From 9d8c191911fd500d0d14c29d17f52334244845b7 Mon Sep 17 00:00:00 2001 From: krsh24 Date: Wed, 5 Jun 2024 05:53:45 +0800 Subject: [PATCH] Error out on permissions config accounts-allowlist validation errors. [#7138] (#7161) * Error out on permissions config accounts-allowlist validation errors. Signed-off-by: krishnannarayanan * Fixing compilation errors Signed-off-by: krishnannarayanan * Incorrect file check in Signed-off-by: krishnannarayanan --------- Signed-off-by: krishnannarayanan --- ...untLocalConfigPermissioningController.java | 8 ++++- ...ocalConfigPermissioningControllerTest.java | 35 +++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningController.java b/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningController.java index c62ed9d6b0b..cb1aa2fd0a1 100644 --- a/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningController.java +++ b/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningController.java @@ -84,7 +84,13 @@ public AccountLocalConfigPermissioningController( private void readAccountsFromConfig(final LocalPermissioningConfiguration configuration) { if (configuration != null && configuration.isAccountAllowlistEnabled()) { if (!configuration.getAccountAllowlist().isEmpty()) { - addAccounts(configuration.getAccountAllowlist()); + AllowlistOperationResult result = addAccounts(configuration.getAccountAllowlist()); + if (result != AllowlistOperationResult.SUCCESS) { + throw new IllegalStateException( + String.format( + "Error reloading permissions file. Invalid accounts allowlist, validation failed due to \"%s\"", + result)); + } } } } diff --git a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java index 1c823b83a83..db98cd95acc 100644 --- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java +++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java @@ -17,6 +17,7 @@ import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.catchThrowable; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; @@ -108,6 +109,40 @@ public void whenLoadingAccountsFromConfigShouldNormalizeAccountsToLowerCase() { .containsExactly("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73"); } + @Test + public void whenLoadingDuplicateAccountsFromConfigShouldThrowError() { + when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true); + when(permissioningConfig.getAccountAllowlist()) + .thenReturn( + List.of( + "0xcb88953e60948e3a76fa658d65b7c2d5043c6409", + "0xdd76406b124f9e3ae9fbeb47e4d8dc0ab143902d", + "0x432132e8561785c33afe931762cf8eeb9c80e3ad", + "0xcb88953e60948e3a76fa658d65b7c2d5043c6409")); + + assertThrows( + IllegalStateException.class, + () -> { + controller = + new AccountLocalConfigPermissioningController( + permissioningConfig, allowlistPersistor, metricsSystem); + }); + } + + @Test + public void whenLoadingInvalidAccountsFromConfigShouldThrowError() { + when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true); + when(permissioningConfig.getAccountAllowlist()).thenReturn(List.of("0x0", "0xzxy")); + + assertThrows( + IllegalStateException.class, + () -> { + controller = + new AccountLocalConfigPermissioningController( + permissioningConfig, allowlistPersistor, metricsSystem); + }); + } + @Test public void whenPermConfigContainsEmptyListOfAccountsContainsShouldReturnFalse() { when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);