[FAB-4116] core/policy test coverage

This change-set brings test coverage
of the core/policy package to up 85%

Change-Id: I0145eb8bfcfd45b1c54fefb94c99888d7e4a3934
Signed-off-by: Angelo De Caro <[email protected]>

Author: adecaro

core/chaincode/exectransaction_test.go

@@ -17,6 +17,8 @@ limitations under the License.
 package chaincode
 
 import (
+	"bytes"
+	"encoding/json"
 	"flag"
 	"fmt"
 	"math/rand"
@@ -25,15 +27,12 @@ import (
 	"path/filepath"
 	"runtime"
 	"strconv"
+	"strings"
 	"sync"
 	"testing"
 	"time"
 
-	"encoding/json"
-	"strings"
-
 	"github.com/golang/protobuf/proto"
-
 	"github.com/hyperledger/fabric/bccsp/factory"
 	mockpolicies "github.com/hyperledger/fabric/common/mocks/policies"
 	"github.com/hyperledger/fabric/common/policies"
@@ -43,22 +42,20 @@ import (
 	"github.com/hyperledger/fabric/core/container"
 	"github.com/hyperledger/fabric/core/container/ccintf"
 	"github.com/hyperledger/fabric/core/ledger"
+	"github.com/hyperledger/fabric/core/ledger/ledgerconfig"
+	"github.com/hyperledger/fabric/core/ledger/ledgermgmt"
 	"github.com/hyperledger/fabric/core/ledger/util/couchdb"
 	"github.com/hyperledger/fabric/core/peer"
 	"github.com/hyperledger/fabric/core/policy"
+	"github.com/hyperledger/fabric/core/policy/mocks"
 	"github.com/hyperledger/fabric/core/scc"
 	"github.com/hyperledger/fabric/core/testutil"
-	pb "github.com/hyperledger/fabric/protos/peer"
-	putils "github.com/hyperledger/fabric/protos/utils"
-
-	"bytes"
-
-	"github.com/hyperledger/fabric/core/ledger/ledgerconfig"
-	"github.com/hyperledger/fabric/core/ledger/ledgermgmt"
 	"github.com/hyperledger/fabric/msp"
 	mspmgmt "github.com/hyperledger/fabric/msp/mgmt"
 	"github.com/hyperledger/fabric/msp/mgmt/testtools"
 	"github.com/hyperledger/fabric/protos/common"
+	pb "github.com/hyperledger/fabric/protos/peer"
+	putils "github.com/hyperledger/fabric/protos/utils"
 	"github.com/spf13/viper"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
@@ -1877,7 +1874,7 @@ type mockPolicyCheckerFactory struct{}
 func (f *mockPolicyCheckerFactory) NewPolicyChecker() policy.PolicyChecker {
 	return policy.NewPolicyChecker(
 		peer.NewChannelPolicyManagerGetter(),
-		&policy.MockIdentityDeserializer{[]byte("Admin"), []byte("msg1")},
-		&policy.MockMSPPrincipalGetter{Principal: []byte("Admin")},
+		&mocks.MockIdentityDeserializer{[]byte("Admin"), []byte("msg1")},
+		&mocks.MockMSPPrincipalGetter{Principal: []byte("Admin")},
 	)
 }

core/policy/mocks.go core/policy/mocks/mocks.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package policy
+package mocks
 
 import (
 	"bytes"

core/policy/policy.go

@@ -82,17 +82,17 @@ func (p *policyChecker) CheckPolicy(channelID, policyName string, signedProp *pb
 	// Prepare SignedData
 	proposal, err := utils.GetProposal(signedProp.ProposalBytes)
 	if err != nil {
-		return fmt.Errorf("Failing extracting proposal during check policy on channel [%s] with policy [%s}: [%s]", channelID, policyName, err)
+		return fmt.Errorf("Failing extracting proposal during check policy on channel [%s] with policy [%s]: [%s]", channelID, policyName, err)
 	}
 
