Commit b794b72f authored by Matthew Sykes's avatar Matthew Sykes Committed by Gari Singh
Browse files

[FAB-10266] enable cc-2-cc policy integration test



Change-Id: I1d0d6c4e578e0d9cfd99a175c112cc728a1df4a6
Signed-off-by: default avatarMatthew Sykes <sykesmat@us.ibm.com>
parent c37715b5
......@@ -8,13 +8,10 @@ package aclmgmt
import (
"github.com/hyperledger/fabric/common/flogging"
"github.com/hyperledger/fabric/core/peer"
)
var aclMgmtLogger = flogging.MustGetLogger("aclmgmt")
type aclMethod func(resName string, channelID string, idinfo interface{}) error
//implementation of aclMgmt. CheckACL calls in fabric result in the following flow
// if resourceProvider[resourceName]
// return resourceProvider[resourceName].CheckACL(...)
......@@ -37,17 +34,8 @@ func (am *aclMgmtImpl) CheckACL(resName string, channelID string, idinfo interfa
//ACLProvider consists of two providers, supplied one and a default one (1.0 ACL management
//using ChannelReaders and ChannelWriters). If supplied provider is nil, a resource based
//ACL provider is created.
func newACLMgmt(prov ACLProvider) ACLProvider {
rp := prov
if rp == nil {
rp = newResourceProvider(peer.GetStableChannelConfig, newDefaultACLProvider())
}
return &aclMgmtImpl{rescfgProvider: rp}
}
func NewACLProvider() ACLProvider {
func NewACLProvider(rg ResourceGetter) ACLProvider {
return &aclMgmtImpl{
rescfgProvider: newResourceProvider(peer.GetStableChannelConfig, newDefaultACLProvider()),
rescfgProvider: newResourceProvider(rg, NewDefaultACLProvider()),
}
}
......@@ -35,7 +35,7 @@ type defaultACLProvider struct {
cResourcePolicyMap map[string]string
}
func newDefaultACLProvider() ACLProvider {
func NewDefaultACLProvider() ACLProvider {
d := &defaultACLProvider{}
d.initialize()
......
......@@ -140,19 +140,19 @@ func (rp *aclmgmtPolicyProviderImpl) CheckACL(polName string, idinfo interface{}
//-------- resource provider - entry point API used by aclmgmtimpl for doing resource based ACL ----------
//resource getter gets channelconfig.Resources given channel ID
type resourceGetter func(channelID string) channelconfig.Resources
type ResourceGetter func(channelID string) channelconfig.Resources
//resource provider that uses the resource configuration information to provide ACL support
type resourceProvider struct {
//resource getter
resGetter resourceGetter
resGetter ResourceGetter
//default provider to be used for undefined resources
defaultProvider ACLProvider
}
//create a new resourceProvider
func newResourceProvider(rg resourceGetter, defprov ACLProvider) *resourceProvider {
func newResourceProvider(rg ResourceGetter, defprov ACLProvider) *resourceProvider {
return &resourceProvider{rg, defprov}
}
......
