github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/bddtests/chaincode_rbac.feature (about) 1 # 2 # Test Hyperledger Chaincodes using various RBAC mechanisms 3 # 4 # Tags that can be used and will affect test internals: 5 # 6 # @doNotDecompose will NOT decompose the named compose_yaml after scenario ends. Useful for setting up environment and reviewing after scenario. 7 # 8 @preV1 9 @feature_chaincode_rbac 10 Feature: Role Based Access Control (RBAC) 11 As a HyperLedger developer 12 I want various mechanisms available for implementing RBAC within Chaincode 13 14 #@doNotDecompose 15 @issue_1207 16 Scenario Outline: test a chaincode showing how to implement role-based access control using TCerts with no attributes 17 18 Given we compose "<ComposeFile>" 19 And I wait "5" seconds 20 And I register with CA supplying username "binhn" and secret "7avZQLwcUe9q" on peers: 21 | vp0 | 22 And I register with CA supplying username "alice" and secret "CMS10pEQlB16" on peers: 23 | vp0 | 24 And I use the following credentials for querying peers: 25 | peer | username | secret | 26 | vp0 | test_user0 | MS9qrN8hFjlE | 27 | vp1 | test_user1 | jGlNl6ImkuDo | 28 | vp2 | test_user2 | zMflqOKezFiA | 29 | vp3 | test_user3 | vWdLCE00vJy0 | 30 31 When requesting "/chain" from "vp0" 32 Then I should get a JSON response with "height" = "1" 33 34 #Acquire a Application-TCert for binh (NOTE: application TCert is NEVER used for signing fabric TXs) 35 When user "binhn" requests a new application TCert 36 # Binhn is assuming the application ROLE of Admin by using his own TCert 37 And user "binhn" stores their last result as "TCERT_APP_ADMIN" 38 39 # Deploy, in this case Binh is assinging himself as the Admin for the RBAC chaincode. 40 When user "binhn" sets metadata to their stored value "TCERT_APP_ADMIN" 41 And user "binhn" deploys chaincode "github.com/hyperledger/fabric/examples/chaincode/go/rbac_tcerts_no_attrs" aliased as "rbac_tcerts_no_attrs" with ctor "init" and args 42 || 43 || 44 Then I should have received a chaincode name 45 Then I wait up to "<WaitTime>" seconds for transaction to be committed to peers: 46 | vp0 | vp1 | vp2 | vp3 | 47 48 # When we refer to any party, we actually mean a specific application TCert for that party 49 50 #Acquire a Application-TCert for alice, and supplies to binhn (NOTE: application TCert is NEVER used for signing fabric TXs) 51 When user "alice" requests a new application TCert 52 And user "alice" stores their last result as "TCERT_APP_ALICE_1" 53 # Alice gives binhn her application TCert (usually OUT-OF-BAND) 54 And user "alice" gives stored value "TCERT_APP_ALICE_1" to "binhn" 55 56 57 # binhn is assigning the role of 'writer' to alice 58 When "binhn" uses application TCert "TCERT_APP_ADMIN" to assign role "writer" to application TCert "TCERT_APP_ALICE_1" 59 Then I should have received a transactionID 60 Then I wait up to "60" seconds for transaction to be committed to peers: 61 | vp0 | vp1 | vp2 | vp3 | 62 And "binhn"'s last transaction should have succeeded 63 64 65 # Alice attempts to assign a role to binh, but this will fail as she does NOT have permission. 66 When "alice" uses application TCert "TCERT_APP_ALICE_1" to assign role "writer" to application TCert "TCERT_APP_ALICE_1" 67 Then I wait up to "60" seconds for transaction to be committed to peers: 68 | vp0 | vp1 | vp2 | vp3 | 69 And "alice"'s last transaction should have failed with message that contains "The invoker does not have the required roles" 70 71 #When "Alice" writes value "Alice's value" 72 #Then invoke should succeed 73 74 #When "Bob" reads value 75 #Then the result should be "Alice's value" 76 77 #When "Alice" reads value 78 #Then should fail with failure "Permissed denied" 79 80 81 # TODO: Must manage TCert expiration for all parties involved. 82 83 Examples: Consensus Options 84 | ComposeFile | WaitTime | 85 | docker-compose-4-consensus-batch.yml | 120 | 86 87 88 #@doNotDecompose 89 @issue_RBAC_TCERT_With_Attributes 90 Scenario Outline: test a chaincode showing how to implement role-based access control using TCerts with attributes 91 92 Given we compose "<ComposeFile>" 93 And I wait "5" seconds 94 And I register with CA supplying username "binhn" and secret "7avZQLwcUe9q" on peers: 95 | vp0 | 96 And I register with CA supplying username "alice" and secret "8Y7WIrLX0A8G" on peers: 97 | vp0 | 98 And I use the following credentials for querying peers: 99 | peer | username | secret | 100 | vp0 | test_user0 | MS9qrN8hFjlE | 101 | vp1 | test_user1 | jGlNl6ImkuDo | 102 | vp2 | test_user2 | zMflqOKezFiA | 103 | vp3 | test_user3 | vWdLCE00vJy0 | 104 105 When requesting "/chain" from "vp0" 106 Then I should get a JSON response with "height" = "1" 107 108 #Acquire a batch of TCerts for binh and store the TCertOwner key material associated with the batch. PreK0 which is per TCert. 109 When user "binhn" requests a batch of TCerts of size "1" with attributes: 110 | role | 111 | admin | 112 And user "binhn" stores their last result as "BATCH_OF_TCERTS" 113 # 114 115 # Deploy, in this case Binh is assinging himself as the Admin for the RBAC chaincode. 