acct3, transactionType: pcore.ContractCallTxn}, 972 wantErr: false, 973 }, 974 { 975 name: "Account with full permission calling contract deploy", 976 args: args{address: Acct3, transactionType: pcore.ContractDeployTxn}, 977 wantErr: false, 978 }, 979 { 980 name: "un-permissioned account calling value transfer", 981 args: args{address: Acct4, transactionType: pcore.ValueTransferTxn}, 982 wantErr: true, 983 }, 984 { 985 name: "un-permissioned account calling contract call transaction", 986 args: args{address: Acct4, transactionType: pcore.ContractCallTxn}, 987 wantErr: true, 988 }, 989 { 990 name: "un-permissioned account calling contract deploy", 991 args: args{address: Acct4, transactionType: pcore.ContractDeployTxn}, 992 wantErr: true, 993 }, 994 } 995 for _, tt := range tests { 996 t.Run(tt.name, func(t *testing.T) { 997 if err := pcore.IsTransactionAllowed(tt.args.address, common.Address{}, nil, nil, nil, nil, tt.args.transactionType); (err != nil) != tt.wantErr { 998 t.Errorf("IsTransactionAllowed() error = %v, wantErr %v", err, tt.wantErr) 999 } 1000 }) 1001 } 1002 }