github.com/muhammedhassanm/blockchain@v0.0.0-20200120143007-697261defd4d/sawtooth-core-master/validator/tests/test_identity_view/tests.py (about) 1 # Copyright 2017 Intel Corporation 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 # ---------------------------------------------------------------------------- 15 16 import os 17 import shutil 18 import tempfile 19 import unittest 20 import hashlib 21 22 from sawtooth_validator.database.native_lmdb import NativeLmdbDatabase 23 from sawtooth_validator.protobuf import identity_pb2 24 from sawtooth_validator.state import identity_view 25 from sawtooth_validator.state.merkle import MerkleDatabase 26 from sawtooth_validator.state.state_view import StateViewFactory 27 28 29 class TestIdentityView(unittest.TestCase): 30 def __init__(self, test_name): 31 super().__init__(test_name) 32 self._temp_dir = None 33 34 def setUp(self): 35 self._temp_dir = tempfile.mkdtemp() 36 37 self._database = NativeLmdbDatabase( 38 os.path.join(self._temp_dir, 'test_identity_view.lmdb'), 39 indexes=MerkleDatabase.create_index_configuration(), 40 _size=10 * 1024 * 1024) 41 self._tree = MerkleDatabase(self._database) 42 43 def tearDown(self): 44 shutil.rmtree(self._temp_dir) 45 46 def test_identityview_roles(self): 47 """Tests get_role and get_roles get the correct Roles and the 48 IdentityViewFactory produces the correct view of the database. 49 50 Notes: 51 1. Create an empty MerkleDatabase and update it with one 52 serialized RoleList. 53 2. Assert that get_role returns that named Role. 54 3. Assert that get_role returns None for a name that doesn't 55 correspond to a Role. 56 4. Assert that all the Roles are returned by get_roles. 57 5. Update the MerkleDatabase with another serialized RoleList with 58 a different name. 59 6. Repeat 2. 60 7. Repeat 3. 61 8. Repeat 4. 62 63 """ 64 65 state_view_factory = StateViewFactory(self._database) 66 67 identity_view_factory = identity_view.IdentityViewFactory( 68 state_view_factory=state_view_factory) 69 70 # 1. 71 role_list = identity_pb2.RoleList() 72 role1 = role_list.roles.add() 73 role1_name = "sawtooth.test.example1" 74 75 role1.name = role1_name 76 role1.policy_name = "this_is_an_example" 77 78 state_root1 = self._tree.update( 79 set_items={ 80 _get_role_address(role1_name): role_list.SerializeToString() 81 }, 82 virtual=False) 83 84 # 2. 85 identity_view1 = identity_view_factory.create_identity_view( 86 state_hash=state_root1) 87 self.assertEqual( 88 identity_view1.get_role(role1_name), 89 role1, 90 "IdentityView().get_role returns the correct Role by name.") 91 92 # 3. 93 self.assertIsNone( 94 identity_view1.get_role("Not-a-Role"), 95 "IdentityView().get_role returns None if there is " 96 "no Role with that name.") 97 98 # 4. 99 self.assertEqual(identity_view1.get_roles(), 100 [role1], 101 "IdentityView().get_roles returns all the roles in" 102 " State.") 103 104 # 5. 105 role_list2 = identity_pb2.RoleList() 106 role2 = role_list2.roles.add() 107 role2_name = "sawtooth.test.example2" 108 109 role2.name = role2_name 110 role2.policy_name = "this_is_another_example" 111 112 self._tree.set_merkle_root(merkle_root=state_root1) 113 114 state_root2 = self._tree.update( 115 { 116 _get_role_address(role2_name): role_list2.SerializeToString() 117 }, 118 virtual=False) 119 120 # 6. 121 identity_view2 = identity_view_factory.create_identity_view( 122 state_hash=state_root2) 123 124 self.assertEqual( 125 identity_view2.get_role(role2_name), 126 role2, 127 "IdentityView().get_role returns the correct Role by name.") 128 129 # 7. 130 131 self.assertIsNone( 132 identity_view2.get_role("not-a-role2"), 133 "IdentityView().get_role returns None for names that don't " 134 "correspond to a Role.") 135 136 # 8. 137 138 self.assertEqual( 139 identity_view2.get_roles(), 140 [role1, role2], 141 "IdentityView().get_roles() returns all the Roles in alphabetical " 142 "order by name.") 143 144 def test_identityview_policy(self): 145 """Tests get_policy and get_policies get the correct Policies and 146 the IdentityViewFactory produces the correct view of the database. 147 148 Notes: 149 1. Create an empty MerkleDatabase and update it with one 150 serialized PolicyList. 151 2. Assert that get_policy returns that named Policy. 152 3. Assert that get_policy returns None for a name that doesn't 153 correspond to a Policy. 154 4. Assert that all the Policies are returned by get_policies. 155 5. Update the MerkleDatabase with another serialized PolicyList 156 with a different name. 157 6. Repeat 2. 158 7. Repeat 3. 159 8. Repeat 4. 160 161 """ 162 163 state_view_factory = StateViewFactory(self._database) 164 165 identity_view_factory = identity_view.IdentityViewFactory( 166 state_view_factory=state_view_factory) 167 168 # 1. 169 policy_list = identity_pb2.PolicyList() 170 policy1 = policy_list.policies.add() 171 policy1_name = "deny_all_keys" 172 173 policy1.name = policy1_name 174 175 state_root1 = self._tree.update( 176 set_items={ 177 _get_policy_address(policy1_name): 178 policy_list.SerializeToString() 179 }, 180 virtual=False) 181 182 # 2. 183 identity_view1 = identity_view_factory.create_identity_view( 184 state_hash=state_root1) 185 self.assertEqual( 186 identity_view1.get_policy(policy1_name), 187 policy1, 188 "IdentityView().get_policy returns the correct Policy by name.") 189 190 # 3. 191 self.assertIsNone( 192 identity_view1.get_policy("Not-a-Policy"), 193 "IdentityView().get_policy returns None if " 194 "there is no Policy with that name.") 195 196 # 4. 197 self.assertEqual(identity_view1.get_policies(), 198 [policy1], 199 "IdentityView().get_policies returns all the " 200 "policies in State.") 201 202 # 5. 203 policy_list2 = identity_pb2.PolicyList() 204 policy2 = policy_list2.policies.add() 205 policy2_name = "accept_all_keys" 206 207 policy2.name = policy2_name 208 209 self._tree.set_merkle_root(merkle_root=state_root1) 210 211 state_root2 = self._tree.update( 212 { 213 _get_policy_address(policy2_name): 214 policy_list2.SerializeToString() 215 }, 216 virtual=False) 217 218 # 6. 219 identity_view2 = identity_view_factory.create_identity_view( 220 state_hash=state_root2) 221 222 self.assertEqual( 223 identity_view2.get_policy(policy2_name), 224 policy2, 225 "IdentityView().get_policy returns the correct Policy by name.") 226 227 # 7. 228 229 self.assertIsNone( 230 identity_view2.get_policy("not-a-policy2"), 231 "IdentityView().get_policy returns None for names that don't " 232 "correspond to a Policy.") 233 234 # 8. 235 self.assertEqual( 236 identity_view2.get_policies(), 237 [policy2, policy1], 238 "IdentityView().get_policies returns all the Policies in " 239 "alphabetical order by name.") 240 241 242 def _to_hash(value): 243 return hashlib.sha256(value.encode()).hexdigest() 244 245 246 def _get_policy_address(policy_name): 247 return IDENTITY_NAMESPACE + POLICY_PREFIX + _to_hash(policy_name)[:62] 248 249 250 IDENTITY_NAMESPACE = '00001d' 251 POLICY_PREFIX = '00' 252 ROLE_PREFIX = '01' 253 254 255 _MAX_KEY_PARTS = 4 256 _FIRST_ADDRESS_PART_SIZE = 14 257 _ADDRESS_PART_SIZE = 16 258 _EMPTY_PART = _to_hash('')[:_ADDRESS_PART_SIZE] 259 260 261 def _get_role_address(role_name): 262 # split the key into 4 parts, maximum 263 key_parts = role_name.split('.', maxsplit=_MAX_KEY_PARTS - 1) 264 265 # compute the short hash of each part 266 addr_parts = [_to_hash(key_parts[0])[:_FIRST_ADDRESS_PART_SIZE]] 267 addr_parts += [_to_hash(x)[:_ADDRESS_PART_SIZE] for x in key_parts[1:]] 268 269 # pad the parts with the empty hash, if needed 270 addr_parts.extend([_EMPTY_PART] * (_MAX_KEY_PARTS - len(addr_parts))) 271 272 return IDENTITY_NAMESPACE + ROLE_PREFIX + ''.join(addr_parts)