116 And user "binhn" deploys chaincode "github.com/hyperledger/fabric/examples/chaincode/go/rbac_tcerts_with_attrs" with ctor "init" to "vp0" 117 || 118 || 119 Then I should have received a chaincode name 120 Then I wait up to "<WaitTime>" seconds for transaction to be committed to peers: 121 | vp0 | vp1 | vp2 | vp3 | 122 123 # When we refer to any party, we actually mean a specific application TCert for that party 124 125 #Acquire a Application-TCert for alice, and supplies to binhn (NOTE: application TCert is NEVER used for signing fabric TXs) 126 When user "alice" requests a new application TCert 127 And user "alice" stores their last result as "TCERT_APP_ALICE_1" 128 # Alice gives binhn her application TCert (usually OUT-OF-BAND) 129 And user "alice" gives stored value "TCERT_APP_ALICE_1" to "binhn" 130 131 132 # binhn is assigning the role of 'writer' to alice 133 When "binhn" uses application TCert "TCERT_APP_ADMIN" to assign role "writer" to application TCert "TCERT_APP_ALICE_1" 134 Then I should have received a transactionID 135 Then I wait up to "60" seconds for transaction to be committed to peers: 136 | vp0 | vp1 | vp2 | vp3 | 137 138 139 # Alice attempts to assign a role to binh, but this will fail as she does NOT have permission. The check is currently 140 # to make sure the TX does NOT appear on the chain. 141 When "alice" uses application TCert "TCERT_APP_ALICE_1" to assign role "writer" to application TCert "TCERT_APP_ALICE_1" 142 Then I wait up to "60" seconds for transaction to be committed to peers: 143 | vp0 | vp1 | vp2 | vp3 | 144 And transaction should have failed with message "Permission denied" 145 146 147 #When "Administrator" assigns role "reader" to "Bob" 148 #Then invoke should succeed 149 150 #When "Bob" assigns role "reader" to "Bob" 151 #Then invoke should fail with failure "Permissed denied" 152 153 #When "Alice" writes value "Alice's value" 154 #Then invoke should succeed 155 156 #When "Bob" reads value 157 #Then the result should be "Alice's value" 158 159 #When "Alice" reads value 160 #Then should fail with failure "Permissed denied" 161 162 163 # TODO: Must manage TCert expiration for all parties involved. 164 165 # When I invoke chaincode "rbac_tcerts_no_attrs" function name "addRole" on "vp0" 166 # |arg1|arg2|arg3| 167 # | a | b | 20 | 168 # Then I should have received a transactionID 169 # Then I wait up to "10" seconds for transaction to be committed to peers: 170 # | vp0 | vp1 | vp2 | vp3 | 171 172 173 Examples: Consensus Options 174 | ComposeFile | WaitTime | 175 | docker-compose-4-consensus-batch.yml | 60 | 176 177 178 #@doNotDecompose 179 @issue_1565 180 Scenario Outline: test chaincode to chaincode invocation 181 182 Given we compose "<ComposeFile>" 183 And I wait "5" seconds 184 And I register with CA supplying username "binhn" and secret "7avZQLwcUe9q" on peers: 185 | vp0 | 186 And I register with CA supplying username "alice" and secret "CMS10pEQlB16" on peers: 187 | vp0 | 188 And I use the following credentials for querying peers: 189 | peer | username | secret | 190 | vp0 | test_user0 | MS9qrN8hFjlE | 191 | vp1 | test_user1 | jGlNl6ImkuDo | 192 | vp2 | test_user2 | zMflqOKezFiA | 193 | vp3 | test_user3 | vWdLCE00vJy0 | 194 195 When requesting "/chain" from "vp0" 196 Then I should get a JSON response with "height" = "1" 197 198 # Deploy the first chaincode 199 When user "binhn" deploys chaincode "github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02" aliased as "chaincode_example02" with ctor "init" and args 200 | arg1 | arg2 | arg3 | arg4 | 201 | a | 100 | b | 200 | 202 Then I should have received a chaincode name 203 Then I wait up to "<WaitTime>" seconds for transaction to be committed to peers: 204 | vp0 | vp1 | vp2 | vp3 | 205 And "binhn"'s last transaction should have succeeded 206 207 # Deploy the second chaincode 208 When user "binhn" deploys chaincode "github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example05" aliased as "chaincode_example05" with ctor "init" and args 209 | arg1 | arg2 | 210 | sum | 0 | 211 Then I should have received a chaincode name 212 Then I wait up to "<WaitTime>" seconds for transaction to be committed to peers: 213 | vp0 | vp1 | vp2 | vp3 | 214 And "binhn"'s last transaction should have succeeded 215 216 217 # Invoke chaincode_example05 which in turn will invoke chaincode_example02. NOTE: Binhn must pass a reference to the first chaincode 218 Given user "binhn" stores a reference to chaincode "chaincode_example02" as "cc1" 219 When user "binhn" invokes chaincode "chaincode_example05" function name "invoke" with args 220 | arg1 | arg2 | 221 | {cc1} | sum | 222 Then I should have received a transactionID 223 Then I wait up to "60" seconds for transaction to be committed to peers: 224 | vp0 | vp1 | vp2 | vp3 | 225 And "binhn"'s last transaction should have succeeded 226 227 228 Examples: Consensus Options 229 | ComposeFile | WaitTime | 230 | docker-compose-4-consensus-batch.yml | 60 |