Jwt, Tls and ConfigSpec test migration to Canton (#16663)

2024-11-10 10:46:11 +03:00 · 2023-04-11 17:03:46 +01:00 · 2023-04-11 17:03:46 +01:00 · 3850f7fe0c
commit 3850f7fe0c
parent 3ea97fa5f8
5 changed files with 82 additions and 132 deletions
--- a/daml-lf/integration-test-lib/src/main/com/daml/lf/CantonFixture.scala
+++ b/daml-lf/integration-test-lib/src/main/com/daml/lf/CantonFixture.scala
@ -139,7 +139,7 @@ trait CantonFixture extends SuiteResource[Vector[Port]] with AkkaBeforeAndAfterA
          val domainAdminApi = LockedFreePort.find()

          val cantonPath = rlocation(
-            "external/canton/lib/canton-open-source-2.7.0-SNAPSHOT.jar"
+            "external/canton/lib/canton-open-source-2.7.0-SNAPSHOT.jar" // FIXME: remove hard coded version!!
          )
          val exe = if (sys.props("os.name").toLowerCase.contains("windows")) ".exe" else ""
          val java = s"${System.getenv("JAVA_HOME")}/bin/java${exe}"
@ -260,7 +260,7 @@ trait CantonFixture extends SuiteResource[Vector[Port]] with AkkaBeforeAndAfterA
    )
  }

-  final protected val adminToken: Option[String] = getToken(adminUserId)
+  final protected lazy val adminToken: Option[String] = getToken(adminUserId)

  final protected def getToken(
      userId: String,
--- a/triggers/service/auth/src/test/scala/com/daml/auth/middleware/oauth2/TestRequestTemplates.scala
+++ b/triggers/service/auth/src/test/scala/com/daml/auth/middleware/oauth2/TestRequestTemplates.scala
@ -6,15 +6,14 @@ package com.daml.auth.middleware.oauth2
 import java.io._
 import java.nio.file.Path
 import java.util.UUID
-
 import akka.http.scaladsl.model.Uri
 import com.daml.auth.middleware.api.Request.Claims
 import com.daml.auth.middleware.api.Tagged.RefreshToken
 import com.daml.ledger.api.refinements.ApiTypes.{ApplicationId, Party}
 import com.daml.scalautil.Statement.discard
-import org.scalatest._
-import org.scalatest.wordspec._
-import matchers.should._
+import org.scalatest.{PartialFunctionValues, TryValues}
+import org.scalatest.matchers.should.Matchers
+import org.scalatest.wordspec.AnyWordSpec

 class TestRequestTemplates
    extends AnyWordSpec
--- a/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/ConfigSpec.scala
+++ b/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/ConfigSpec.scala
@ -4,42 +4,36 @@
 package com.daml.lf.engine.trigger
 package test

-import java.nio.file.Paths
+import java.nio.file.{Path, Paths}
 import com.daml.ledger.api.domain.{ObjectMeta, User, UserRight}
-import com.daml.ledger.api.refinements.ApiTypes.Party
+import com.daml.ledger.api.refinements.ApiTypes.{ApplicationId, Party}
 import com.daml.ledger.api.testing.utils.SuiteResourceManagementAroundAll
-import com.daml.ledger.client.LedgerClient
-import com.daml.ledger.client.configuration.{
-  CommandClientConfiguration,
-  LedgerClientConfiguration,
-  LedgerIdRequirement,
-}
 import com.daml.lf.data.Ref
 import com.daml.lf.data.Ref.UserId
-import com.daml.platform.sandbox.fixture.SandboxFixture
+import com.daml.lf.integrationtest.CantonFixture
+import com.daml.lf.integrationtest.CantonFixture.{adminUserId, freshUserId}
+import com.daml.platform.services.time.TimeProviderType
 import com.google.protobuf.field_mask.FieldMask
 import io.grpc.StatusRuntimeException
 import io.grpc.Status.Code
 import org.scalatest.matchers.should.Matchers
 import org.scalatest.wordspec.AsyncWordSpec

-import java.io.File
 import scala.language.implicitConversions

 class ConfigSpec
    extends AsyncWordSpec
    with Matchers
-    with SandboxFixture
+    with CantonFixture
    with SuiteResourceManagementAroundAll {

-  private val clientConfig = LedgerClientConfiguration(
-    applicationId = "myappid",
-    ledgerIdRequirement = LedgerIdRequirement.none,
-    commandClient = CommandClientConfiguration.default,
-    token = None,
-  )
-
-  override protected val packageFiles: List[File] = List.empty
+  override protected def authSecret: Option[String] = None
+  override protected def darFiles: List[Path] = List.empty
+  override protected def devMode: Boolean = true
+  override protected def nParticipants: Int = 1
+  override protected def timeProviderType: TimeProviderType = TimeProviderType.Static
+  override protected def tlsEnable: Boolean = false
+  override protected def applicationId: ApplicationId = ApplicationId("myappid")

  private implicit def toParty(s: String): Party =
    Party(s)
@ -98,79 +92,92 @@ class ConfigSpec
  "resolveClaims" should {
    "succeed for user with primary party & actAs and readAs claims" in {
      for {
-        client <- LedgerClient(channel, clientConfig)
-        userId = randomUserId()
-        _ <- client.partyManagementClient.allocateParty(hint = Some("primary"), None, None)
-        _ <- client.partyManagementClient.allocateParty(hint = Some("alice"), None, None)
-        _ <- client.partyManagementClient.allocateParty(hint = Some("bob"), None, None)
-        _ <- client.userManagementClient.createUser(
-          User(userId, Some("primary"), metadata = ObjectMeta.empty),
+        adminClient <- defaultLedgerClient(getToken(adminUserId))
+        userId = Ref.UserId.assertFromString(freshUserId())
+        primary <- adminClient.partyManagementClient.allocateParty(
+          hint = Some("primary"),
+          None,
+          None,
+        )
+        alice <- adminClient.partyManagementClient.allocateParty(hint = Some("alice"), None, None)
+        bob <- adminClient.partyManagementClient.allocateParty(hint = Some("bob"), None, None)
+        _ <- adminClient.userManagementClient.createUser(
+          User(userId, Some(primary.party), metadata = ObjectMeta.empty),
          Seq(
-            UserRight.CanActAs("primary"),
-            UserRight.CanActAs("alice"),
-            UserRight.CanReadAs("bob"),
+            UserRight.CanActAs(primary.party),
+            UserRight.CanActAs(alice.party),
+            UserRight.CanReadAs(bob.party),
          ),
        )
-        r <- UserSpecification(userId).resolveClaims(client)
-      } yield r shouldBe TriggerParties("primary", Set("alice", "bob"))
+        r <- UserSpecification(userId).resolveClaims(adminClient)
+      } yield r shouldBe TriggerParties(primary.party, Set(alice.party, bob.party))
    }
    "fail for non-existent user" in {
      for {
-        client <- LedgerClient(channel, clientConfig)
+        adminClient <- defaultLedgerClient(getToken(adminUserId))
+        userId = Ref.UserId.assertFromString(freshUserId())
        ex <- recoverToExceptionIf[StatusRuntimeException](
-          UserSpecification(randomUserId()).resolveClaims(client)
+          UserSpecification(userId).resolveClaims(adminClient)
        )
      } yield ex.getStatus.getCode shouldBe Code.NOT_FOUND
    }
    "fail for user with no primary party" in {
      for {
-        client <- LedgerClient(channel, clientConfig)
-        userId = randomUserId()
-        _ <- client.userManagementClient.createUser(
+        adminClient <- defaultLedgerClient(getToken(adminUserId))
+        userId = Ref.UserId.assertFromString(freshUserId())
+        _ <- adminClient.userManagementClient.createUser(
          User(userId, None, metadata = ObjectMeta.empty),
          Seq.empty,
        )
        ex <- recoverToExceptionIf[IllegalArgumentException](
-          UserSpecification(userId).resolveClaims(client)
+          UserSpecification(userId).resolveClaims(adminClient)
        )
      } yield ex.getMessage should include("has no primary party")
    }
    "fail for user with no actAs claims for primary party" in {
      for {
-        client <- LedgerClient(channel, clientConfig)
-        userId = randomUserId()
-        _ <- client.userManagementClient.createUser(
+        adminClient <- defaultLedgerClient(getToken(adminUserId))
+        userId = Ref.UserId.assertFromString(freshUserId())
+        _ <- adminClient.userManagementClient.createUser(
          User(userId, Some("primary"), isDeactivated = false, ObjectMeta.empty),
          Seq.empty,
        )
        ex <- recoverToExceptionIf[IllegalArgumentException](
-          UserSpecification(userId).resolveClaims(client)
+          UserSpecification(userId).resolveClaims(adminClient)
        )
      } yield ex.getMessage should include("no actAs claims")
    }
    "succeed for user after primaryParty update" in {
      for {
-        client <- LedgerClient(channel, clientConfig)
-        userId = randomUserId()
-        _ <- client.partyManagementClient.allocateParty(hint = Some("original"), None, None)
-        _ <- client.partyManagementClient.allocateParty(hint = Some("updated"), None, None)
-        _ <- client.partyManagementClient.allocateParty(hint = Some("other"), None, None)
-        _ <- client.userManagementClient.createUser(
-          User(userId, Some("original"), metadata = ObjectMeta.empty),
+        adminClient <- defaultLedgerClient(getToken(adminUserId))
+        userId = Ref.UserId.assertFromString(freshUserId())
+        original <- adminClient.partyManagementClient.allocateParty(
+          hint = Some("original"),
+          None,
+          None,
+        )
+        updated <- adminClient.partyManagementClient.allocateParty(
+          hint = Some("updated"),
+          None,
+          None,
+        )
+        other <- adminClient.partyManagementClient.allocateParty(hint = Some("other"), None, None)
+        _ <- adminClient.userManagementClient.createUser(
+          User(userId, Some(original.party), metadata = ObjectMeta.empty),
          Seq(
-            UserRight.CanActAs("original"),
-            UserRight.CanActAs("updated"),
-            UserRight.CanReadAs("other"),
+            UserRight.CanActAs(original.party),
+            UserRight.CanActAs(updated.party),
+            UserRight.CanReadAs(other.party),
          ),
        )
-        _ <- client.userManagementClient.updateUser(
-          User(userId, Some("updated"), metadata = ObjectMeta.empty),
+        _ <- adminClient.userManagementClient.updateUser(
+          User(userId, Some(updated.party), metadata = ObjectMeta.empty),
          Some(FieldMask(Seq("primary_party"))),
          None,
        )

