github.com/hellobchain/third_party@v0.0.0-20230331131523-deb0478a2e52/hyperledger/fabric-config/configtx/consortiums_test.go (about) 1 /* 2 Copyright IBM Corp All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package configtx 8 9 import ( 10 "bytes" 11 "encoding/base64" 12 "fmt" 13 "github.com/hellobchain/newcryptosm/ecdsa" 14 "github.com/hellobchain/newcryptosm/x509" 15 "github.com/hellobchain/third_party/hyperledger/fabric-config/protolator" 16 "github.com/hellobchain/third_party/hyperledger/fabric-config/protolator/protoext/commonext" 17 "math/big" 18 "testing" 19 20 "github.com/golang/protobuf/proto" 21 cb "github.com/hyperledger/fabric-protos-go/common" 22 . "github.com/onsi/gomega" 23 ) 24 25 func TestNewConsortiumsGroup(t *testing.T) { 26 t.Parallel() 27 28 gt := NewGomegaWithT(t) 29 30 consortiums, _ := baseConsortiums(t) 31 consortiumsGroup, err := newConsortiumsGroup(consortiums) 32 gt.Expect(err).NotTo(HaveOccurred()) 33 34 org1CertBase64, org1CRLBase64 := certCRLBase64(t, consortiums[0].Organizations[0].MSP) 35 org2CertBase64, org2CRLBase64 := certCRLBase64(t, consortiums[0].Organizations[1].MSP) 36 37 expectedConsortiumsGroup := fmt.Sprintf(`{ 38 "groups": { 39 "Consortium1": { 40 "groups": { 41 "Org1": { 42 "groups": {}, 43 "mod_policy": "Admins", 44 "policies": { 45 "Admins": { 46 "mod_policy": "Admins", 47 "policy": { 48 "type": 3, 49 "value": { 50 "rule": "MAJORITY", 51 "sub_policy": "Admins" 52 } 53 }, 54 "version": "0" 55 }, 56 "Endorsement": { 57 "mod_policy": "Admins", 58 "policy": { 59 "type": 3, 60 "value": { 61 "rule": "MAJORITY", 62 "sub_policy": "Endorsement" 63 } 64 }, 65 "version": "0" 66 }, 67 "Readers": { 68 "mod_policy": "Admins", 69 "policy": { 70 "type": 3, 71 "value": { 72 "rule": "ANY", 73 "sub_policy": "Readers" 74 } 75 }, 76 "version": "0" 77 }, 78 "Writers": { 79 "mod_policy": "Admins", 80 "policy": { 81 "type": 3, 82 "value": { 83 "rule": "ANY", 84 "sub_policy": "Writers" 85 } 86 }, 87 "version": "0" 88 } 89 }, 90 "values": { 91 "MSP": { 92 "mod_policy": "Admins", 93 "value": { 94 "config": { 95 "admins": [ 96 "%[1]s" 97 ], 98 "crypto_config": { 99 "identity_identifier_hash_function": "SHA256", 100 "signature_hash_family": "SHA3" 101 }, 102 "fabric_node_ous": { 103 "admin_ou_identifier": { 104 "certificate": "%[1]s", 105 "organizational_unit_identifier": "OUID" 106 }, 107 "client_ou_identifier": { 108 "certificate": "%[1]s", 109 "organizational_unit_identifier": "OUID" 110 }, 111 "enable": false, 112 "orderer_ou_identifier": { 113 "certificate": "%[1]s", 114 "organizational_unit_identifier": "OUID" 115 }, 116 "peer_ou_identifier": { 117 "certificate": "%[1]s", 118 "organizational_unit_identifier": "OUID" 119 } 120 }, 121 "intermediate_certs": [ 122 "%[1]s" 123 ], 124 "name": "MSPID", 125 "organizational_unit_identifiers": [ 126 { 127 "certificate": "%[1]s", 128 "organizational_unit_identifier": "OUID" 129 } 130 ], 131 "revocation_list": [ 