github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/protos/common/policies.proto (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 syntax = "proto3"; 18 19 import "common/msp_principal.proto"; 20 21 option go_package = "github.com/hyperledger/fabric/protos/common"; 22 23 package common; 24 25 // Policy expresses a policy which the orderer can evaluate, because there has been some desire expressed to support 26 // multiple policy engines, this is typed as a oneof for now 27 message Policy { 28 enum PolicyType { 29 UNKNOWN = 0; // Reserved to check for proper initialization 30 SIGNATURE = 1; 31 MSP = 2; 32 IMPLICIT_META = 3; 33 } 34 int32 type = 1; // For outside implementors, consider the first 1000 types reserved, otherwise one of PolicyType 35 bytes policy = 2; 36 } 37 38 // SignaturePolicyEnvelope wraps a SignaturePolicy and includes a version for future enhancements 39 message SignaturePolicyEnvelope { 40 int32 version = 1; 41 SignaturePolicy policy = 2; 42 repeated MSPPrincipal identities = 3; 43 } 44 45 // SignaturePolicy is a recursive message structure which defines a featherweight DSL for describing 46 // policies which are more complicated than 'exactly this signature'. The NOutOf operator is sufficent 47 // to express AND as well as OR, as well as of course N out of the following M policies 48 // SignedBy implies that the signature is from a valid certificate which is signed by the trusted 49 // authority specified in the bytes. This will be the certificate itself for a self-signed certificate 50 // and will be the CA for more traditional certificates 51 message SignaturePolicy { 52 message NOutOf { 53 int32 N = 1; 54 repeated SignaturePolicy policies = 2; 55 } 56 oneof Type { 57 int32 signed_by = 1; 58 NOutOf n_out_of = 2; 59 } 60 } 61 62 // ImplicitMetaPolicy is a policy type which depends on the hierarchical nature of the configuration 63 // It is implicit because the rule is generate implicitly based on the number of sub policies 64 // It is meta because it depends only on the result of other policies 65 // When evaluated, this policy iterates over all immediate child sub-groups, retrieves the policy 66 // of name sub_policy, evaluates the collection and applies the rule. 67 // For example, with 4 sub-groups, and a policy name of "foo", ImplicitMetaPolicy retrieves 68 // each sub-group, retrieves policy "foo" for each subgroup, evaluates it, and, in the case of ANY 69 // 1 satisfied is sufficient, ALL would require 4 signatures, and MAJORITY would require 3 signatures. 70 message ImplicitMetaPolicy { 71 enum Rule { 72 ANY = 0; // Requires any of the sub-policies be satisfied, if no sub-policies exist, always returns true 73 ALL = 1; // Requires all of the sub-policies be satisfied 74 MAJORITY = 2; // Requires a strict majority (greater than half) of the sub-policies be satisfied 75 } 76 string sub_policy = 1; 77 Rule rule = 2; 78 }