Error out on permissions config accounts-allowlist validation errors. […

…hyperledger#7138] (hyperledger#7161) * Error out on permissions config accounts-allowlist validation errors. Signed-off-by: krishnannarayanan <krsh24@gmail.com> * Fixing compilation errors Signed-off-by: krishnannarayanan <krsh24@gmail.com> * Incorrect file check in Signed-off-by: krishnannarayanan <krsh24@gmail.com> --------- Signed-off-by: krishnannarayanan <krsh24@gmail.com>
fab-10 · Jun 4, 2024 · 9d8c191 · 9d8c191
1 parent e4daf6a
commit 9d8c191
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 1 deletion.
diff --git a/...rg/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningController.java b/...rg/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningController.java
@@ -84,7 +84,13 @@ public AccountLocalConfigPermissioningController(
   private void readAccountsFromConfig(final LocalPermissioningConfiguration configuration) {
     if (configuration != null && configuration.isAccountAllowlistEnabled()) {
       if (!configuration.getAccountAllowlist().isEmpty()) {
-        addAccounts(configuration.getAccountAllowlist());
+        AllowlistOperationResult result = addAccounts(configuration.getAccountAllowlist());
+        if (result != AllowlistOperationResult.SUCCESS) {
+          throw new IllegalStateException(
+              String.format(
+                  "Error reloading permissions file. Invalid accounts allowlist, validation failed due to \"%s\"",
+                  result));
+        }
       }
     }
   }

diff --git a/...yperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java b/...yperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java
@@ -17,6 +17,7 @@
 import static java.util.Collections.singletonList;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.catchThrowable;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.mock;
@@ -108,6 +109,40 @@ public void whenLoadingAccountsFromConfigShouldNormalizeAccountsToLowerCase() {
         .containsExactly("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73");
   }
 
+  @Test
+  public void whenLoadingDuplicateAccountsFromConfigShouldThrowError() {
+    when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);
+    when(permissioningConfig.getAccountAllowlist())
+        .thenReturn(
+            List.of(
+                "0xcb88953e60948e3a76fa658d65b7c2d5043c6409",
+                "0xdd76406b124f9e3ae9fbeb47e4d8dc0ab143902d",
+                "0x432132e8561785c33afe931762cf8eeb9c80e3ad",
+                "0xcb88953e60948e3a76fa658d65b7c2d5043c6409"));
+
+    assertThrows(
+        IllegalStateException.class,
+        () -> {
+          controller =
+              new AccountLocalConfigPermissioningController(
+                  permissioningConfig, allowlistPersistor, metricsSystem);
+        });
+  }
+
+  @Test
+  public void whenLoadingInvalidAccountsFromConfigShouldThrowError() {
+    when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);
+    when(permissioningConfig.getAccountAllowlist()).thenReturn(List.of("0x0", "0xzxy"));
+
+    assertThrows(
+        IllegalStateException.class,
+        () -> {
+          controller =
+              new AccountLocalConfigPermissioningController(
+                  permissioningConfig, allowlistPersistor, metricsSystem);
+        });
+  }
+
   @Test
   public void whenPermConfigContainsEmptyListOfAccountsContainsShouldReturnFalse() {
     when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);