From 3850f7fe0c9f72afadf2870cbd52c0876fd9fcdf Mon Sep 17 00:00:00 2001 From: Carl Pulley <106966370+carlpulley-da@users.noreply.github.com> Date: Tue, 11 Apr 2023 17:03:46 +0100 Subject: [PATCH] Jwt, Tls and ConfigSpec test migration to Canton (#16663) --- .../src/main/com/daml/lf/CantonFixture.scala | 4 +- .../oauth2/TestRequestTemplates.scala | 7 +- .../lf/engine/trigger/test/ConfigSpec.scala | 117 ++++++++++-------- .../daml/lf/engine/trigger/test/Jwt.scala | 47 ++----- .../daml/lf/engine/trigger/test/Tls.scala | 39 +----- 5 files changed, 82 insertions(+), 132 deletions(-) diff --git a/daml-lf/integration-test-lib/src/main/com/daml/lf/CantonFixture.scala b/daml-lf/integration-test-lib/src/main/com/daml/lf/CantonFixture.scala index 452f81fb81c..8ddfb16ef7e 100644 --- a/daml-lf/integration-test-lib/src/main/com/daml/lf/CantonFixture.scala +++ b/daml-lf/integration-test-lib/src/main/com/daml/lf/CantonFixture.scala @@ -139,7 +139,7 @@ trait CantonFixture extends SuiteResource[Vector[Port]] with AkkaBeforeAndAfterA val domainAdminApi = LockedFreePort.find() val cantonPath = rlocation( - "external/canton/lib/canton-open-source-2.7.0-SNAPSHOT.jar" + "external/canton/lib/canton-open-source-2.7.0-SNAPSHOT.jar" // FIXME: remove hard coded version!! ) val exe = if (sys.props("os.name").toLowerCase.contains("windows")) ".exe" else "" val java = s"${System.getenv("JAVA_HOME")}/bin/java${exe}" @@ -260,7 +260,7 @@ trait CantonFixture extends SuiteResource[Vector[Port]] with AkkaBeforeAndAfterA ) } - final protected val adminToken: Option[String] = getToken(adminUserId) + final protected lazy val adminToken: Option[String] = getToken(adminUserId) final protected def getToken( userId: String, diff --git a/triggers/service/auth/src/test/scala/com/daml/auth/middleware/oauth2/TestRequestTemplates.scala b/triggers/service/auth/src/test/scala/com/daml/auth/middleware/oauth2/TestRequestTemplates.scala index 6f8d1652ab7..aa302fd728e 100644 --- a/triggers/service/auth/src/test/scala/com/daml/auth/middleware/oauth2/TestRequestTemplates.scala +++ b/triggers/service/auth/src/test/scala/com/daml/auth/middleware/oauth2/TestRequestTemplates.scala @@ -6,15 +6,14 @@ package com.daml.auth.middleware.oauth2 import java.io._ import java.nio.file.Path import java.util.UUID - import akka.http.scaladsl.model.Uri import com.daml.auth.middleware.api.Request.Claims import com.daml.auth.middleware.api.Tagged.RefreshToken import com.daml.ledger.api.refinements.ApiTypes.{ApplicationId, Party} import com.daml.scalautil.Statement.discard -import org.scalatest._ -import org.scalatest.wordspec._ -import matchers.should._ +import org.scalatest.{PartialFunctionValues, TryValues} +import org.scalatest.matchers.should.Matchers +import org.scalatest.wordspec.AnyWordSpec class TestRequestTemplates extends AnyWordSpec diff --git a/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/ConfigSpec.scala b/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/ConfigSpec.scala index 3345e03146e..67566418e4c 100644 --- a/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/ConfigSpec.scala +++ b/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/ConfigSpec.scala @@ -4,42 +4,36 @@ package com.daml.lf.engine.trigger package test -import java.nio.file.Paths +import java.nio.file.{Path, Paths} import com.daml.ledger.api.domain.{ObjectMeta, User, UserRight} -import com.daml.ledger.api.refinements.ApiTypes.Party +import com.daml.ledger.api.refinements.ApiTypes.{ApplicationId, Party} import com.daml.ledger.api.testing.utils.SuiteResourceManagementAroundAll -import com.daml.ledger.client.LedgerClient -import com.daml.ledger.client.configuration.{ - CommandClientConfiguration, - LedgerClientConfiguration, - LedgerIdRequirement, -} import com.daml.lf.data.Ref import com.daml.lf.data.Ref.UserId -import com.daml.platform.sandbox.fixture.SandboxFixture +import com.daml.lf.integrationtest.CantonFixture +import com.daml.lf.integrationtest.CantonFixture.{adminUserId, freshUserId} +import com.daml.platform.services.time.TimeProviderType import com.google.protobuf.field_mask.FieldMask import io.grpc.StatusRuntimeException import io.grpc.Status.Code import org.scalatest.matchers.should.Matchers import org.scalatest.wordspec.AsyncWordSpec -import java.io.File import scala.language.implicitConversions class ConfigSpec extends AsyncWordSpec with Matchers - with SandboxFixture + with CantonFixture with SuiteResourceManagementAroundAll { - private val clientConfig = LedgerClientConfiguration( - applicationId = "myappid", - ledgerIdRequirement = LedgerIdRequirement.none, - commandClient = CommandClientConfiguration.default, - token = None, - ) - - override protected val packageFiles: List[File] = List.empty + override protected def authSecret: Option[String] = None + override protected def darFiles: List[Path] = List.empty + override protected def devMode: Boolean = true + override protected def nParticipants: Int = 1 + override protected def timeProviderType: TimeProviderType = TimeProviderType.Static + override protected def tlsEnable: Boolean = false + override protected def applicationId: ApplicationId = ApplicationId("myappid") private implicit def toParty(s: String): Party = Party(s) @@ -98,79 +92,92 @@ class ConfigSpec "resolveClaims" should { "succeed for user with primary party & actAs and readAs claims" in { for { - client <- LedgerClient(channel, clientConfig) - userId = randomUserId() - _ <- client.partyManagementClient.allocateParty(hint = Some("primary"), None, None) - _ <- client.partyManagementClient.allocateParty(hint = Some("alice"), None, None) - _ <- client.partyManagementClient.allocateParty(hint = Some("bob"), None, None) - _ <- client.userManagementClient.createUser( - User(userId, Some("primary"), metadata = ObjectMeta.empty), + adminClient <- defaultLedgerClient(getToken(adminUserId)) + userId = Ref.UserId.assertFromString(freshUserId()) + primary <- adminClient.partyManagementClient.allocateParty( + hint = Some("primary"), + None, + None, + ) + alice <- adminClient.partyManagementClient.allocateParty(hint = Some("alice"), None, None) + bob <- adminClient.partyManagementClient.allocateParty(hint = Some("bob"), None, None) + _ <- adminClient.userManagementClient.createUser( + User(userId, Some(primary.party), metadata = ObjectMeta.empty), Seq( - UserRight.CanActAs("primary"), - UserRight.CanActAs("alice"), - UserRight.CanReadAs("bob"), + UserRight.CanActAs(primary.party), + UserRight.CanActAs(alice.party), + UserRight.CanReadAs(bob.party), ), ) - r <- UserSpecification(userId).resolveClaims(client) - } yield r shouldBe TriggerParties("primary", Set("alice", "bob")) + r <- UserSpecification(userId).resolveClaims(adminClient) + } yield r shouldBe TriggerParties(primary.party, Set(alice.party, bob.party)) } "fail for non-existent user" in { for { - client <- LedgerClient(channel, clientConfig) + adminClient <- defaultLedgerClient(getToken(adminUserId)) + userId = Ref.UserId.assertFromString(freshUserId()) ex <- recoverToExceptionIf[StatusRuntimeException]( - UserSpecification(randomUserId()).resolveClaims(client) + UserSpecification(userId).resolveClaims(adminClient) ) } yield ex.getStatus.getCode shouldBe Code.NOT_FOUND } "fail for user with no primary party" in { for { - client <- LedgerClient(channel, clientConfig) - userId = randomUserId() - _ <- client.userManagementClient.createUser( + adminClient <- defaultLedgerClient(getToken(adminUserId)) + userId = Ref.UserId.assertFromString(freshUserId()) + _ <- adminClient.userManagementClient.createUser( User(userId, None, metadata = ObjectMeta.empty), Seq.empty, ) ex <- recoverToExceptionIf[IllegalArgumentException]( - UserSpecification(userId).resolveClaims(client) + UserSpecification(userId).resolveClaims(adminClient) ) } yield ex.getMessage should include("has