132 "%[2]s" 133 ], 134 "root_certs": [ 135 "%[1]s" 136 ], 137 "signing_identity": null, 138 "tls_intermediate_certs": [ 139 "%[1]s" 140 ], 141 "tls_root_certs": [ 142 "%[1]s" 143 ] 144 }, 145 "type": 0 146 }, 147 "version": "0" 148 } 149 }, 150 "version": "0" 151 }, 152 "Org2": { 153 "groups": {}, 154 "mod_policy": "Admins", 155 "policies": { 156 "Admins": { 157 "mod_policy": "Admins", 158 "policy": { 159 "type": 3, 160 "value": { 161 "rule": "MAJORITY", 162 "sub_policy": "Admins" 163 } 164 }, 165 "version": "0" 166 }, 167 "Endorsement": { 168 "mod_policy": "Admins", 169 "policy": { 170 "type": 3, 171 "value": { 172 "rule": "MAJORITY", 173 "sub_policy": "Endorsement" 174 } 175 }, 176 "version": "0" 177 }, 178 "Readers": { 179 "mod_policy": "Admins", 180 "policy": { 181 "type": 3, 182 "value": { 183 "rule": "ANY", 184 "sub_policy": "Readers" 185 } 186 }, 187 "version": "0" 188 }, 189 "Writers": { 190 "mod_policy": "Admins", 191 "policy": { 192 "type": 3, 193 "value": { 194 "rule": "ANY", 195 "sub_policy": "Writers" 196 } 197 }, 198 "version": "0" 199 } 200 }, 201 "values": { 202 "MSP": { 203 "mod_policy": "Admins", 204 "value": { 205 "config": { 206 "admins": [ 207 "%[3]s" 208 ], 209 "crypto_config": { 210 "identity_identifier_hash_function": "SHA256", 211 "signature_hash_family": "SHA3" 212 }, 213 "fabric_node_ous": { 214 "admin_ou_identifier": { 215 "certificate": "%[3]s", 216 "organizational_unit_identifier": "OUID" 217 }, 218 "client_ou_identifier": { 219 "certificate": "%[3]s", 220 "organizational_unit_identifier": "OUID" 221 }, 222 "enable": false, 223 "orderer_ou_identifier": { 224 "certificate": "%[3]s", 225 "organizational_unit_identifier": "OUID" 226 }, 227 "peer_ou_identifier": { 228 "certificate": "%[3]s", 229 "organizational_unit_identifier": "OUID" 230 } 231 }, 232 "intermediate_certs": [ 233 "%[3]s" 234 ], 235 "name": "MSPID", 236 "organizational_unit_identifiers": [ 237 { 238 "certificate": "%[3]s", 239 "organizational_unit_identifier": "OUID" 240 } 241 ], 242 "revocation_list": [ 243 "%[4]s" 244 ], 245 "root_certs": [ 246 "%[3]s" 247 ], 248 "signing_identity": null, 249 "tls_intermediate_certs": [ 250 "%[3]s" 251 ], 252 "tls_root_certs": [ 253 "%[3]s" 254 ] 255 }, 256 "type": 0 257 }, 258 "version": "0" 259 } 260 }, 261 "version": "0" 262 } 263 }, 264 "mod_policy": "/Channel/Orderer/Admins", 265 "policies": {}, 266 "values": { 267 "ChannelCreationPolicy": { 268 "mod_policy": "/Channel/Orderer/Admins", 269 "value": { 270 "type": 3, 271 "value": { 272 "rule": "ANY", 273 "sub_policy": "Admins" 274 } 275 }, 276 "version": "0" 277 } 278 }, 279 "version": "0" 280 } 281 }, 282 "mod_policy": "/Channel/Orderer/Admins", 283 "policies": { 284 "Admins": { 285 "mod_policy": "/Channel/Orderer/Admins", 286 "policy": { 287 "type": 1, 288 "value": { 289 "identities": [], 290 "rule": { 291 "n_out_of": { 292 "n": 0, 293 "rules": [] 294 } 295 }, 296 "version": 0 297 } 298 }, 299 "version": "0" 300 } 301 }, 302 "values": {}, 303 "version": "0" 304 } 305 `, org1CertBase64, org1CRLBase64, org2CertBase64, org2CRLBase64) 306 307 buf := bytes.Buffer{} 308 err = protolator.DeepMarshalJSON(&buf, &commonext.DynamicConsortiumsGroup{ConfigGroup: consortiumsGroup}) 309 gt.Expect(err).NotTo(HaveOccurred()) 310 311 gt.Expect(buf.String()).To(Equal(expectedConsortiumsGroup)) 312 } 313 314 func TestNewConsortiumsGroupFailure(t *testing.T) { 315 t.Parallel() 316 317 gt := NewGomegaWithT(t) 318 319 consortiums, _ := baseConsortiums(t) 320 consortiums[0].Organizations[0].Policies = nil 321 322 consortiumsGroup, err := newConsortiumsGroup(consortiums) 323 gt.Expect(err).To(MatchError("org group 'Org1': no policies defined")) 324 gt.Expect(consortiumsGroup).To(BeNil()) 325 } 326 327 func TestSetConsortiumOrg(t *testing.T) { 328 t.Parallel() 329 330 gt := NewGomegaWithT(t) 331 332 consortiums, _ := baseConsortiums(t) 333 org1CertBase64, org1CRLBase64 := certCRLBase64(t, consortiums[0].Organizations[0].MSP) 334 org2CertBase64, org2CRLBase64 := certCRLBase64(t, consortiums[0].Organizations[1].MSP) 335 336 consortiumsGroup, err := newConsortiumsGroup(consortiums) 337 gt.Expect(err).NotTo(HaveOccurred()) 338 339 config := &cb.Config{ 340 ChannelGroup: &cb.ConfigGroup{ 341 Groups: map[string]*cb.ConfigGroup{ 342 "Consortiums": consortiumsGroup, 343 }, 344 Values: map[string]*cb.ConfigValue{}, 345 Policies: map[string]*cb.ConfigPolicy{}, 346 }, 347 } 348 349 c := New(config) 350 351 msp, _ := baseMSP(t) 352 orgToAdd := Organization{ 353 Name: "Org3", 354 Policies: orgStandardPolicies(), 355 MSP: msp, 356 } 357 org3CertBase64, org3CRLBase64 := certCRLBase64(t, orgToAdd.MSP) 358 359 expectedConfigJSON := fmt.Sprintf(` 360 { 361 "channel_group": { 362 "groups": { 363 "Consortiums": { 364 "groups": { 365 "Consortium1": { 366 "groups": { 367 "Org1": { 368 "groups": {}, 369 "mod_policy": "Admins", 370 "policies": { 371 "Admins": { 372 "mod_policy": "Admins", 373 "policy": { 374 "type": 3, 375 "value": { 376 "rule": "MAJORITY", 377 "sub_policy": "Admins" 378 } 379 }, 380 "version": "0" 381 }, 382 "Endorsement": { 383 "mod_policy": "Admins", 384 "policy": { 385 "type": 3, 386 "value": { 387 "rule": "MAJORITY", 388 "sub_policy": "Endorsement" 389 } 390 }, 391 "version": "0" 392 }, 393 "Readers": { 394 "mod_policy": "Admins", 395 "policy": { 396 "type": 3, 397 "value": { 398 "rule": "ANY", 399 "sub_policy": "Readers" 400 } 401 }, 402 "version": "0" 403 }, 404 "Writers": { 405 "mod_policy": "Admins", 406 "policy": { 407 "type": 3, 408 "value": { 409 "rule": "ANY", 410 "sub_policy": "Writers" 411 } 412 }, 413 "version": "0" 414 } 415 }, 416 "values": { 417 "MSP": { 418 "mod_policy": "Admins", 419 "value": { 420 "config": { 421 "admins": [ 422 "%[1]s" 423 ], 424 "crypto_config": { 425 "identity_identifier_hash_function": "SHA256", 426 "signature_hash_family": "SHA3" 427 }, 428 "fabric_node_ous": { 429 "admin_ou_identifier": { 430 "certificate": "%[1]s", 431 "organizational_unit_identifier": "OUID" 432 }, 433 "client_ou_identifier": { 434 "certificate": "%[1]s", 435 "organizational_unit_identifier": "OUID" 436 }, 437 "enable": false, 438 "orderer_ou_identifier": { 439 "certificate": "%[1]s", 440 "organizational_unit_identifier": "OUID" 441 }, 442 "peer_ou_identifier": { 443 "certificate": "%[1]s", 444 "organizational_unit_identifier": "OUID" 445 } 446 }, 447 "intermediate_certs": [ 448 "%[1]s" 449 ], 450 "name": "MSPID", 451 "organizational_unit_identifiers": [ 452 { 453 "certificate": "%[1]s", 454 "organizational_unit_identifier": "OUID" 455 } 456 ], 457 "revocation_list": [ 458 "%[2]s" 459 ], 460 "root_certs": [ 461 "%[1]s" 462 ], 463 "signing_identity": null, 464 "tls_intermediate_certs": [ 465 "%[1]s" 466 ], 467 "tls_root_certs": [ 468 "%[1]s" 469 ] 470 }, 471 "type": 0 472 }, 473 "version": "0" 474 } 475 }, 476 "version": "0" 477 }, 478 "Org2": { 479 "groups": {}, 480 "mod_policy": "Admins", 481 "policies": { 482 "Admins": { 483 "mod_policy": "Admins", 484 "policy": { 485 "type": 3, 486 "value": { 487 "rule": "MAJORITY", 488 "sub_policy": "Admins" 489 } 490 }, 491 "version": "0" 492 }, 493 "Endorsement": { 494 "mod_policy": "Admins", 495 "policy": { 496 "type": 3, 497 "value": { 498 "rule": "MAJORITY", 499 "sub_policy": "Endorsement" 500 } 501 }, 502 "version": "0" 503 }, 504 "Readers": { 505 "mod_policy": "Admins", 506 "policy": { 507 "type": 3, 508 "value": { 509 "rule": "ANY", 510 "sub_policy": "Readers" 511 } 512 }, 513 "version": "0" 514 }, 515 "Writers": { 516 "mod_policy": "Admins", 517 "policy": { 518 "type": 3, 519 "value": { 520 "rule": "ANY", 521 "sub_policy": "Writers" 522 } 523 }, 524 "version": "0" 525 } 526 }, 527 "values": { 528 "MSP": { 529 "mod_policy": "Admins", 530 "value": { 531 "config": { 532 "admins": [ 533 "%[3]s" 534 ], 535 "crypto_config": { 536 "identity_identifier_hash_function": "SHA256", 537 "signature_hash_family": "SHA3" 538 }, 539 "fabric_node_ous": { 540 "admin_ou_identifier": { 541 "certificate": "%[3]s", 542 "organizational_unit_identifier": "OUID" 543 }, 544 "client_ou_identifier": { 545 "certificate": "%[3]s", 546 "organizational_unit_identifier": "OUID" 547 }, 548 "enable": false, 549 "orderer_ou_identifier": { 550 "certificate": "%[3]s", 551 "organizational_unit_identifier": "OUID" 552 }, 553 "peer_ou_identifier": { 554 "certificate": "%[3]s", 555 "organizational_unit_identifier": "OUID" 556 } 557 }, 558 "intermediate_certs": [ 559 "%[3]s" 560 ], 561 "name": "MSPID", 562 "organizational_unit_identifiers": [ 563 { 564 "certificate": "%[3]s", 565 "organizational_unit_identifier": "OUID" 566 } 567 ], 568 "revocation_list": [ 569 "%[4]s" 570 ], 571 "root_certs": [ 572 "%[3]s" 573 ], 574 "signing_identity": null, 575 "tls_intermediate_certs": [ 576 "%[3]s" 577 ], 578 "tls_root_certs": [ 579 "%[3]s" 580 ] 581 }, 582 "type": 0 583 }, 584 "version": "0" 585 } 586 }, 587 "version": "0" 588 }, 589 "Org3": { 590 "groups": {}, 591 "mod_policy": "Admins", 592 "policies": { 593 "Admins": { 594 "mod_policy": "Admins", 595 "policy": { 596 "type": 3, 597 "value": { 598 "rule": "MAJORITY", 599 "sub_policy": "Admins" 600 } 601 }, 602 "version": "0" 603 }, 604 "Endorsement": { 605 "mod_policy": "Admins", 606 "policy": { 607 "type": 3, 608 "value": { 609 "rule": "MAJORITY", 610 "sub_policy": "Endorsement" 611 } 612 }, 613 "version": "0" 614 }, 615 "Readers": { 616 "mod_policy": "Admins", 617 "policy": { 618 "type": 3, 619 "value": { 620 "rule": "ANY", 621 "sub_policy": "Readers" 622 } 623 }, 624 "version": "0" 625 }, 626 "Writers": { 627 "mod_policy": "Admins", 628 "policy": { 629 "type": 3, 630 "value": { 631 "rule": "ANY", 632 "sub_policy": "Writers" 633 } 634 }, 635 "version": "0" 636 } 637 }, 638 "values": { 639 "MSP": { 640 "mod_policy": "Admins", 641 "value": { 642 "config": { 643 "admins": [ 644 "%[5]s" 645 ], 646 "crypto_config": { 647 "identity_identifier_hash_function": "SHA256", 648 "signature_hash_family": "SHA3" 649 }, 650 "fabric_node_ous": { 651 "admin_ou_identifier": { 652 "certificate": "%[5]s", 653 "organizational_unit_identifier": "OUID" 654 }, 655 "client_ou_identifier": { 656 "certificate": "%[5]s", 657 "organizational_unit_identifier": "OUID" 658 }, 659 "enable": false, 660 "orderer_ou_identifier": { 661 "certificate": "%[5]s", 662 "organizational_unit_identifier": "OUID" 663 }, 664 "peer_ou_identifier": { 665 "certificate": "%[5]s", 666 "organizational_unit_identifier": "OUID" 667 } 668 }, 669 "intermediate_certs": [ 670 "%[5]s" 671 ], 672 "name": "MSPID", 673 "organizational_unit_identifiers": [ 674 { 675 "certificate": "%[5]s", 676 "organizational_unit_identifier": "OUID" 677 } 678 ], 679 "revocation_list": [ 680 "%[6]s" 681 ], 682 "root_certs": [ 683 "%[5]s" 684 ], 685 "signing_identity": null, 686 "tls_intermediate_certs": [ 687 "%[5]s" 688 ], 689 "tls_root_certs": [ 690 "%[5]s" 691 ] 692 }, 693 "type": 0 694 }, 695 "version": "0" 696 } 697 }, 698 "version": "0" 699 } 700 }, 701 "mod_policy": "/Channel/Orderer/Admins", 702 "policies": {}, 703 "values": { 704 "ChannelCreationPolicy": { 705 "mod_policy": "/Channel/Orderer/Admins", 706 "value": { 707 "type": 3, 708 "value": { 709 "rule": "ANY", 710 "sub_policy": "Admins" 711 } 712 }, 713 "version": "0" 714 } 715 }, 716 "version": "0" 717 } 718 }, 719 "mod_policy": "/Channel/Orderer/Admins", 720 "policies": { 721 "Admins": { 722 "mod_policy": "/Channel/Orderer/Admins", 723 "policy": { 724 "type": 1, 725 "value": { 726 "identities": [], 727 "rule": { 728 "n_out_of": { 729 "n": 0, 730 "rules": [] 731 } 732 }, 733 "version": 0 734 } 735 }, 736 "version": "0" 737 } 738 }, 739 "values": {}, 740 "version": "0" 741 } 742 }, 743 "mod_policy": "", 744 "policies": {}, 745 "values": {}, 746 "version": "0" 747 }, 748 "sequence": "0" 749 } 750 `, org1CertBase64, org1CRLBase64, org2CertBase64, org2CRLBase64, org3CertBase64, org3CRLBase64) 751 752 expectedConfigProto := &cb.Config{} 753 err = protolator.DeepUnmarshalJSON(bytes.NewBufferString(expectedConfigJSON), expectedConfigProto) 754 gt.Expect(err).NotTo(HaveOccurred()) 755 756 err = c.Consortium("Consortium1").SetOrganization(orgToAdd) 757 gt.Expect(err).NotTo(HaveOccurred()) 758 759 gt.Expect(proto.Equal(c.updated, expectedConfigProto)).To(BeTrue()) 760 } 761 762 func TestSetConsortiumOrgFailures(t *testing.T) { 763 t.Parallel() 764 765 orgToAdd := Organization{ 766 Name: "test-org", 767 } 768 769 for _, test := range []struct { 770 name string 771 org Organization 772 consortium string 773 config *cb.Config 774 expectedErr string 775 }{ 776 { 777 name: "When the organization doesn't have policies defined", 778 org: orgToAdd, 779 consortium: "", 780 expectedErr: "failed to create consortium org test-org: no policies defined", 781 }, 782 } { 783 test := test 784 t.Run(test.name, func(t *testing.T) { 785 t.Parallel() 786 gt := NewGomegaWithT(t) 787 788 consortiums, _ := baseConsortiums(t) 789 790 consortiumsGroup, err := newConsortiumsGroup(consortiums) 791 gt.Expect(err).NotTo(HaveOccurred()) 792 793 config := &cb.Config{ 794 ChannelGroup: &cb.ConfigGroup{ 795 Groups: map[string]*cb.ConfigGroup{ 796 "Consortiums": consortiumsGroup, 797 }, 798 }, 799 } 800 801 c := New(config) 802 803 err = c.Consortium(test.consortium).SetOrganization(test.org) 804 gt.Expect(err).To(MatchError(test.expectedErr)) 805 }) 806 } 807 } 808 809 func TestRemoveConsortium(t *testing.T) { 810 t.Parallel() 811 812 gt := NewGomegaWithT(t) 813 814 consortiums, _ := baseConsortiums(t) 815 consortiumsGroup, err := newConsortiumsGroup(consortiums) 816 gt.Expect(err).NotTo(HaveOccurred()) 817 818 config := &cb.Config{ 819 ChannelGroup: &cb.ConfigGroup{ 820 Groups: map[string]*cb.ConfigGroup{ 821 ConsortiumsGroupKey: consortiumsGroup, 822 }, 823 Values: map[string]*cb.ConfigValue{}, 824 Policies: map[string]*cb.ConfigPolicy{}, 825 }, 826 } 827 828 c := New(config) 829 830 c.Consortiums().RemoveConsortium("Consortium1") 831 832 gt.Expect(c.Consortium("Consortium1")).To(BeNil()) 833 } 834 835 func TestGetConsortiums(t *testing.T) { 836 t.Parallel() 837 gt := NewGomegaWithT(t) 838 839 baseConsortiums, _ := baseConsortiums(t) 840 baseOrderer, _ := baseSoloOrderer(t) 841 policies := standardPolicies() 842 843 channel := Channel{ 844 Consortiums: baseConsortiums, 845 Orderer: baseOrderer, 846 Capabilities: []string{"V2_0"}, 847 Policies: policies, 848 Consortium: "testconsortium", 849 } 850 channelGroup, err := newSystemChannelGroup(channel) 851 gt.Expect(err).NotTo(HaveOccurred()) 852 853 config := &cb.Config{ChannelGroup: channelGroup} 854 c := New(config) 855 856 consortiums, err := c.Consortiums().Configuration() 857 gt.Expect(err).NotTo(HaveOccurred()) 858 gt.Expect(len(baseConsortiums)).To(Equal(len(consortiums))) 859 } 860 