#523 PID scoped Accounts

Enable submitting PID ranges while adding account Signed-off-by: Abdulbois <abdulbois.tursunov@dsr-corporation.com> Signed-off-by: Abdulbois <abdulbois123@gmail.com>
zigbee-alliance · Dec 28, 2023 · 667fb95 · 667fb95
1 parent 15cbeb0
commit 667fb95
Show file tree

Hide file tree

Showing 46 changed files with 2,051 additions and 264 deletions.
diff --git a/cmd/dcld/cmd/genaccounts.go b/cmd/dcld/cmd/genaccounts.go
@@ -19,6 +19,7 @@ import (
 	"github.com/spf13/cast"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
+	"github.com/zigbee-alliance/distributed-compliance-ledger/x/common/types"
 	dclauthtypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclauth/types"
 	"github.com/zigbee-alliance/distributed-compliance-ledger/x/dclgenutil"
 	dclgenutiltypes "github.com/zigbee-alliance/distributed-compliance-ledger/x/dclgenutil/types"
@@ -29,6 +30,7 @@ const (
 	FlagPubKey  = "pubkey"
 	FlagRoles   = "roles"
 	FlagVID     = "vid"
+	FlagPIDs    = "pid_ranges"
 )
 
 // AddGenesisAccountCmd returns add-genesis-account cobra Command.
@@ -109,8 +111,36 @@ the address will be looked up in the local Keybase.
 				}
 			}
 
+			var pidRanges []*types.Uint16Range
+			if pidStrRanges := viper.GetString(FlagPIDs); len(pidStrRanges) > 0 { //nolint:nestif
+				var lastMax int32
+				for _, pidStrRange := range strings.Split(pidStrRanges, ",") {
+					pidRange := strings.Split(pidStrRange, "-")
+					if len(pidRange) != 2 {
+						return fmt.Errorf("failed to parse PID Range")
+					}
+					min, err := cast.ToInt32E(pidRange[0])
+					if err != nil {
+						return err
+					}
+					max, err := cast.ToInt32E(pidRange[1])
+					if err != nil {
+						return err
+					}
+					if min > max || max == 0 || min == 0 {
+						return fmt.Errorf("invalid PID Range is provided: min=%d, max=%d", min, max)
+					}
+					if max <= lastMax || min <= lastMax {
+						return fmt.Errorf("invalid PID Range is provided: {%d-%d}, ranges are overlapped, range items must be provided in increased order", min, max)
+					}
+					pid := types.Uint16Range{Min: min, Max: max}
+					pidRanges = append(pidRanges, &pid)
+					lastMax = max
+				}
+			}
+
 			// FIXME issue 99 VendorID
-			genAccount = dclauthtypes.NewAccount(ba, roles, []*dclauthtypes.Grant{}, []*dclauthtypes.Grant{}, vendorID)
+			genAccount = dclauthtypes.NewAccount(ba, roles, []*dclauthtypes.Grant{}, []*dclauthtypes.Grant{}, vendorID, pidRanges)
 
 			if err := genAccount.Validate(); err != nil {
 				return fmt.Errorf("failed to validate new genesis account: %w", err)
@@ -154,6 +184,7 @@ the address will be looked up in the local Keybase.
 	cmd.Flags().String(FlagRoles, "",
 		fmt.Sprintf("The list of roles (split by comma) to assign to account (supported roles: %v)", dclauthtypes.Roles))
 	cmd.Flags().String(FlagVID, "", "Vendor ID associated with this account. Required only for Vendor Roles")
+	cmd.Flags().String(FlagPIDs, "", "The list of Product ID ranges (split by \"-\") associated with this account (for example: 1-101,101-6554)")
 
 	cmd.Flags().String(flags.FlagHome, defaultNodeHome, "The application home directory")
 	cmd.Flags().String(flags.FlagKeyringBackend, flags.DefaultKeyringBackend, "Select keyring's backend (os|file|kwallet|pass|test)")

diff --git a/docs/how-to.md b/docs/how-to.md
@@ -127,7 +127,7 @@ Once approved the account can be used to send transactions. See [use_case_txn_au
 ### 1. Create an Account proposal for the user
 
 ```bash
-dcld tx auth propose-add-account --address=<bench32 encoded string> --pubkey=<protobuf JSON encoded> --roles=<role1,role2,...> --vid=<uint16> --from=<account>
+dcld tx auth propose-add-account --address=<bench32 encoded string> --pubkey=<protobuf JSON encoded> --roles=<role1,role2,...> --vid=<uint16> --pid_ranges=<uint16-range,uint16-range,...> --from=<account>
 ```
 
 ### 2. Approve proposed Account
@@ -211,6 +211,7 @@ Minimal command:
 ```bash
  dcld tx model add-model --vid=<uint16> --pid=<uint16> --deviceTypeID=<uint16> --productName=<string> --from=<account>
 ```
+Note that if `account` was created with product ID ranges then the `pid` must fall within that specified range
 
 Full command:
 
@@ -229,6 +230,7 @@ Minimal command:
 dcld tx model add-model-version --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> --softwareVersionString=<string> --cdVersionNumber=<uint32>
 --minApplicableSoftwareVersion=<uint32> --maxApplicableSoftwareVersion=<uint32> --from=<account>
 ```
+Note that if `account` was created with product ID ranges then the `pid` must fall within that specified range
 
 Full command:
 
@@ -250,12 +252,14 @@ dcld tx vendorinfo update-vendor --vid=<uint16> ... --from=<account>
 ```bash
 dcld tx model update-model --vid=<uint16> --pid=<uint16> ... --from=<account>
 ```
+Note that if `account` was created with product ID ranges then the `pid` must fall within that specified range
 
 ### 7. Edit Model Version
 
