From f8fb6c2a16e62a6e8381bb1c8916d8ab06343608 Mon Sep 17 00:00:00 2001 From: Sudesh Shetty Date: Thu, 12 Apr 2018 22:55:18 -0400 Subject: [PATCH] [FAB-9238] revoke test to use config yaml -As per current endpointConfig.ChannelPeers logic, config backend needs extra set of keys to make channels.peers attributes 'false'. So reverting custom backend in revoke test for time being to make CI stable, till endpointConfig.ChannelPeers logic is fixed. Change-Id: I8b115ae57b258d68fffbdc6aab4371cfce79de1c Signed-off-by: Sudesh Shetty --- pkg/fab/endpointconfig.go | 16 +- test/fixtures/config/config_revoke_test.yaml | 452 ++++++++++++++++++ test/integration/revoked/revoked_peer_test.go | 4 +- 3 files changed, 463 insertions(+), 9 deletions(-) create mode 100644 test/fixtures/config/config_revoke_test.yaml diff --git a/pkg/fab/endpointconfig.go b/pkg/fab/endpointconfig.go index bc00dac9af..ad16a88931 100644 --- a/pkg/fab/endpointconfig.go +++ b/pkg/fab/endpointconfig.go @@ -437,16 +437,16 @@ func (c *EndpointConfig) ChannelPeers(name string) ([]fab.ChannelPeer, error) { chPeerKey := "channels." + name + ".peers." + peerName // Default value for endorsing peer key is true - setEndorsingPeer(chPeerKey, c, chPeerConfig) + setEndorsingPeer(chPeerKey, c, &chPeerConfig) // Default value for chaincode query key is true - setChaincodeQuery(chPeerKey, c, chPeerConfig) + setChaincodeQuery(chPeerKey, c, &chPeerConfig) // Default value for ledger query key is true - setLedgerQuery(chPeerKey, c, chPeerConfig) + setLedgerQuery(chPeerKey, c, &chPeerConfig) // Default value for event source key is true - setEventSource(chPeerKey, c, chPeerConfig) + setEventSource(chPeerKey, c, &chPeerConfig) mspID, err := c.PeerMSPID(peerName) if err != nil { @@ -464,7 +464,7 @@ func (c *EndpointConfig) ChannelPeers(name string) ([]fab.ChannelPeer, error) { } -func setEndorsingPeer(chPeerKey string, c *EndpointConfig, chPeerConfig fab.PeerChannelConfig) { +func setEndorsingPeer(chPeerKey string, c *EndpointConfig, chPeerConfig *fab.PeerChannelConfig) { endorsingPeerKey := strings.ToLower(chPeerKey + ".endorsingPeer") _, ok := c.backend.Lookup(endorsingPeerKey) if !ok { @@ -472,7 +472,7 @@ func setEndorsingPeer(chPeerKey string, c *EndpointConfig, chPeerConfig fab.Peer } } -func setEventSource(chPeerKey string, c *EndpointConfig, chPeerConfig fab.PeerChannelConfig) { +func setEventSource(chPeerKey string, c *EndpointConfig, chPeerConfig *fab.PeerChannelConfig) { eventSourceKey := strings.ToLower(chPeerKey + ".eventSource") _, ok := c.backend.Lookup(eventSourceKey) if !ok { @@ -480,7 +480,7 @@ func setEventSource(chPeerKey string, c *EndpointConfig, chPeerConfig fab.PeerCh } } -func setLedgerQuery(chPeerKey string, c *EndpointConfig, chPeerConfig fab.PeerChannelConfig) { +func setLedgerQuery(chPeerKey string, c *EndpointConfig, chPeerConfig *fab.PeerChannelConfig) { ledgerQueryKey := strings.ToLower(chPeerKey + ".ledgerQuery") _, ok := c.backend.Lookup(ledgerQueryKey) if !ok { @@ -488,7 +488,7 @@ func setLedgerQuery(chPeerKey string, c *EndpointConfig, chPeerConfig fab.PeerCh } } -func setChaincodeQuery(chPeerKey string, c *EndpointConfig, chPeerConfig fab.PeerChannelConfig) { +func setChaincodeQuery(chPeerKey string, c *EndpointConfig, chPeerConfig *fab.PeerChannelConfig) { ccQueryKey := strings.ToLower(chPeerKey + ".chaincodeQuery") _, ok := c.backend.Lookup(ccQueryKey) if !ok { diff --git a/test/fixtures/config/config_revoke_test.yaml b/test/fixtures/config/config_revoke_test.yaml new file mode 100644 index 0000000000..375b8a354a --- /dev/null +++ b/test/fixtures/config/config_revoke_test.yaml @@ -0,0 +1,452 @@ +# +# Copyright SecureKey Technologies Inc. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# +# +# The network connection profile provides client applications the information about the target +# blockchain network that are necessary for the applications to interact with it. These are all +# knowledge that must be acquired from out-of-band sources. This file provides such a source. +# + + +# +# Schema version of the content. Used by the SDK to apply the corresponding parsing rules. +# +version: 1.0.0 + +# +# The client section used by GO SDK. +# +client: + + # Which organization does this application instance belong to? The value must be the name of an org + # defined under "organizations" + organization: org1 + + logging: + level: info + + # Global configuration for peer, event service and orderer timeouts + # if this this section is omitted, then default values will be used (same values as below) +# peer: +# timeout: +# connection: 10s +# response: 180s +# discovery: +# # Expiry period for discovery service greylist filter +# # The channel client will greylist peers that are found to be offline +# # to prevent re-selecting them in subsequent retries. +# # This interval will define how long a peer is greylisted +# greylistExpiry: 10s + eventService: + # Event service type (deliver|eventhub) - default: deliver + # NOTE: This is temporary until the SDK starts making use of channel capabilities + type: deliver + # the below timeouts are commented out to use the default values that are found in + # "pkg/fab/endpointconfig.go" + # the client is free to override the default values by uncommenting and resetting + # the values as they see fit in their config file +# timeout: +# connection: 15s +# registrationResponse: 15s +# orderer: +# timeout: +# connection: 15s +# response: 15s +# global: +# timeout: +# query: 180s +# execute: 180s +# resmgmt: 180s +# cache: +# connectionIdle: 30s +# eventServiceIdle: 2m +# channelConfig: 30m +# channelMembership: 30s + + # Root of the MSP directories with keys and certs. + cryptoconfig: + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH} + + # Some SDKs support pluggable KV stores, the properties under "credentialStore" + # are implementation specific + credentialStore: + # [Optional]. Used by user store. Not needed if all credentials are embedded in configuration + # and enrollments are performed elswhere. + path: "/tmp/state-store" + + # [Optional]. Specific to the CryptoSuite implementation used by GO SDK. Software-based implementations + # requiring a key store. PKCS#11 based implementations does not. + cryptoStore: + # Specific to the underlying KeyValueStore that backs the crypto key store. + path: /tmp/msp + + # BCCSP config for the client. Used by GO SDK. + BCCSP: + security: + enabled: true + default: + provider: "SW" + hashAlgorithm: "SHA2" + softVerify: true + ephemeral: false + level: 256 + + tlsCerts: + # [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false + systemCertPool: false + + # [Optional]. Client key and cert for TLS handshake with peers and orderers + client: + key: + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/config/mutual_tls/client_sdk_go-key.pem + cert: + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/config/mutual_tls/client_sdk_go.pem + +# +# [Optional]. But most apps would have this section so that channel objects can be constructed +# based on the content below. If an app is creating channels, then it likely will not need this +# section. +# +channels: + # name of the channel + mychannel: + # Required. list of orderers designated by the application to use for transactions on this + # channel. This list can be a result of access control ("org1" can only access "ordererA"), or + # operational decisions to share loads from applications among the orderers. The values must + # be "names" of orgs defined under "organizations/peers" + orderers: + - orderer.example.com + + # Required. list of peers from participating orgs + peers: + peer0.org1.example.com: + # [Optional]. will this peer be sent transaction proposals for endorsement? The peer must + # have the chaincode installed. The app can also use this property to decide which peers + # to send the chaincode install request. Default: true + endorsingPeer: true + + # [Optional]. will this peer be sent query proposals? The peer must have the chaincode + # installed. The app can also use this property to decide which peers to send the + # chaincode install request. Default: true + chaincodeQuery: true + + # [Optional]. will this peer be sent query proposals that do not require chaincodes, like + # queryBlock(), queryTransaction(), etc. Default: true + ledgerQuery: true + + # [Optional]. will this peer be the target of the SDK's listener registration? All peers can + # produce events but the app typically only needs to connect to one to listen to events. + # Default: true + eventSource: true + + # [Optional]. The application can use these options to perform channel operations like retrieving channel + # config etc. + policies: + #[Optional] options for retrieving channel configuration blocks + queryChannelConfig: + #[Optional] min number of success responses (from targets/peers) + minResponses: 1 + #[Optional] channel config will be retrieved for these number of random targets + maxTargets: 1 + #[Optional] retry options for query config block + retryOpts: + #[Optional] number of retry attempts + attempts: 5 + #[Optional] the back off interval for the first retry attempt + initialBackoff: 500ms + #[Optional] the maximum back off interval for any retry attempt + maxBackoff: 5s + #[Optional] he factor by which the initial back off period is exponentially incremented + backoffFactor: 2.0 + + # multi-org test channel + orgchannel: + + orderers: + - orderer.example.com + + peers: + peer0.org1.example.com: + endorsingPeer: true + chaincodeQuery: true + ledgerQuery: true + eventSource: true + + peer1.org2.example.com: + endorsingPeer: true + chaincodeQuery: true + ledgerQuery: true + # Don't use revoked peer as event source or + # else the test will time out waiting for event + eventSource: false + + +# +# list of participating organizations in this network +# +organizations: + org1: + mspid: Org1MSP + + # This org's MSP store (absolute path or relative to client.cryptoconfig) + cryptoPath: peerOrganizations/org1.example.com/users/{username}@org1.example.com/msp + + peers: + - peer0.org1.example.com + + # [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based + # network. Typically certificates provisioning is done in a separate process outside of the + # runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for + # dynamic certificate management (enroll, revoke, re-enroll). The following section is only for + # Fabric-CA servers. + certificateAuthorities: + - ca.org1.example.com + + # the profile will contain public information about organizations other than the one it belongs to. + # These are necessary information to make transaction lifecycles work, including MSP IDs and + # peers with a public URL to send transaction proposals. The file will not contain private + # information reserved for members of the organization, such as admin key and certificate, + # fabric-ca registrar enroll ID and secret, etc. + org2: + mspid: Org2MSP + + # This org's MSP store (absolute path or relative to client.cryptoconfig) + cryptoPath: peerOrganizations/org2.example.com/users/{username}@org2.example.com/msp + + peers: + - peer1.org2.example.com + + certificateAuthorities: + - ca.org2.example.com + + # Orderer Org name + ordererorg: + # Membership Service Provider ID for this organization + mspID: "OrdererOrg" + + # Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode) + cryptoPath: ordererOrganizations/example.com/users/{username}@example.com/msp + + +# +# List of orderers to send transaction and channel create/update requests to. For the time +# being only one orderer is needed. If more than one is defined, which one get used by the +# SDK is implementation specific. Consult each SDK's documentation for its handling of orderers. +# +orderers: + local.orderer.example.com: + url: orderer.example.com:7050 + + # these are standard properties defined by the gRPC library + # they will be passed in as-is to gRPC client constructor + #TODO to be moved to high level, common for all grpc connections + grpcOptions: + ssl-target-name-override: orderer.example.com +# These parameters should be set in coordination with the keepalive policy on the server, +# as incompatible settings can result in closing of connection. +# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled + keep-alive-time: 0s + keep-alive-timeout: 20s + keep-alive-permit: false + fail-fast: false + #will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs + allow-insecure: false + + tlsCACerts: + # Certificate location absolute path + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH}/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem + +# +# List of peers to send various requests to, including endorsement, query +# and event listener registration. +# +peers: + local.peer0.org1.example.com: + # this URL is used to send endorsement and query requests + url: peer0.org1.example.com:7051 + + # this URL is used to connect the EventHub and registering event listeners + eventUrl: peer0.org1.example.com:7053 + + grpcOptions: + ssl-target-name-override: peer0.org1.example.com + # These parameters should be set in coordination with the keepalive policy on the server, + # as incompatible settings can result in closing of connection. + # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled + keep-alive-time: 0s + keep-alive-timeout: 20s + keep-alive-permit: false + fail-fast: false + #will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs + allow-insecure: false + + tlsCACerts: + # Certificate location absolute path + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem + + + local.peer1.org2.example.com: + url: peer1.org2.example.com:9051 + #eventUrl: peer1.org2.example.com:9053 + + grpcOptions: + ssl-target-name-override: peer1.org2.example.com + # These parameters should be set in coordination with the keepalive policy on the server, + # as incompatible settings can result in closing of connection. + # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled + keep-alive-time: 0s + keep-alive-timeout: 20s + keep-alive-permit: false + fail-fast: false + #will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs + allow-insecure: false + + tlsCACerts: + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem + crls: + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/crl + + +# +# Fabric-CA is a special kind of Certificate Authority provided by Hyperledger Fabric which allows +# certificate management to be done via REST APIs. Application may choose to use a standard +# Certificate Authority instead of Fabric-CA, in which case this section would not be specified. +# +certificateAuthorities: + local.ca.org1.example.com: + url: https://ca.org1.example.com:7054 + tlsCACerts: + # Comma-Separated list of paths + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/fabricca/tls/certs/ca_root.pem + # Client key and cert for SSL handshake with Fabric CA + client: + key: + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/fabricca/tls/certs/client/client_fabric_client-key.pem + cert: + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/fabricca/tls/certs/client/client_fabric_client.pem + + # Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is + # needed to enroll and invoke new users. + registrar: + enrollId: admin + enrollSecret: adminpw + # [Optional] The optional name of the CA. + caName: ca.org1.example.com + local.ca.org2.example.com: + url: https://ca.org2.example.com:8054 + tlsCACerts: + # Comma-Separated list of paths + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/fabricca/tls/certs/ca_root.pem + # Client key and cert for SSL handshake with Fabric CA + client: + key: + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/fabricca/tls/certs/client/client_fabric_client-key.pem + cert: + path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/fabricca/tls/certs/client/client_fabric_client.pem + + # Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is + # needed to enroll and invoke new users. + registrar: + enrollId: admin + enrollSecret: adminpw + # [Optional] The optional name of the CA. + caName: ca.org2.example.com + +# EntityMatchers enable substitution of network hostnames with static configurations + # so that properties can be mapped. Regex can be used for this purpose +# UrlSubstitutionExp can be empty which means the same network hostname will be used +# UrlSubstitutionExp can be given same as mapped peer url, so that mapped peer url can be used +# UrlSubstitutionExp can have golang regex matchers like $1.local.example.$2:$3 for pattern + # like peer0.org1.example.com:1234 which converts peer0.org1.example.com to peer0.org1.local.example.com:1234 +# EventUrlSubstitutionExp and sslTargetOverrideUrlSubstitutionExp follow in the same lines as + # SubstitutionExp for the fields eventUrl and gprcOptions.ssl-target-name-override respectively +# In any case mappedHost's config will be used, so mapped host cannot be empty, if entityMatchers are used +entityMatchers: + peer: + - pattern: peer1.org2.example.com + urlSubstitutionExp: peer1.org2.example.com:9051 + eventUrlSubstitutionExp: + sslTargetOverrideUrlSubstitutionExp: + mappedHost: local.peer1.org2.example.com + + - pattern: (\w+).org1.example.(\w+) + urlSubstitutionExp: peer0.org1.example.com:7051 + eventUrlSubstitutionExp: peer0.org1.example.com:7053 + sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com + mappedHost: local.peer0.org1.example.com + + - pattern: (\w+).org2.example.(\w+) + urlSubstitutionExp: peer0.org2.example.com:8051 + eventUrlSubstitutionExp: peer0.org2.example.com:8053 + sslTargetOverrideUrlSubstitutionExp: peer0.org2.example.com + mappedHost: local.peer0.org2.example.com + + - pattern: (\w+).example5.(\w+) + urlSubstitutionExp: localhost:7051 + eventUrlSubstitutionExp: localhost:7053 + sslTargetOverrideUrlSubstitutionExp: localhost + mappedHost: local.peer0.org1.example.com + + - pattern: (\w+).example2.(\w+):(\d+) + urlSubstitutionExp: localhost:7051 + eventUrlSubstitutionExp: localhost:7053 + sslTargetOverrideUrlSubstitutionExp: localhost + mappedHost: local.peer0.org2.example.com + + - pattern: (\w+).example3.(\w+) + urlSubstitutionExp: + eventUrlSubstitutionExp: + sslTargetOverrideUrlSubstitutionExp: + mappedHost: local.peer0.org1.example.com + + - pattern: (\w+).example4.(\w+):(\d+) + urlSubstitutionExp: $1.org1.example.$2:$3 + eventUrlSubstitutionExp: $1.org1.example.$2:7053 + sslTargetOverrideUrlSubstitutionExp: $1.org1.example.$2 + mappedHost: local.peer0.org1.example.com + + - pattern: (\w+).example2.com:(\d+) + urlSubstitutionExp: peer0.org2.example.com:7051 + eventUrlSubstitutionExp: + sslTargetOverrideUrlSubstitutionExp: + mappedHost: local.peer0.org2.example.com + + + + - pattern: (\w+).org1.example.(\w+):(\d+) + urlSubstitutionExp: peer0.org1.example.com:7051 + eventUrlSubstitutionExp: peer0.org1.example.com:7053 + sslTargetOverrideUrlSubstitutionExp: peer0.org1.example.com + mappedHost: local.peer0.org1.example.com + + orderer: + - pattern: (\w+).example2.(\w+) + urlSubstitutionExp: localhost:7050 + sslTargetOverrideUrlSubstitutionExp: localhost + mappedHost: local.orderer.example.com + + - pattern: (\w+).example.(\w+) + urlSubstitutionExp: orderer.example.com:7050 + sslTargetOverrideUrlSubstitutionExp: orderer.example.com + mappedHost: local.orderer.example.com + + - pattern: (\w+).example3.(\w+) + urlSubstitutionExp: + sslTargetOverrideUrlSubstitutionExp: + mappedHost: local.orderer.example.com + + - pattern: (\w+).example4.(\w+):(\d+) + urlSubstitutionExp: $1.example.$2:$3 + sslTargetOverrideUrlSubstitutionExp: $1.example.$2 + mappedHost: local.orderer.example.com + + certificateAuthority: + - pattern: (\w+).org1.example.(\w+) + urlSubstitutionExp: + mappedHost: local.ca.org1.example.com + + - pattern: (\w+).org2.example.(\w+) + urlSubstitutionExp: + mappedHost: local.ca.org2.example.com diff --git a/test/integration/revoked/revoked_peer_test.go b/test/integration/revoked/revoked_peer_test.go index 8d44107e4e..fb515b3219 100644 --- a/test/integration/revoked/revoked_peer_test.go +++ b/test/integration/revoked/revoked_peer_test.go @@ -53,7 +53,9 @@ var orgTestPeer1 fab.Peer // TestRevokedPeer func TestRevokedPeer(t *testing.T) { // Create SDK setup for the integration tests with revoked peer - sdk, err := fabsdk.New(getConfigBackend(t)) + //TODO commented out below custom config backend function until endpointconfig.ChannelPeers issue with custom backend is solved + //sdk, err := fabsdk.New(getConfigBackend(t)) + sdk, err := fabsdk.New(config.FromFile("../../fixtures/config/config_revoke_test.yaml")) if err != nil { t.Fatalf("Failed to create new SDK: %s", err) }