Commit 00df45f9 authored by Jason Yellick's avatar Jason Yellick Committed by Gari Singh
Browse files

FAB-14094 Clarify implicitmeta error message



This CR replaces the old rather opaque and unclear:

 Failed to reach implicit threshold of 1 sub-policies: required 1 \
  remaining

with

 implicit policy evaluation failed - 0 sub-policies were satisfied, \
  but this policy requires 1 of the 'Readers' sub-policies to be \
  satisfied

Although the message is a bit verbose, and likely could be made to be
even clearer, this attempts to strike a reasonable balance between
verbosity, and information leakage about policy structures to users
which are unauthorized and might simply be attempting to probe the
system for information on membership, etc.

Change-Id: Icd53e4438117936ca7254d08040e9fad27e24163
Signed-off-by: default avatarJason Yellick <jyellick@us.ibm.com>
parent ede53fc6
......@@ -76,7 +76,7 @@ func (imp *implicitMetaPolicy) Evaluate(signatureSet []*cb.SignedData) error {
b.WriteString(fmt.Sprintf("Evaluation Failed: Only %d policies were satisfied, but needed %d of [ ", imp.threshold-remaining, imp.threshold))
for m := range imp.managers {
b.WriteString(m)
b.WriteString(".")
b.WriteString("/")
b.WriteString(imp.subPolicyName)
b.WriteString(" ")
}
......@@ -97,5 +97,5 @@ func (imp *implicitMetaPolicy) Evaluate(signatureSet []*cb.SignedData) error {
if remaining == 0 {
return nil
}
return fmt.Errorf("Failed to reach implicit threshold of %d sub-policies, required %d remaining", imp.threshold, remaining)
return fmt.Errorf("implicit policy evaluation failed - %d sub-policies were satisfied, but this policy requires %d of the '%s' sub-policies to be satisfied", (imp.threshold - remaining), imp.threshold, imp.subPolicyName)
}
......@@ -72,23 +72,33 @@ func TestImplicitMetaAny(t *testing.T) {
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_ANY, 1, 1))
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_ANY, 10, 1))
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_ANY, 10, 8))
assert.Error(t, runPolicyTest(cb.ImplicitMetaPolicy_ANY, 10, 0))
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_ANY, 0, 0))
err := runPolicyTest(cb.ImplicitMetaPolicy_ANY, 10, 0)
assert.EqualError(t, err, "implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'TestPolicyName' sub-policies to be satisfied")
}
func TestImplicitMetaAll(t *testing.T) {
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_ALL, 1, 1))
assert.Error(t, runPolicyTest(cb.ImplicitMetaPolicy_ALL, 10, 1))
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_ALL, 10, 10))
assert.Error(t, runPolicyTest(cb.ImplicitMetaPolicy_ALL, 10, 0))
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_ALL, 0, 0))
err := runPolicyTest(cb.ImplicitMetaPolicy_ALL, 10, 1)
assert.EqualError(t, err, "implicit policy evaluation failed - 1 sub-policies were satisfied, but this policy requires 10 of the 'TestPolicyName' sub-policies to be satisfied")
err = runPolicyTest(cb.ImplicitMetaPolicy_ALL, 10, 0)
assert.EqualError(t, err, "implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 10 of the 'TestPolicyName' sub-policies to be satisfied")
}
func TestImplicitMetaMajority(t *testing.T) {
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_MAJORITY, 1, 1))
assert.Error(t, runPolicyTest(cb.ImplicitMetaPolicy_MAJORITY, 10, 5))
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_MAJORITY, 10, 6))
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_MAJORITY, 3, 2))
assert.Error(t, runPolicyTest(cb.ImplicitMetaPolicy_MAJORITY, 10, 0))
assert.NoError(t, runPolicyTest(cb.ImplicitMetaPolicy_MAJORITY, 0, 0))
err := runPolicyTest(cb.ImplicitMetaPolicy_MAJORITY, 10, 5)
assert.EqualError(t, err, "implicit policy evaluation failed - 5 sub-policies were satisfied, but this policy requires 6 of the 'TestPolicyName' sub-policies to be satisfied")
err = runPolicyTest(cb.ImplicitMetaPolicy_MAJORITY, 10, 0)
assert.EqualError(t, err, "implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 6 of the 'TestPolicyName' sub-policies to be satisfied")
}
......@@ -670,7 +670,7 @@ func TestCreateReplicator(t *testing.T) {
r := createReplicator(ledgerFactory, bootBlock, &localconfig.TopLevel{}, &comm.SecureOptions{}, signer)
err := r.verifierRetriever.RetrieveVerifier("mychannel").VerifyBlockSignature(nil, nil)
assert.EqualError(t, err, "Failed to reach implicit threshold of 1 sub-policies, required 1 remaining")
assert.EqualError(t, err, "implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied")
err = r.verifierRetriever.RetrieveVerifier("system").VerifyBlockSignature(nil, nil)
assert.NoError(t, err)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment