Merge pull request #2329 from peterschwarz/rust-perm-verifier-1_3

Rust perm verifier 1 3

Author: peterschwarz

.dockerignore

@@ -29,17 +29,29 @@
 /cli/**/__pycache__/
 
 /families/**/__pycache__/
+/families/block_info/rust/sawtooth_block_info/bin
+/families/block_info/rust/sawtooth_block_info/src/block_info.rs
+/families/block_info/rust/sawtooth_block_info/target
+/families/block_info/rust/sawtooth_block_info/Cargo.lock
+/families/block_info/sawtooth_block_info/protobuf
+/families/block_info/sawtooth_block_info/bin
+/families/block_info/sawtooth_block_info/src/block_info.rs
+/families/block_info/sawtooth_block_info/target
+/families/block_info/sawtooth_block_info/Cargo.lock
 /families/settings/sawtooth_settings/target/
 /families/settings/sawtooth_settings/bin/
 /families/settings/sawtooth_settings/Cargo.lock
 /families/settings/tests/sawtooth_settings_test/protobuf/
-/families/block_info/python/sawtooth_block_info/protobuf
-/families/identity/sawtooth_identity/protobuf
 /families/smallbank/smallbank_rust/target/
 /families/smallbank/smallbank_rust/Cargo.lock
 /families/smallbank/smallbank_rust/bin/
-/families/smallbank/smallbank_rust/src/smallbank.rs
-/families/battleship/target/
+/families/identity/python/sawtooth_identity/protobuf/
+/families/identity/sawtooth_identity/bin/
+/families/identity/sawtooth_identity/target/
+/families/identity/sawtooth_identity/Cargo.lock
+/families/identity/sawtooth_identity/protobuf/
+/families/battleship/target
+/families/battleship/Cargo.lock
 
 /coverage
 /coverage/html
@@ -56,19 +68,6 @@
 /rest_api/sawtooth_rest_api/protobuf/
 /rest_api/**/__pycache__/
 
-/sdk/javascript/node_modules
-/sdk/javascript/package-lock.json
-/sdk/javascript/protobuf/protobuf_bundle.json
-/sdk/examples/xo_javascript/node_modules/
-/sdk/examples/xo_javascript/package-lock.json
-/sdk/examples/intkey_javascript/node_modules/
-/sdk/examples/intkey_javascript/package-lock.json
-/sdk/examples/intkey_java/dependency-reduced-pom.xml
-/sdk/examples/intkey_java/target/
-/sdk/examples/xo_java/dependency-reduced-pom.xml
-/sdk/examples/xo_java/target/
-/sdk/java/target/
-
 /validator/build/
 /validator/sawtooth_validator.egg-info/
 /validator/sawtooth_validator/protobuf/
@@ -77,15 +76,11 @@
 /validator/Cargo.lock
 /validator/bin/
 /validator/lib/
-/validator/src/proto
-
-/sdk/cxx/build/
 
 /perf/sawtooth_perf/Cargo.lock
 /perf/sawtooth_perf/target/
 /perf/sawtooth_workload/Cargo.lock
 /perf/sawtooth_workload/target/
-/perf/smallbank_workload/src/smallbank.rs
 /perf/smallbank_workload/Cargo.lock
 /perf/smallbank_workload/target/
 /perf/smallbank_workload/bin/

validator/src/gossip/permission_verifier.rs

@@ -20,24 +20,28 @@
 use batch::Batch;
 use block::Block;
 use execution::execution_platform::{ExecutionPlatform, NULL_STATE_HASH};
-use gossip::permission_verifier::PermissionVerifier;
+use std::sync::{
+    atomic::{AtomicBool, AtomicUsize, Ordering},
+    mpsc::{channel, Receiver, RecvTimeoutError, Sender},
+    Arc, Mutex,
+};
+use std::thread;
+use std::time::Duration;
+
+use uluru;
+
 use journal::block_scheduler::BlockScheduler;
 use journal::chain_commit_state::{
     validate_no_duplicate_batches, validate_no_duplicate_transactions,
     validate_transaction_dependencies, ChainCommitStateError,
 };
 use journal::validation_rule_enforcer::enforce_validation_rules;
 use journal::{block_manager::BlockManager, block_wrapper::BlockStatus};
+use permissions::verifier::PermissionVerifier;
 use scheduler::TxnExecutionResult;
-use state::{settings_view::SettingsView, state_view_factory::StateViewFactory};
-use std::sync::{
-    atomic::{AtomicBool, AtomicUsize, Ordering},
-    mpsc::{channel, Receiver, RecvTimeoutError, Sender},
-    Arc, Mutex,
+use state::{
+    identity_view::IdentityView, settings_view::SettingsView, state_view_factory::StateViewFactory,
 };
-use std::thread;
-use std::time::Duration;
-use uluru;
 
 const BLOCKVALIDATION_QUEUE_RECV_TIMEOUT: u64 = 100;
 