......@@ -25,10 +25,12 @@ import (
"github.com/golang/protobuf/proto"
"github.com/hyperledger/fabric/bccsp/factory"
"github.com/hyperledger/fabric/common/channelconfig"
mc "github.com/hyperledger/fabric/common/mocks/config"
mockpolicies "github.com/hyperledger/fabric/common/mocks/policies"
"github.com/hyperledger/fabric/common/policies"
"github.com/hyperledger/fabric/common/util"
"github.com/hyperledger/fabric/core/aclmgmt"
aclmocks "github.com/hyperledger/fabric/core/aclmgmt/mocks"
"github.com/hyperledger/fabric/core/chaincode/accesscontrol"
"github.com/hyperledger/fabric/core/chaincode/shim"
......@@ -55,6 +57,7 @@ import (
pb "github.com/hyperledger/fabric/protos/peer"
putils "github.com/hyperledger/fabric/protos/utils"
"github.com/spf13/viper"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/mock"
"golang.org/x/net/context"
"google.golang.org/grpc"
......@@ -128,7 +131,7 @@ func initPeer(chainIDs ...string) (net.Listener, *ChaincodeSupport, func(), erro
ca.CertBytes(),
certGenerator,
&ccprovider.CCInfoFSImpl{},
mockAclProvider,
aclmgmt.NewACLProvider(func(string) channelconfig.Resources { return nil }),
container.NewVMController(
map[string]container.VMProvider{
dockercontroller.ContainerType: dockercontroller.NewProvider("", ""),
......@@ -755,18 +758,18 @@ func runChaincodeInvokeChaincode(t *testing.T, channel1 string, channel2 string,
},
}
// TODO: Restore setup for policy and acl validation
// // as Bob, invoke chaincode2 on channel2 so that it invokes chaincode1 on channel1
// _, _, _, err = invoke(ctxt, channel2, chaincode2InvokeSpec, nextBlockNumber2, []byte("Bob"), chaincodeSupport)
// if err == nil {
// // Bob should not be able to call
// stopChaincode(ctxt, cccid1, chaincodeSupport)
// stopChaincode(ctxt, cccid2, chaincodeSupport)
// stopChaincode(ctxt, cccid3, chaincodeSupport)
// nextBlockNumber2++
// t.Fatalf("As Bob, invoking <%s/%s> via <%s/%s> should fail, but it succeeded.", cccid1.Name, cccid1.ChainID, chaincode2Name, channel2)
// return nextBlockNumber1, nextBlockNumber2
// }
// as Bob, invoke chaincode2 on channel2 so that it invokes chaincode1 on channel1
_, _, _, err = invoke(ctxt, channel2, chaincode2InvokeSpec, nextBlockNumber2, []byte("Bob"), chaincodeSupport)
if err == nil {
// Bob should not be able to call
stopChaincode(ctxt, cccid1, chaincodeSupport)
stopChaincode(ctxt, cccid2, chaincodeSupport)
stopChaincode(ctxt, cccid3, chaincodeSupport)
nextBlockNumber2++
t.Fatalf("As Bob, invoking <%s/%s> via <%s/%s> should fail, but it succeeded.", cccid1.Name, cccid1.ChainID, chaincode2Name, channel2)
return nextBlockNumber1, nextBlockNumber2
}
assert.True(t, strings.Contains(err.Error(), "[Creator not recognized [Bob]]"))
// as Alice, invoke chaincode2 on channel2 so that it invokes chaincode1 on channel1
_, _, _, err = invoke(ctxt, channel2, chaincode2InvokeSpec, nextBlockNumber2, []byte("Alice"), chaincodeSupport)
......@@ -915,7 +918,6 @@ func TestChaincodeInvokeChaincode(t *testing.T) {
}
defer cleanup()
// TODO: Restore setup for policy and acl validation
mockAclProvider.On("CheckACL", mock.Anything, mock.Anything, mock.Anything).Return(nil)
testCases := []tcicTc{
......@@ -1007,7 +1009,6 @@ func TestChaincodeInvokeChaincodeErrorCase(t *testing.T) {
}
defer cleanup()
// TODO: Restore setup for policy and acl validation
mockAclProvider.On("CheckACL", mock.Anything, mock.Anything, mock.Anything).Return(nil)
// Deploy first chaincode
......
......@@ -140,7 +140,9 @@ func serve(args []string) error {
//startup aclmgmt with default ACL providers (resource based and default 1.0 policies based).
//Users can pass in their own ACLProvider to RegisterACLProvider (currently unit tests do this)
aclProvider := aclmgmt.NewACLProvider() // TODO: provide resource getter / peer.GetStableChannelConfig
aclProvider := aclmgmt.NewACLProvider(
aclmgmt.ResourceGetter(peer.GetStableChannelConfig),
)
//initialize resource management exit
ledgermgmt.Initialize(peer.ConfigTxProcessors)
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment