diff --git a/common/configtx/inspector/orderer_types.go b/common/configtx/inspector/orderer_types.go index 6a779aeadc8..ba05d12db34 100644 --- a/common/configtx/inspector/orderer_types.go +++ b/common/configtx/inspector/orderer_types.go @@ -56,24 +56,24 @@ func (ot ordererTypes) Value(configItem *cb.ConfigurationItem) Viewable { return viewableError(name, err) } return viewableCreationPolicy(configItem.Key, value) - case "IngressPolicy": - value := &ab.IngressPolicy{} + case "IngressPolicyNames": + value := &ab.IngressPolicyNames{} if err := proto.Unmarshal(configItem.Value, value); err != nil { return viewableError(name, err) } - return viewableIngressPolicy(configItem.Key, value) - case "EgressPolicy": - value := &ab.EgressPolicy{} + return viewableIngressPolicyNames(configItem.Key, value) + case "EgressPolicyNames": + value := &ab.EgressPolicyNames{} if err := proto.Unmarshal(configItem.Value, value); err != nil { return viewableError(name, err) } - return viewableEgressPolicy(configItem.Key, value) - case "ChainCreators": - value := &ab.ChainCreators{} + return viewableEgressPolicyNames(configItem.Key, value) + case "ChainCreationPolicyNames": + value := &ab.ChainCreationPolicyNames{} if err := proto.Unmarshal(configItem.Value, value); err != nil { return viewableError(name, err) } - return viewableChainCreators(configItem.Key, value) + return viewableChainCreationPolicyNames(configItem.Key, value) case "KafkaBrokers": value := &ab.KafkaBrokers{} if err := proto.Unmarshal(configItem.Value, value); err != nil { @@ -99,24 +99,24 @@ func viewableBatchTimeout(name string, batchTimeout *ab.BatchTimeout) Viewable { } } -func viewableIngressPolicy(name string, ingressPolicy *ab.IngressPolicy) Viewable { +func viewableIngressPolicyNames(name string, ingressPolicy *ab.IngressPolicyNames) Viewable { return &field{ name: name, - values: []Viewable{viewableString("Name", ingressPolicy.Name)}, + values: []Viewable{viewableStringSlice("Name", ingressPolicy.Names)}, } } -func viewableEgressPolicy(name string, egressPolicy *ab.EgressPolicy) Viewable { +func viewableEgressPolicyNames(name string, egressPolicy *ab.EgressPolicyNames) Viewable { return &field{ name: name, - values: []Viewable{viewableString("Name", egressPolicy.Name)}, + values: []Viewable{viewableStringSlice("Names", egressPolicy.Names)}, } } -func viewableChainCreators(name string, creators *ab.ChainCreators) Viewable { +func viewableChainCreationPolicyNames(name string, chainCreationPolicyNames *ab.ChainCreationPolicyNames) Viewable { return &field{ name: name, - values: []Viewable{viewableStringSlice("Policies", creators.Policies)}, + values: []Viewable{viewableStringSlice("Names", chainCreationPolicyNames.Names)}, } } diff --git a/common/configtx/manager.go b/common/configtx/manager.go index a3a40f780c5..aac913c3c6f 100644 --- a/common/configtx/manager.go +++ b/common/configtx/manager.go @@ -57,8 +57,8 @@ type Manager interface { Sequence() uint64 } -// DefaultModificationPolicyID is the ID of the policy used when no other policy can be resolved, for instance when attempting to create a new config item -const DefaultModificationPolicyID = "DefaultModificationPolicy" +// NewConfigurationItemPolicyKey is the ID of the policy used when no other policy can be resolved, for instance when attempting to create a new config item +const NewConfigurationItemPolicyKey = "NewConfigurationItemPolicy" type acceptAllPolicy struct{} @@ -187,7 +187,7 @@ func (cm *configurationManager) processConfig(configtx *cb.ConfigurationEnvelope return nil, fmt.Errorf("Config is for the wrong chain, expected %s, got %s", cm.chainID, chainID) } - defaultModificationPolicy, defaultPolicySet := cm.pm.GetPolicy(DefaultModificationPolicyID) + defaultModificationPolicy, defaultPolicySet := cm.pm.GetPolicy(NewConfigurationItemPolicyKey) // If the default modification policy is not set, it indicates this is an uninitialized chain, so be permissive of modification if !defaultPolicySet { diff --git a/common/configtx/test/orderer.template b/common/configtx/test/orderer.template index b2878851175..0ffd8312225 100644 Binary files a/common/configtx/test/orderer.template and b/common/configtx/test/orderer.template differ diff --git a/orderer/common/bootstrap/provisional/item.go b/orderer/common/bootstrap/provisional/item.go index 9811e257bad..30fca533901 100644 --- a/orderer/common/bootstrap/provisional/item.go +++ b/orderer/common/bootstrap/provisional/item.go @@ -25,83 +25,83 @@ import ( "github.com/hyperledger/fabric/protos/utils" ) -func (cbs *commonBootstrapper) encodeConsensusType() *cb.ConfigurationItem { +func (cbs *commonBootstrapper) templateConsensusType() *cb.ConfigurationItem { configItemKey := sharedconfig.ConsensusTypeKey configItemValue := utils.MarshalOrPanic(&ab.ConsensusType{Type: cbs.consensusType}) - modPolicy := configtx.DefaultModificationPolicyID + modPolicy := configtx.NewConfigurationItemPolicyKey configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, cbs.chainID, epoch) return utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Orderer, lastModified, modPolicy, configItemKey, configItemValue) } -func (cbs *commonBootstrapper) encodeBatchSize() *cb.ConfigurationItem { +func (cbs *commonBootstrapper) templateBatchSize() *cb.ConfigurationItem { configItemKey := sharedconfig.BatchSizeKey configItemValue := utils.MarshalOrPanic(cbs.batchSize) - modPolicy := configtx.DefaultModificationPolicyID + modPolicy := configtx.NewConfigurationItemPolicyKey configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, cbs.chainID, epoch) return utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Orderer, lastModified, modPolicy, configItemKey, configItemValue) } -func (cbs *commonBootstrapper) encodeBatchTimeout() *cb.ConfigurationItem { +func (cbs *commonBootstrapper) templateBatchTimeout() *cb.ConfigurationItem { configItemKey := sharedconfig.BatchTimeoutKey configItemValue := utils.MarshalOrPanic(&ab.BatchTimeout{Timeout: cbs.batchTimeout}) - modPolicy := configtx.DefaultModificationPolicyID + modPolicy := configtx.NewConfigurationItemPolicyKey configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, cbs.chainID, epoch) return utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Orderer, lastModified, modPolicy, configItemKey, configItemValue) } -func (cbs *commonBootstrapper) encodeChainCreators() *cb.ConfigurationItem { - configItemKey := sharedconfig.ChainCreatorsKey - configItemValue := utils.MarshalOrPanic(&ab.ChainCreators{Policies: DefaultChainCreators}) - modPolicy := configtx.DefaultModificationPolicyID +func (cbs *commonBootstrapper) templateChainCreationPolicyNames() *cb.ConfigurationItem { + configItemKey := sharedconfig.ChainCreationPolicyNamesKey + configItemValue := utils.MarshalOrPanic(&ab.ChainCreationPolicyNames{Names: DefaultChainCreationPolicyNames}) + modPolicy := configtx.NewConfigurationItemPolicyKey configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, cbs.chainID, epoch) return utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Orderer, lastModified, modPolicy, configItemKey, configItemValue) } -func (cbs *commonBootstrapper) encodeAcceptAllPolicy() *cb.ConfigurationItem { +func (cbs *commonBootstrapper) templateAcceptAllPolicy() *cb.ConfigurationItem { configItemKey := AcceptAllPolicyKey configItemValue := utils.MarshalOrPanic(utils.MakePolicyOrPanic(cauthdsl.AcceptAllPolicy)) - modPolicy := configtx.DefaultModificationPolicyID + modPolicy := configtx.NewConfigurationItemPolicyKey configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, cbs.chainID, epoch) return utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Policy, lastModified, modPolicy, configItemKey, configItemValue) } -func (cbs *commonBootstrapper) encodeIngressPolicy() *cb.ConfigurationItem { - configItemKey := sharedconfig.IngressPolicyKey - configItemValue := utils.MarshalOrPanic(&ab.IngressPolicy{Name: AcceptAllPolicyKey}) - modPolicy := configtx.DefaultModificationPolicyID +func (cbs *commonBootstrapper) templateIngressPolicyNames() *cb.ConfigurationItem { + configItemKey := sharedconfig.IngressPolicyNamesKey + configItemValue := utils.MarshalOrPanic(&ab.IngressPolicyNames{Names: []string{AcceptAllPolicyKey}}) + modPolicy := configtx.NewConfigurationItemPolicyKey configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, cbs.chainID, epoch) return utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Orderer, lastModified, modPolicy, configItemKey, configItemValue) } -func (cbs *commonBootstrapper) encodeEgressPolicy() *cb.ConfigurationItem { - configItemKey := sharedconfig.EgressPolicyKey - configItemValue := utils.MarshalOrPanic(&ab.EgressPolicy{Name: AcceptAllPolicyKey}) - modPolicy := configtx.DefaultModificationPolicyID +func (cbs *commonBootstrapper) templateEgressPolicyNames() *cb.ConfigurationItem { + configItemKey := sharedconfig.EgressPolicyNamesKey + configItemValue := utils.MarshalOrPanic(&ab.EgressPolicyNames{Names: []string{AcceptAllPolicyKey}}) + modPolicy := configtx.NewConfigurationItemPolicyKey configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, cbs.chainID, epoch) return utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Orderer, lastModified, modPolicy, configItemKey, configItemValue) } -func (cbs *commonBootstrapper) lockDefaultModificationPolicy() *cb.ConfigurationItem { - // Lock down the default modification policy to prevent any further policy modifications - configItemKey := configtx.DefaultModificationPolicyID +func (cbs *commonBootstrapper) templateRejectAllPolicy() *cb.ConfigurationItem { + // Lock down the new configuration item policy to prevent any new configuration items from being created + configItemKey := configtx.NewConfigurationItemPolicyKey configItemValue := utils.MarshalOrPanic(utils.MakePolicyOrPanic(cauthdsl.RejectAllPolicy)) - modPolicy := configtx.DefaultModificationPolicyID + modPolicy := configtx.NewConfigurationItemPolicyKey configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, cbs.chainID, epoch) return utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Policy, lastModified, modPolicy, configItemKey, configItemValue) } -func (kbs *kafkaBootstrapper) encodeKafkaBrokers() *cb.ConfigurationItem { +func (kbs *kafkaBootstrapper) templateKafkaBrokers() *cb.ConfigurationItem { configItemKey := sharedconfig.KafkaBrokersKey configItemValue := utils.MarshalOrPanic(&ab.KafkaBrokers{Brokers: kbs.kafkaBrokers}) - modPolicy := configtx.DefaultModificationPolicyID + modPolicy := configtx.NewConfigurationItemPolicyKey configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, kbs.chainID, epoch) return utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Orderer, lastModified, modPolicy, configItemKey, configItemValue) diff --git a/orderer/common/bootstrap/provisional/provisional.go b/orderer/common/bootstrap/provisional/provisional.go index 2a9dc03ca80..0e341337c66 100644 --- a/orderer/common/bootstrap/provisional/provisional.go +++ b/orderer/common/bootstrap/provisional/provisional.go @@ -59,8 +59,8 @@ const ( epoch = 0 ) -// DefaultChainCreators is the default value of ChainCreatorsKey. -var DefaultChainCreators = []string{AcceptAllPolicyKey} +// DefaultChainCreationPolicyNames is the default value of ChainCreatorsKey. +var DefaultChainCreationPolicyNames = []string{AcceptAllPolicyKey} type commonBootstrapper struct { chainID string diff --git a/orderer/common/bootstrap/provisional/templates.go b/orderer/common/bootstrap/provisional/templates.go index bce5371080b..df4f3e0b90c 100644 --- a/orderer/common/bootstrap/provisional/templates.go +++ b/orderer/common/bootstrap/provisional/templates.go @@ -21,21 +21,21 @@ import ( ) func (cbs *commonBootstrapper) makeOrdererSystemChainConfig() []*cb.ConfigurationItem { - return []*cb.ConfigurationItem{cbs.encodeChainCreators()} + return []*cb.ConfigurationItem{cbs.templateChainCreationPolicyNames()} } func (cbs *commonBootstrapper) TemplateItems() []*cb.ConfigurationItem { return []*cb.ConfigurationItem{ - cbs.encodeConsensusType(), - cbs.encodeBatchSize(), - cbs.encodeBatchTimeout(), - cbs.encodeAcceptAllPolicy(), - cbs.encodeIngressPolicy(), - cbs.encodeEgressPolicy(), - cbs.lockDefaultModificationPolicy(), + cbs.templateConsensusType(), + cbs.templateBatchSize(), + cbs.templateBatchTimeout(), + cbs.templateAcceptAllPolicy(), + cbs.templateIngressPolicyNames(), + cbs.templateEgressPolicyNames(), + cbs.templateRejectAllPolicy(), } } func (kbs *kafkaBootstrapper) TemplateItems() []*cb.ConfigurationItem { - return append(kbs.commonBootstrapper.TemplateItems(), kbs.encodeKafkaBrokers()) + return append(kbs.commonBootstrapper.TemplateItems(), kbs.templateKafkaBrokers()) } diff --git a/orderer/common/deliver/deliver.go b/orderer/common/deliver/deliver.go index 73a51b3992a..9f7dbab461a 100644 --- a/orderer/common/deliver/deliver.go +++ b/orderer/common/deliver/deliver.go @@ -92,7 +92,7 @@ func (ds *deliverServer) Handle(srv ab.AtomicBroadcast_DeliverServer) error { return sendStatusReply(srv, cb.Status_NOT_FOUND) } - sf := sigfilter.New(chain.SharedConfig().EgressPolicy, chain.PolicyManager()) + sf := sigfilter.New(chain.SharedConfig().EgressPolicyNames, chain.PolicyManager()) result, _ := sf.Apply(envelope) if result != filter.Forward { return sendStatusReply(srv, cb.Status_FORBIDDEN) diff --git a/orderer/common/deliver/deliver_test.go