github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/docs/API/AttributesUsage.md

github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/docs/API/AttributesUsage.md (about)

     1  # Attributes usage
     2  
     3  ## Overview
     4  
     5  The Attributes feature allows chaincode to make use of extended data in a transaction certificate. These attributes are certified by the Attributes Certificate Authority (ACA) so the chaincode can trust in the authenticity of the attributes' values.
     6  
     7  To view complete documentation about attributes design please read ['Attributes support'](../tech/attributes.md).
     8  
     9  ## Use case: Authorizable counter
    10  
    11  A common use case for the Attributes feature is Attributes Based Access Control (ABAC) which allows specific permissions to be granted to a chaincode invoker based on attribute values carried in the invoker's certificate.
    12  
    13  ['Authorizable counter'](../../examples/chaincode/go/authorizable_counter/authorizable_counter.go) is a simple example of ABAC, in this case only invokers whose "position" attribute has the value 'Software Engineer' will be able to increment the counter. On the other hand any invoker will be able to read the counter value.
    14  
    15  In order to implement this example we used ['VerifyAttribyte' ](https://godoc.org/github.com/hyperledger/fabric/core/chaincode/shim#ChaincodeStub.VerifyAttribute) function to check the attribute value from the chaincode code.
    16  
    17  ```
    18  isOk, _ := stub.VerifyAttribute("position", []byte("Software Engineer")) // Here the ABAC API is called to verify the attribute, just if the value is verified the counter will be incremented.
    19  if isOk {
    20      // Increment counter code
    21  }
    22  ```
    23  
    24  The same behavior can be achieved by making use of ['Attribute support'](https://godoc.org/github.com/hyperledger/fabric/core/chaincode/shim/crypto/attr) API, in this case an attribute handler must be instantiated.
    25  
    26  ```
    27  attributesHandler, _ := attr.NewAttributesHandlerImpl(stub)
    28  isOk, _ := attributesHandler.VerifyAttribute("position", []byte("Software Engineer"))
    29  if isOk {
    30      // Increment counter code
    31  }
    32  ```
    33  If attributes are accessed more than once, using `attributeHandler` is more efficient since the handler makes use of a cache to store values and keys.
    34  
    35  In order to get the attribute value, in place of just verifying it, the following code can be used:
    36  
    37  ```
    38  attributesHandler, _ := attr.NewAttributesHandlerImpl(stub)
    39  value, _ := attributesHandler.GetValue("position")
    40  ```
    41  
    42  ## Enabling attributes
    43  
    44  To make use of this feature the following property has to be set in the membersrvc.yaml file:
    45  
    46  
    47  - aca.enabled = true
    48  
    49  Another way is using environment variables:
    50  
    51  ```
    52  MEMBERSRVC_CA_ACA_ENABLED=true ./membersrvc
    53  ```
    54  
    55  ## Enabling attributes encryption*
    56  
    57  In order to make use of attributes encryption the following property has to be set in the membersrvc.yaml file:
    58  
    59  - tca.attribute-encryption.enabled = true
    60  
    61  Or using environment variables:
    62  
    63  ```
    64  MEMBERSRVC_CA_ACA_ENABLED=true MEMBERSRVC_CA_TCA_ATTRIBUTE-ENCRYPTION_ENABLED=true ./membersrvc
    65  ```
    66  
    67  ### Deploy API making use of attributes
    68  
    69  #### CLI
    70  ```
    71  $ ./peer chaincode deploy --help
    72  Deploy the specified chaincode to the network.
    73  
    74  Usage:
    75    peer chaincode deploy [flags]
    76  
    77  Global Flags:
    78    -a, --attributes="[]": User attributes for the chaincode in JSON format
    79    -c, --ctor="{}": Constructor message for the chaincode in JSON format
    80    -l, --lang="golang": Language the chaincode is written in
    81        --logging-level="": Default logging level and overrides, see core.yaml for full syntax
    82    -n, --name="": Name of the chaincode returned by the deploy transaction
    83    -p, --path="": Path to chaincode
    84        --test.coverprofile="coverage.cov": Done
    85    -t, --tid="": Name of a custom ID generation algorithm (hashing and decoding) e.g. sha256base64
    86    -u, --username="": Username for chaincode operations when security is enabled
    87    -v, --version[=false]: Display current version of fabric peer server
    88  ```
    89  To deploy a chaincode with attributes "company" and "position" it should be written in the following way:
    90  
    91  ```
    92  ./peer chaincode deploy -u userName -n mycc -c '{"Function":"init", "Args": []}' -a '["position", "company"]'
    93  
    94  ```
    95  
    96  Or:
    97  
    98  ```
    99  ./peer chaincode deploy -u userName -n mycc -c '{"Args": ["init"]}' -a '["position", "company"]'
   100  
   101  ```
   102  
   103  #### REST
   104  
   105  ```
   106  POST host:port/chaincode
   107  
   108  {
   109    "jsonrpc": "2.0",
   110    "method": "deploy",
   111    "params": {
   112      "type": 1,
   113      "chaincodeID":{
   114          "name": "mycc"
   115      },
   116      "input": {
   117          "function":"init",
   118          "args":[]
   119      }
   120      "attributes": ["position", "company"]
   121    },
   122    "id": 1
   123  }
   124  ```
   125  
   126  ### Invoke API making use of attributes
   127  
   128  #### CLI
   129  ```
   130  $ ./peer chaincode invoke --help
   131  Invoke the specified chaincode.
   132  
   133  Usage:
   134    peer chaincode invoke [flags]
   135  
   136  Global Flags:
   137    -a, --attributes="[]": User attributes for the chaincode in JSON format
   138    -c, --ctor="{}": Constructor message for the chaincode in JSON format
   139    -l, --lang="golang": Language the chaincode is written in
   140        --logging-level="": Default logging level and overrides, see core.yaml for full syntax
   141    -n, --name="": Name of the chaincode returned by the deploy transaction
   142    -p, --path="": Path to chaincode
   143        --test.coverprofile="coverage.cov": Done
   144    -t, --tid="": Name of a custom ID generation algorithm (hashing and decoding) e.g. sha256base64
   145    -u, --username="": Username for chaincode operations when security is enabled
   146    -v, --version[=false]: Display current version of fabric peer server
   147  ```
   148  To invoke "autorizable counter" with attributes "company" and "position" it should be written as follows:
   149  
   150  ```
   151  ./peer chaincode invoke -u userName -n mycc -c '{"Function":"increment", "Args": []}' -a '["position", "company"]'
   152  
   153  ```
   154  
   155  Or:
   156  
   157  ```
   158  ./peer chaincode invoke -u userName -n mycc -c '{"Args": ["increment"]}' -a '["position", "company"]'
   159  
   160  ```
   161  
   162  #### REST
   163  
   164  ```
   165  POST host:port/chaincode
   166  
   167  {
   168    "jsonrpc": "2.0",
   169    "method": "invoke",
   170    "params": {
   171      "type": 1,
   172      "chaincodeID":{
   173          "name": "mycc"
   174      },
   175      "ctorMsg": {
   176          "function":"increment",
   177          "args":[]
   178      }
   179      "attributes": ["position", "company"]
   180    },
   181    "id": 1
   182  }
   183  ```
   184  
   185  ### Query API making use of attributes
   186  
   187  #### CLI
   188  ```
   189  $ ./peer chaincode query --help
   190  Query using the specified chaincode.
   191  
   192  Usage:
   193    peer chaincode query [flags]
   194  
   195  Flags:
   196    -x, --hex[=false]: If true, output the query value byte array in hexadecimal. Incompatible with --raw
   197    -r, --raw[=false]: If true, output the query value as raw bytes, otherwise format as a printable string
   198  
   199  
   200  Global Flags:
   201    -a, --attributes="[]": User attributes for the chaincode in JSON format
   202    -c, --ctor="{}": Constructor message for the chaincode in JSON format
   203    -l, --lang="golang": Language the chaincode is written in
   204        --logging-level="": Default logging level and overrides, see core.yaml for full syntax
   205    -n, --name="": Name of the chaincode returned by the deploy transaction
   206    -p, --path="": Path to chaincode
   207        --test.coverprofile="coverage.cov": Done
   208    -t, --tid="": Name of a custom ID generation algorithm (hashing and decoding) e.g. sha256base64
   209    -u, --username="": Username for chaincode operations when security is enabled
   210    -v, --version[=false]: Display current version of fabric peer server
   211  ```
   212  To query "autorizable counter" with attributes "company" and "position" it should be written in this way:
   213  
   214  ```
   215  ./peer chaincode query -u userName -n mycc -c '{"Function":"read", "Args": []}' -a '["position", "company"]'
   216  
   217  ```
   218  
   219  Or:
   220  
   221  ```
   222  ./peer chaincode query -u userName -n mycc -c '{"Args": ["read"]}' -a '["position", "company"]'
   223  
   224  ```
   225  
   226  #### REST
   227  
   228  ```
   229  POST host:port/chaincode
   230  
   231  {
   232    "jsonrpc": "2.0",
   233    "method": "query",
   234    "params": {
   235      "type": 1,
   236      "chaincodeID":{
   237          "name": "mycc"
   238      },
   239      "ctorMsg": {
   240          "function":"read",
   241          "args":[]
   242      }
   243      "attributes": ["position", "company"]
   244    },
   245    "id": 1
   246  }
   247  ```
   248  * Attributes encryption is not yet available.