@@ -162,7 +166,7 @@ impl BlockValidationResult {
 type InternalSender = Sender<(Block, Sender<BlockValidationResult>)>;
 type InternalReceiver = Receiver<(Block, Sender<BlockValidationResult>)>;
 
-pub struct BlockValidator<TEP: ExecutionPlatform, PV: PermissionVerifier> {
+pub struct BlockValidator<TEP: ExecutionPlatform> {
     channels: Vec<(InternalSender, Option<InternalReceiver>)>,
     index: Arc<AtomicUsize>,
     validation_thread_exit: Arc<AtomicBool>,
@@ -171,20 +175,17 @@ pub struct BlockValidator<TEP: ExecutionPlatform, PV: PermissionVerifier> {
     block_manager: BlockManager,
     transaction_executor: TEP,
     view_factory: StateViewFactory,
-    permission_verifier: PV,
 }
 
-impl<TEP: ExecutionPlatform + 'static, PV: PermissionVerifier + 'static> BlockValidator<TEP, PV>
+impl<TEP: ExecutionPlatform + 'static> BlockValidator<TEP>
 where
     TEP: Clone,
-    PV: Clone,
 {
     #[allow(too_many_arguments)]
     pub fn new(
         block_manager: BlockManager,
         transaction_executor: TEP,
         block_status_store: BlockValidationResultStore,
-        permission_verifier: PV,
         view_factory: StateViewFactory,
     ) -> Self {
         let mut channels = vec![];
@@ -201,7 +202,6 @@ where
             block_status_store,
             block_manager,
             view_factory,
-            permission_verifier,
         }
     }
 
@@ -223,8 +223,8 @@ where
         let validation2: Box<BlockValidation<ReturnValue = ()>> =
             Box::new(OnChainRulesValidation::new(self.view_factory.clone()));
 
-        let validation3: Box<BlockValidation<ReturnValue = ()>> =
-            Box::new(PermissionValidation::new(self.permission_verifier.clone()));
+        let validation3: Box<dyn BlockValidation<ReturnValue = ()>> =
+            Box::new(PermissionValidation::new(self.view_factory.clone()));
 
         let validations = vec![validation1, validation2, validation3];
 
@@ -355,8 +355,8 @@ where
         let validation2: Box<BlockValidation<ReturnValue = ()>> =
             Box::new(OnChainRulesValidation::new(self.view_factory.clone()));
 
-        let validation3: Box<BlockValidation<ReturnValue = ()>> =
-            Box::new(PermissionValidation::new(self.permission_verifier.clone()));
+        let validation3: Box<dyn BlockValidation<ReturnValue = ()>> =
+            Box::new(PermissionValidation::new(self.view_factory.clone()));
 
         let validations = vec![validation1, validation2, validation3];
 
@@ -375,9 +375,7 @@ where
     }
 }
 
-impl<TEP: ExecutionPlatform + Clone, PV: PermissionVerifier + Clone> Clone
-    for BlockValidator<TEP, PV>
-{
+impl<TEP: ExecutionPlatform + Clone> Clone for BlockValidator<TEP> {
     fn clone(&self) -> Self {
         let transaction_executor = self.transaction_executor.clone();
         let validation_thread_exit = Arc::clone(&self.validation_thread_exit);
@@ -398,7 +396,6 @@ impl<TEP: ExecutionPlatform + Clone, PV: PermissionVerifier + Clone> Clone
             block_scheduler: self.block_scheduler.clone(),
             block_status_store: self.block_status_store.clone(),
             block_manager: self.block_manager.clone(),
-            permission_verifier: self.permission_verifier.clone(),
             view_factory: self.view_factory.clone(),
         }
     }
@@ -638,19 +635,17 @@ impl BlockValidation for DuplicatesAndDependenciesValidation {
     }
 }
 
-struct PermissionValidation<PV: PermissionVerifier> {
-    permission_verifier: PV,
+struct PermissionValidation {
+    state_view_factory: StateViewFactory,
 }
 
-impl<PV: PermissionVerifier> PermissionValidation<PV> {
-    fn new(permission_verifier: PV) -> Self {
-        PermissionValidation {
-            permission_verifier,
-        }
+impl PermissionValidation {
+    fn new(state_view_factory: StateViewFactory) -> Self {
+        Self { state_view_factory }
     }
 }
 