b/orderer/common/deliver/deliver_test.go index a5d538d37d0..673f89d6d95 100644 --- a/orderer/common/deliver/deliver_test.go +++ b/orderer/common/deliver/deliver_test.go @@ -114,7 +114,7 @@ func newMockMultichainManager() *mockSupportManager { } mm.chains[systemChainID] = &mockSupport{ ledger: rl, - sharedConfig: &mocksharedconfig.Manager{}, + sharedConfig: &mocksharedconfig.Manager{EgressPolicyNamesVal: []string{"somePolicy"}}, policyManager: &mockpolicies.Manager{Policy: &mockpolicies.Policy{}}, } return mm diff --git a/orderer/common/sharedconfig/sharedconfig.go b/orderer/common/sharedconfig/sharedconfig.go index c6045fa1242..edcbf759da4 100644 --- a/orderer/common/sharedconfig/sharedconfig.go +++ b/orderer/common/sharedconfig/sharedconfig.go @@ -40,17 +40,17 @@ const ( // BatchTimeoutKey is the cb.ConfigurationItem type key name for the BatchTimeout message BatchTimeoutKey = "BatchTimeout" - // ChainCreatorsKey is the cb.ConfigurationItem type key name for the ChainCreators message - ChainCreatorsKey = "ChainCreators" + // ChainCreationPolicyNamesKey is the cb.ConfigurationItem type key name for the ChainCreationPolicyNames message + ChainCreationPolicyNamesKey = "ChainCreationPolicyNames" // KafkaBrokersKey is the cb.ConfigurationItem type key name for the KafkaBrokers message KafkaBrokersKey = "KafkaBrokers" - // IngressPolicyKey is the cb.ConfigurationItem type key name for the IngressPolicy message - IngressPolicyKey = "IngressPolicy" + // IngressPolicyNamesKey is the cb.ConfigurationItem type key name for the IngressPolicyNames message + IngressPolicyNamesKey = "IngressPolicyNames" - // EgressPolicyKey is the cb.ConfigurationItem type key name for the EgressPolicy message - EgressPolicyKey = "EgressPolicy" + // EgressPolicyNamesKey is the cb.ConfigurationItem type key name for the EgressPolicyNames message + EgressPolicyNamesKey = "EgressPolicyNames" ) var logger = logging.MustGetLogger("orderer/common/sharedconfig") @@ -69,30 +69,30 @@ type Manager interface { // BatchTimeout returns the amount of time to wait before creating a batch BatchTimeout() time.Duration - // ChainCreators returns the policy names which are allowed for chain creation + // ChainCreationPolicyNames returns the policy names which are allowed for chain creation // This field is only set for the system ordering chain - ChainCreators() []string + ChainCreationPolicyNames() []string // KafkaBrokers returns the addresses (IP:port notation) of a set of "bootstrap" // Kafka brokers, i.e. this is not necessarily the entire set of Kafka brokers // used for ordering KafkaBrokers() []string - // IngressPolicy returns the name of the policy to validate incoming broadcast messages against - IngressPolicy() string + // IngressPolicyNames returns the name of the policy to validate incoming broadcast messages against + IngressPolicyNames() []string - // EgressPolicy returns the name of the policy to validate incoming broadcast messages against - EgressPolicy() string + // EgressPolicyNames returns the name of the policy to validate incoming broadcast messages against + EgressPolicyNames() []string } type ordererConfig struct { - consensusType string - batchSize *ab.BatchSize - batchTimeout time.Duration - chainCreators []string - kafkaBrokers []string - ingressPolicy string - egressPolicy string + consensusType string + batchSize *ab.BatchSize + batchTimeout time.Duration + chainCreationPolicies []string + kafkaBrokers []string + ingressPolicyNames []string + egressPolicyNames []string } // ManagerImpl is an implementation of Manager and configtx.ConfigHandler @@ -124,10 +124,10 @@ func (pm *ManagerImpl) BatchTimeout() time.Duration { return pm.config.batchTimeout } -// ChainCreators returns the policy names which are allowed for chain creation +// ChainCreationPolicyNames returns the policy names which are allowed for chain creation // This field is only set for the system ordering chain -func (pm *ManagerImpl) ChainCreators() []string { - return pm.config.chainCreators +func (pm *ManagerImpl) ChainCreationPolicyNames() []string { + return pm.config.chainCreationPolicies } // KafkaBrokers returns the addresses (IP:port notation) of a set of "bootstrap" @@ -137,14 +137,14 @@ func (pm *ManagerImpl) KafkaBrokers() []string { return pm.config.kafkaBrokers } -// IngressPolicy returns the name of the policy to validate incoming broadcast messages against -func (pm *ManagerImpl) IngressPolicy() string { - return pm.config.ingressPolicy +// IngressPolicyNames returns the name of the policy to validate incoming broadcast messages against +func (pm *ManagerImpl) IngressPolicyNames() []string { + return pm.config.ingressPolicyNames } -// EgressPolicy returns the name of the policy to validate incoming deliver seeks against -func (pm *ManagerImpl) EgressPolicy() string { - return pm.config.egressPolicy +// EgressPolicyNames returns the name of the policy to validate incoming deliver seeks against +func (pm *ManagerImpl) EgressPolicyNames() []string { + return pm.config.egressPolicyNames } // BeginConfig is used to start a new configuration proposal @@ -221,24 +221,24 @@ func (pm *ManagerImpl) ProposeConfig(configItem *cb.ConfigurationItem) error { return fmt.Errorf("Attempted to set the batch timeout to a non-positive value: %s", timeoutValue.String()) } pm.pendingConfig.batchTimeout = timeoutValue - case ChainCreatorsKey: - chainCreators := &ab.ChainCreators{} - if err := proto.Unmarshal(configItem.Value, chainCreators); err != nil { + case ChainCreationPolicyNamesKey: + chainCreationPolicies := &ab.ChainCreationPolicyNames{} + if err := proto.Unmarshal(configItem.Value, chainCreationPolicies); err != nil { return fmt.Errorf("Unmarshaling error for ChainCreator: %s", err) } - pm.pendingConfig.chainCreators = chainCreators.Policies - case IngressPolicyKey: - ingressPolicy := &ab.IngressPolicy{} - if err := proto.Unmarshal(configItem.Value, ingressPolicy); err != nil { - return fmt.Errorf("Unmarshaling error for IngressPolicy: %s", err) + pm.pendingConfig.chainCreationPolicies = chainCreationPolicies.Names + case IngressPolicyNamesKey: + ingressPolicyNames := &ab.IngressPolicyNames{} + if err := proto.Unmarshal(configItem.Value, ingressPolicyNames); err != nil { + return fmt.Errorf("Unmarshaling error for IngressPolicyNames: %s", err) } - pm.pendingConfig.ingressPolicy = ingressPolicy.Name - case EgressPolicyKey: - egressPolicy := &ab.EgressPolicy{} - if err := proto.Unmarshal(configItem.Value, egressPolicy); err != nil { - return fmt.Errorf("Unmarshaling error for EgressPolicy: %s", err) + pm.pendingConfig.ingressPolicyNames = ingressPolicyNames.Names + case EgressPolicyNamesKey: + egressPolicyNames := &ab.EgressPolicyNames{} + if err := proto.Unmarshal(configItem.Value, egressPolicyNames); err != nil { + return fmt.Errorf("Unmarshaling error for EgressPolicyNames: %s", err) } - pm.pendingConfig.egressPolicy = egressPolicy.Name + pm.pendingConfig.egressPolicyNames = egressPolicyNames.Names case KafkaBrokersKey: kafkaBrokers := &ab.KafkaBrokers{} if err := proto.Unmarshal(configItem.Value, kafkaBrokers); err != nil { diff --git a/orderer/common/sharedconfig/sharedconfig_test.go b/orderer/common/sharedconfig/sharedconfig_test.go index a520b9d43bb..ca698a0296f 100644 --- a/orderer/common/sharedconfig/sharedconfig_test.go +++ b/orderer/common/sharedconfig/sharedconfig_test.go @@ -19,6 +19,7 @@ package sharedconfig import ( "os" "os/exec" + "reflect" "testing" "time" @@ -329,18 +330,18 @@ func TestKafkaBrokers(t *testing.T) { } } -func TestIngressPolicy(t *testing.T) { - endPolicy := "foo" +func TestIngressPolicyNames(t *testing.T) { + endPolicy := []string{"foo"} invalidMessage := &cb.ConfigurationItem{ Type: cb.ConfigurationItem_Orderer, - Key: IngressPolicyKey, + Key: IngressPolicyNamesKey, Value: []byte("Garbage Data"), } validMessage := &cb.ConfigurationItem{ Type: cb.ConfigurationItem_Orderer, - Key: IngressPolicyKey, - Value: utils.MarshalOrPanic(&ab.IngressPolicy{Name: endPolicy}), + Key: IngressPolicyNamesKey, + Value: utils.MarshalOrPanic(&ab.IngressPolicyNames{Names: endPolicy}), } m := NewManagerImpl() m.BeginConfig() @@ -365,23 +366,23 @@ func TestIngressPolicy(t *testing.T) { m.CommitConfig() - if nowPolicy := m.IngressPolicy(); nowPolicy != endPolicy { - t.Fatalf("IngressPolicy should have ended as %s but was %s", endPolicy, nowPolicy) + if nowPolicy := m.IngressPolicyNames(); !reflect.DeepEqual(nowPolicy, endPolicy) { + t.Fatalf("IngressPolicyNames should have ended as %s but was %s", endPolicy, nowPolicy) } } -func TestEgressPolicy(t *testing.T) { - endPolicy := "foo" +func TestEgressPolicyNames(t *testing.T) { + endPolicy := []string{"foo"} invalidMessage := &cb.ConfigurationItem{ Type: cb.ConfigurationItem_Orderer, - Key: EgressPolicyKey, + Key: EgressPolicyNamesKey, Value: []byte("Garbage Data"), } validMessage := &cb.ConfigurationItem{ Type: cb.ConfigurationItem_Orderer, - Key: EgressPolicyKey, - Value: utils.MarshalOrPanic(&ab.EgressPolicy{Name: endPolicy}), + Key: EgressPolicyNamesKey, + Value: utils.MarshalOrPanic(&ab.EgressPolicyNames{Names: endPolicy}), } m := NewManagerImpl() m.BeginConfig() @@ -406,7 +407,7 @@ func TestEgressPolicy(t *testing.T) { m.CommitConfig() - if nowPolicy := m.EgressPolicy(); nowPolicy != endPolicy { - t.Fatalf("EgressPolicy should have ended as %s but was %s", endPolicy, nowPolicy) + if nowPolicy := m.EgressPolicyNames(); !reflect.DeepEqual(nowPolicy, endPolicy) { + t.Fatalf("EgressPolicyNames should have ended as %s but was %s", endPolicy, nowPolicy) } } diff --git a/orderer/common/sigfilter/sigfilter.go b/orderer/common/sigfilter/sigfilter.go index 8c437e511f4..98bcb240137 100644 --- a/orderer/common/sigfilter/sigfilter.go +++ b/orderer/common/sigfilter/sigfilter.go @@ -27,7 +27,7 @@ import ( var logger = logging.MustGetLogger("orderer/common/sigfilter") type sigFilter struct { - policySource func() string + policySource func() []string policyManager policies.Manager } @@ -36,7 +36,7 @@ type sigFilter struct { // In general, both the policy name and the policy itself are mutable, this is why // not only the policy is retrieved at each invocation, but also the name of which // policy to retrieve -func New(policySource func() string, policyManager policies.Manager) filter.Rule { +func New(policySource func() []string, policyManager policies.Manager) filter.Rule { return &sigFilter{ policySource: policySource, policyManager: policyManager, @@ -54,20 +54,21 @@ func (sf *sigFilter) Apply(message *cb.Envelope) (filter.Action, filter.Committe return filter.Reject, nil } - policy, ok := sf.policyManager.GetPolicy(sf.policySource()) - if !ok { - logger.Debugf("Rejecting because policy was not found") - return filter.Reject, nil - } + for _, policy := range sf.policySource() { + policy, ok := sf.policyManager.GetPolicy(policy) + if !ok { + logger.Debugf("Could not find policy %s", policy) + continue + } - err = policy.Evaluate(signedData) + err = policy.Evaluate(signedData) - if err != nil { - if logger.IsEnabledFor(logging.DEBUG) { - logger.Debugf("Rejecting because policy did not evaluate without error: %s", err) + if err == nil { + logger.Debugf("Accepting validly signed message") + return filter.Forward, nil } - return filter.Reject, nil } - return filter.Forward, nil + logger.Debugf("Rejecting message which was not appropriately signed") + return filter.Reject, nil } diff --git a/orderer/common/sigfilter/sigfilter_test.go b/orderer/common/sigfilter/sigfilter_test.go index aaca48010e9..71d0d9e7794 100644 --- a/orderer/common/sigfilter/sigfilter_test.go +++ b/orderer/common/sigfilter/sigfilter_test.go @@ -42,8 +42,8 @@ func makeEnvelope() *cb.Envelope { } } -func fooSource() string { - return "foo" +func fooSource() []string { + return []string{"foo"} } func TestAccept(t *testing.T) { diff --git a/orderer/mocks/sharedconfig/sharedconfig.go b/orderer/mocks/sharedconfig/sharedconfig.go index ca6e246f782..7fbba936b79 100644 --- a/orderer/mocks/sharedconfig/sharedconfig.go +++ b/orderer/mocks/sharedconfig/sharedconfig.go @@ -27,14 +27,14 @@ type Manager struct { BatchSizeVal *ab.BatchSize // BatchTimeoutVal is returned as the result of BatchTimeout() BatchTimeoutVal time.Duration - // ChainCreatorsVal is returned as the result of ChainCreators() - ChainCreatorsVal []string + // ChainCreationPolicyNamesVal is returned as the result of ChainCreationPolicyNames() + ChainCreationPolicyNamesVal []string // KafkaBrokersVal is returned as the result of KafkaBrokers() KafkaBrokersVal []string - // IngressPolicyVal is returned as the result of IngressPolicy() - IngressPolicyVal string - // EgressPolicyVal is returned as the result of EgressPolicy() - EgressPolicyVal string + // IngressPolicyNamesVal is returned as the result of IngressPolicyNames() + IngressPolicyNamesVal []string + // EgressPolicyNamesVal is returned as the result of EgressPolicyNames() + EgressPolicyNamesVal []string } // ConsensusType returns the ConsensusTypeVal @@ -52,9 +52,9 @@ func (scm *Manager) BatchTimeout() time.Duration { return scm.BatchTimeoutVal } -// ChainCreators returns the ChainCreatorsVal -func (scm *Manager) ChainCreators() []string { - return scm.ChainCreatorsVal +// ChainCreationPolicyNames returns the ChainCreationPolicyNamesVal +func (scm *Manager) ChainCreationPolicyNames() []string { + return scm.ChainCreationPolicyNamesVal } // KafkaBrokers returns the KafkaBrokersVal @@ -62,12 +62,12 @@ func (scm *Manager) KafkaBrokers() []string { return scm.KafkaBrokersVal } -// IngressPolicy returns the IngressPolicyVal -func (scm *Manager) IngressPolicy() string { - return scm.IngressPolicyVal +// IngressPolicyNames returns the IngressPolicyNamesVal +func (scm *Manager) IngressPolicyNames() []string { + return scm.IngressPolicyNamesVal } -// EgressPolicy returns the EgressPolicyVal -func (scm *Manager) EgressPolicy() string { - return scm.EgressPolicyVal +// EgressPolicyNames returns the EgressPolicyNamesVal +func (scm *Manager) EgressPolicyNames() []string { + return scm.EgressPolicyNamesVal } diff --git a/orderer/multichain/chainsupport.go b/orderer/multichain/chainsupport.go index f3b0da85dc6..5964aa8a519 100644 --- a/orderer/multichain/chainsupport.go +++ b/orderer/multichain/chainsupport.go @@ -140,7 +140,7 @@ func createStandardFilters(configManager configtx.Manager, policyManager policie return filter.NewRuleSet([]filter.Rule{ filter.EmptyRejectRule, sizefilter.MaxBytesRule(sharedConfig.BatchSize().AbsoluteMaxBytes), - sigfilter.New(sharedConfig.IngressPolicy, policyManager), + sigfilter.New(sharedConfig.IngressPolicyNames, policyManager), configtx.NewFilter(configManager), filter.AcceptRule, }) @@ -152,7 +152,7 @@ func createSystemChainFilters(ml *multiLedger, configManager configtx.Manager, p return filter.NewRuleSet([]filter.Rule{ filter.EmptyRejectRule, sizefilter.MaxBytesRule(sharedConfig.BatchSize().AbsoluteMaxBytes), - sigfilter.New(sharedConfig.IngressPolicy, policyManager), + sigfilter.New(sharedConfig.IngressPolicyNames, policyManager), newSystemChainFilter(ml), configtx.NewFilter(configManager), filter.AcceptRule, diff --git a/orderer/multichain/manager.go b/orderer/multichain/manager.go index cb2138ec678..d1f1f2434ac 100644 --- a/orderer/multichain/manager.go +++ b/orderer/multichain/manager.go @@ -111,7 +111,7 @@ func NewManagerImpl(ledgerFactory ordererledger.Factory, consenters map[string]C configManager, policyManager, backingLedger, sharedConfigManager := ml.newResources(configTx) chainID := configManager.ChainID() - if sharedConfigManager.ChainCreators() != nil { + if sharedConfigManager.ChainCreationPolicyNames() != nil { if ml.sysChain != nil { logger.Fatalf("There appear to be two system chains %s and %s", ml.sysChain.support.ChainID(), chainID) } diff --git a/orderer/multichain/systemchain.go b/orderer/multichain/systemchain.go index da7d468e998..e885d37b5cf 100644 --- a/orderer/multichain/systemchain.go +++ b/orderer/multichain/systemchain.go @@ -172,7 +172,7 @@ func (sc *systemChain) authorize(configEnvelope *cb.ConfigurationEnvelope) cb.St } ok := false - for _, chainCreatorPolicy := range sc.support.SharedConfig().ChainCreators() { + for _, chainCreatorPolicy := range sc.support.SharedConfig().ChainCreationPolicyNames() { if chainCreatorPolicy == creationPolicy.Policy { ok = true break diff --git a/orderer/multichain/systemchain_test.go b/orderer/multichain/systemchain_test.go index 401ad78cee1..512d348f836 100644 --- a/orderer/multichain/systemchain_test.go +++ b/orderer/multichain/systemchain_test.go @@ -106,7 +106,7 @@ func TestGoodProposal(t *testing.T) { newChainID := "NewChainID" mcc := newMockChainCreator() - mcc.ms.msc.ChainCreatorsVal = []string{provisional.AcceptAllPolicyKey} + mcc.ms.msc.ChainCreationPolicyNamesVal = []string{provisional.AcceptAllPolicyKey} mcc.ms.mpm.mp = &mockPolicy{} chainCreateTx := &cb.ConfigurationItem{ @@ -191,7 +191,7 @@ func TestProposalWithMissingPolicy(t *testing.T) { newChainID := "NewChainID" mcc := newMockChainCreator() - mcc.ms.msc.ChainCreatorsVal = []string{provisional.AcceptAllPolicyKey} + mcc.ms.msc.ChainCreationPolicyNamesVal = []string{provisional.AcceptAllPolicyKey} chainCreateTx := &cb.ConfigurationItem{ Key: configtx.CreationPolicyKey, @@ -215,7 +215,7 @@ func TestProposalWithBadDigest(t *testing.T) { mcc := newMockChainCreator() mcc.ms.mpm.mp = &mockPolicy{} - mcc.ms.msc.ChainCreatorsVal = []string{provisional.AcceptAllPolicyKey} + mcc.ms.msc.ChainCreationPolicyNamesVal = []string{provisional.AcceptAllPolicyKey} chainCreateTx := &cb.ConfigurationItem{ Key: configtx.CreationPolicyKey, diff --git a/orderer/sbft/backend/backendab.go b/orderer/sbft/backend/backendab.go index efa9ea7d93d..3b59c6767d1 100644 --- a/orderer/sbft/backend/backendab.go +++ b/orderer/sbft/backend/backendab.go @@ -92,6 +92,9 @@ func NewBackendAB(backend *Backend) *BackendAB { policyManager: &mockpolicies.Manager{Policy: &mockpolicies.Policy{}}, }, } + + manager.support.sharedConfig.(*mocksharedconfig.Manager).EgressPolicyNamesVal = []string{"XXX"} + manager.support.sharedConfig.(*mocksharedconfig.Manager).IngressPolicyNamesVal = []string{"XXX"} // XXX End hackiness bab := &BackendAB{ diff --git a/protos/common/configuration.pb.go b/protos/common/configuration.pb.go index 4bcb269cee7..21ce203aa06 100644 --- a/protos/common/configuration.pb.go +++ b/protos/common/configuration.pb.go @@ -20,6 +20,7 @@ const ( ConfigurationItem_Chain ConfigurationItem_ConfigurationType = 1 ConfigurationItem_Orderer ConfigurationItem_ConfigurationType = 2 ConfigurationItem_Peer ConfigurationItem_ConfigurationType = 3 + ConfigurationItem_MSP ConfigurationItem_ConfigurationType = 4 ) var ConfigurationItem_ConfigurationType_name = map[int32]string{ @@ -27,12 +28,14 @@ var ConfigurationItem_ConfigurationType_name = map[int32]string{ 1: "Chain", 2: "Orderer", 3: "Peer", + 4: "MSP", } var ConfigurationItem_ConfigurationType_value = map[string]int32{ "Policy": 0, "Chain": 1, "Orderer": 2, "Peer": 3, + "MSP": 4, } func (x ConfigurationItem_ConfigurationType) String() string { @@ -404,49 +407,50 @@ func init() { func init() { proto.RegisterFile("common/configuration.proto", fileDescriptor1) } var fileDescriptor1 = []byte{ - // 698 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x74, 0x54, 0xdd, 0x72, 0xd2, 0x40, - 0x14, 0x26, 0xfc, 0x84, 0x72, 0xa0, 0x36, 0x6e, 0x6b, 0x9b, 0x32, 0x9d, 0xca, 0xe4, 0xc2, 0x61, - 0xa6, 0x0a, 0x96, 0xd6, 0x5b, 0x1d, 0xd0, 0x2a, 0x9d, 0xda, 0xc0, 0x2c, 0x6d, 0x9d, 0xf1, 0x46, - 0xd3, 0x64, 0x81, 0x1d, 0xf3, 0x37, 0x9b, 0x45, 0x87, 0x27, 0xf0, 0x1d, 0x7c, 0x14, 0xaf, 0x7c, - 0x34, 0x27, 0xbb, 0x49, 0x0a, 0x14, 0xae, 0xb2, 0xe7, 0x9c, 0xef, 0xfb, 0xce, 0x4f, 0xf6, 0x2c, - 0xd4, 0xed, 0xc0, 0xf3, 0x02, 0xbf, 0x6d, 0x07, 0xfe, 0x98, 0x4e, 0x66, 0xcc, 0xe2, 0x34, 0xf0, - 0x5b, 0x21, 0x0b, 0x78, 0x80, 0x54, 0x19, 0xab, 0xef, 0x66, 0x98, 0xf8, 0x23, 0x83, 0xf5, 0x94, - 0xe8, 0x45, 0xe1, 0xb7, 0x90, 0x51, 0xdf, 0xa6, 0xa1, 0xe5, 0xca, 0x98, 0x61, 0xc2, 0xb3, 0xf7, - 0x8b, 0x7a, 0x17, 0xfe, 