no primary party") } "fail for user with no actAs claims for primary party" in { for { - client <- LedgerClient(channel, clientConfig) - userId = randomUserId() - _ <- client.userManagementClient.createUser( + adminClient <- defaultLedgerClient(getToken(adminUserId)) + userId = Ref.UserId.assertFromString(freshUserId()) + _ <- adminClient.userManagementClient.createUser( User(userId, Some("primary"), isDeactivated = false, ObjectMeta.empty), Seq.empty, ) ex <- recoverToExceptionIf[IllegalArgumentException]( - UserSpecification(userId).resolveClaims(client) + UserSpecification(userId).resolveClaims(adminClient) ) } yield ex.getMessage should include("no actAs claims") } "succeed for user after primaryParty update" in { for { - client <- LedgerClient(channel, clientConfig) - userId = randomUserId() - _ <- client.partyManagementClient.allocateParty(hint = Some("original"), None, None) - _ <- client.partyManagementClient.allocateParty(hint = Some("updated"), None, None) - _ <- client.partyManagementClient.allocateParty(hint = Some("other"), None, None) - _ <- client.userManagementClient.createUser( - User(userId, Some("original"), metadata = ObjectMeta.empty), + adminClient <- defaultLedgerClient(getToken(adminUserId)) + userId = Ref.UserId.assertFromString(freshUserId()) + original <- adminClient.partyManagementClient.allocateParty( + hint = Some("original"), + None, + None, + ) + updated <- adminClient.partyManagementClient.allocateParty( + hint = Some("updated"), + None, + None, + ) + other <- adminClient.partyManagementClient.allocateParty(hint = Some("other"), None, None) + _ <- adminClient.userManagementClient.createUser( + User(userId, Some(original.party), metadata = ObjectMeta.empty), Seq( - UserRight.CanActAs("original"), - UserRight.CanActAs("updated"), - UserRight.CanReadAs("other"), + UserRight.CanActAs(original.party), + UserRight.CanActAs(updated.party), + UserRight.CanReadAs(other.party), ), ) - _ <- client.userManagementClient.updateUser( - User(userId, Some("updated"), metadata = ObjectMeta.empty), + _ <- adminClient.userManagementClient.updateUser( + User(userId, Some(updated.party), metadata = ObjectMeta.empty), Some(FieldMask(Seq("primary_party"))), None, ) - r <- UserSpecification(userId).resolveClaims(client) - } yield r shouldBe TriggerParties("updated", Set("other", "original")) + r <- UserSpecification(userId).resolveClaims(adminClient) + } yield r shouldBe TriggerParties(updated.party, Set(other.party, original.party)) } } } diff --git a/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Jwt.scala b/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Jwt.scala index 4a1eb8172a0..4df4d914d93 100644 --- a/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Jwt.scala +++ b/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Jwt.scala @@ -4,41 +4,19 @@ package com.daml.lf.engine.trigger.test import akka.stream.scaladsl.Flow -import com.daml.ledger.api.refinements.ApiTypes.ApplicationId -import com.daml.ledger.api.testing.utils.SuiteResourceManagementAroundAll +import com.daml.ledger.api.domain import com.daml.ledger.api.v1.commands.CreateCommand import com.daml.ledger.api.v1.{value => LedgerApi} -import com.daml.ledger.client.configuration.LedgerClientConfiguration +import com.daml.lf.data.Ref import com.daml.lf.data.Ref._ import com.daml.lf.engine.trigger.Runner.TriggerContext import com.daml.lf.engine.trigger.TriggerMsg -import com.daml.platform.sandbox.SandboxRequiringAuthorization -import com.daml.platform.sandbox.fixture.SandboxFixture +import com.daml.lf.integrationtest.CantonFixture.{adminUserId, freshUserId} import org.scalatest._ import org.scalatest.matchers.should.Matchers import org.scalatest.wordspec.AsyncWordSpec -class Jwt - extends AsyncWordSpec - with AbstractTriggerTest - with SandboxFixture - with SandboxRequiringAuthorization - with Matchers - with SuiteResourceManagementAroundAll - with TryValues { - self: Suite => - - import AbstractTriggerTest._ - - // Override to make sure we set it correctly. - override protected implicit val applicationId: ApplicationId = ApplicationId("custom app id") - - override protected def ledgerClientConfiguration: LedgerClientConfiguration = - super.ledgerClientConfiguration.copy( - token = Some(toHeader(forApplicationId("custom app id", readWriteToken(party)))) - ) - - private val party = "AliceAuth" +class Jwt extends AsyncWordSpec with AbstractTriggerTestWithCanton with Matchers with TryValues { "Jwt" can { // We just need something simple to test the connection. @@ -56,15 +34,14 @@ class Jwt ) "1 create" in { for { - adminClient <- ledgerClient(config = - Some( - ledgerClientConfiguration.copy( - token = Some(toHeader(forApplicationId("custom app id", adminToken))) - ) - ) - ) - _ <- adminClient.partyManagementClient.allocateParty(Some(party), None) - client <- ledgerClient() + adminClient <- defaultLedgerClient(getToken(adminUserId)) + userId = Ref.UserId.assertFromString(freshUserId()) + partyDetails <- adminClient.partyManagementClient.allocateParty(None, None) + party = partyDetails.party + user = domain.User(userId, None) + rights = Seq(domain.UserRight.CanActAs(party)) + _ <- adminClient.userManagementClient.createUser(user, rights) + client <- defaultLedgerClient(getToken(userId)) runner = getRunner(client, QualifiedName.assertFromString("ACS:test"), party) (acs, offset) <- runner.queryACS() // Start the future here diff --git a/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Tls.scala b/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Tls.scala index 030e5809650..9219866c3a0 100644 --- a/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Tls.scala +++ b/triggers/tests/src/test/scala/com/digitalasset/daml/lf/engine/trigger/test/Tls.scala @@ -4,13 +4,8 @@ package com.daml.lf.engine.trigger.test import akka.stream.scaladsl.Flow -import com.daml.bazeltools.BazelRunfiles._ -import com.daml.ledger.api.testing.utils.SuiteResourceManagementAroundAll -import com.daml.ledger.api.tls.TlsConfiguration import com.daml.ledger.api.v1.commands.CreateCommand import com.daml.ledger.api.v1.{value => LedgerApi} -import com.daml.ledger.runner.common.Config -import com.daml.ledger.sandbox.SandboxOnXForTest.{ApiServerConfig, singleParticipant} import com.daml.lf.data.Ref._ import com.daml.lf.engine.trigger.Runner.TriggerContext import com.daml.lf.engine.trigger.TriggerMsg @@ -18,37 +13,9 @@ import org.scalatest._ import org.scalatest.matchers.should.Matchers import org.scalatest.wordspec.AsyncWordSpec -import java.io.File +class Tls extends AsyncWordSpec with AbstractTriggerTestWithCanton with Matchers with TryValues { -class Tls - extends AsyncWordSpec - with AbstractTriggerTest - with Matchers - with SuiteResourceManagementAroundAll - with TryValues { - self: Suite => - - import AbstractTriggerTest._ - - val List(serverCrt, serverPem, caCrt, clientCrt, clientPem) = { - List("server.crt", "server.pem", "ca.crt", "client.crt", "client.pem").map { src => - Some(new File(rlocation("test-common/test-certificates/" + src))) - } - } - - private val tlsConfig = TlsConfiguration(enabled = true, serverCrt, serverPem, caCrt) - - override protected def config: Config = super.config.copy( - participants = singleParticipant( - ApiServerConfig.copy( - tls = Some(tlsConfig) - ) - ) - ) - - override protected def ledgerClientChannelConfiguration = - super.ledgerClientChannelConfiguration - .copy(sslContext = tlsConfig.client()) + override protected def tlsEnable: Boolean = true "TLS" can { // We just need something simple to test the connection. @@ -65,7 +32,7 @@ class Tls ) "1 create" in { for { - client <- ledgerClient() + client <- defaultLedgerClient() party <- allocateParty(client) runner = getRunner(client, QualifiedName.assertFromString("ACS:test"), party) (acs, offset) <- runner.queryACS()