-        r <- UserSpecification(userId).resolveClaims(client)
-      } yield r shouldBe TriggerParties("updated", Set("other", "original"))
+        r <- UserSpecification(userId).resolveClaims(adminClient)
+      } yield r shouldBe TriggerParties(updated.party, Set(other.party, original.party))
    }
  }
 }
--- a/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Jwt.scala
+++ b/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Jwt.scala
@ -4,41 +4,19 @@
 package com.daml.lf.engine.trigger.test

 import akka.stream.scaladsl.Flow
-import com.daml.ledger.api.refinements.ApiTypes.ApplicationId
-import com.daml.ledger.api.testing.utils.SuiteResourceManagementAroundAll
+import com.daml.ledger.api.domain
 import com.daml.ledger.api.v1.commands.CreateCommand
 import com.daml.ledger.api.v1.{value => LedgerApi}
-import com.daml.ledger.client.configuration.LedgerClientConfiguration
+import com.daml.lf.data.Ref
 import com.daml.lf.data.Ref._
 import com.daml.lf.engine.trigger.Runner.TriggerContext
 import com.daml.lf.engine.trigger.TriggerMsg
-import com.daml.platform.sandbox.SandboxRequiringAuthorization
-import com.daml.platform.sandbox.fixture.SandboxFixture
+import com.daml.lf.integrationtest.CantonFixture.{adminUserId, freshUserId}
 import org.scalatest._
 import org.scalatest.matchers.should.Matchers
 import org.scalatest.wordspec.AsyncWordSpec

