1. 22 May, 2018 13 commits
  2. 21 May, 2018 16 commits
  3. 20 May, 2018 10 commits
    • yacovm's avatar
      [FAB-10238] Filter collections on peers, not principals · c1195678
      yacovm authored
      The collection support in the discovery service supports collections by
      filtering out principal sets that aren't authorized by the principals
      derived from the policy in the collection config.
      This is problematic in cases when the collection config is defined
      with principals which have no obvious IsA relation with the
      endorsement policy:
      Consider a case where the endorsement policy is defined with principals
      of Org1.peer or and org2.peer, and the collection is
      defined with OUs of Org.
      Any principal based policy can't accept nor reject such a scenario,
      since a peer role is based on an OU that is hidden from the principal
      This change set moves the filtering to the peer identities instead of
      filtering the principal sets of the combinations of the endorsement
      It also raises the code coverage from 97% to 99%
      Change-Id: I6d2f9f1e735f667fcffe99c3d3b6bfe6a6ed8e98
      Signed-off-by: default avataryacovm <yacovm@il.ibm.com>
    • Christopher Ferris's avatar
    • Christopher Ferris's avatar
      FAB-10236 improve integration-test target · 7984961a
      Christopher Ferris authored
      The Makefile's 'integration-test' target unnecessarily
      builds all the docker images as a dependency. It also
      cleans them all, which compounds issues. The only one
      it might possibly need is ccenv because the tests
      may spin up chaincode.
      Also, go test ./... does not correctly handle all tests.
      A more correct approach would be to exec go test or ginkgo
      from each directory in which there is a suite.
      Need to ensure 3rd party images d/l'ed
      Change-Id: I8a5c713108c339842471f6415e79924dba7b7964
      Signed-off-by: default avatarChristopher Ferris <chrisfer@us.ibm.com>
    • Chris Elder's avatar
      [FAB-10048] Add authentication to each CouchDB db · fcb9ae5a
      Chris Elder authored
      Add changes to add database security to each CouchDB database.   This will
      prevent any unauthorized browsing of state data.
      Add couchdb methods to expose the CouchDB _security API for PUT and GET to
      respectively create and retrieve the database security permissions.
      Add the following structure to couchdb to represent the couchdb security
      type DatabaseSecurity struct {
      	Admins struct {
      		Names []string `json:"names"`
      		Roles []string `json:"roles"`
      	} `json:"admins"`
      	Members struct {
      		Names []string `json:"names"`
      		Roles []string `json:"roles"`
      	} `json:"members"`
      Add changes to couchdb CreateDatabaseIfNotExist() and apply a security
      permission definition based on the configured CouchDB username.  Add the
      username to the Admins and Members section.
      Change-Id: I8dadd0e1575babef2143c7fb332b863aa0c6be5b
      Signed-off-by: default avatarChris Elder <chris.elder@us.ibm.com>
    • yacovm's avatar
      [FAB-10051] Pluggable endorsement and validation e2e · 58ad85be
      yacovm authored
      This change set adds integration tests for pluggable endorsement
      and validation.
      This is actually the e2e but with a slight twist:
      The endorsement and validation plugins that are used are actually
      not the builtin, compiled ones - but .so plugins that are compiled
      at the start of the test.
      To ensure that the plugins are run and not the builtin version,
      the plugin implementation writes to the file system a file
      and the test checks that the file exists after the peers joined the channel.
      Change-Id: I69027566f78560ffe9afc03aa9f3f1ac7bdbc6e5
      Signed-off-by: default avataryacovm <yacovm@il.ibm.com>
    • manish's avatar
      [FAB-9997] Validation check for a collection · fc243c37
      manish authored
      This CR adds validation before allowing an operation on the private data
       - That the collection configuraiton is defined for the chaincode
       - That the collection name exists in the collection config
      Change-Id: I3b01bb105e630fde5e350055d1ec19e6d529f5cd
      Signed-off-by: default avatarmanish <manish.sethi@gmail.com>
    • joe-alewine's avatar
      [FAB-10004] Get IdeMix docs into TOC · b1b43e43
      joe-alewine authored
      Also clean them up a bit (formatting,
      references to IBM, etc).
      Change-Id: I365b16c0a711d54d66c0524340f865ada56b2c21
      Signed-off-by: default avatarjoe-alewine <Joe.Alewine@ibm.com>
    • Yacov Manevich's avatar
    • Yacov Manevich's avatar
    • Matthew Sykes's avatar
      [FAB-10232] Setup and teardown in Before/AfterEach · 9d3f15b9
      Matthew Sykes authored
      Change-Id: I9487d30e8d961dd114f4fb1b76d30c5f36c0283b
      Signed-off-by: default avatarMatthew Sykes <sykesmat@us.ibm.com>
  4. 19 May, 2018 1 commit