[FAB-5868] Specify collection interface

This generic collection interface is implemented by different kinds of
collection types.

The collection's access policy interface is consumed by gossip
to govern access to private read-write sets.

The collection store acts as a collection factory and serves collection
objects based on collection criteria.

The nop-collection is an implementation of both interfaces, i.e. a
collection type, that allows all organizations to pull a private
read-write set and a collection store that just returns an instance of
this collection type.

Change-Id: I9a589c1609a719a593918896623586583568a262
Signed-off-by: Matthias Neugschwandtner <eug@zurich.ibm.com>

Author: Matthias Neugschwandtner

core/common/privdata/collection.go

@@ -0,0 +1,66 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package privdata
+
+import (
+	"github.com/hyperledger/fabric/protos/common"
+)
+
+// Collection defines a common interface for collections
+type Collection interface {
+	// SetTxContext configures the tx-specific ephemeral collection info, such
+	// as txid, nonce, creator -- for future use
+	// SetTxContext(parameters ...interface{})
+
+	// GetCollectionID returns this collection's ID
+	GetCollectionID() string
+
+	// GetEndorsementPolicy returns the endorsement policy for validation -- for
+	// future use
+	// GetEndorsementPolicy() string
+
+	// GetMemberOrgs returns the collection's members as MSP IDs. This serves as
+	// a human-readable way of quickly identifying who is part of a collection.
+	GetMemberOrgs() []string
+}
+
+// CollectionAccess encapsulates functions for the access policy of a collection
+type CollectionAccessPolicy interface {
+	// GetAccessFilter returns a member filter function for a collection
+	GetAccessFilter() Filter
+
+	// RequiredExternalPeerCount returns the minimum number of external peers
+	// required to hold private data
+	RequiredExternalPeerCount() int
+
+	// RequiredExternalPeerCount returns the minimum number of internal peers
+	// required to hold private data
+	RequiredInternalPeerCount() int
+}
+
+// Filter defines a rule that filters peers according to data signed by them.
+// The Identity in the SignedData is a SerializedIdentity of a peer.
+// The Data is a message the peer signed, and the Signature is the corresponding
+// Signature on that Data.
+// Returns: True, if the policy holds for the given signed data.
+//          False otherwise
+type Filter func(common.SignedData) bool
+
+// CollectionStore retrieves stored collections based on the collection's
+// properties. It works as a collection object factory and takes care of
+// returning a collection object of an appropriate collection type.
+type CollectionStore interface {
+	// GetCollection retrieves the collection in the following way:
+	// If the TxID exists in the ledger, the collection that is returned has the
+	// latest configuration that was committed into the ledger before this txID
+	// was committed.
+	// Else - it's the latest configuration for the collection.
+	GetCollection(common.CollectionCriteria) Collection
+
+	// GetCollectionAccessPolicy retrieves a collection's access policy
+	GetCollectionAccessPolicy(common.CollectionCriteria) CollectionAccessPolicy
+}

core/common/privdata/nopcollection.go

@@ -0,0 +1,53 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package privdata
+
+import (
+	"github.com/hyperledger/fabric/protos/common"
+)
+
+// NopCollection implements an allow-all collection which all orgs are a member of
+type NopCollection struct {
+}
+
+func (nc *NopCollection) GetCollectionID() string {
+	return ""
+}
+
+func (nc *NopCollection) GetEndorsementPolicy() string {
+	return ""
+}
+
+func (nc *NopCollection) GetMemberOrgs() []string {
+	return nil
+}
+
+func (nc *NopCollection) RequiredExternalPeerCount() int {
+	return 0
+}
+
+func (nc *NopCollection) RequiredInternalPeerCount() int {
+	return 0
+}
+
+func (nc *NopCollection) GetAccessFilter() Filter {
+	// return true for all
+	return func(common.SignedData) bool {
+		return true
+	}
+}
+
+type NopCollectionStore struct {
+}
+
+func (*NopCollectionStore) GetCollection(common.CollectionCriteria) Collection {
+	return &NopCollection{}
+}
+
+func (*NopCollectionStore) GetCollectionAccessPolicy(common.CollectionCriteria) CollectionAccessPolicy {
+	return &NopCollection{}
+}

core/common/privdata/policies.go

@@ -303,8 +303,7 @@ func createChain(cid string, ledger ledger.PeerLedger, cb *common.Block) error {
 		Validator: validator,
 		Committer: c,
 		Store:     store,
-		Pp:        &noopPolicyParser{},
-		Ps:        &noopPolicyStore{},
+		Cs:        &privdata.NopCollectionStore{},
 	})
 
 	chains.Lock()
@@ -625,32 +624,3 @@ func CreatePeerServer(listenAddress string,
 func GetPeerServer() comm.GRPCServer {
 	return peerServer
 }
-
-// TODO: This is a temporary implementation until the PolicyParser would be implemented
-type noopPolicyParser struct {
-}
-
-func (*noopPolicyParser) Parse(privdata.SerializedPolicy) privdata.Filter {
-	return func(common.SignedData) bool {
-		return true
-	}
-}
-
-// TODO: This is a temporary implementation until the PolicyStore would be implemented
-type noopPolicyStore struct {
-}
-
-func (*noopPolicyStore) CollectionPolicy(common.CollectionCriteria) privdata.SerializedPolicy {
-	return &serializedPolicy{}
-}
-
-type serializedPolicy struct {
-}
-
-func (*serializedPolicy) Channel() string {
-	panic("implement me")
-}
-
-func (*serializedPolicy) Raw() []byte {
-	panic("implement me")
-}

core/peer/peer.go

@@ -71,8 +71,7 @@ type Fetcher interface {
 }
 
 type Support struct {
-	privdata.PolicyParser
-	privdata.PolicyStore
+	privdata.CollectionStore
 	txvalidator.Validator
 	committer.Committer
 	TransientStore
@@ -503,12 +502,12 @@ func (c *coordinator) isEligible(chdr *common.ChannelHeader, namespace string, c
 		Collection: col,
 		TxId:       chdr.TxId,
 	}
-	sp := c.PolicyStore.CollectionPolicy(cp)
+	sp := c.CollectionStore.GetCollectionAccessPolicy(cp)
 	if sp == nil {
 		logger.Warning("Failed obtaining policy for", cp, "skipping collection")
 		return false
 	}
-	filt := c.PolicyParser.Parse(sp)
+	filt := sp.GetAccessFilter()
 	if filt == nil {
 		logger.Warning("Failed parsing policy for", cp, "skipping collection")
 		return false
@@ -586,12 +585,12 @@ func (c *coordinator) GetPvtDataAndBlockByNum(seqNum uint64, peerAuthInfo common
 					Namespace:  ns.Namespace,
 					Collection: col.CollectionName,
 				}
-				sp := c.PolicyStore.CollectionPolicy(cc)
+				sp := c.CollectionStore.GetCollectionAccessPolicy(cc)
 				if sp == nil {
 					logger.Warning("Failed obtaining policy for", cc)
 					continue
 				}
-				isAuthorized := c.PolicyParser.Parse(sp)
+				isAuthorized := sp.GetAccessFilter()
 				if isAuthorized == nil {
 					logger.Warning("Failed obtaining filter for", cc)
 					continue