 ```bash
 dcld tx model update-model-version --vid=<uint16> --pid=<uint16> --softwareVersion=<uint32> ... --from=<account>
 ```
+Note that if `account` was created with product ID ranges then the `pid` must fall within that specified range
 
 ### 8. Add PKI Revocation Distribution Point
 

diff --git a/docs/transactions.md b/docs/transactions.md
@@ -188,7 +188,7 @@ Should be sent to trusted nodes only.
 
 **Status: Implemented**
 
-Adds a new Model identified by a unique combination of `vid` (vendor ID) and `pid` (product ID).
+Adds a new Model identified by a unique combination of `vid` (vendor ID) and `pid` (product ID). If `account` was created with product ID ranges then the `pid` must fall within that specified range.
 
 Not all fields can be edited (see `EDIT_MODEL`).
 
@@ -234,7 +234,7 @@ dcld tx model add-model --vid=<uint16> --pid=<uint16> --deviceTypeID=<uint16> --
 **Status: Implemented**
 
 Edits an existing Model identified by a unique combination of `vid` (vendor ID) and `pid` (product ID)
-by the vendor account.
+by the vendor account. If `account` was created with product ID ranges then the `pid` must fall within that specified range.
 
 Only the fields listed below (except `vid` and `pid`) can be edited. If other fields need to be edited -
 a new model info with a new `vid` or `pid` can be created.
@@ -266,7 +266,7 @@ All non-edited fields remain the same.
 **Status: Implemented**
 
 Deletes an existing Model identified by a unique combination of `vid` (vendor ID) and `pid` (product ID)
-by the vendor account.
+by the vendor account. If `account` was created with product ID ranges then the `pid` must fall within that specified range.
 
 If one of Model Versions associated with the Model is certified then Model can not be deleted. When Model is deleted, all associated Model Versions will be deleted as well.
 
@@ -284,6 +284,7 @@ If one of Model Versions associated with the Model is certified then Model can n
 **Status: Implemented**
 
 Adds a new Model Software Version identified by a unique combination of `vid` (vendor ID), `pid` (product ID) and `softwareVersion`.
+If `account` was created with product ID ranges then the `pid` must fall within that specified range
 
 Not all Model Software Version fields can be edited (see `EDIT_MODEL_VERSION`).
 
@@ -330,7 +331,7 @@ dcld tx model add-model-version --vid=<uint16> --pid=<uint16> --softwareVersion=
 **Status: Implemented**
 
 Edits an existing Model Software Version identified by a unique combination of `vid` (vendor ID) `pid` (product ID) and `softwareVersion`
-by the vendor.
+by the vendor. If `account` was created with product ID ranges then the `pid` must fall within that specified range.
 
 Only the fields listed below (except `vid` `pid` and `softwareVersion`)  can be edited.
 
@@ -362,7 +363,7 @@ All non-edited fields remain the same.
 **Status: Implemented**
 
 Deletes an existing Model Version identified by a unique combination of `vid` (vendor ID), `pid` (product ID) and `softwareVersion`
-by the vendor account.
+by the vendor account. If `account` was created with product ID ranges then the `pid` must fall within that specified range.
 
 Model Version can be deleted only before it is certified.
 
@@ -1383,14 +1384,15 @@ will be in a pending state until sufficient number of approvals is received.
   - address: `string` - account address; Bech32 encoded
   - pub_key: `string` - account's Protobuf JSON encoded public key
   - vid: `optional(uint16)` - vendor ID (only needed for vendor role)
+  - pid_ranges: `optional(array<uint16 range>)` - the list of product-id ranges (range item separated with "-"), comma-separated, in increasing order, associated with this account: `1-100,201-300...`
   - roles: `array<string>` - the list of roles, comma-separated, assigning to the account. Supported roles: `Vendor`, `TestHouse`, `CertificationCenter`, `Trustee`, `NodeAdmin`, `VendorAdmin`.
   - info: `optional(string)` - information/notes for the proposal
   - time: `optional(int64)` - proposal time (number of nanoseconds elapsed since January 1, 1970 UTC). CLI uses the current time for that field.
 - In State: `dclauth/PendingAccount/value/<address>`
 - Who can send:
   - Trustee
 - CLI command:
-  - `dcld tx auth propose-add-account --address=<bench32 encoded string> --pubkey=<protobuf JSON encoded> --roles=<role1,role2,...> --vid=<uint16> --from=<account>`
+  - `dcld tx auth propose-add-account --address=<bench32 encoded string> --pubkey=<protobuf JSON encoded> --roles=<role1,role2,...> --vid=<uint16> --pid_ranges=<uint16-range,uint16-range,...> --from=<account>`
 
 ### APPROVE_ADD_ACCOUNT
 

diff --git a/integration_tests/cli/auth-demo.sh b/integration_tests/cli/auth-demo.sh
@@ -761,6 +761,106 @@ check_response "$result" "\[\]"
 
 test_divider
 
+# Check creating Vendor Account with valid pid ranges: success-case
+pid_ranges="1-100,101-200"
+
+test_divider
+echo "Check creating Vendor Account with valid pid ranges: success-case"
+random_string user
+echo "$user generates keys"
+cmd="(echo $passphrase; echo $passphrase) | dcld keys add $user"
+result="$(bash -c "$cmd")"
+
+test_divider
+
+echo "Get key info for $user"
+result=$(echo $passphrase | dcld keys show $user)
+check_response "$result" "\"name\": \"$user\""
+
+test_divider
+
+user_address=$(echo $passphrase | dcld keys show $user -a)
+user_pubkey=$(echo $passphrase | dcld keys show $user -p)
+
+test_divider
+
+echo "Jack proposes account for $user"
+result=$(echo $passphrase | dcld tx auth propose-add-account --info="Jack is proposing this account" --address="$user_address" --pubkey="$user_pubkey" --roles="Vendor" --vid=$vid --pid_ranges=$pid_ranges --from jack --yes)
+check_response "$result" "\"code\": 0"
+
+test_divider
+
+echo "Get all active accounts. $user account in the list because has enough approvals"
+result=$(dcld query auth all-accounts)
+check_response "$result" "\"address\": \"$user_address\""
+
+test_divider
+
+echo "Get an account for $user"
+result=$(dcld query auth account --address=$user_address)
+check_response "$result" "\"address\": \"$user_address\""
+check_response_and_report "$result"  $jack_address "json"
+check_response_and_report "$result"  '"info": "Jack is proposing this account"' "json"
+
+test_divider
+
+echo "Get an proposed account for $user is not found"
+result=$(dcld query auth proposed-account --address=$user_address)
+check_response "$result" "Not Found"
+
+test_divider
+
+echo "Get all proposed accounts. $user account is not in the list"
+result=$(dcld query auth all-proposed-accounts)
+check_response "$result" "\[\]"
+
+test_divider
+
+# Check creating Vendor Account with invalid pid ranges: negative-case
+invalid_pid_ranges="100-101,1-200"
+
+test_divider
+echo "Check creating Vendor Account with invalid pid ranges: negative-case"
+random_string user
+echo "$user generates keys"
+cmd="(echo $passphrase; echo $passphrase) | dcld keys add $user"
+result="$(bash -c "$cmd")"
+
+test_divider
+
+echo "Get key info for $user"
+result=$(echo $passphrase | dcld keys show $user)
+check_response "$result" "\"name\": \"$user\""
+
+test_divider
+
+user_address=$(echo $passphrase | dcld keys show $user -a)
+user_pubkey=$(echo $passphrase | dcld keys show $user -p)
+
+test_divider
+
+echo "Jack proposes account for $user"
+result=$(echo $passphrase | dcld tx auth propose-add-account --info="Jack is proposing this account" --address="$user_address" --pubkey="$user_pubkey" --roles="Vendor" --vid=$vid --pid_ranges=$invalid_pid_ranges --from jack --yes 2>&1) || true
+check_response "$result" "invalid PID Range is provided" raw
+
+echo "Get an proposed account for $user is not found"
+result=$(dcld query auth proposed-account --address=$user_address)
+check_response "$result" "Not Found"
+
+test_divider
+
+echo "Get all proposed accounts. $user account is not in the list"
+result=$(dcld query auth all-proposed-accounts)
+check_response "$result" "\[\]"
+
+test_divider
+
+echo "Get all active accounts. $user account is not in the list because has not enough approvals received"
+result=$(dcld query auth all-accounts)
+response_does_not_contain "$result" "\"address\": \"$user_address\""
+
+test_divider
+
 random_string new_trustee1
 echo "$new_trustee1 generates keys"
 cmd="(echo $passphrase; echo $passphrase) | dcld keys add $new_trustee1"

diff --git a/integration_tests/cli/common.sh b/integration_tests/cli/common.sh
