Error out on permissions config accounts-allowlist validation errors. [#7138] (#7161)

* Error out on permissions config accounts-allowlist validation errors. Signed-off-by: krishnannarayanan <krsh24@gmail.com> * Fixing compilation errors Signed-off-by: krishnannarayanan <krsh24@gmail.com> * Incorrect file check in Signed-off-by: krishnannarayanan <krsh24@gmail.com> --------- Signed-off-by: krishnannarayanan <krsh24@gmail.com>
2026-01-09 07:18:06 -05:00 · 2024-06-05 05:53:45 +08:00
parent e4daf6ada2
commit 9d8c191911
2 changed files with 42 additions and 1 deletions
--- a/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningController.java
+++ b/ethereum/permissioning/src/main/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningController.java
@@ -84,7 +84,13 @@ public class AccountLocalConfigPermissioningController implements TransactionPer
  private void readAccountsFromConfig(final LocalPermissioningConfiguration configuration) {
    if (configuration != null && configuration.isAccountAllowlistEnabled()) {
      if (!configuration.getAccountAllowlist().isEmpty()) {
-        addAccounts(configuration.getAccountAllowlist());
+        AllowlistOperationResult result = addAccounts(configuration.getAccountAllowlist());
+        if (result != AllowlistOperationResult.SUCCESS) {
+          throw new IllegalStateException(
+              String.format(
+                  "Error reloading permissions file. Invalid accounts allowlist, validation failed due to \"%s\"",
+                  result));
+        }
      }
    }
  }
--- a/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java
+++ b/ethereum/permissioning/src/test/java/org/hyperledger/besu/ethereum/permissioning/AccountLocalConfigPermissioningControllerTest.java
@@ -17,6 +17,7 @@ package org.hyperledger.besu.ethereum.permissioning;
 import static java.util.Collections.singletonList;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.catchThrowable;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.mock;
@@ -108,6 +109,40 @@ public class AccountLocalConfigPermissioningControllerTest {
        .containsExactly("0xfe3b557e8fb62b89f4916b721be55ceb828dbd73");
  }

+  @Test
+  public void whenLoadingDuplicateAccountsFromConfigShouldThrowError() {
+    when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);
+    when(permissioningConfig.getAccountAllowlist())
+        .thenReturn(
+            List.of(
+                "0xcb88953e60948e3a76fa658d65b7c2d5043c6409",
+                "0xdd76406b124f9e3ae9fbeb47e4d8dc0ab143902d",
+                "0x432132e8561785c33afe931762cf8eeb9c80e3ad",
+                "0xcb88953e60948e3a76fa658d65b7c2d5043c6409"));
+
+    assertThrows(
+        IllegalStateException.class,
+        () -> {
+          controller =
+              new AccountLocalConfigPermissioningController(
+                  permissioningConfig, allowlistPersistor, metricsSystem);
+        });
+  }
+
+  @Test
+  public void whenLoadingInvalidAccountsFromConfigShouldThrowError() {
+    when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);
+    when(permissioningConfig.getAccountAllowlist()).thenReturn(List.of("0x0", "0xzxy"));
+
+    assertThrows(
+        IllegalStateException.class,
+        () -> {
+          controller =
+              new AccountLocalConfigPermissioningController(
+                  permissioningConfig, allowlistPersistor, metricsSystem);
+        });
+  }
+
  @Test
  public void whenPermConfigContainsEmptyListOfAccountsContainsShouldReturnFalse() {
    when(permissioningConfig.isAccountAllowlistEnabled()).thenReturn(true);