[WIP] Test identity challenge (actually, not)

2024-11-07 10:38:52 +00:00 · 2018-07-02 18:42:36 +03:00 · 2018-07-02 18:42:36 +03:00 · 1f374904f2
commit 1f374904f2
parent f7ccd4cb69
12 changed files with 244 additions and 21 deletions
--- a/apps/ff_cth/src/ct_domain.erl
+++ b/apps/ff_cth/src/ct_domain.erl
@ -140,7 +140,7 @@ external_account_set(Ref, Name, ?cur(SymCode), C) ->
    }}.

 account(SymCode, C) ->
-    Client = maps:get(accounter, ct_helper:cfg(clients, C)),
+    Client = maps:get('accounter', ct_helper:cfg(services, C)),
    WoodyCtx = ct_helper:get_woody_ctx(C),
    Prototype = #accounter_AccountPrototype{
        currency_sym_code = SymCode,
--- a/apps/ff_cth/src/ct_identdocstore.erl
+++ b/apps/ff_cth/src/ct_identdocstore.erl
@ -0,0 +1,47 @@
+-module(ct_identdocstore).
+
+-export([rus_domestic_passport/1]).
+-export([rus_retiree_insurance_cert/1]).
+
+%%
+
+-include_lib("identdocstore_proto/include/identdocstore_identity_document_storage_thrift.hrl").
+
+rus_domestic_passport(C) ->
+    Document = {
+        russian_domestic_passport,
+        #identdocstore_RussianDomesticPassport{
+            series      = <<"1234">>,
+            number      = <<"567890">>,
+            issuer      = <<"Чаржбекистон УВД">>,
+            issuer_code = <<"012345">>,
+            issued_at   = <<"2012-12-22T12:42:11Z">>,
+            family_name = <<"Котлетка">>,
+            first_name  = <<"С">>,
+            patronymic  = <<"Пюрешкой">>,
+            birth_date  = <<"1972-03-12T00:00:00Z">>,
+            birth_place = <<"Чаржбечхала">>
+        }
+    },
+    Client = maps:get('identdocstore', ct_helper:cfg(services, C)),
+    WoodyCtx = ct_helper:get_woody_ctx(C),
+    Request = {{identdocstore_identity_document_storage_thrift, 'IdentityDocumentStorage'}, 'Put', [Document]},
+    case woody_client:call(Request, Client, WoodyCtx) of
+        {ok, Token} ->
+            {rus_domestic_passport, Token}
+    end.
+
+rus_retiree_insurance_cert(C) ->
+    Document = {
+        russian_retiree_insurance_certificate,
+        #identdocstore_RussianRetireeInsuranceCertificate{
+            number = <<"123-456-789 01">>
+        }
+    },
+    Client = maps:get('identdocstore', ct_helper:cfg(services, C)),
+    WoodyCtx = ct_helper:get_woody_ctx(C),
+    Request = {{identdocstore_identity_document_storage_thrift, 'IdentityDocumentStorage'}, 'Put', [Document]},
+    case woody_client:call(Request, Client, WoodyCtx) of
+        {ok, Token} ->
+            {rus_retiree_insurance_cert, Token}
+    end.
--- a/apps/fistful/src/ff_identity_challenge.erl
+++ b/apps/fistful/src/ff_identity_challenge.erl
@ -197,14 +197,15 @@ encode(level, Level) ->
    % TODO
    Level;

-encode(identity_document, #{type := Type, token := Token}) ->
+encode(identity_document, {Type, Token}) ->
    #identity_IdentityDocument{
        type  = encode(identity_document_type, Type),
        token = encode(string, Token)
    };
-encode(identity_document_type, Type) ->
-    % TODO
-    Type;
+encode(identity_document_type, rus_domestic_passport) ->
+    {rus_domestic_passport, #identity_RUSDomesticPassport{}};
+encode(identity_document_type, rus_retiree_insurance_cert) ->
+    {rus_retiree_insurance_cert, #identity_RUSRetireeInsuranceCert{}};

 encode(identity_claim_id, V) ->
    encode(string, V);
--- a/apps/fistful/src/ff_identity_machine.erl
+++ b/apps/fistful/src/ff_identity_machine.erl
@ -114,7 +114,12 @@ get(ID) ->
    }.

 start_challenge(ID, Params) ->
-    machinery:call(?NS, ID, {start_challenge, Params}, backend()).
+    case machinery:call(?NS, ID, {start_challenge, Params}, backend()) of
+        {ok, Reply} ->
+            Reply;
+        Error ->
+            Error
+    end.

 backend() ->
    fistful:backend(?NS).
--- a/apps/fistful/test/ff_identity_SUITE.erl
+++ b/apps/fistful/test/ff_identity_SUITE.erl
@ -9,6 +9,7 @@
 -export([get_missing_fails/1]).
 -export([create_missing_fails/1]).
 -export([create_ok/1]).
+-export([identify_ok/1]).

 %%

@ -26,12 +27,14 @@ all() ->
    [
        get_missing_fails,
        create_missing_fails,
-        create_ok
+        create_ok,
+        identify_ok
    ].

 -spec get_missing_fails(config()) -> test_return().
 -spec create_missing_fails(config()) -> test_return().
 -spec create_ok(config()) -> test_return().
+-spec identify_ok(config()) -> test_return().

 -spec init_per_suite(config()) -> config().

@ -51,10 +54,11 @@ init_per_suite(C) ->
        ]},
        {fistful, [
            {services, #{
-                'partymgmt' => ff_woody_client:new("http://hellgate:8022/v1/processing/partymgmt")
+                'partymgmt'      => ff_woody_client:new("http://hellgate:8022/v1/processing/partymgmt"),
+                'identification' => ff_woody_client:new("http://identification:8022/v1/identification")
            }},
            {backends, #{
-                'identity'  => machinery_gensrv_backend:new(IBO)
+                'identity'  => {fistful, machinery_gensrv_backend:new(IBO)}
            }},
            {providers,
                get_provider_config()
@ -62,14 +66,16 @@ init_per_suite(C) ->
        ]}
    ]),
    SuiteSup = ct_sup:start(),
-    {ok, _} = supervisor:start_child(SuiteSup, machinery_gensrv_backend:child_spec(ff_identity_machine, IBO)),
+    IBCS = machinery_gensrv_backend:child_spec({fistful, ff_identity_machine}, IBO),
+    {ok, _} = supervisor:start_child(SuiteSup, IBCS),
    C1 = ct_helper:makeup_cfg(
        [ct_helper:test_case_name(init), ct_helper:woody_ctx()],
        [
            {started_apps , StartedApps},
            {suite_sup    , SuiteSup},
-            {clients      , #{
-                'accounter' => ff_woody_client:new("http://shumway:8022/accounter")
+            {services     , #{
+                'accounter'     => ff_woody_client:new("http://shumway:8022/accounter"),
+                'identdocstore' => ff_woody_client:new("http://cds:8022/v1/identity_document_storage")
            }}
        | C]
    ),
@ -138,16 +144,51 @@ create_ok(C) ->
    ),
    I1 = ff_identity_machine:identity(unwrap(ff_identity_machine:get(ID))),
    {ok, accessible} = ff_identity:is_accessible(I1),
+    Party = ff_identity:party(I1),
+    Party = ff_identity:party(I1).
+
+identify_ok(C) ->
+    ID = genlib:unique(),
+    Party = create_party(C),
+    ok = ff_identity_machine:create(
+        ID,
+        #{
+            party    => Party,
+            provider => <<"good-one">>,
+            class    => <<"person">>
+        },
+        ff_ctx:new()
+    ),
    ICID = genlib:unique(),
-    ok = ff_identity_machine:start_challenge(
+    {ok, S1} = ff_identity_machine:get(ID),
+    I1 = ff_identity_machine:identity(S1),
+    {error, notfound} = ff_identity:challenge(ICID, I1),
+    D1 = ct_identdocstore:rus_retiree_insurance_cert(C),
+    D2 = ct_identdocstore:rus_domestic_passport(C),
+    {error, {proof, insufficient}} = ff_identity_machine:start_challenge(
        ID, #{
            id     => ICID,
            class  => <<"sword-initiation">>,
            proofs => []
        }
    ),
-    I2 = ff_identity_machine:identity(unwrap(ff_identity_machine:get(ID))),
-    {ok, _IC} = ff_identity:challenge(ICID, I2).
+    {error, {proof, insufficient}} = ff_identity_machine:start_challenge(
+        ID, #{
+            id     => ICID,
+            class  => <<"sword-initiation">>,
+            proofs => [D1]
+        }
+    ),
+    ok = ff_identity_machine:start_challenge(
+        ID, #{
+            id     => ICID,
+            class  => <<"sword-initiation">>,
+            proofs => [D1, D2]
+        }
+    ),
+    {ok, S2} = ff_identity_machine:get(ID),
+    I2 = ff_identity_machine:identity(S2),
+    {ok, IC} = ff_identity:challenge(ICID, I2).

