Merge pull request hyperledger#717 from Toktar/task-1363-add-permissi…

…on-validator-info

[WIP][INDY-1363] add permission to validator_info command only for trustee and steward

design/validator_info.md

@@ -65,7 +65,7 @@ This file is updated by node once a minute and contains following information:
 ```
 
 ## Modification - New Read Command
-Validator_info accessible as read command, available for all clients. New command VALIDATOR_INFO provide info from
+Validator_info accessible as read command, available for Steward and Trustee. New command VALIDATOR_INFO provide info from
 all the connected nodes without need of consensus (similar to force=True flag in upgrade cmd).
 Command allow requesting all parameters or some subset of parameters.
 

indy_common/auth.py

@@ -1,8 +1,9 @@
 from plenum.common.constants import TRUSTEE, STEWARD, NODE
 from stp_core.common.log import getlogger
 
-from indy_common.constants import OWNER, POOL_UPGRADE, TGB, TRUST_ANCHOR, NYM, POOL_CONFIG, SCHEMA, CLAIM_DEF, \
-    POOL_RESTART
+from indy_common.constants import OWNER, POOL_UPGRADE, TGB, TRUST_ANCHOR, NYM, \
+    POOL_CONFIG, SCHEMA, CLAIM_DEF, \
+    POOL_RESTART, VALIDATOR_INFO
 from indy_common.roles import Roles
 
 logger = getlogger()
@@ -64,6 +65,8 @@ class Authoriser:
             {TRUSTEE: []},
         '{}_action_<any>_<any>'.format(POOL_CONFIG):
             {TRUSTEE: [], TGB: []},
+        '{}_<any>_<any>_<any>'.format(VALIDATOR_INFO):
+            {TRUSTEE: [], STEWARD: []},
     }
 
     @staticmethod

indy_common/test/auth/test_auth_validator_info.py

@@ -0,0 +1,10 @@
+from plenum.common.constants import TRUSTEE, STEWARD
+
+from indy_common.auth import Authoriser
+from indy_common.constants import VALIDATOR_INFO
+
+
+def test_permission_for_validator_info(role):
+    authorized = role in (TRUSTEE, STEWARD)
+    assert authorized == Authoriser.authorised(typ=VALIDATOR_INFO,
+                                               actorRole=role)[0]

indy_node/server/action_req_handler.py

@@ -40,7 +40,7 @@ def validate(self, req: Request):
         status = None
         operation = req.operation
         typ = operation.get(TXN_TYPE)
-        if typ not in [POOL_RESTART]:
+        if typ not in self.operation_types:
             return
         origin = req.identifier
         try:
@@ -50,15 +50,21 @@ def validate(self, req: Request):
                 req.identifier,
                 req.reqId,
                 "Nym {} not added to the ledger yet".format(origin))
-        action = ""
+        r = False
         if typ == POOL_RESTART:
             action = operation.get(ACTION)
-        r, msg = Authoriser.authorised(
-            typ, origin_role, field=ACTION, oldVal=status, newVal=action)
+            r, msg = Authoriser.authorised(typ, origin_role,
+                                           field=ACTION,
+                                           oldVal=status,
+                                           newVal=action)
+        elif typ == VALIDATOR_INFO:
+            r, msg = Authoriser.authorised(typ, origin_role)
         if not r:
             raise UnauthorizedClientRequest(
-                req.identifier, req.reqId, "{} cannot do restart".format(
-                    Roles.nameFromValue(origin_role)))
+                req.identifier, req.reqId,
+                "{} cannot do action with type = {}".format(
+                    Roles.nameFromValue(origin_role),
+                    typ))
 
     def apply(self, req: Request, cons_time: int = None):
         logger.debug("Transaction {} with type {} started"

indy_node/test/pool_restart/test_fail_pool_restart.py

@@ -7,8 +7,6 @@
 from plenum.common.constants import TXN_TYPE
 from plenum.test.helper import sdk_gen_request, sdk_sign_and_submit_req_obj, \
     sdk_get_reply, sdk_get_and_check_replies
-from indy_node.test.upgrade.helper import NodeControlToolExecutor as NCT, \
-    nodeControlGeneralMonkeypatching
 
 
 def test_fail_pool_restart_with_steward_role(
@@ -24,7 +22,8 @@ def test_fail_pool_restart_with_steward_role(
                                       req_obj)
     with pytest.raises(RequestRejectedException) as excinfo:
         sdk_get_and_check_replies(looper, [req], 100)
-    assert excinfo.match("STEWARD cannot do restart")
+    assert excinfo.match("STEWARD cannot do action with type = " +
+                         POOL_RESTART)
 
 
 def test_fail_pool_restart_with_invalid_datetime(

indy_node/test/validator_info/test_validator_info_command.py

@@ -11,7 +11,7 @@
 from plenum.common.constants import REPLY, TXN_TYPE, DATA
 from plenum.common.types import f
 from plenum.test.helper import sdk_gen_request, sdk_sign_and_submit_req_obj, \
-    sdk_get_reply
+    sdk_get_reply, sdk_send_signed_requests, sdk_get_and_check_replies
 
 
 def test_validator_info_command(
@@ -24,10 +24,26 @@ def test_validator_info_command(
                                       sdk_pool_handle,
                                       sdk_wallet_trustee,
                                       req_obj)
-    # req_json, resp = sdk_get_reply(looper, req, 100)
+    #req_json, resp = sdk_get_reply(looper, req, 100)
     # _comparison_reply(resp, req_obj)
 
 
+def test_fail_validator_info_command(
+        sdk_pool_handle, sdk_wallet_client, looper):
+    op = {
+        TXN_TYPE: VALIDATOR_INFO
+    }
+    req_obj = sdk_gen_request(op, identifier=sdk_wallet_client[1])
+    req = sdk_sign_and_submit_req_obj(looper,
+                                      sdk_pool_handle,
+                                      sdk_wallet_client,
+                                      req_obj)
+    with pytest.raises(RequestRejectedException) as excinfo:
+        sdk_get_and_check_replies(looper, [req], 100)
+    assert excinfo.match("None role cannot do action with type = " +
+                         VALIDATOR_INFO)
+
+
 def _comparison_reply(resp, req_obj):
     assert resp["op"] == REPLY
     assert resp[f.RESULT.nm][f.IDENTIFIER.nm] == req_obj.identifier