 	header, err := utils.GetHeader(proposal.Header)
 	if err != nil {
-		return fmt.Errorf("Failing extracting header during check policy on channel [%s] with policy [%s}: [%s]", channelID, policyName, err)
+		return fmt.Errorf("Failing extracting header during check policy on channel [%s] with policy [%s]: [%s]", channelID, policyName, err)
 	}
 
 	shdr, err := utils.GetSignatureHeader(header.SignatureHeader)
 	if err != nil {
-		return fmt.Errorf("Invalid Proposal's SignatureHeader during check policy on channel [%s] with policy [%s}: [%s]", channelID, policyName, err)
+		return fmt.Errorf("Invalid Proposal's SignatureHeader during check policy on channel [%s] with policy [%s]: [%s]", channelID, policyName, err)
 	}
 
 	sd := []*common.SignedData{&common.SignedData{
@@ -117,35 +117,35 @@ func (p *policyChecker) CheckPolicyNoChannel(policyName string, signedProp *pb.S
 
 	proposal, err := utils.GetProposal(signedProp.ProposalBytes)
 	if err != nil {
-		return fmt.Errorf("Failing extracting proposal during channelless check policy with policy [%s}: [%s]", policyName, err)
+		return fmt.Errorf("Failing extracting proposal during channelless check policy with policy [%s]: [%s]", policyName, err)
 	}
 
 	header, err := utils.GetHeader(proposal.Header)
 	if err != nil {
-		return fmt.Errorf("Failing extracting header during channelless check policy with policy [%s}: [%s]", policyName, err)
+		return fmt.Errorf("Failing extracting header during channelless check policy with policy [%s]: [%s]", policyName, err)
 	}
 
 	shdr, err := utils.GetSignatureHeader(header.SignatureHeader)
 	if err != nil {
-		return fmt.Errorf("Invalid Proposal's SignatureHeader during channelless check policy with policy [%s}: [%s]", policyName, err)
+		return fmt.Errorf("Invalid Proposal's SignatureHeader during channelless check policy with policy [%s]: [%s]", policyName, err)
 	}
 
 	// Deserialize proposal's creator with the local MSP
 	id, err := p.localMSP.DeserializeIdentity(shdr.Creator)
 	if err != nil {
-		return fmt.Errorf("Failed deserializing proposal creator during channelless check policy with policy [%s}: [%s]", policyName, err)
+		return fmt.Errorf("Failed deserializing proposal creator during channelless check policy with policy [%s]: [%s]", policyName, err)
 	}
 
 	// Load MSPPrincipal for policy
 	principal, err := p.principalGetter.Get(policyName)
 	if err != nil {
-		return fmt.Errorf("Failed getting local MSP principal during channelless check policy with policy [%s}: [%s]", policyName, err)
+		return fmt.Errorf("Failed getting local MSP principal during channelless check policy with policy [%s]: [%s]", policyName, err)
 	}
 
 	// Verify that proposal's creator satisfies the principal
 	err = id.SatisfiesPrincipal(principal)
 	if err != nil {
-		return fmt.Errorf("Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [%s}: [%s]", policyName, err)
+		return fmt.Errorf("Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [%s]: [%s]", policyName, err)
 	}
 
 	// Verify the signature
@@ -179,7 +179,7 @@ func (p *policyChecker) CheckPolicyBySignedData(channelID, policyName string, sd
 	// Evaluate the policy
 	err := policy.Evaluate(sd)
 	if err != nil {
-		return fmt.Errorf("Failed evaluating policy on signed data during check policy on channel [%s] with policy [%s}: [%s]", channelID, policyName, err)
+		return fmt.Errorf("Failed evaluating policy on signed data during check policy on channel [%s] with policy [%s]: [%s]", channelID, policyName, err)
 	}
 
 	return nil

core/policy/policy_test.go

@@ -20,57 +20,149 @@ import (
 	"testing"
 
 	"github.com/hyperledger/fabric/common/policies"
+	"github.com/hyperledger/fabric/core/policy/mocks"
 	"github.com/hyperledger/fabric/msp/mgmt"
+	"github.com/hyperledger/fabric/protos/common"
 	"github.com/hyperledger/fabric/protos/peer"
 	"github.com/hyperledger/fabric/protos/utils"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
 )
 