 create_party(_C) ->
    ID = genlib:unique(),
--- a/apps/fistful/test/ff_wallet_SUITE.erl
+++ b/apps/fistful/test/ff_wallet_SUITE.erl
@ -75,7 +75,7 @@ init_per_suite(C) ->
        [
            {started_apps , StartedApps},
            {suite_sup    , SuiteSup},
-            {clients      , #{
+            {services     , #{
                'accounter' => ff_woody_client:new("http://shumway:8022/accounter")
            }}
        | C]
--- a/docker-compose.sh
+++ b/docker-compose.sh
@ -13,6 +13,10 @@ services:
    depends_on:
      hellgate:
        condition: service_healthy
+      identification:
+        condition: service_healthy
+      cds:
+        condition: service_healthy
      dominant:
        condition: service_healthy
      machinegun:
@ -35,7 +39,7 @@ services:
      test: "curl http://localhost:8022/"
      interval: 5s
      timeout: 1s
-      retries: 20
+      retries: 10

  dominant:
    image: dr.rbkmoney.com/rbkmoney/dominant:1756bbac6999fa46fbe44a72c74c02e616eda0f6
@ -50,7 +54,7 @@ services:
      test: "curl http://localhost:8022/"
      interval: 5s
      timeout: 1s
-      retries: 20
+      retries: 10

  shumway:
    image: dr.rbkmoney.com/rbkmoney/shumway:7a5f95ee1e8baa42fdee9c08cc0ae96cd7187d55
@ -69,7 +73,33 @@ services:
      test: "curl http://localhost:8022/"
      interval: 5s
      timeout: 1s
-      retries: 20
+      retries: 10
+
+  identification:
+    image: dr.rbkmoney.com/rbkmoney/identification:228727f0a0e7eb8874977921d340fd56e6b5d472
+    command: /opt/identification/bin/identification foreground
+    volumes:
+      - ./test/identification/sys.config:/opt/identification/releases/0.1/sys.config
+      - ./test/log/identification:/var/log/identification
+    depends_on:
+      - cds
+    healthcheck:
+      test: "curl http://localhost:8022/"
+      interval: 5s
+      timeout: 1s
+      retries: 10
+
+  cds:
+    image: dr.rbkmoney.com/rbkmoney/cds:a02376ae8a30163a6177d41edec9d8ce2ff85e4f
+    command: /opt/cds/bin/cds foreground
+    volumes:
+      - ./test/cds/sys.config:/opt/cds/releases/0.1.0/sys.config
+      - ./test/log/cds:/var/log/cds
+    healthcheck:
+      test: "curl http://localhost:8022/"
+      interval: 5s
+      timeout: 1s
+      retries: 10

  machinegun:
    image: dr.rbkmoney.com/rbkmoney/machinegun:5756aa3070f9beebd4b20d7076c8cdc079286090
@ -81,7 +111,7 @@ services:
      test: "curl http://localhost:8022/"
      interval: 5s
      timeout: 1s
-      retries: 20
+      retries: 10

  shumway-db:
    image: dr.rbkmoney.com/rbkmoney/postgres:9.6
--- a/rebar.config
+++ b/rebar.config
@ -66,6 +66,9 @@
    },
    {id_proto,
        {git, "git@github.com:rbkmoney/identification-proto.git", {branch, "epic/rbkwallet-mvp"}}
+    },
+    {identdocstore_proto,
+        {git, "git@github.com:rbkmoney/identdocstore-proto.git", {branch, "master"}}
    }
 ]}.

--- a/test/cds/sys.config
+++ b/test/cds/sys.config
@ -0,0 +1,34 @@
+[
+
+    {cds, [
+        {ip, "::"},
+        {port, 8022},
+        {net_opts, [
+            {timeout, 60000}
+        ]},
+        {scrypt_opts, {256, 8, 1}},
+        {keyring_storage, cds_keyring_storage_env},
+        {storage, cds_storage_ets},
+        {session_cleaning, #{
+            interval => 10000,
+            batch_size => 5000,
+            session_lifetime => 3600
+        }},
+        {recrypting, #{
+            interval => 10000,
+            batch_size => 5000
+        }}
+    ]},
+
+    {lager, [
+        {error_logger_redirect, true},
+        {log_root, "/var/log/cds"},
+        {handlers, [
+            {lager_file_backend, [
+                {file, "console.json"},
+                {level, debug}
+            ]}
+        ]}
+    ]}
+
+].
--- a/test/hellgate/sys.config
+++ b/test/hellgate/sys.config
@ -31,7 +31,7 @@
    ]},

    {dmt_client, [
-        {cache_update_interval, 60000},
+        {cache_update_interval, 1000},
        {max_cache_size, #{
            elements => 1
        }},
--- a/test/identification/sys.config
+++ b/test/identification/sys.config
@ -0,0 +1,54 @@
+[
+    {lager, [
+        {log_root, "/var/log/identification"},
+        {handlers, [
+            {lager_file_backend, [
+                {file, "console.json"},
+                {level, debug}
+            ]}
+        ]}
+    ]},
+
+    {scoper, [
+        {storage, scoper_storage_lager}
+    ]},
+
+    {identification, [
+        {ip, "::"},
+        {port, 8022},
+        {net_opts, [
+            {timeout, 60000}
+        ]},
+        {handlers, #{
+            identification => #{
+                path => <<"/v1/identification">>
+            },
+            identification_judge => #{
+                path => <<"/v1/identification-judge">>
+            }
+        }},
+        {machines, #{
+            identity => #{
+                path => <<"/v1/stateproc/identity">>
+            },
+            claim => #{
+                path => <<"/v1/stateproc/identity-claim">>
+            }
+        }},
+        {clients, #{
+            automaton => #{
+                url => <<"http://machinegun:8022/v1/automaton">>,
+                namespaces => #{
+                    identity => <<"identity">>,
+                    claim    => <<"identity-claim">>
+                }
+            },
+            proof_service => #{
+                url => <<"http://uprid:8080/v1/api">>
+            },
+            proof_storage => #{
+                url => <<"http://cds:8022/v1/id-storage">>
+            }
+        }}
+    ]}
+].
--- a/test/machinegun/config.yaml
+++ b/test/machinegun/config.yaml
@ -11,6 +11,14 @@ namespaces:
      processor:
          url: http://dominant:8022/v1/stateproc

+  # Identification
+  identity:
+      processor:
+          url: http://identification:8022/v1/stateproc/identity
+  identity-claim:
+      processor:
+          url: http://identification:8022/v1/stateproc/identity-claim
+
  # Fistful
  identity:
      processor: