From 0fdff649b5620f76b4b8c9964fac3c53aea089a8 Mon Sep 17 00:00:00 2001 From: Sally MacFarlane Date: Wed, 17 Jun 2020 17:34:07 +1000 Subject: [PATCH] Permissioning configs accept allowlist as well as whitelist (#1081) * change whitelist -> allowlist in permissioning configs * fix logic for using alternate whitelist key Signed-off-by: Sally MacFarlane Co-authored-by: mark-terry <36909937+mark-terry@users.noreply.github.com> --- .../PermissioningConfigurationValidator.java | 2 +- .../hyperledger/besu/cli/BesuCommandTest.java | 26 +++++----- ...rmissioningConfigurationValidatorTest.java | 4 +- .../test/resources/permissioning_config.toml | 4 +- ...ermissioning_config_ropsten_bootnodes.toml | 4 +- .../permissioning/AllowlistPersistor.java | 4 +- .../PermissioningConfigurationBuilder.java | 35 ++++++++++--- ...ocalConfigPermissioningControllerTest.java | 12 ++--- .../permissioning/AllowlistPersistorTest.java | 2 +- ...PermissioningConfigurationBuilderTest.java | 52 +++++++++++++------ ...ocalConfigPermissioningControllerTest.java | 24 ++++----- .../test/resources/permissioning_config.toml | 4 +- ...rmissioning_config_absent_allowlists.toml} | 2 +- ...sioning_config_account_allowlist_only.toml | 3 ++ ...sioning_config_account_whitelist_only.toml | 3 -- ...ermissioning_config_empty_allowlists.toml} | 4 +- .../permissioning_config_invalid_account.toml | 4 +- .../permissioning_config_invalid_enode.toml | 4 +- ...missioning_config_node_allowlist_only.toml | 3 ++ ...config_node_allowlist_only_multiline.toml} | 4 +- ...missioning_config_node_whitelist_only.toml | 3 -- ...permissioning_config_unrecognized_key.toml | 2 +- .../permissioning_config_whitelists.toml | 6 +++ 23 files changed, 130 insertions(+), 81 deletions(-) rename ethereum/permissioning/src/test/resources/{permissioning_config_absent_whitelists.toml => permissioning_config_absent_allowlists.toml} (69%) create mode 100644 ethereum/permissioning/src/test/resources/permissioning_config_account_allowlist_only.toml delete mode 100644 ethereum/permissioning/src/test/resources/permissioning_config_account_whitelist_only.toml rename ethereum/permissioning/src/test/resources/{permissioning_config_empty_whitelists.toml => permissioning_config_empty_allowlists.toml} (51%) create mode 100644 ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only.toml rename ethereum/permissioning/src/test/resources/{permissioning_config_node_whitelist_only_multiline.toml => permissioning_config_node_allowlist_only_multiline.toml} (92%) delete mode 100644 ethereum/permissioning/src/test/resources/permissioning_config_node_whitelist_only.toml create mode 100644 ethereum/permissioning/src/test/resources/permissioning_config_whitelists.toml diff --git a/besu/src/main/java/org/hyperledger/besu/util/PermissioningConfigurationValidator.java b/besu/src/main/java/org/hyperledger/besu/util/PermissioningConfigurationValidator.java index 19bbc65324..3d0f269212 100644 --- a/besu/src/main/java/org/hyperledger/besu/util/PermissioningConfigurationValidator.java +++ b/besu/src/main/java/org/hyperledger/besu/util/PermissioningConfigurationValidator.java @@ -43,7 +43,7 @@ public class PermissioningConfigurationValidator { if (!nodeURIsNotInAllowlist.isEmpty()) { throw new Exception( - "Specified node(s) not in nodes-whitelist " + enodesAsStrings(nodeURIsNotInAllowlist)); + "Specified node(s) not in nodes-allowlist " + enodesAsStrings(nodeURIsNotInAllowlist)); } } } diff --git a/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java b/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java index 167a8cdf09..20cee987b4 100644 --- a/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java +++ b/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java @@ -2014,7 +2014,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistAcceptsSingleArgument() { + public void rpcHttpHostAllowlistAcceptsSingleArgument() { parseCommand("--host-whitelist", "a"); verify(mockRunnerBuilder).jsonRpcConfiguration(jsonRpcConfigArgumentCaptor.capture()); @@ -2030,7 +2030,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistAcceptsMultipleArguments() { + public void rpcHttpHostAllowlistAcceptsMultipleArguments() { parseCommand("--host-whitelist", "a,b"); verify(mockRunnerBuilder).jsonRpcConfiguration(jsonRpcConfigArgumentCaptor.capture()); @@ -2046,7 +2046,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistAcceptsDoubleComma() { + public void rpcHttpHostAllowlistAcceptsDoubleComma() { parseCommand("--host-whitelist", "a,,b"); verify(mockRunnerBuilder).jsonRpcConfiguration(jsonRpcConfigArgumentCaptor.capture()); @@ -2062,7 +2062,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistAcceptsMultipleFlags() { + public void rpcHttpHostAllowlistAcceptsMultipleFlags() { parseCommand("--host-whitelist=a", "--host-whitelist=b"); verify(mockRunnerBuilder).jsonRpcConfiguration(jsonRpcConfigArgumentCaptor.capture()); @@ -2078,7 +2078,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistStarWithAnotherHostnameMustFail() { + public void rpcHttpHostAllowlistStarWithAnotherHostnameMustFail() { final String[] origins = {"friend", "*"}; parseCommand("--host-whitelist", String.join(",", origins)); @@ -2090,7 +2090,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistStarWithAnotherHostnameMustFailStarFirst() { + public void rpcHttpHostAllowlistStarWithAnotherHostnameMustFailStarFirst() { final String[] origins = {"*", "friend"}; parseCommand("--host-whitelist", String.join(",", origins)); @@ -2102,7 +2102,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistAllWithAnotherHostnameMustFail() { + public void rpcHttpHostAllowlistAllWithAnotherHostnameMustFail() { final String[] origins = {"friend", "all"}; parseCommand("--host-whitelist", String.join(",", origins)); @@ -2114,7 +2114,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistWithNoneMustBuildEmptyList() { + public void rpcHttpHostAllowlistWithNoneMustBuildEmptyList() { final String[] origins = {"none"}; parseCommand("--host-whitelist", String.join(",", origins)); @@ -2128,7 +2128,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistNoneWithAnotherDomainMustFail() { + public void rpcHttpHostAllowlistNoneWithAnotherDomainMustFail() { final String[] origins = {"http://domain1.com", "none"}; parseCommand("--host-whitelist", String.join(",", origins)); @@ -2140,7 +2140,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistNoneWithAnotherDomainMustFailNoneFirst() { + public void rpcHttpHostAllowlistNoneWithAnotherDomainMustFailNoneFirst() { final String[] origins = {"none", "http://domain1.com"}; parseCommand("--host-whitelist", String.join(",", origins)); @@ -2152,7 +2152,7 @@ public class BesuCommandTest extends CommandTestAbstract { } @Test - public void rpcHttpHostWhitelistEmptyValueFails() { + public void rpcHttpHostAllowlistEmptyValueFails() { parseCommand("--host-whitelist="); Mockito.verifyZeroInteractions(mockRunnerBuilder); @@ -3079,7 +3079,7 @@ public class BesuCommandTest extends CommandTestAbstract { staticNodesFile.toPath(), ("[\"" + staticNodeURI.toString() + "\"]").getBytes(UTF_8)); Files.write( permissioningConfig.toPath(), - ("nodes-whitelist=[\"" + allowedNode.toString() + "\"]").getBytes(UTF_8)); + ("nodes-allowlist=[\"" + allowedNode.toString() + "\"]").getBytes(UTF_8)); parseCommand( "--data-path=" + testFolder.getRoot().getPath(), @@ -3087,7 +3087,7 @@ public class BesuCommandTest extends CommandTestAbstract { "--permissions-nodes-config-file-enabled=true", "--permissions-nodes-config-file=" + permissioningConfig.getPath()); assertThat(commandErrorOutput.toString()) - .contains(staticNodeURI.toString(), "not in nodes-whitelist"); + .contains(staticNodeURI.toString(), "not in nodes-allowlist"); } @Test diff --git a/besu/src/test/java/org/hyperledger/besu/util/LocalPermissioningConfigurationValidatorTest.java b/besu/src/test/java/org/hyperledger/besu/util/LocalPermissioningConfigurationValidatorTest.java index 1003f404dd..63b80138c4 100644 --- a/besu/src/test/java/org/hyperledger/besu/util/LocalPermissioningConfigurationValidatorTest.java +++ b/besu/src/test/java/org/hyperledger/besu/util/LocalPermissioningConfigurationValidatorTest.java @@ -81,9 +81,9 @@ public class LocalPermissioningConfigurationValidatorTest { .collect(Collectors.toList()); PermissioningConfigurationValidator.areAllNodesAreInAllowlist( enodeURIs, permissioningConfiguration); - fail("expected exception because ropsten bootnodes are not in node-whitelist"); + fail("expected exception because ropsten bootnodes are not in node-allowlist"); } catch (Exception e) { - assertThat(e.getMessage()).startsWith("Specified node(s) not in nodes-whitelist"); + assertThat(e.getMessage()).startsWith("Specified node(s) not in nodes-allowlist"); assertThat(e.getMessage()) .contains( "enode://6332792c4a00e3e4ee0926ed89e0d27ef985424d97b6a45bf0f23e51f0dcb5e66b875777506458aea7af6f9e4ffb69f43f3778ee73c81ed9d34c51c4b16b0b0f@52.232.243.152:30303"); diff --git a/besu/src/test/resources/permissioning_config.toml b/besu/src/test/resources/permissioning_config.toml index 0457556cfd..fa2a68335f 100644 --- a/besu/src/test/resources/permissioning_config.toml +++ b/besu/src/test/resources/permissioning_config.toml @@ -1,4 +1,4 @@ # Permissioning TOML file -accounts-whitelist=["0x0000000000000000000000000000000000000009"] -nodes-whitelist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"] +accounts-allowlist=["0x0000000000000000000000000000000000000009"] +nodes-allowlist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"] diff --git a/besu/src/test/resources/permissioning_config_ropsten_bootnodes.toml b/besu/src/test/resources/permissioning_config_ropsten_bootnodes.toml index bc5e778d0f..df6df20546 100644 --- a/besu/src/test/resources/permissioning_config_ropsten_bootnodes.toml +++ b/besu/src/test/resources/permissioning_config_ropsten_bootnodes.toml @@ -1,7 +1,7 @@ # Permissioning TOML file -accounts-whitelist=["0x0000000000000000000000000000000000000009"] -nodes-whitelist=["enode://6332792c4a00e3e4ee0926ed89e0d27ef985424d97b6a45bf0f23e51f0dcb5e66b875777506458aea7af6f9e4ffb69f43f3778ee73c81ed9d34c51c4b16b0b0f@52.232.243.152:30303", +accounts-allowlist=["0x0000000000000000000000000000000000000009"] +nodes-allowlist=["enode://6332792c4a00e3e4ee0926ed89e0d27ef985424d97b6a45bf0f23e51f0dcb5e66b875777506458aea7af6f9e4ffb69f43f3778ee73c81ed9d34c51c4b16b0b0f@52.232.243.152:30303", "enode://94c15d1b9e2fe7ce56e458b9a3b672ef11894ddedd0c6f247e0f1d3487f52b66208fb4aeb8179fce6e3a749ea93ed147c37976d67af557508d199d9594c35f09@192.81.208.223:30303", "enode://30b7ab30a01c124a6cceca36863ece12c4f5fa68e3ba9b0b51407ccc002eeed3b3102d20a88f1c1d3c3154e2449317b8ef95090e77b312d5cc39354f86d5d606@52.176.7.10:30303", "enode://865a63255b3bb68023b6bffd5095118fcc13e79dcf014fe4e47e065c350c7cc72af2e53eff895f11ba1bbb6a2b33271c1116ee870f266618eadfc2e78aa7349c@52.176.100.77:30303"] diff --git a/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistor.java b/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistor.java index 9848d8ae7d..1f4e583e6c 100644 --- a/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistor.java +++ b/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistor.java @@ -37,8 +37,8 @@ public class AllowlistPersistor { private final File configurationFile; public enum ALLOWLIST_TYPE { - ACCOUNTS("accounts-whitelist"), - NODES("nodes-whitelist"); + ACCOUNTS("accounts-allowlist"), + NODES("nodes-allowlist"); private final String tomlKey; diff --git a/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/PermissioningConfigurationBuilder.java b/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/PermissioningConfigurationBuilder.java index 6d46ba552c..e194424727 100644 --- a/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/PermissioningConfigurationBuilder.java +++ b/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/PermissioningConfigurationBuilder.java @@ -26,8 +26,10 @@ import org.apache.tuweni.toml.TomlParseResult; public class PermissioningConfigurationBuilder { - public static final String ACCOUNTS_WHITELIST_KEY = "accounts-whitelist"; - public static final String NODES_WHITELIST_KEY = "nodes-whitelist"; + @Deprecated public static final String ACCOUNTS_WHITELIST_KEY = "accounts-whitelist"; + @Deprecated public static final String NODES_WHITELIST_KEY = "nodes-whitelist"; + public static final String ACCOUNTS_ALLOWLIST_KEY = "accounts-allowlist"; + public static final String NODES_ALLOWLIST_KEY = "nodes-allowlist"; public static SmartContractPermissioningConfiguration smartContractPermissioningConfiguration( final Address address, final boolean smartContractPermissionedNodeEnabled) { @@ -65,7 +67,8 @@ public class PermissioningConfigurationBuilder { if (localConfigNodePermissioningEnabled) { final TomlParseResult nodePermissioningToml = readToml(nodePermissioningConfigFilepath); - final TomlArray nodeWhitelistTomlArray = nodePermissioningToml.getArray(NODES_WHITELIST_KEY); + final TomlArray nodeWhitelistTomlArray = + getAllowlistArray(nodePermissioningToml, NODES_ALLOWLIST_KEY, NODES_WHITELIST_KEY); permissioningConfiguration.setNodePermissioningConfigFilePath( nodePermissioningConfigFilepath); @@ -81,7 +84,7 @@ public class PermissioningConfigurationBuilder { permissioningConfiguration.setNodeAllowlist(nodesWhitelistToml); } else { throw new Exception( - NODES_WHITELIST_KEY + NODES_ALLOWLIST_KEY + " config option missing in TOML config file " + nodePermissioningConfigFilepath); } @@ -98,7 +101,8 @@ public class PermissioningConfigurationBuilder { if (localConfigAccountPermissioningEnabled) { final TomlParseResult accountPermissioningToml = readToml(accountPermissioningConfigFilepath); final TomlArray accountWhitelistTomlArray = - accountPermissioningToml.getArray(ACCOUNTS_WHITELIST_KEY); + getAllowlistArray( + accountPermissioningToml, ACCOUNTS_ALLOWLIST_KEY, ACCOUNTS_WHITELIST_KEY); permissioningConfiguration.setAccountPermissioningConfigFilePath( accountPermissioningConfigFilepath); @@ -122,7 +126,7 @@ public class PermissioningConfigurationBuilder { permissioningConfiguration.setAccountAllowlist(accountsWhitelistToml); } else { throw new Exception( - ACCOUNTS_WHITELIST_KEY + ACCOUNTS_ALLOWLIST_KEY + " config option missing in TOML config file " + accountPermissioningConfigFilepath); } @@ -131,6 +135,25 @@ public class PermissioningConfigurationBuilder { return permissioningConfiguration; } + /** + * This method allows support for both keys for now. Whitelist TOML keys will be removed in future + * (breaking change) + * + * @param tomlParseResult + * @param primaryKey + * @param alternateKey + * @return + */ + private static TomlArray getAllowlistArray( + final TomlParseResult tomlParseResult, final String primaryKey, final String alternateKey) { + final TomlArray array = tomlParseResult.getArray(primaryKey); + if (array == null) { + return tomlParseResult.getArray(alternateKey); + } else { + return array; + } + } + private static TomlParseResult readToml(final String filepath) throws Exception { TomlParseResult toml; diff --git a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java index 9974566653..49bce8003e 100644 --- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java +++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java @@ -83,7 +83,7 @@ public class AccountLocalConfigPermissioningControllerTest { } @Test - public void whenPermConfigHasAccountsShouldAddAllAccountsToWhitelist() { + public void whenPermConfigHasAccountsShouldAddAllAccountsToAllowlist() { when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true); when(permissioningConfig.getAccountAllowlist()) .thenReturn(singletonList("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73")); @@ -245,7 +245,7 @@ public class AccountLocalConfigPermissioningControllerTest { } @Test - public void stateShouldRevertIfWhitelistPersistFails() + public void stateShouldRevertIfAllowlistPersistFails() throws IOException, AllowlistFileSyncException { List newAccount = singletonList("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73"); List newAccount2 = singletonList("0xfe3b557e8fb62b89f4916b721be55ceb828dbd72"); @@ -267,7 +267,7 @@ public class AccountLocalConfigPermissioningControllerTest { } @Test - public void reloadAccountWhitelistWithValidConfigFileShouldUpdateWhitelist() throws Exception { + public void reloadAccountAllowlistWithValidConfigFileShouldUpdateAllowlist() throws Exception { final String expectedAccount = "0x627306090abab3a6e1400e9345bc60c78a8bef57"; final Path permissionsFile = createPermissionsFileWithAccount(expectedAccount); @@ -286,7 +286,7 @@ public class AccountLocalConfigPermissioningControllerTest { } @Test - public void reloadAccountWhitelistWithErrorReadingConfigFileShouldKeepOldWhitelist() { + public void reloadAccountAllowlistWithErrorReadingConfigFileShouldKeepOldAllowlist() { when(permissioningConfig.getAccountPermissioningConfigFilePath()).thenReturn("foo"); when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true); when(permissioningConfig.getAccountAllowlist()) @@ -331,7 +331,7 @@ public class AccountLocalConfigPermissioningControllerTest { } @Test - public void isPermittedShouldCheckIfAccountExistInTheWhitelist() { + public void isPermittedShouldCheckIfAccountExistInTheAllowlist() { when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true); when(permissioningConfig.getAccountAllowlist()) .thenReturn(singletonList("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73")); @@ -367,7 +367,7 @@ public class AccountLocalConfigPermissioningControllerTest { } private Path createPermissionsFileWithAccount(final String account) throws IOException { - final String nodePermissionsFileContent = "accounts-whitelist=[\"" + account + "\"]"; + final String nodePermissionsFileContent = "accounts-allowlist=[\"" + account + "\"]"; final Path permissionsFile = Files.createTempFile("account_permissions", ""); permissionsFile.toFile().deleteOnExit(); Files.write(permissionsFile, nodePermissionsFileContent.getBytes(StandardCharsets.UTF_8)); diff --git a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistorTest.java b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistorTest.java index 52f1ecfbd2..b1c19358e6 100644 --- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistorTest.java +++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AllowlistPersistorTest.java @@ -102,7 +102,7 @@ public class AllowlistPersistorTest { ALLOWLIST_TYPE key = ALLOWLIST_TYPE.ACCOUNTS; List newValue = Lists.newArrayList("account5", "account6", "account4"); String expectedValue = - String.format("%s=[%s]", "accounts-whitelist", "\"account5\",\"account6\",\"account4\""); + String.format("%s=[%s]", "accounts-allowlist", "\"account5\",\"account6\",\"account4\""); allowlistPersistor.updateConfig(key, newValue); diff --git