-class Jwt
-    extends AsyncWordSpec
-    with AbstractTriggerTest
-    with SandboxFixture
-    with SandboxRequiringAuthorization
-    with Matchers
-    with SuiteResourceManagementAroundAll
-    with TryValues {
-  self: Suite =>
-
-  import AbstractTriggerTest._
-
-  // Override to make sure we set it correctly.
-  override protected implicit val applicationId: ApplicationId = ApplicationId("custom app id")
-
-  override protected def ledgerClientConfiguration: LedgerClientConfiguration =
-    super.ledgerClientConfiguration.copy(
-      token = Some(toHeader(forApplicationId("custom app id", readWriteToken(party))))
-    )
-
-  private val party = "AliceAuth"
+class Jwt extends AsyncWordSpec with AbstractTriggerTestWithCanton with Matchers with TryValues {

  "Jwt" can {
    // We just need something simple to test the connection.
@ -56,15 +34,14 @@ class Jwt
      )
    "1 create" in {
      for {
-        adminClient <- ledgerClient(config =
-          Some(
-            ledgerClientConfiguration.copy(
-              token = Some(toHeader(forApplicationId("custom app id", adminToken)))
-            )
-          )
-        )
-        _ <- adminClient.partyManagementClient.allocateParty(Some(party), None)
-        client <- ledgerClient()
+        adminClient <- defaultLedgerClient(getToken(adminUserId))
+        userId = Ref.UserId.assertFromString(freshUserId())
+        partyDetails <- adminClient.partyManagementClient.allocateParty(None, None)
+        party = partyDetails.party
+        user = domain.User(userId, None)
+        rights = Seq(domain.UserRight.CanActAs(party))
+        _ <- adminClient.userManagementClient.createUser(user, rights)
+        client <- defaultLedgerClient(getToken(userId))
        runner = getRunner(client, QualifiedName.assertFromString("ACS:test"), party)
        (acs, offset) <- runner.queryACS()
        // Start the future here
--- a/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Tls.scala
+++ b/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Tls.scala
@ -4,13 +4,8 @@
 package com.daml.lf.engine.trigger.test

 import akka.stream.scaladsl.Flow
-import com.daml.bazeltools.BazelRunfiles._
-import com.daml.ledger.api.testing.utils.SuiteResourceManagementAroundAll
-import com.daml.ledger.api.tls.TlsConfiguration
 import com.daml.ledger.api.v1.commands.CreateCommand
 import com.daml.ledger.api.v1.{value => LedgerApi}
-import com.daml.ledger.runner.common.Config
-import com.daml.ledger.sandbox.SandboxOnXForTest.{ApiServerConfig, singleParticipant}
 import com.daml.lf.data.Ref._
 import com.daml.lf.engine.trigger.Runner.TriggerContext
 import com.daml.lf.engine.trigger.TriggerMsg
@ -18,37 +13,9 @@ import org.scalatest._
 import org.scalatest.matchers.should.Matchers
 import org.scalatest.wordspec.AsyncWordSpec

-import java.io.File
+class Tls extends AsyncWordSpec with AbstractTriggerTestWithCanton with Matchers with TryValues {

-class Tls
-    extends AsyncWordSpec
-    with AbstractTriggerTest
-    with Matchers
-    with SuiteResourceManagementAroundAll
-    with TryValues {
-  self: Suite =>
-
-  import AbstractTriggerTest._
-
-  val List(serverCrt, serverPem, caCrt, clientCrt, clientPem) = {
-    List("server.crt", "server.pem", "ca.crt", "client.crt", "client.pem").map { src =>
-      Some(new File(rlocation("test-common/test-certificates/" + src)))
-    }
-  }
-
-  private val tlsConfig = TlsConfiguration(enabled = true, serverCrt, serverPem, caCrt)
-
-  override protected def config: Config = super.config.copy(
-    participants = singleParticipant(
-      ApiServerConfig.copy(
-        tls = Some(tlsConfig)
-      )
-    )
-  )
-
-  override protected def ledgerClientChannelConfiguration =
-    super.ledgerClientChannelConfiguration
-      .copy(sslContext = tlsConfig.client())
+  override protected def tlsEnable: Boolean = true

  "TLS" can {
    // We just need something simple to test the connection.
@ -65,7 +32,7 @@ class Tls
      )
    "1 create" in {
      for {
-        client <- ledgerClient()
+        client <- defaultLedgerClient()
        party <- allocateParty(client)
        runner = getRunner(client, QualifiedName.assertFromString("ACS:test"), party)
        (acs, offset) <- runner.queryACS()