0x4f, 0xe2, 0x06, 0x21, 0x41, 0x6f, 0xa0, 0x74, 0xc9, 0x89, 0x17, 0xe9, - 0x4a, 0xa3, 0xd0, 0xac, 0x76, 0x9e, 0xb7, 0x12, 0xc9, 0x11, 0x9d, 0xf8, 0xc4, 0x59, 0xe2, 0xc4, - 0x38, 0x2c, 0xd1, 0x46, 0x7f, 0x45, 0xef, 0x86, 0x78, 0xa1, 0x6b, 0x71, 0x82, 0xda, 0xcb, 0x7a, - 0x87, 0xa9, 0xde, 0x46, 0xa5, 0xdf, 0x0a, 0x1c, 0x6c, 0x48, 0x86, 0x5e, 0xc2, 0xd3, 0x47, 0x4e, - 0x5d, 0x69, 0x28, 0xcd, 0x1a, 0x7e, 0x1c, 0x40, 0x6f, 0x01, 0x62, 0x21, 0x8b, 0xcf, 0x18, 0x89, - 0xf4, 0xbc, 0xc8, 0x7f, 0xbc, 0x36, 0x7f, 0x06, 0xc3, 0x0b, 0x0c, 0xe3, 0x5f, 0x7e, 0x4d, 0x3a, - 0x74, 0x02, 0x6a, 0x9f, 0x58, 0x0e, 0x61, 0x22, 0x71, 0xb5, 0xb3, 0x9b, 0x29, 0x4e, 0x2d, 0xea, - 0xcb, 0x10, 0x4e, 0x20, 0xe8, 0x1d, 0x14, 0x6f, 0xe6, 0x21, 0xd1, 0xf3, 0x0d, 0xa5, 0xf9, 0xa4, - 0x73, 0xb2, 0xb1, 0xf9, 0x65, 0x4f, 0x4c, 0xc1, 0x82, 0x88, 0x0c, 0xa8, 0x7d, 0xb6, 0x22, 0x7e, - 0x1d, 0x38, 0x74, 0x4c, 0x89, 0xa3, 0x17, 0x1a, 0x4a, 0xb3, 0x88, 0x97, 0x7c, 0xa8, 0x05, 0x48, - 0x9e, 0x6d, 0xc1, 0x1e, 0x06, 0x2e, 0xb5, 0xe7, 0x7a, 0xb1, 0xa1, 0x34, 0x2b, 0x78, 0x4d, 0x04, - 0x69, 0x50, 0xb8, 0x22, 0x73, 0xbd, 0x24, 0x00, 0xf1, 0x11, 0xed, 0x41, 0xe9, 0xce, 0x72, 0x67, - 0x44, 0x57, 0xc5, 0x2c, 0xa5, 0x61, 0x74, 0x57, 0xda, 0x17, 0x05, 0x01, 0xa8, 0x52, 0x46, 0xcb, - 0xa1, 0x0a, 0x94, 0x44, 0xd3, 0x9a, 0x82, 0xaa, 0x50, 0x1e, 0x30, 0x87, 0x30, 0xc2, 0xb4, 0x3c, - 0xda, 0x82, 0xe2, 0x90, 0x10, 0xa6, 0x15, 0x8c, 0xef, 0xb0, 0xbf, 0x7e, 0xd0, 0xa8, 0x09, 0x3b, - 0x51, 0x6a, 0x2c, 0xcc, 0xb3, 0x86, 0x57, 0xdd, 0xe8, 0x08, 0x2a, 0x99, 0x4b, 0x0c, 0xb2, 0x86, - 0x1f, 0x1c, 0xc6, 0x24, 0xad, 0x07, 0x21, 0x28, 0xf2, 0x78, 0xd6, 0xb1, 0x4c, 0x09, 0x8b, 0x33, - 0xda, 0x07, 0x35, 0x94, 0xe3, 0x90, 0xc4, 0xc4, 0x32, 0x4e, 0x01, 0x24, 0x4b, 0xf4, 0x54, 0x85, - 0xf2, 0xad, 0x79, 0x65, 0x0e, 0xbe, 0x98, 0x5a, 0x0e, 0x6d, 0x43, 0x65, 0x74, 0xf9, 0xc9, 0xec, - 0xde, 0xdc, 0xe2, 0x0b, 0x4d, 0x41, 0x65, 0x28, 0x5c, 0x8f, 0x86, 0x5a, 0xde, 0xf8, 0x93, 0xdc, - 0x4b, 0x91, 0x56, 0x92, 0xb3, 0xa5, 0xd1, 0xa1, 0x7c, 0x47, 0x58, 0x44, 0x03, 0x3f, 0xc9, 0x9e, - 0x9a, 0xa8, 0x9d, 0x96, 0x27, 0x0a, 0xa8, 0x76, 0x0e, 0x16, 0xf7, 0x69, 0x41, 0x0a, 0xa7, 0x5d, - 0x9c, 0x03, 0x5c, 0x3a, 0xc4, 0xe7, 0x94, 0x53, 0x12, 0xe9, 0x05, 0x71, 0x69, 0xf7, 0x52, 0xd2, - 0xf5, 0x68, 0x38, 0x4c, 0x17, 0x19, 0x2f, 0xe0, 0x8c, 0xbf, 0x0a, 0xec, 0xac, 0x28, 0xa2, 0x23, - 0xd8, 0x92, 0x7b, 0xd4, 0x9b, 0xcb, 0xaa, 0xfa, 0x39, 0x9c, 0x79, 0xd0, 0x39, 0x14, 0x3f, 0xb2, - 0xc0, 0x4b, 0xca, 0x3a, 0xde, 0x50, 0x56, 0xcb, 0x1c, 0xcc, 0xf8, 0x60, 0xdc, 0xcf, 0x61, 0x81, - 0xae, 0x5f, 0x81, 0x2a, 0x3d, 0xa8, 0x06, 0x8a, 0x99, 0x34, 0xab, 0x98, 0xe8, 0x0c, 0xb6, 0x04, - 0x81, 0x66, 0x8b, 0xb6, 0xb1, 0xd1, 0x0c, 0xd8, 0x53, 0xe5, 0x72, 0x18, 0x2f, 0x40, 0xeb, 0x5b, - 0xd1, 0x94, 0xfa, 0x93, 0xae, 0x3b, 0x09, 0x18, 0xe5, 0x53, 0x2f, 0xfe, 0x99, 0xbe, 0xe5, 0xc9, - 0x9f, 0x59, 0xc1, 0xe2, 0x6c, 0x9c, 0xc2, 0x61, 0xcf, 0x0d, 0xec, 0x1f, 0x1f, 0x2c, 0x6e, 0x25, - 0x84, 0x11, 0x67, 0x33, 0x5b, 0xdc, 0xa7, 0x3d, 0x28, 0xfd, 0xa2, 0x0e, 0x9f, 0x0a, 0xc6, 0x36, - 0x96, 0x86, 0xf1, 0x1a, 0xb4, 0xe4, 0x5a, 0x76, 0x1d, 0x87, 0x91, 0x28, 0x22, 0x51, 0x7c, 0x9f, - 0xac, 0xd4, 0x10, 0xaf, 0x52, 0x05, 0x3f, 0x38, 0x7a, 0xaf, 0xbe, 0x9e, 0x4c, 0x28, 0x9f, 0xce, - 0xee, 0xe3, 0xfa, 0xdb, 0xd3, 0x79, 0x48, 0x98, 0x4b, 0x9c, 0x09, 0x61, 0xed, 0xb1, 0x75, 0xcf, - 0xa8, 0xdd, 0x16, 0xef, 0x67, 0x94, 0xbc, 0xb4, 0xf7, 0xaa, 0x30, 0xcf, 0xfe, 0x07, 0x00, 0x00, - 0xff, 0xff, 0x97, 0xd0, 0x17, 0x23, 0xa5, 0x05, 0x00, 0x00, + // 705 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x74, 0x54, 0xdd, 0x6e, 0xda, 0x48, + 0x14, 0xc6, 0xfc, 0x98, 0x70, 0x20, 0x1b, 0xef, 0x24, 0x9b, 0x38, 0x28, 0xca, 0x22, 0x5f, 0xac, + 0x90, 0xb2, 0x85, 0x86, 0xa4, 0xb7, 0xad, 0x42, 0x9b, 0x96, 0x34, 0x8d, 0x41, 0x43, 0x92, 0x4a, + 0xbd, 0x69, 0x1d, 0x7b, 0x30, 0xa3, 0xfa, 0x4f, 0xe3, 0xa1, 0x15, 0x4f, 0xd0, 0x77, 0xe8, 0xa3, + 0xf4, 0x0d, 0xfa, 0x56, 0x95, 0x67, 0x6c, 0x07, 0x08, 0x5c, 0x79, 0xce, 0x39, 0xdf, 0xf7, 0x9d, + 0x1f, 0xcf, 0x19, 0x68, 0xda, 0xa1, 0xef, 0x87, 0x41, 0xd7, 0x0e, 0x83, 0x09, 0x75, 0x67, 0xcc, + 0xe2, 0x34, 0x0c, 0x3a, 0x11, 0x0b, 0x79, 0x88, 0x54, 0x19, 0x6b, 0xee, 0xe6, 0x98, 0xe4, 0x23, + 0x83, 0xcd, 0x8c, 0xe8, 0xc7, 0xd1, 0xe7, 0x88, 0xd1, 0xc0, 0xa6, 0x91, 0xe5, 0xc9, 0x98, 0x61, + 0xc2, 0x3f, 0xaf, 0x17, 0xf5, 0x2e, 0x83, 0x6f, 0xc4, 0x0b, 0x23, 0x82, 0x5e, 0x40, 0xe5, 0x8a, + 0x13, 0x3f, 0xd6, 0x95, 0x56, 0xa9, 0x5d, 0xef, 0xfd, 0xdb, 0x49, 0x25, 0xc7, 0xd4, 0x0d, 0x88, + 0xb3, 0xc4, 0x49, 0x70, 0x58, 0xa2, 0x8d, 0xc1, 0x8a, 0xde, 0x2d, 0xf1, 0x23, 0xcf, 0xe2, 0x04, + 0x75, 0x97, 0xf5, 0x0e, 0x33, 0xbd, 0x8d, 0x4a, 0x3f, 0x14, 0x38, 0xd8, 0x90, 0x0c, 0xfd, 0x0f, + 0x7f, 0x3f, 0x71, 0xea, 0x4a, 0x4b, 0x69, 0x37, 0xf0, 0xd3, 0x00, 0x7a, 0x09, 0x90, 0x08, 0x59, + 0x7c, 0xc6, 0x48, 0xac, 0x17, 0x45, 0xfe, 0xe3, 0xb5, 0xf9, 0x73, 0x18, 0x5e, 0x60, 0x18, 0xbf, + 0x8b, 0x6b, 0xd2, 0xa1, 0x13, 0x50, 0x07, 0xc4, 0x72, 0x08, 0x13, 0x89, 0xeb, 0xbd, 0xdd, 0x5c, + 0x71, 0x6a, 0xd1, 0x40, 0x86, 0x70, 0x0a, 0x41, 0xaf, 0xa0, 0x7c, 0x3b, 0x8f, 0x88, 0x5e, 0x6c, + 0x29, 0xed, 0xbf, 0x7a, 0x27, 0x1b, 0x9b, 0x5f, 0xf6, 0x24, 0x14, 0x2c, 0x88, 0xc8, 0x80, 0xc6, + 0x07, 0x2b, 0xe6, 0x37, 0xa1, 0x43, 0x27, 0x94, 0x38, 0x7a, 0xa9, 0xa5, 0xb4, 0xcb, 0x78, 0xc9, + 0x87, 0x3a, 0x80, 0xe4, 0xd9, 0x16, 0xec, 0x51, 0xe8, 0x51, 0x7b, 0xae, 0x97, 0x5b, 0x4a, 0xbb, + 0x86, 0xd7, 0x44, 0x90, 0x06, 0xa5, 0x6b, 0x32, 0xd7, 0x2b, 0x02, 0x90, 0x1c, 0xd1, 0x1e, 0x54, + 0xee, 0x2d, 0x6f, 0x46, 0x74, 0x55, 0xcc, 0x52, 0x1a, 0xc6, 0xfb, 0x95, 0xf6, 0x45, 0x41, 0x00, + 0xaa, 0x94, 0xd1, 0x0a, 0xa8, 0x06, 0x15, 0xd1, 0xb4, 0xa6, 0xa0, 0x3a, 0x54, 0x87, 0xcc, 0x21, + 0x8c, 0x30, 0xad, 0x88, 0xb6, 0xa0, 0x3c, 0x22, 0x84, 0x69, 0x25, 0x54, 0x85, 0xd2, 0xcd, 0x78, + 0xa4, 0x95, 0x8d, 0x2f, 0xb0, 0xbf, 0x7e, 0xe2, 0xa8, 0x0d, 0x3b, 0x71, 0x66, 0x2c, 0x0c, 0xb6, + 0x81, 0x57, 0xdd, 0xe8, 0x08, 0x6a, 0xb9, 0x4b, 0x4c, 0xb4, 0x81, 0x1f, 0x1d, 0x86, 0x9b, 0x15, + 0x86, 0x10, 0x94, 0x79, 0x32, 0xf4, 0x44, 0xa6, 0x82, 0xc5, 0x19, 0xed, 0x83, 0x1a, 0xc9, 0xb9, + 0x48, 0x62, 0x6a, 0x19, 0xa7, 0x00, 0x92, 0x25, 0x9a, 0xab, 0x43, 0xf5, 0xce, 0xbc, 0x36, 0x87, + 0x1f, 0x4d, 0xad, 0x80, 0xb6, 0xa1, 0x36, 0xbe, 0x7a, 0x67, 0x5e, 0xdc, 0xde, 0xe1, 0x4b, 0x4d, + 0xc9, 0x5a, 0x29, 0x1a, 0x3f, 0xd3, 0x0b, 0x2a, 0xd2, 0x4a, 0x72, 0xbe, 0x3d, 0x3a, 0x54, 0xef, + 0x09, 0x8b, 0x69, 0x18, 0xa4, 0xd9, 0x33, 0x13, 0x75, 0xb3, 0xf2, 0x44, 0x01, 0xf5, 0xde, 0xc1, + 0xe2, 0x62, 0x2d, 0x48, 0xe1, 0xac, 0x8b, 0x73, 0x80, 0x2b, 0x87, 0x04, 0x9c, 0x72, 0x4a, 0x62, + 0xbd, 0x24, 0x6e, 0xef, 0x5e, 0x46, 0xba, 0x19, 0x8f, 0x46, 0xd9, 0x46, 0xe3, 0x05, 0x9c, 0xf1, + 0x4b, 0x81, 0x9d, 0x15, 0x45, 0x74, 0x04, 0x5b, 0x72, 0xa1, 0xfa, 