a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/LocalPermissioningConfigurationBuilderTest.java b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/LocalPermissioningConfigurationBuilderTest.java index afb240d4f5..37ae527328 100644 --- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/LocalPermissioningConfigurationBuilderTest.java +++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/LocalPermissioningConfigurationBuilderTest.java @@ -31,26 +31,46 @@ import org.junit.Test; public class LocalPermissioningConfigurationBuilderTest { private static final String PERMISSIONING_CONFIG_VALID = "/permissioning_config.toml"; - private static final String PERMISSIONING_CONFIG_ACCOUNT_WHITELIST_ONLY = - "/permissioning_config_account_whitelist_only.toml"; - private static final String PERMISSIONING_CONFIG_NODE_WHITELIST_ONLY = - "/permissioning_config_node_whitelist_only.toml"; + private static final String PERMISSIONING_CONFIG_VALID_WHITELISTS = + "/permissioning_config_whitelists.toml"; + private static final String PERMISSIONING_CONFIG_ACCOUNT_ALLOWLIST_ONLY = + "/permissioning_config_account_allowlist_only.toml"; + private static final String PERMISSIONING_CONFIG_NODE_ALLOWLIST_ONLY = + "/permissioning_config_node_allowlist_only.toml"; private static final String PERMISSIONING_CONFIG_INVALID_ENODE = "/permissioning_config_invalid_enode.toml"; private static final String PERMISSIONING_CONFIG_INVALID_ACCOUNT = "/permissioning_config_invalid_account.toml"; - private static final String PERMISSIONING_CONFIG_EMPTY_WHITELISTS = - "/permissioning_config_empty_whitelists.toml"; - private static final String PERMISSIONING_CONFIG_ABSENT_WHITELISTS = - "/permissioning_config_absent_whitelists.toml"; + private static final String PERMISSIONING_CONFIG_EMPTY_ALLOWLISTS = + "/permissioning_config_empty_allowlists.toml"; + private static final String PERMISSIONING_CONFIG_ABSENT_ALLOWLISTS = + "/permissioning_config_absent_allowlists.toml"; private static final String PERMISSIONING_CONFIG_UNRECOGNIZED_KEY = "/permissioning_config_unrecognized_key.toml"; - private static final String PERMISSIONING_CONFIG_NODE_WHITELIST_ONLY_MULTILINE = - "/permissioning_config_node_whitelist_only_multiline.toml"; + private static final String PERMISSIONING_CONFIG_NODE_ALLOWLIST_ONLY_MULTILINE = + "/permissioning_config_node_allowlist_only_multiline.toml"; private final String VALID_NODE_ID = "6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0"; + @Test + public void permissioningConfig_usingDeprecatedKeysIsStillValid() throws Exception { + final String uri = "enode://" + VALID_NODE_ID + "@192.168.0.9:4567"; + final String uri2 = "enode://" + VALID_NODE_ID + "@192.169.0.9:4568"; + + final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_VALID_WHITELISTS); + final Path toml = createTempFile("toml", Resources.toByteArray(configFile)); + + LocalPermissioningConfiguration permissioningConfiguration = permissioningConfig(toml); + + assertThat(permissioningConfiguration.isAccountAllowlistEnabled()).isTrue(); + assertThat(permissioningConfiguration.getAccountAllowlist()) + .containsExactly("0x0000000000000000000000000000000000000009"); + assertThat(permissioningConfiguration.isNodeAllowlistEnabled()).isTrue(); + assertThat(permissioningConfiguration.getNodeAllowlist()) + .containsExactly(URI.create(uri), URI.create(uri2)); + } + @Test public void permissioningConfig() throws Exception { final String uri = "enode://" + VALID_NODE_ID + "@192.168.0.9:4567"; @@ -73,7 +93,7 @@ public class LocalPermissioningConfigurationBuilderTest { public void permissioningConfigWithOnlyNodeWhitelistSet() throws Exception { final String uri = "enode://" + VALID_NODE_ID + "@192.168.0.9:4567"; - final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_NODE_WHITELIST_ONLY); + final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_NODE_ALLOWLIST_ONLY); final Path toml = createTempFile("toml", Resources.toByteArray(configFile)); LocalPermissioningConfiguration permissioningConfiguration = @@ -87,7 +107,7 @@ public class LocalPermissioningConfigurationBuilderTest { @Test public void permissioningConfigWithOnlyAccountWhitelistSet() throws Exception { - final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_ACCOUNT_WHITELIST_ONLY); + final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_ACCOUNT_ALLOWLIST_ONLY); final Path toml = createTempFile("toml", Resources.toByteArray(configFile)); LocalPermissioningConfiguration permissioningConfiguration = @@ -126,7 +146,7 @@ public class LocalPermissioningConfigurationBuilderTest { @Test public void permissioningConfigWithEmptyWhitelistMustNotError() throws Exception { - final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_EMPTY_WHITELISTS); + final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_EMPTY_ALLOWLISTS); final Path toml = createTempFile("toml", Resources.toByteArray(configFile)); LocalPermissioningConfiguration permissioningConfiguration = permissioningConfig(toml); @@ -139,7 +159,7 @@ public class LocalPermissioningConfigurationBuilderTest { @Test public void permissioningConfigWithAbsentWhitelistMustThrowException() throws Exception { - final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_ABSENT_WHITELISTS); + final URL configFile = this.getClass().getResource(PERMISSIONING_CONFIG_ABSENT_ALLOWLISTS); final Path toml = createTempFile("toml", Resources.toByteArray(configFile)); final Throwable thrown = catchThrowable(() -> permissioningConfig(toml)); @@ -157,7 +177,7 @@ public class LocalPermissioningConfigurationBuilderTest { assertThat(thrown) .isInstanceOf(Exception.class) .hasMessageContaining("config option missing") - .hasMessageContaining(PermissioningConfigurationBuilder.ACCOUNTS_WHITELIST_KEY); + .hasMessageContaining(PermissioningConfigurationBuilder.ACCOUNTS_ALLOWLIST_KEY); } @Test @@ -198,7 +218,7 @@ public class LocalPermissioningConfigurationBuilderTest { @Test public void permissioningConfigFromMultilineFileMustParseCorrectly() throws Exception { final URL configFile = - this.getClass().getResource(PERMISSIONING_CONFIG_NODE_WHITELIST_ONLY_MULTILINE); + this.getClass().getResource(PERMISSIONING_CONFIG_NODE_ALLOWLIST_ONLY_MULTILINE); final LocalPermissioningConfiguration permissioningConfiguration = PermissioningConfigurationBuilder.permissioningConfiguration( true, configFile.getPath(), false, configFile.getPath()); diff --git a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/NodeLocalConfigPermissioningControllerTest.java b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/NodeLocalConfigPermissioningControllerTest.java index a82d35b59b..e3d3aab9b6 100644 --- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/NodeLocalConfigPermissioningControllerTest.java +++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/NodeLocalConfigPermissioningControllerTest.java @@ -300,7 +300,7 @@ public class NodeLocalConfigPermissioningControllerTest { @Test public void - whenCheckingIfNodeIsPermittedDiscoveryPortShouldNotBeConsidered_whitelistAndNodeHaveDiscDisabled() { + whenCheckingIfNodeIsPermittedDiscoveryPortShouldNotBeConsidered_allowlistAndNodeHaveDiscDisabled() { String peerWithDiscoveryPortSet = "enode://aaaa80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@127.0.0.1:30303?discport=0"; String peerWithoutDiscoveryPortSet = @@ -325,7 +325,7 @@ public class NodeLocalConfigPermissioningControllerTest { } @Test - public void stateShouldRevertIfWhitelistPersistFails() + public void stateShouldRevertIfAllowlistPersistFails() throws IOException, AllowlistFileSyncException { List newNode1 = singletonList(EnodeURL.fromString(enode1).toString()); List newNode2 = singletonList(EnodeURL.fromString(enode2).toString()); @@ -347,7 +347,7 @@ public class NodeLocalConfigPermissioningControllerTest { } @Test - public void reloadNodeWhitelistWithValidConfigFileShouldUpdateWhitelist() throws Exception { + public void reloadNodeAllowlistWithValidConfigFileShouldUpdateAllowlist() throws Exception { final String expectedEnodeURL = "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567"; final Path permissionsFile = createPermissionsFileWithNode(expectedEnodeURL); @@ -369,7 +369,7 @@ public class NodeLocalConfigPermissioningControllerTest { } @Test - public void reloadNodeWhitelistWithErrorReadingConfigFileShouldKeepOldWhitelist() { + public void reloadNodeAllowlistWithErrorReadingConfigFileShouldKeepOldAllowlist() { final String expectedEnodeURI = "enode://aaaa80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567"; final LocalPermissioningConfiguration permissioningConfig = @@ -408,8 +408,8 @@ public class NodeLocalConfigPermissioningControllerTest { @Test @SuppressWarnings("unchecked") - public void whenAddingNodeDoesNotAddShouldNotNotifyWhitelistModifiedSubscribers() { - // adding node before subscribing to whitelist modified events + public void whenAddingNodeDoesNotAddShouldNotNotifyAllowlistModifiedSubscribers() { + // adding node before subscribing to allowlist modified events controller.addNodes(Lists.newArrayList(enode1)); final Consumer consumer = mock(Consumer.class); @@ -422,8 +422,8 @@ public class NodeLocalConfigPermissioningControllerTest { @Test @SuppressWarnings("unchecked") - public void whenRemovingNodeShouldNotifyWhitelistModifiedSubscribers() { - // adding node before subscribing to whitelist modified events + public void whenRemovingNodeShouldNotifyAllowlistModifiedSubscribers() { + // adding