@@ -140,8 +140,15 @@ create_new_vendor_account(){
   _address=$(echo $passphrase | dcld keys show $_name -a)
   _pubkey=$(echo $passphrase | dcld keys show $_name -p)
 
-  echo "Jack proposes account for \"$_name\" with Vendor role"
-  _result=$(echo $passphrase | dcld tx auth propose-add-account --address="$_address" --pubkey="$_pubkey" --roles=Vendor --vid=$_vid --from jack --yes)
+  local _result=""
+  if [ $# -eq 3 ]; then
+    local _pid_ranges="$3"
+    echo "Jack proposes account for \"$_name\" with Vendor role and with [$_pid_ranges] associated Product IDs"
+    _result=$(echo $passphrase | dcld tx auth propose-add-account --address="$_address" --pubkey="$_pubkey" --roles=Vendor --vid=$_vid --pid_ranges=$_pid_ranges --from jack --yes)
+  else
+    echo "Jack proposes account for \"$_name\" with Vendor role"
+    _result=$(echo $passphrase | dcld tx auth propose-add-account --address="$_address" --pubkey="$_pubkey" --roles=Vendor --vid=$_vid --from jack --yes)
+  fi
   check_response "$_result" "\"code\": 0"
 
 }

diff --git a/integration_tests/cli/model-demo.sh b/integration_tests/cli/model-demo.sh
@@ -26,6 +26,14 @@ create_new_vendor_account $vendor_account $vid
 
 test_divider
 
+((vid_with_pids=vid + 1))
+pid_ranges="$pid-$pid"
+vendor_account_with_pids=vendor_account_$vid_with_pids
+echo "Create Vendor account - $vid_with_pids with ProductIDs - $pid_ranges"
+create_new_vendor_account $vendor_account_with_pids $vid_with_pids $pid_ranges
+
+test_divider
+
 # Body
 
 echo "Query non existent model"
@@ -57,6 +65,14 @@ echo "$result"
 
 test_divider
 
+productLabel="Device #1"
+echo "Add Model with VID: $vid_with_pids PID: $pid"
+result=$(echo "test1234" | dcld tx model add-model --vid=$vid_with_pids --pid=$pid --deviceTypeID=1 --productName=TestProduct --productLabel="$productLabel" --partNumber=1 --commissioningCustomFlow=0 --from=$vendor_account_with_pids --yes)
+check_response "$result" "\"code\": 0"
+echo "$result"
+
+test_divider
+
 echo "Get Model with VID: $vid PID: $pid"
 result=$(dcld query model get-model --vid=$vid --pid=$pid)
 check_response "$result" "\"vid\": $vid"
@@ -75,6 +91,13 @@ echo "$result"
 
 test_divider
 
+echo "Create Model Versions with VID: $vid_with_pids PID: $pid SoftwareVersion: $sv"
+result=$(echo "test1234" | dcld tx model add-model-version --vid=$vid_with_pids --pid=$pid --softwareVersion=$sv --minApplicableSoftwareVersion=1 --maxApplicableSoftwareVersion=15 --softwareVersionString=$sv --cdVersionNumber=$cd_version_num --from=$vendor_account_with_pids --yes)
+check_response "$result" "\"code\": 0"
+echo "$result"
+
+test_divider
+
 echo "Get all models"
 result=$(dcld query model all-models)
 check_response "$result" "\"vid\": $vid"
@@ -98,6 +121,13 @@ echo "$result"
 
 test_divider
 
+echo "Update Model with VID: ${vid_with_pids} PID: ${pid} with new description"
+result=$(echo "test1234" | dcld tx model update-model --vid=$vid_with_pids --pid=$pid --from $vendor_account_with_pids --yes --productLabel "$description")
+check_response "$result" "\"code\": 0"
+echo "$result"
+
+test_divider
+
 echo "Get Model with VID: ${vid} PID: ${pid}"
 result=$(dcld query model get-model --vid=$vid --pid=$pid)
 check_response "$result" "\"vid\": $vid"
@@ -130,14 +160,32 @@ echo "$result"
 
 test_divider
 
+echo "Delete Model with VID: ${vid_with_pids} PID: ${pid}"
+result=$(dcld tx model delete-model --vid=$vid_with_pids --pid=$pid --from=$vendor_account_with_pids --yes)
+echo "$result"
+
+test_divider
+
 echo "Query non existent model"
 result=$(dcld query model get-model --vid=$vid --pid=$pid)
 check_response "$result" "Not Found"
 echo "$result"
 
 test_divider
 
+echo "Query non existent model"
+result=$(dcld query model get-model --vid=$vid_with_pids --pid=$pid)
+check_response "$result" "Not Found"
+echo "$result"
+
+test_divider
+
 echo "Query model versions for deleted model"
 result=$(dcld query model model-version --vid=$vid --pid=$pid --softwareVersion=$sv)
 check_response "$result" "Not Found"
+echo "$result"
+
+echo "Query model versions for deleted model"
+result=$(dcld query model model-version --vid=$vid_with_pids --pid=$pid --softwareVersion=$sv)
+check_response "$result" "Not Found"
 echo "$result"