0x73, 0x59, 0xd5, 0xa0, 0x80, + 0x73, 0x0f, 0x3a, 0x87, 0xf2, 0x5b, 0x16, 0xfa, 0x69, 0x59, 0xc7, 0x1b, 0xca, 0xea, 0x98, 0xc3, + 0x19, 0x1f, 0x4e, 0x06, 0x05, 0x2c, 0xd0, 0xcd, 0x6b, 0x50, 0xa5, 0x07, 0x35, 0x40, 0x31, 0xd3, + 0x66, 0x15, 0x13, 0x9d, 0xc1, 0x96, 0x20, 0xd0, 0x7c, 0xe3, 0x36, 0x36, 0x9a, 0x03, 0xfb, 0xaa, + 0xdc, 0x12, 0xe3, 0x3f, 0xd0, 0x06, 0x56, 0x3c, 0xa5, 0x81, 0x7b, 0xe1, 0xb9, 0x21, 0xa3, 0x7c, + 0xea, 0x27, 0x3f, 0x33, 0xb0, 0x7c, 0xf9, 0x33, 0x6b, 0x58, 0x9c, 0x8d, 0x53, 0x38, 0xec, 0x7b, + 0xa1, 0xfd, 0xf5, 0x8d, 0xc5, 0xad, 0x94, 0x30, 0xe6, 0x6c, 0x66, 0x8b, 0xfb, 0xb4, 0x07, 0x95, + 0xef, 0xd4, 0xe1, 0x53, 0xc1, 0xd8, 0xc6, 0xd2, 0x30, 0x9e, 0x83, 0x96, 0xde, 0xcf, 0x0b, 0xc7, + 0x61, 0x24, 0x8e, 0x49, 0x9c, 0xdc, 0x27, 0x2b, 0x33, 0xc4, 0xf3, 0x54, 0xc3, 0x8f, 0x8e, 0xfe, + 0xb3, 0x4f, 0x27, 0x2e, 0xe5, 0xd3, 0xd9, 0x43, 0x52, 0x7f, 0x77, 0x3a, 0x8f, 0x08, 0xf3, 0x88, + 0xe3, 0x12, 0xd6, 0x9d, 0x58, 0x0f, 0x8c, 0xda, 0x5d, 0xf1, 0x90, 0xc6, 0xe9, 0x93, 0xfb, 0xa0, + 0x0a, 0xf3, 0xec, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8a, 0x6c, 0x08, 0x56, 0xae, 0x05, 0x00, + 0x00, } diff --git a/protos/common/configuration.proto b/protos/common/configuration.proto index 68bd3e8514b..f7e97ba26b7 100644 --- a/protos/common/configuration.proto +++ b/protos/common/configuration.proto @@ -66,7 +66,8 @@ message ConfigurationItem { Policy = 0; // Implies that the Value is a marshaled Policy message, and may be referred to by Key as a ModificationPolicy Chain = 1; // Marshaled format for this type is yet to be determined Orderer = 2; // Marshaled format for this type is yet to be determined - Peer = 3; // Marshaled format for this type is yet to be determined + Peer = 3; // Marshaled format for this type is yet to be determined + MSP = 4; // Marshaled MSPConfig proto } ChainHeader Header = 1; // The header which ties this configuration to a particular chain ConfigurationType Type = 2; // The type of configuration this is. diff --git a/protos/orderer/ab.pb.go b/protos/orderer/ab.pb.go index efbbdf49a67..999775d4b58 100644 --- a/protos/orderer/ab.pb.go +++ b/protos/orderer/ab.pb.go @@ -22,9 +22,9 @@ It has these top-level messages: BatchSize BatchTimeout CreationPolicy - IngressPolicy - EgressPolicy - ChainCreators + IngressPolicyNames + EgressPolicyNames + ChainCreationPolicyNames KafkaBrokers KafkaMessage KafkaMessageRegular diff --git a/protos/orderer/configuration.pb.go b/protos/orderer/configuration.pb.go index ff6dd9f8697..c1dcda91411 100644 --- a/protos/orderer/configuration.pb.go +++ b/protos/orderer/configuration.pb.go @@ -71,36 +71,41 @@ func (m *CreationPolicy) String() string { return proto.CompactTextSt func (*CreationPolicy) ProtoMessage() {} func (*CreationPolicy) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{3} } -// IngressPolicy is the name of the policy which incoming Broadcast messages are filtered against -type IngressPolicy struct { - Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` +// IngressPolicyNames is the set of policy names which incoming Broadcast signatures are filtered against +type IngressPolicyNames struct { + // A list of policies, in evaluation these are 'or'-ed, note this is not a proper policy + // because implementing referential policies in a general way is difficult, and dangerous + Names []string `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"` } -func (m *IngressPolicy) Reset() { *m = IngressPolicy{} } -func (m *IngressPolicy) String() string { return proto.CompactTextString(m) } -func (*IngressPolicy) ProtoMessage() {} -func (*IngressPolicy) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{4} } +func (m *IngressPolicyNames) Reset() { *m = IngressPolicyNames{} } +func (m *IngressPolicyNames) String() string { return proto.CompactTextString(m) } +func (*IngressPolicyNames) ProtoMessage() {} +func (*IngressPolicyNames) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{4} } -// EgressPolicy is the name of the policy which incoming Deliver messages are filtered against -type EgressPolicy struct { - Name string `protobuf:"bytes,1,opt,name=name" json:"name,omitempty"` +// EgressPolicyNames is the set of policy names which incoming Deliver signatures are filtered against +type EgressPolicyNames struct { + // A list of policies, in evaluation these are 'or'-ed, note this is not a proper policy + // because implementing referential policies in a general way is difficult, and dangerous + Names []string `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"` } -func (m *EgressPolicy) Reset() { *m = EgressPolicy{} } -func (m *EgressPolicy) String() string { return proto.CompactTextString(m) } -func (*EgressPolicy) ProtoMessage() {} -func (*EgressPolicy) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{5} } +func (m *EgressPolicyNames) Reset() { *m = EgressPolicyNames{} } +func (m *EgressPolicyNames) String() string { return proto.CompactTextString(m) } +func (*EgressPolicyNames) ProtoMessage() {} +func (*EgressPolicyNames) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{5} } -type ChainCreators struct { - // A list of policies, any of which may be specified as the chain creation - // policy in a chain creation request - Policies []string `protobuf:"bytes,1,rep,name=policies" json:"policies,omitempty"` +// ChainCreationPolicyNames is the set of policies which may be invoked for chain creation +type ChainCreationPolicyNames struct { + // A list of policies, in evaluation these are 'or'-ed, note this is not a proper policy + // because implementing referential policies in a general way is difficult, and dangerous + Names []string `protobuf:"bytes,1,rep,name=names" json:"names,omitempty"` } -func (m *ChainCreators) Reset() { *m = ChainCreators{} } -func (m *ChainCreators) String() string { return proto.CompactTextString(m) } -func (*ChainCreators) ProtoMessage() {} -func (*ChainCreators) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{6} } +func (m *ChainCreationPolicyNames) Reset() { *m = ChainCreationPolicyNames{} } +func (m *ChainCreationPolicyNames) String() string { return proto.CompactTextString(m) } +func (*ChainCreationPolicyNames) ProtoMessage() {} +func (*ChainCreationPolicyNames) Descriptor() ([]byte, []int) { return fileDescriptor1, []int{6} } // Carries a list of bootstrap brokers, i.e. this is not the exclusive set of // brokers an ordering service @@ -120,36 +125,36 @@ func