node before subscribing to allowlist modified events controller.addNodes(Lists.newArrayList(enode1)); final Consumer consumer = mock(Consumer.class); @@ -439,7 +439,7 @@ public class NodeLocalConfigPermissioningControllerTest { @Test @SuppressWarnings("unchecked") - public void whenRemovingNodeDoesNotRemoveShouldNotifyWhitelistModifiedSubscribers() { + public void whenRemovingNodeDoesNotRemoveShouldNotifyAllowlistModifiedSubscribers() { final Consumer consumer = mock(Consumer.class); controller.subscribeToListUpdatedEvent(consumer); @@ -466,7 +466,7 @@ public class NodeLocalConfigPermissioningControllerTest { @Test @SuppressWarnings("unchecked") - public void whenReloadingWhitelistShouldNotifyWhitelistModifiedSubscribers() throws Exception { + public void whenReloadingAllowlistShouldNotifyAllowlistModifiedSubscribers() throws Exception { final Path permissionsFile = createPermissionsFileWithNode(enode2); final LocalPermissioningConfiguration permissioningConfig = mock(LocalPermissioningConfiguration.class); @@ -492,7 +492,7 @@ public class NodeLocalConfigPermissioningControllerTest { @Test @SuppressWarnings("unchecked") - public void whenReloadingWhitelistAndNothingChangesShouldNotNotifyWhitelistModifiedSubscribers() + public void whenReloadingAllowlistAndNothingChangesShouldNotNotifyAllowlistModifiedSubscribers() throws Exception { final Path permissionsFile = createPermissionsFileWithNode(enode1); final LocalPermissioningConfiguration permissioningConfig = @@ -514,7 +514,7 @@ public class NodeLocalConfigPermissioningControllerTest { } private Path createPermissionsFileWithNode(final String node) throws IOException { - final String nodePermissionsFileContent = "nodes-whitelist=[\"" + node + "\"]"; + final String nodePermissionsFileContent = "nodes-allowlist=[\"" + node + "\"]"; final Path permissionsFile = Files.createTempFile("node_permissions", ""); permissionsFile.toFile().deleteOnExit(); Files.write(permissionsFile, nodePermissionsFileContent.getBytes(StandardCharsets.UTF_8)); diff --git a/ethereum/permissioning/src/test/resources/permissioning_config.toml b/ethereum/permissioning/src/test/resources/permissioning_config.toml index 0457556cfd..fa2a68335f 100644 --- a/ethereum/permissioning/src/test/resources/permissioning_config.toml +++ b/ethereum/permissioning/src/test/resources/permissioning_config.toml @@ -1,4 +1,4 @@ # Permissioning TOML file -accounts-whitelist=["0x0000000000000000000000000000000000000009"] -nodes-whitelist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"] +accounts-allowlist=["0x0000000000000000000000000000000000000009"] +nodes-allowlist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"] diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_absent_whitelists.toml b/ethereum/permissioning/src/test/resources/permissioning_config_absent_allowlists.toml similarity index 69% rename from ethereum/permissioning/src/test/resources/permissioning_config_absent_whitelists.toml rename to ethereum/permissioning/src/test/resources/permissioning_config_absent_allowlists.toml index 566e717f0b..00dad1a64d 100644 --- a/ethereum/permissioning/src/test/resources/permissioning_config_absent_whitelists.toml +++ b/ethereum/permissioning/src/test/resources/permissioning_config_absent_allowlists.toml @@ -1,3 +1,3 @@ # Permissioning TOML file with absent lists -accounts-whitelist= +accounts-allowlist= diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_account_allowlist_only.toml b/ethereum/permissioning/src/test/resources/permissioning_config_account_allowlist_only.toml new file mode 100644 index 0000000000..e42f2da54c --- /dev/null +++ b/ethereum/permissioning/src/test/resources/permissioning_config_account_allowlist_only.toml @@ -0,0 +1,3 @@ +# Permissioning TOML file (account allowlist only) + +accounts-allowlist=["0x0000000000000000000000000000000000000009"] diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_account_whitelist_only.toml b/ethereum/permissioning/src/test/resources/permissioning_config_account_whitelist_only.toml deleted file mode 100644 index c7333f2d77..0000000000 --- a/ethereum/permissioning/src/test/resources/permissioning_config_account_whitelist_only.toml +++ /dev/null @@ -1,3 +0,0 @@ -# Permissioning TOML file (account whitelist only) - -accounts-whitelist=["0x0000000000000000000000000000000000000009"] diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_empty_whitelists.toml b/ethereum/permissioning/src/test/resources/permissioning_config_empty_allowlists.toml similarity index 51% rename from ethereum/permissioning/src/test/resources/permissioning_config_empty_whitelists.toml rename to ethereum/permissioning/src/test/resources/permissioning_config_empty_allowlists.toml