-func TestPolicyChecker(t *testing.T) {
-	policyManagerGetter := &MockChannelPolicyManagerGetter{
+func TestCheckPolicyInvalidArgs(t *testing.T) {
+	policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{
+		Managers: map[string]policies.Manager{
+			"A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
+		},
+	}
+	pc := &policyChecker{channelPolicyManagerGetter: policyManagerGetter}
+
+	err := pc.CheckPolicy("B", "admin", &peer.SignedProposal{})
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed to get policy manager for channel [B]")
+}
+
+func TestRegisterPolicyCheckerFactoryInvalidArgs(t *testing.T) {
+	RegisterPolicyCheckerFactory(nil)
+	assert.Panics(t, func() {
+		GetPolicyChecker()
+	})
+
+	RegisterPolicyCheckerFactory(nil)
+}
+
+func TestRegisterPolicyCheckerFactory(t *testing.T) {
+	policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{
+		Managers: map[string]policies.Manager{
+			"A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
+		},
+	}
+	pc := &policyChecker{channelPolicyManagerGetter: policyManagerGetter}
+
+	factory := &MockPolicyCheckerFactory{}
+	factory.On("NewPolicyChecker").Return(pc)
+
+	RegisterPolicyCheckerFactory(factory)
+	pc2 := GetPolicyChecker()
+	assert.Equal(t, pc, pc2)
+}
+
+func TestCheckPolicyBySignedDataInvalidArgs(t *testing.T) {
+	policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{
+		Managers: map[string]policies.Manager{
+			"A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
+		},
+	}
+	pc := &policyChecker{channelPolicyManagerGetter: policyManagerGetter}
+
+	err := pc.CheckPolicyBySignedData("", "admin", []*common.SignedData{&common.SignedData{}})
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid channel ID name during check policy on signed data. Name must be different from nil.")
+
+	err = pc.CheckPolicyBySignedData("A", "", []*common.SignedData{&common.SignedData{}})
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid policy name during check policy on signed data on channel [A]. Name must be different from nil.")
+
+	err = pc.CheckPolicyBySignedData("A", "admin", nil)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid signed data during check policy on channel [A] with policy [admin]")
+
+	err = pc.CheckPolicyBySignedData("B", "admin", []*common.SignedData{&common.SignedData{}})
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed to get policy manager for channel [B]")
+
+	err = pc.CheckPolicyBySignedData("A", "admin", []*common.SignedData{&common.SignedData{}})
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed evaluating policy on signed data during check policy on channel [A] with policy [admin]")
+}
+
+func TestPolicyCheckerInvalidArgs(t *testing.T) {
+	policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{
 		map[string]policies.Manager{
-			"A": &MockChannelPolicyManager{&MockPolicy{&MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
-			"B": &MockChannelPolicyManager{&MockPolicy{&MockIdentityDeserializer{[]byte("Bob"), []byte("msg2")}}},
-			"C": &MockChannelPolicyManager{&MockPolicy{&MockIdentityDeserializer{[]byte("Alice"), []byte("msg3")}}},
+			"A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
+			"B": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Bob"), []byte("msg2")}}},
+			"C": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg3")}}},
 		},
 	}
-	identityDeserializer := &MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}
+	identityDeserializer := &mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}
 	pc := NewPolicyChecker(
 		policyManagerGetter,
 		identityDeserializer,
-		&MockMSPPrincipalGetter{Principal: []byte("Alice")},
+		&mocks.MockMSPPrincipalGetter{Principal: []byte("Alice")},
 	)
 
 	// Check that (non-empty channel, empty policy) fails
 	err := pc.CheckPolicy("A", "", nil)
 	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid policy name during check policy on channel [A]. Name must be different from nil.")
 
 	// Check that (empty channel, empty policy) fails
 	err = pc.CheckPolicy("", "", nil)
 	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid policy name during channelless check policy. Name must be different from nil.")
 