init() { proto.RegisterType((*BatchSize)(nil), "orderer.BatchSize") proto.RegisterType((*BatchTimeout)(nil), "orderer.BatchTimeout") proto.RegisterType((*CreationPolicy)(nil), "orderer.CreationPolicy") - proto.RegisterType((*IngressPolicy)(nil), "orderer.IngressPolicy") - proto.RegisterType((*EgressPolicy)(nil), "orderer.EgressPolicy") - proto.RegisterType((*ChainCreators)(nil), "orderer.ChainCreators") + proto.RegisterType((*IngressPolicyNames)(nil), "orderer.IngressPolicyNames") + proto.RegisterType((*EgressPolicyNames)(nil), "orderer.EgressPolicyNames") + proto.RegisterType((*ChainCreationPolicyNames)(nil), "orderer.ChainCreationPolicyNames") proto.RegisterType((*KafkaBrokers)(nil), "orderer.KafkaBrokers") } func init() { proto.RegisterFile("orderer/configuration.proto", fileDescriptor1) } var fileDescriptor1 = []byte{ - // 349 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x84, 0x92, 0xcf, 0x8a, 0xdb, 0x30, - 0x10, 0xc6, 0x71, 0x13, 0x92, 0x46, 0x24, 0xfd, 0xa3, 0x42, 0x31, 0xe9, 0x25, 0xb8, 0x17, 0xd3, - 0x86, 0xf8, 0xd0, 0x17, 0x28, 0x36, 0x7b, 0x58, 0x96, 0xc0, 0xe2, 0xcd, 0x69, 0x6f, 0xb2, 0x3d, - 0xb6, 0x45, 0x62, 0x8d, 0x19, 0xc9, 0x10, 0xef, 0x4b, 0xec, 0x2b, 0x2f, 0x96, 0x95, 0x1c, 0x36, - 0x87, 0x3d, 0xf9, 0xfb, 0x66, 0x7e, 0x58, 0xdf, 0x8c, 0xc4, 0x7e, 0x21, 0x15, 0x40, 0x40, 0x51, - 0x8e, 0xaa, 0x94, 0x55, 0x47, 0xc2, 0x48, 0x54, 0xbb, 0x96, 0xd0, 0x20, 0x9f, 0xbb, 0xe6, 0xfa, - 0x47, 0x8e, 0x4d, 0x83, 0x2a, 0x1a, 0x3f, 0x63, 0x37, 0xf8, 0xcd, 0x56, 0x09, 0x2a, 0x0d, 0x4a, - 0x77, 0xfa, 0xd0, 0xb7, 0xc0, 0x39, 0x9b, 0x9a, 0xbe, 0x05, 0xdf, 0xdb, 0x78, 0xe1, 0x22, 0xb5, - 0x3a, 0x78, 0xf5, 0xd8, 0x22, 0x16, 0x26, 0xaf, 0x9f, 0xe4, 0x0b, 0xf0, 0x90, 0x7d, 0x6d, 0xc4, - 0x79, 0x0f, 0x5a, 0x8b, 0x0a, 0x12, 0xec, 0x94, 0xb1, 0xf0, 0x2a, 0x7d, 0x5f, 0xe6, 0x7f, 0xd8, - 0x37, 0x91, 0x69, 0x3c, 0x75, 0x06, 0xf6, 0xe2, 0x1c, 0xf7, 0x06, 0xb4, 0xff, 0xc9, 0xa2, 0x37, - 0x75, 0xbe, 0x65, 0xdf, 0x5b, 0x82, 0x12, 0x88, 0xa0, 0xb8, 0xc2, 0x13, 0x0b, 0xdf, 0x36, 0x82, - 0x90, 0x2d, 0x6d, 0xa0, 0x83, 0x6c, 0x00, 0x3b, 0xc3, 0x7d, 0x36, 0x37, 0xa3, 0x74, 0xc1, 0x2f, - 0x36, 0xf8, 0xcf, 0xbe, 0x24, 0x04, 0x76, 0x21, 0x8f, 0x78, 0x92, 0x79, 0xcf, 0x7f, 0xb2, 0x59, - 0x6b, 0x95, 0x43, 0x9d, 0x1b, 0xea, 0x85, 0xac, 0x40, 0x1b, 0x9b, 0x71, 0x99, 0x3a, 0x37, 0xac, - 0xe8, 0x5e, 0x55, 0x04, 0x5a, 0xbb, 0x1f, 0x70, 0x36, 0x55, 0xa2, 0xb9, 0xae, 0x68, 0xd0, 0x41, - 0xc0, 0x96, 0x77, 0x1f, 0x31, 0x7f, 0xd9, 0x2a, 0xa9, 0x85, 0x54, 0x36, 0x0f, 0x92, 0xe6, 0x6b, - 0xf6, 0xd9, 0x9e, 0x2d, 0x41, 0xfb, 0xde, 0x66, 0x12, 0x2e, 0xd2, 0xab, 0x1f, 0x26, 0x7c, 0x10, - 0xe5, 0x51, 0xc4, 0x84, 0x47, 0x20, 0x3d, 0x4c, 0x98, 0x8d, 0xd2, 0xa1, 0x17, 0x1b, 0xef, 0x9e, - 0xb7, 0x95, 0x34, 0x75, 0x97, 0xed, 0x72, 0x6c, 0xa2, 0xba, 0x6f, 0x81, 0x4e, 0x50, 0x54, 0x40, - 0x51, 0x29, 0x32, 0x92, 0x79, 0x64, 0x6f, 0x5a, 0x47, 0xee, 0x1d, 0x64, 0x33, 0xeb, 0xff, 0xbd, - 0x05, 0x00, 0x00, 0xff, 0xff, 0x13, 0xbb, 0x3c, 0xc7, 0x36, 0x02, 0x00, 0x00, + // 346 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0x8c, 0x92, 0x5f, 0x6b, 0xa3, 0x40, + 0x14, 0xc5, 0x71, 0xb3, 0x9b, 0x90, 0x4b, 0xb2, 0xbb, 0x99, 0x5d, 0x16, 0xd9, 0xbe, 0x04, 0xfb, + 0x62, 0x43, 0x88, 0x85, 0x7e, 0x81, 0xa2, 0xf4, 0xa1, 0x94, 0x94, 0x62, 0xf3, 0xd4, 0xb7, 0x51, + 0xaf, 0x3a, 0x24, 0xce, 0xc8, 0x9d, 0x11, 0x62, 0xbf, 0x44, 0xbf, 0x72, 0xc9, 0x68, 0x0a, 0x6d, + 0xa0, 0xf4, 0xc9, 0x73, 0xee, 0xf9, 0x39, 0x9c, 0xf9, 0x03, 0x67, 0x8a, 0x32, 0x24, 0xa4, 0x20, + 0x55, 0x32, 0x17, 0x45, 0x43, 0xdc, 0x08, 0x25, 0x57, 0x35, 0x29, 0xa3, 0xd8, 0xa8, 0x0f, 0xff, + 0xff, 0x49, 0x55, 0x55, 0x29, 0x19, 0x74, 0x9f, 0x2e, 0xf5, 0xce, 0x61, 0x1a, 0x29, 0xa9, 0x51, + 0xea, 0x46, 0x6f, 0xda, 0x1a, 0x19, 0x83, 0xef, 0xa6, 0xad, 0xd1, 0x75, 0xe6, 0x8e, 0x3f, 0x8e, + 0xad, 0xf6, 0x5e, 0x1c, 0x18, 0x87, 0xdc, 0xa4, 0xe5, 0xa3, 0x78, 0x46, 0xe6, 0xc3, 0xaf, 0x8a, + 0xef, 0xd7, 0xa8, 0x35, 0x2f, 0x30, 0x52, 0x8d, 0x34, 0x16, 0x9e, 0xc6, 0x1f, 0xc7, 0x6c, 0x01, + 0xbf, 0x79, 0xa2, 0xd5, 0xae, 0x31, 0xb8, 0xe6, 0xfb, 0xb0, 0x35, 0xa8, 0xdd, 0x6f, 0x16, 0x3d, + 0x99, 0xb3, 0x25, 0xcc, 0x6a, 0xc2, 0x1c, 0x89, 0x30, 0x7b, 0x83, 0x07, 0x16, 0x3e, 0x0d, 0x3c, + 0x1f, 0x26, 0xb6, 0xd0, 0x46, 0x54, 0xa8, 0x1a, 0xc3, 0x5c, 0x18, 0x99, 0x4e, 0xf6, 0xc5, 0x8f, + 0xd6, 0xbb, 0x86, 0x9f, 0x11, 0xa1, 0x3d, 0x90, 0x07, 0xb5, 0x13, 0x69, 0xcb, 0xfe, 0xc1, 0xb0, + 0xb6, 0xaa, 0x47, 0x7b, 0x77, 0x98, 0x67, 0xa2, 0x40, 0x6d, 0x6c, 0xc7, 0x49, 0xdc, 0x3b, 0x6f, + 0x01, 0xec, 0x56, 0x16, 0x84, 0x5a, 0x77, 0x0b, 0xdc, 0xf3, 0x0a, 0x35, 0xfb, 0x0b, 0x3f, 0xe4, + 0x41, 0xb8, 0xce, 0x7c, 0xe0, 0x8f, 0xe3, 0xce, 0x78, 0x17, 0x30, 0xbb, 0xf9, 0x22, 0x7a, 0x09, + 0x6e, 0x54, 0x72, 0x21, 0xdf, 0xb7, 0xfb, 0xec, 0x0f, 0x1f, 0x26, 0x77, 0x3c, 0xdf, 0xf2, 0x90, + 0xd4, 0x16, 0x49, 0x1f, 0x36, 0x9d, 0x74, 0xb2, 0xe7, 0x8e, 0x36, 0x5c, 0x3d, 0x2d, 0x0b, 0x61, + 0xca, 0x26, 0x59, 0xa5, 0xaa, 0x0a, 0xca, 0xb6, 0x46, 0xda, 0x61, 0x56, 0x20, 0x05, 0x39, 0x4f, + 0x48, 0xa4, 0x81, 0xbd, 0x7c, 0x1d, 0xf4, 0x4f, 0x23, 0x19, 0x5a, 0x7f, 0xf5, 0x1a, 0x00, 0x00, + 0xff, 0xff, 0x02, 0x01, 0xf1, 0xb0, 0x49, 0x02, 0x00, 0x00, } diff --git a/protos/orderer/configuration.proto b/protos/orderer/configuration.proto index 58b174ea182..8f36e03ec9c 100644 --- a/protos/orderer/configuration.proto +++ b/protos/orderer/configuration.proto @@ -67,20 +67,25 @@ message CreationPolicy { bytes digest = 2; } -// IngressPolicy is the name of the policy which incoming Broadcast messages are filtered against -message IngressPolicy { - string name = 1; +// IngressPolicyNames is the set of policy names which incoming Broadcast signatures are filtered against +message IngressPolicyNames { + // A list of policies, in evaluation these are 'or'-ed, note this is not a proper policy + // because implementing referential policies in a general way is difficult, and dangerous + repeated string names = 1; } -// EgressPolicy is the name of the policy which incoming Deliver messages are filtered against -message EgressPolicy { - string name = 1; +// EgressPolicyNames is the set of policy names which incoming Deliver signatures are filtered against +message EgressPolicyNames { + // A list of policies, in evaluation these are 'or'-ed, note this is not a proper policy + // because implementing referential policies in a general way is difficult, and dangerous + repeated string names = 1; } -message ChainCreators { - // A list of policies, any of which may be specified as the chain creation - // policy in a chain creation request - repeated string policies = 1; +// ChainCreationPolicyNames is the set of policies which may be invoked for chain creation +message ChainCreationPolicyNames { + // A list of policies, in evaluation these are 'or'-ed, note this is not a proper policy + // because implementing referential policies in a general way is difficult, and dangerous + repeated string names = 1; } // Carries a list of bootstrap brokers, i.e. this is not the exclusive set of