Add transactor permissioning integration test

Signed-off-by: Boyd Johnson <[email protected]>

bin/run_tests

@@ -354,6 +354,8 @@ test_integration() {
     copy_coverage .coverage.test_dynamic_network
     run_docker_test test_basic_auth_proxy
     copy_coverage .coverage.test_basic_auth_proxy
+    run_docker_test test_transactor_permissioning
+    copy_coverage .coverage.test_transactor_permissioning
 }
 
 test_deployment() {

integration/sawtooth_integration/docker/test_transactor_permissioning.yaml

@@ -0,0 +1,125 @@
+# Copyright 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ------------------------------------------------------------------------------
+
+version: "2.1"
+
+services:
+
+  settings-tp:
+    image: sawtooth-settings-tp:$ISOLATION_ID
+    volumes:
+      - $SAWTOOTH_CORE:/project/sawtooth-core
+    expose:
+      - 4004
+    depends_on:
+      - validator
+    command: settings-tp -vv tcp://validator:4004
+
+  identity-tp:
+    image: sawtooth-identity-tp:$ISOLATION_ID
+    volumes:
+      - $SAWTOOTH_CORE:/project/sawtooth-core
+    expose:
+      - 4004
+    depends_on:
+      - validator
+    command: identity-tp -vv tcp://validator:4004
+    stop_signal: SIGKILL
+
+  intkey-tp-python:
+    image: sawtooth-intkey-tp-python:$ISOLATION_ID
+    volumes:
+      - $SAWTOOTH_CORE:/project/sawtooth-core
+    expose:
+      - 4004
+    depends_on:
+      - validator
+    command: intkey-tp-python -vv tcp://validator:4004
+    stop_signal: SIGKILL
+
+  xo-tp-python:
+    image: sawtooth-xo-tp-python:$ISOLATION_ID
+    volumes:
+      - $SAWTOOTH_CORE:/project/sawtooth-core
+    expose:
+      - 4004
+    depends_on:
+      - validator
+    command: xo-tp-python -vv tcp://validator:4004
+    stop_signal: SIGKILL
+
+  #
+  # This validator depends on test_transactor_permissioning.sh which runs
+  # before the validator starts up. This script makes policy files and
+  # adds the names of these files to the 'permissions' section of
+  # the validator.toml config file.
+  #
+  validator:
+    image: sawtooth-validator:$ISOLATION_ID
+    volumes:
+      - $SAWTOOTH_CORE:/project/sawtooth-core
+      - /root/.sawtooth/keys
+    expose:
+      - 4004
+      - 8800
+    command: "
+      bash -c \"\
+        /project/sawtooth-core/integration/sawtooth_integration/tests/scripts_for_permissioning_tests/test_transactor_permissioning.sh && \
+        sawtooth admin keygen && \
+        sawtooth config genesis -k /root/.sawtooth/keys/walter.priv -o config-genesis.batch && \
+        sawtooth admin genesis config-genesis.batch config.batch && \
+        sawtooth-validator -vv \
+            --endpoint tcp://validator:8800 \
+            --bind component:tcp://eth0:4004 \
+            --bind network:tcp://eth0:8800 \
+            \"
+      "
+    stop_signal: SIGKILL
+
+  rest-api:
+    image: sawtooth-rest-api:$ISOLATION_ID
+    volumes:
+      - $SAWTOOTH_CORE:/project/sawtooth-core
+    expose:
+      - 4004
+      - 8080
+    depends_on:
+      - validator
+    command: sawtooth-rest-api -vv --connect tcp://validator:4004 --bind rest-api:8080
+    stop_signal: SIGKILL
+
+  test-transactor-permissioning:
+    image: sawtooth-dev-python:$ISOLATION_ID
+    volumes:
+      - $SAWTOOTH_CORE:/project/sawtooth-core
+    expose:
+      - 8080
+    depends_on:
+      - validator
+      - rest-api
+    volumes_from:
+      - validator
+    command: nose2-3
+        -c /project/sawtooth-core/integration/sawtooth_integration/nose2.cfg
+        -vv --log-capture
+        -s /project/sawtooth-core/integration/sawtooth_integration/tests
+        test_transactor_permissioning.TestTransactorPermissioning
+    stop_signal: SIGKILL
+    environment:
+      PYTHONPATH: "/project/sawtooth-core/sdk/python:\
+        /project/sawtooth-core/cli:\
+        /project/sawtooth-core/sdk/examples/intkey_python:\
+        /project/sawtooth-core/integration:\
+        /project/sawtooth-core/signing"

integration/sawtooth_integration/tests/scripts_for_permissioning_tests/test_transactor_permissioning.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# This file is used in test_transactor_permissioning.yaml and is run
+# before the validator starts up.
+
+sawtooth keygen alice
+sawtooth keygen bob
+sawtooth keygen chuck
+sawtooth keygen carol
+sawtooth keygen dave
+sawtooth keygen mallory
+sawtooth keygen walter
+mkdir /etc/sawtooth/policy
+cat > /etc/sawtooth/policy/allow_dave_walter_deny_chuck_mallory << EOM
+DENY_KEY $(cat /root/.sawtooth/keys/chuck.pub)
+DENY_KEY $(cat /root/.sawtooth/keys/mallory.pub)
+PERMIT_KEY $(cat /root/.sawtooth/keys/dave.pub)
+PERMIT_KEY $(cat /root/.sawtooth/keys/walter.pub)
+PERMIT_KEY $(cat /root/.sawtooth/keys/alice.pub)
+PERMIT_KEY $(cat /root/.sawtooth/keys/bob.pub)
+PERMIT_KEY $(cat /root/.sawtooth/keys/carol.pub)
+EOM
+
+cat > /etc/sawtooth/policy/deny_carol_from_xo << EOM
+DENY_KEY $(cat /root/.sawtooth/keys/carol.pub)
+PERMIT_KEY *
+EOM
+
+cat > /etc/sawtooth/policy/deny_dave_from_sending_batches << EOM
+DENY_KEY $(cat /root/.sawtooth/keys/dave.pub)
+PERMIT_KEY *
+EOM
+
+cat > /etc/sawtooth/validator.toml << EOM
+[permissions]
+transactor = "allow_dave_walter_deny_chuck_mallory"
+"transactor.transaction_signer.xo" = "deny_carol_from_xo"
+"transactor.batch_signer" = "deny_dave_from_sending_batches"
+EOM
+
+sawtooth config proposal create -k /root/.sawtooth/keys/walter.priv sawtooth.identity.allowed_keys=$(cat /root/.sawtooth/keys/walter.pub) -o config.batch