-impl<PV: PermissionVerifier> BlockValidation for PermissionValidation<PV> {
+impl BlockValidation for PermissionValidation {
     type ReturnValue = ();
 
     fn validate_block(
@@ -664,13 +659,23 @@ impl<PV: PermissionVerifier> BlockValidation for PermissionValidation<PV> {
                         format!("During permission check of block {} block_num is {} but missing a previous state root",
                             &block.header_signature, block.block_num))
             })?;
+
+            let identity_view: IdentityView = self.state_view_factory.create_view(state_root)
+                .map_err(|err| {
+                ValidationError::BlockValidationError(
+                        format!("During permission check of block ({}, {}) state root was not found in state: {}",
+                            &block.header_signature, block.block_num, err))
+            })?;
+            let permission_verifier = PermissionVerifier::new(Box::new(identity_view));
             for batch in &block.batches {
                 let batch_id = &batch.header_signature;
-                if !self
-                    .permission_verifier
-                    .is_batch_signer_authorized(batch, state_root)
-                {
-                    return Err(ValidationError::BlockValidationError(
+                if !permission_verifier.is_batch_signer_authorized(batch)
+                    .map_err(|err| {
+                ValidationError::BlockValidationError(
+                        format!("During permission check of block ({}, {}), unable to read permissions: {}",
+                            &block.header_signature, block.block_num, err))
+                    })? {
+                    return Err(ValidationError::BlockValidationFailure(
                             format!("Block {} failed permission verification: batch {} signer is not authorized",
                             &block.header_signature,
                             batch_id)));

validator/src/journal/block_validator.rs

@@ -17,7 +17,6 @@
 
 use cpython;
 use execution::py_executor::PyExecutor;
-use gossip::permission_verifier::PyPermissionVerifier;
 use journal::{
     block_manager::BlockManager,
     block_validator::{BlockValidationResultStore, BlockValidator},
@@ -64,7 +63,7 @@ pub unsafe extern "C" fn block_validator_new(
     block_manager_ptr: *const c_void,
     transaction_executor_ptr: *mut py_ffi::PyObject,
     block_status_store_ptr: *const c_void,
-    permission_verifier: *mut py_ffi::PyObject,
+    _permission_verifier: *mut py_ffi::PyObject,
     view_factory_ptr: *const c_void,
     block_validator_ptr: *mut *const c_void,
 ) -> ErrorCode {
@@ -83,15 +82,10 @@ pub unsafe extern "C" fn block_validator_new(
     let py_transaction_executor =
         PyExecutor::new(ex).expect("The PyExecutor could not be created from a PyObject");
 
-    let py_permission_verifier: PyPermissionVerifier = PyPermissionVerifier::new(
-        cpython::PyObject::from_borrowed_ptr(py, permission_verifier),
-    );
-
     let block_validator = BlockValidator::new(
         block_manager,
         py_transaction_executor,
         block_status_store,
-        py_permission_verifier,
         view_factory,
     );
 
@@ -104,15 +98,15 @@ pub unsafe extern "C" fn block_validator_new(
 pub unsafe extern "C" fn block_validator_start(block_validator_ptr: *mut c_void) -> ErrorCode {
     check_null!(block_validator_ptr);
 
-    (*(block_validator_ptr as *mut BlockValidator<PyExecutor, PyPermissionVerifier>)).start();
+    (*(block_validator_ptr as *mut BlockValidator<PyExecutor>)).start();
 
     ErrorCode::Success
 }
 
 #[no_mangle]
 pub unsafe extern "C" fn block_validator_stop(block_validator_ptr: *mut c_void) -> ErrorCode {
     check_null!(block_validator_ptr);
-    (*(block_validator_ptr as *mut BlockValidator<PyExecutor, PyPermissionVerifier>)).stop();
+    (*(block_validator_ptr as *mut BlockValidator<PyExecutor>)).stop();
 
     ErrorCode::Success
 }
@@ -121,7 +115,7 @@ pub unsafe extern "C" fn block_validator_stop(block_validator_ptr: *mut c_void)
 pub unsafe extern "C" fn block_validator_drop(block_validator_ptr: *mut c_void) -> ErrorCode {
     check_null!(block_validator_ptr);
 
-    Box::from_raw(block_validator_ptr as *mut BlockValidator<PyExecutor, PyPermissionVerifier>);
+    Box::from_raw(block_validator_ptr as *mut BlockValidator<PyExecutor>);
 
     ErrorCode::Success
 }