index 1e7eae0cf5..8f02a26241 100644 --- a/ethereum/permissioning/src/test/resources/permissioning_config_empty_whitelists.toml +++ b/ethereum/permissioning/src/test/resources/permissioning_config_empty_allowlists.toml @@ -1,4 +1,4 @@ # Permissioning TOML file with empty lists -accounts-whitelist=[] -nodes-whitelist=[] +accounts-allowlist=[] +nodes-allowlist=[] diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_invalid_account.toml b/ethereum/permissioning/src/test/resources/permissioning_config_invalid_account.toml index da69df0743..26b05282db 100644 --- a/ethereum/permissioning/src/test/resources/permissioning_config_invalid_account.toml +++ b/ethereum/permissioning/src/test/resources/permissioning_config_invalid_account.toml @@ -1,3 +1,3 @@ -# Permissioning TOML file (account whitelist only) +# Permissioning TOML file (account allowlist only) -accounts-whitelist=["0xfoo"] +accounts-allowlist=["0xfoo"] diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_invalid_enode.toml b/ethereum/permissioning/src/test/resources/permissioning_config_invalid_enode.toml index 89ad7ada23..f6ea65b322 100644 --- a/ethereum/permissioning/src/test/resources/permissioning_config_invalid_enode.toml +++ b/ethereum/permissioning/src/test/resources/permissioning_config_invalid_enode.toml @@ -1,4 +1,4 @@ # Permissioning TOML file -accounts-whitelist=["0x0000000000000000000000000000000000000009"] -nodes-whitelist=["enode://bob@192.168.0.9:4567"] +accounts-allowlist=["0x0000000000000000000000000000000000000009"] +nodes-allowlist=["enode://bob@192.168.0.9:4567"] diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only.toml b/ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only.toml new file mode 100644 index 0000000000..b220f6f3c7 --- /dev/null +++ b/ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only.toml @@ -0,0 +1,3 @@ +# Permissioning TOML file (node allowlist only) + +nodes-allowlist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567"] diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_node_whitelist_only_multiline.toml b/ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only_multiline.toml similarity index 92% rename from ethereum/permissioning/src/test/resources/permissioning_config_node_whitelist_only_multiline.toml rename to ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only_multiline.toml index 92af73ddd7..97dfeb54f8 100644 --- a/ethereum/permissioning/src/test/resources/permissioning_config_node_whitelist_only_multiline.toml +++ b/ethereum/permissioning/src/test/resources/permissioning_config_node_allowlist_only_multiline.toml @@ -1,6 +1,6 @@ -# Permissioning TOML file (node whitelist only) +# Permissioning TOML file (node allowlist only) -nodes-whitelist=[ +nodes-allowlist=[ "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.1:4567", "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.2:4567", "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.3:4567", diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_node_whitelist_only.toml b/ethereum/permissioning/src/test/resources/permissioning_config_node_whitelist_only.toml deleted file mode 100644 index ffd69e6437..0000000000 --- a/ethereum/permissioning/src/test/resources/permissioning_config_node_whitelist_only.toml +++ /dev/null @@ -1,3 +0,0 @@ -# Permissioning TOML file (node whitelist only) - -nodes-whitelist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567"] diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_unrecognized_key.toml b/ethereum/permissioning/src/test/resources/permissioning_config_unrecognized_key.toml index aa54b4ab70..d31c4a89a6 100644 --- a/ethereum/permissioning/src/test/resources/permissioning_config_unrecognized_key.toml +++ b/ethereum/permissioning/src/test/resources/permissioning_config_unrecognized_key.toml @@ -1,3 +1,3 @@ # Permissioning TOML file with typo in key -perm-node-whitelist=[] \ No newline at end of file +perm-node-allowlist=[] \ No newline at end of file diff --git a/ethereum/permissioning/src/test/resources/permissioning_config_whitelists.toml b/ethereum/permissioning/src/test/resources/permissioning_config_whitelists.toml new file mode 100644 index 0000000000..9c1cfd9e47 --- /dev/null +++ b/ethereum/permissioning/src/test/resources/permissioning_config_whitelists.toml @@ -0,0 +1,6 @@ +# Permissioning TOML file +# NOTE whitelist is being deprecated in favor of allowlist +# support for whitelist will be removed in future + +accounts-whitelist=["0x0000000000000000000000000000000000000009"] +nodes-whitelist=["enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.168.0.9:4567","enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@192.169.0.9:4568"]