diff --git a/design/validator_info.md b/design/validator_info.md index 8e78e875c..fde14b572 100644 --- a/design/validator_info.md +++ b/design/validator_info.md @@ -65,7 +65,7 @@ This file is updated by node once a minute and contains following information: ``` ## Modification - New Read Command -Validator_info accessible as read command, available for all clients. New command VALIDATOR_INFO provide info from +Validator_info accessible as read command, available for Steward and Trustee. New command VALIDATOR_INFO provide info from all the connected nodes without need of consensus (similar to force=True flag in upgrade cmd). Command allow requesting all parameters or some subset of parameters. diff --git a/indy_common/auth.py b/indy_common/auth.py index 362c865c2..1a3b3b7c8 100644 --- a/indy_common/auth.py +++ b/indy_common/auth.py @@ -1,8 +1,9 @@ from plenum.common.constants import TRUSTEE, STEWARD, NODE from stp_core.common.log import getlogger -from indy_common.constants import OWNER, POOL_UPGRADE, TGB, TRUST_ANCHOR, NYM, POOL_CONFIG, SCHEMA, CLAIM_DEF, \ - POOL_RESTART +from indy_common.constants import OWNER, POOL_UPGRADE, TGB, TRUST_ANCHOR, NYM, \ + POOL_CONFIG, SCHEMA, CLAIM_DEF, \ + POOL_RESTART, VALIDATOR_INFO from indy_common.roles import Roles logger = getlogger() @@ -64,6 +65,8 @@ class Authoriser: {TRUSTEE: []}, '{}_action__'.format(POOL_CONFIG): {TRUSTEE: [], TGB: []}, + '{}___'.format(VALIDATOR_INFO): + {TRUSTEE: [], STEWARD: []}, } @staticmethod diff --git a/indy_common/test/auth/test_auth_validator_info.py b/indy_common/test/auth/test_auth_validator_info.py new file mode 100644 index 000000000..6e2be97bc --- /dev/null +++ b/indy_common/test/auth/test_auth_validator_info.py @@ -0,0 +1,10 @@ +from plenum.common.constants import TRUSTEE, STEWARD + +from indy_common.auth import Authoriser +from indy_common.constants import VALIDATOR_INFO + + +def test_permission_for_validator_info(role): + authorized = role in (TRUSTEE, STEWARD) + assert authorized == Authoriser.authorised(typ=VALIDATOR_INFO, + actorRole=role)[0] diff --git a/indy_node/server/action_req_handler.py b/indy_node/server/action_req_handler.py index eed981d4a..f8d40ebba 100644 --- a/indy_node/server/action_req_handler.py +++ b/indy_node/server/action_req_handler.py @@ -40,7 +40,7 @@ def validate(self, req: Request): status = None operation = req.operation typ = operation.get(TXN_TYPE) - if typ not in [POOL_RESTART]: + if typ not in self.operation_types: return origin = req.identifier try: @@ -50,15 +50,21 @@ def validate(self, req: Request): req.identifier, req.reqId, "Nym {} not added to the ledger yet".format(origin)) - action = "" + r = False if typ == POOL_RESTART: action = operation.get(ACTION) - r, msg = Authoriser.authorised( - typ, origin_role, field=ACTION, oldVal=status, newVal=action) + r, msg = Authoriser.authorised(typ, origin_role, + field=ACTION, + oldVal=status, + newVal=action) + elif typ == VALIDATOR_INFO: + r, msg = Authoriser.authorised(typ, origin_role) if not r: raise UnauthorizedClientRequest( - req.identifier, req.reqId, "{} cannot do restart".format( - Roles.nameFromValue(origin_role))) + req.identifier, req.reqId, + "{} cannot do action with type = {}".format( + Roles.nameFromValue(origin_role), + typ)) def apply(self, req: Request, cons_time: int = None): logger.debug("Transaction {} with type {} started" diff --git a/indy_node/test/pool_restart/test_fail_pool_restart.py b/indy_node/test/pool_restart/test_fail_pool_restart.py index 1e84fa011..1a44a4e81 100644 --- a/indy_node/test/pool_restart/test_fail_pool_restart.py +++ b/indy_node/test/pool_restart/test_fail_pool_restart.py @@ -7,8 +7,6 @@ from plenum.common.constants import TXN_TYPE from plenum.test.helper import sdk_gen_request, sdk_sign_and_submit_req_obj, \ sdk_get_reply, sdk_get_and_check_replies -from indy_node.test.upgrade.helper import NodeControlToolExecutor as NCT, \ - nodeControlGeneralMonkeypatching def test_fail_pool_restart_with_steward_role( @@ -24,7 +22,8 @@ def test_fail_pool_restart_with_steward_role( req_obj) with pytest.raises(RequestRejectedException) as excinfo: sdk_get_and_check_replies(looper, [req], 100) - assert excinfo.match("STEWARD cannot do restart") + assert excinfo.match("STEWARD cannot do action with type = " + + POOL_RESTART) def test_fail_pool_restart_with_invalid_datetime( diff --git a/indy_node/test/validator_info/test_validator_info_command.py b/indy_node/test/validator_info/test_validator_info_command.py index 1a9f223cc..c5fc74b92 100644 --- a/indy_node/test/validator_info/test_validator_info_command.py +++ b/indy_node/test/validator_info/test_validator_info_command.py @@ -11,7 +11,7 @@ from plenum.common.constants import REPLY, TXN_TYPE, DATA from plenum.common.types import f from plenum.test.helper import sdk_gen_request, sdk_sign_and_submit_req_obj, \ - sdk_get_reply + sdk_get_reply, sdk_send_signed_requests, sdk_get_and_check_replies def test_validator_info_command( @@ -24,10 +24,26 @@ def test_validator_info_command( sdk_pool_handle, sdk_wallet_trustee, req_obj) - # req_json, resp = sdk_get_reply(looper, req, 100) + #req_json, resp = sdk_get_reply(looper, req, 100) # _comparison_reply(resp, req_obj) +def test_fail_validator_info_command( + sdk_pool_handle, sdk_wallet_client, looper): + op = { + TXN_TYPE: VALIDATOR_INFO + } + req_obj = sdk_gen_request(op, identifier=sdk_wallet_client[1]) + req = sdk_sign_and_submit_req_obj(looper, + sdk_pool_handle, + sdk_wallet_client, + req_obj) + with pytest.raises(RequestRejectedException) as excinfo: + sdk_get_and_check_replies(looper, [req], 100) + assert excinfo.match("None role cannot do action with type = " + + VALIDATOR_INFO) + + def _comparison_reply(resp, req_obj): assert resp["op"] == REPLY assert resp[f.RESULT.nm][f.IDENTIFIER.nm] == req_obj.identifier