 	// Check that (non-empty channel, non-empty policy, nil proposal) fails
 	err = pc.CheckPolicy("A", "A", nil)
 	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid signed proposal during check policy on channel [A] with policy [A]")
 
 	// Check that (empty channel, non-empty policy, nil proposal) fails
 	err = pc.CheckPolicy("", "A", nil)
 	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Invalid signed proposal during channelless check policy with policy [A]")
+}
+
+func TestPolicyChecker(t *testing.T) {
+	policyManagerGetter := &mocks.MockChannelPolicyManagerGetter{
+		map[string]policies.Manager{
+			"A": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
+			"B": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Bob"), []byte("msg2")}}},
+			"C": &mocks.MockChannelPolicyManager{&mocks.MockPolicy{&mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg3")}}},
+		},
+	}
+	identityDeserializer := &mocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}
+	pc := NewPolicyChecker(
+		policyManagerGetter,
+		identityDeserializer,
+		&mocks.MockMSPPrincipalGetter{Principal: []byte("Alice")},
+	)
 
 	// Validate Alice signatures against channel A's readers
 	sProp, _ := utils.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Alice"), []byte("msg1"))
-	policyManagerGetter.Managers["A"].(*MockChannelPolicyManager).MockPolicy.(*MockPolicy).Deserializer.(*MockIdentityDeserializer).Msg = sProp.ProposalBytes
+	policyManagerGetter.Managers["A"].(*mocks.MockChannelPolicyManager).MockPolicy.(*mocks.MockPolicy).Deserializer.(*mocks.MockIdentityDeserializer).Msg = sProp.ProposalBytes
 	sProp.Signature = sProp.ProposalBytes
-	err = pc.CheckPolicy("A", "readers", sProp)
+	err := pc.CheckPolicy("A", "readers", sProp)
 	assert.NoError(t, err)
 
 	// Proposal from Alice for channel A should fail against channel B, where Alice is not involved
 	err = pc.CheckPolicy("B", "readers", sProp)
 	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed evaluating policy on signed data during check policy on channel [B] with policy [readers]: [Invalid Identity]")
 
 	// Proposal from Alice for channel A should fail against channel C, where Alice is involved but signature is not valid
 	err = pc.CheckPolicy("C", "readers", sProp)
 	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed evaluating policy on signed data during check policy on channel [C] with policy [readers]: [Invalid Signature]")
 
 	// Alice is a member of the local MSP, policy check must succeed
 	identityDeserializer.Msg = sProp.ProposalBytes
@@ -81,4 +173,14 @@ func TestPolicyChecker(t *testing.T) {
 	// Bob is not a member of the local MSP, policy check must fail
 	err = pc.CheckPolicyNoChannel(mgmt.Members, sProp)
 	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Failed deserializing proposal creator during channelless check policy with policy [Members]: [Invalid Identity]")
+}
+
+type MockPolicyCheckerFactory struct {
+	mock.Mock
+}
+
+func (m *MockPolicyCheckerFactory) NewPolicyChecker() PolicyChecker {
+	args := m.Called()
+	return args.Get(0).(PolicyChecker)
 }

core/scc/cscc/configure_test.go

@@ -35,6 +35,7 @@ import (
 	"github.com/hyperledger/fabric/core/ledger/ledgermgmt"
 	"github.com/hyperledger/fabric/core/peer"
 	"github.com/hyperledger/fabric/core/policy"
+	policymocks "github.com/hyperledger/fabric/core/policy/mocks"
 	"github.com/hyperledger/fabric/gossip/api"
 	"github.com/hyperledger/fabric/gossip/service"
 	"github.com/hyperledger/fabric/msp/mgmt"
@@ -180,18 +181,18 @@ func TestConfigerInvokeJoinChainCorrectParams(t *testing.T) {
 	chaincode.NewChaincodeSupport(getPeerEndpoint, false, ccStartupTimeout)
 
 	// Init the policy checker
-	policyManagerGetter := &policy.MockChannelPolicyManagerGetter{
+	policyManagerGetter := &policymocks.MockChannelPolicyManagerGetter{
 		Managers: map[string]policies.Manager{
-			"mytestchainid": &policy.MockChannelPolicyManager{MockPolicy: &policy.MockPolicy{Deserializer: &policy.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
+			"mytestchainid": &policymocks.MockChannelPolicyManager{MockPolicy: &policymocks.MockPolicy{Deserializer: &policymocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
 		},
 	}
 
-	identityDeserializer := &policy.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}
+	identityDeserializer := &policymocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}
 
 	e.policyChecker = policy.NewPolicyChecker(
 		policyManagerGetter,
 		identityDeserializer,
-		&policy.MockMSPPrincipalGetter{Principal: []byte("Alice")},
+		&policymocks.MockMSPPrincipalGetter{Principal: []byte("Alice")},
 	)
 
 	identity, _ := mgmt.GetLocalSigningIdentityOrPanic().Serialize()
@@ -234,7 +235,7 @@ func TestConfigerInvokeJoinChainCorrectParams(t *testing.T) {
 		t.Fatalf("cscc invoke JoinChain failed with: %v", err)
 	}
 	args = [][]byte{[]byte("GetConfigBlock"), []byte(chainID)}
-	policyManagerGetter.Managers["mytestchainid"].(*policy.MockChannelPolicyManager).MockPolicy.(*policy.MockPolicy).Deserializer.(*policy.MockIdentityDeserializer).Msg = sProp.ProposalBytes
+	policyManagerGetter.Managers["mytestchainid"].(*policymocks.MockChannelPolicyManager).MockPolicy.(*policymocks.MockPolicy).Deserializer.(*policymocks.MockIdentityDeserializer).Msg = sProp.ProposalBytes
 	if res := stub.MockInvokeWithSignedProposal("2", args, sProp); res.Status != shim.OK {
 		t.Fatalf("cscc invoke GetConfigBlock failed with: %v", res.Message)
 	}
@@ -263,24 +264,24 @@ func TestConfigerInvokeUpdateConfigBlock(t *testing.T) {
 	stub := shim.NewMockStub("PeerConfiger", e)
 
 	// Init the policy checker
-	policyManagerGetter := &policy.MockChannelPolicyManagerGetter{
+	policyManagerGetter := &policymocks.MockChannelPolicyManagerGetter{
 		Managers: map[string]policies.Manager{
-			"mytestchainid": &policy.MockChannelPolicyManager{MockPolicy: &policy.MockPolicy{Deserializer: &policy.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
+			"mytestchainid": &policymocks.MockChannelPolicyManager{MockPolicy: &policymocks.MockPolicy{Deserializer: &policymocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
 		},
 	}
 
-	identityDeserializer := &policy.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}
+	identityDeserializer := &policymocks.MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}
 
 	e.policyChecker = policy.NewPolicyChecker(
 		policyManagerGetter,
 		identityDeserializer,
-		&policy.MockMSPPrincipalGetter{Principal: []byte("Alice")},
+		&policymocks.MockMSPPrincipalGetter{Principal: []byte("Alice")},
 	)
 
 	sProp, _ := utils.MockSignedEndorserProposalOrPanic("", &pb.ChaincodeSpec{}, []byte("Alice"), []byte("msg1"))
 	identityDeserializer.Msg = sProp.ProposalBytes
 	sProp.Signature = sProp.ProposalBytes
-	policyManagerGetter.Managers["mytestchainid"].(*policy.MockChannelPolicyManager).MockPolicy.(*policy.MockPolicy).Deserializer.(*policy.MockIdentityDeserializer).Msg = sProp.ProposalBytes
+	policyManagerGetter.Managers["mytestchainid"].(*policymocks.MockChannelPolicyManager).MockPolicy.(*policymocks.MockPolicy).Deserializer.(*policymocks.MockIdentityDeserializer).Msg = sProp.ProposalBytes
 
 	// Failed path: Not enough parameters
 	args := [][]byte{[]byte("UpdateConfigBlock")}