861 func TestGetConsortiumOrg(t *testing.T) { 862 t.Parallel() 863 gt := NewGomegaWithT(t) 864 865 consortiumGroup, _, err := baseConsortiumChannelGroup(t) 866 gt.Expect(err).NotTo(HaveOccurred()) 867 868 config := &cb.Config{ 869 ChannelGroup: consortiumGroup, 870 } 871 872 org1ConfigGroup := getConsortiumOrg(config, "Consortium1", "Org1") 873 gt.Expect(org1ConfigGroup).To(Equal(config.ChannelGroup.Groups[ConsortiumsGroupKey].Groups["Consortium1"].Groups["Org1"])) 874 } 875 876 func TestSetConsortium(t *testing.T) { 877 t.Parallel() 878 879 gt := NewGomegaWithT(t) 880 881 consortiums, _ := baseConsortiums(t) 882 consortiumsGroup, err := newConsortiumsGroup(consortiums) 883 gt.Expect(err).NotTo(HaveOccurred()) 884 885 config := &cb.Config{ 886 ChannelGroup: &cb.ConfigGroup{ 887 Groups: map[string]*cb.ConfigGroup{ 888 "Consortiums": consortiumsGroup, 889 }, 890 }, 891 } 892 893 c := New(config) 894 895 newConsortium := consortiums[0] 896 newConsortium.Name = "Consortium2" 897 898 err = c.Consortiums().SetConsortium(newConsortium) 899 gt.Expect(err).NotTo(HaveOccurred()) 900 901 org1CertBase64, org1CRLBase64 := certCRLBase64(t, consortiums[0].Organizations[0].MSP) 902 org2CertBase64, org2CRLBase64 := certCRLBase64(t, consortiums[0].Organizations[1].MSP) 903 904 expectedConfigJSON := fmt.Sprintf(` 905 { 906 "channel_group": { 907 "groups": { 908 "Consortiums": { 909 "groups": { 910 "Consortium1": { 911 "groups": { 912 "Org1": { 913 "groups": {}, 914 "mod_policy": "Admins", 915 "policies": { 916 "Admins": { 917 "mod_policy": "Admins", 918 "policy": { 919 "type": 3, 920 "value": { 921 "rule": "MAJORITY", 922 "sub_policy": "Admins" 923 } 924 }, 925 "version": "0" 926 }, 927 "Endorsement": { 928 "mod_policy": "Admins", 929 "policy": { 930 "type": 3, 931 "value": { 932 "rule": "MAJORITY", 933 "sub_policy": "Endorsement" 934 } 935 }, 936 "version": "0" 937 }, 938 "Readers": { 939 "mod_policy": "Admins", 940 "policy": { 941 "type": 3, 942 "value": { 943 "rule": "ANY", 944 "sub_policy": "Readers" 945 } 946 }, 947 "version": "0" 948 }, 949 "Writers": { 950 "mod_policy": "Admins", 951 "policy": { 952 "type": 3, 953 "value": { 954 "rule": "ANY", 955 "sub_policy": "Writers" 956 } 957 }, 958 "version": "0" 959 } 960 }, 961 "values": { 962 "MSP": { 963 "mod_policy": "Admins", 964 "value": { 965 "config": { 966 "admins": [ 967 "%[1]s" 968 ], 969 "crypto_config": { 970 "identity_identifier_hash_function": "SHA256", 971 "signature_hash_family": "SHA3" 972 }, 973 "fabric_node_ous": { 974 "admin_ou_identifier": { 975 "certificate": "%[1]s", 976 "organizational_unit_identifier": "OUID" 977 }, 978 "client_ou_identifier": { 979 "certificate": "%[1]s", 980 "organizational_unit_identifier": "OUID" 981 }, 982 "enable": false, 983 "orderer_ou_identifier": { 984 "certificate": "%[1]s", 985 "organizational_unit_identifier": "OUID" 986 }, 987 "peer_ou_identifier": { 988 "certificate": "%[1]s", 989 "organizational_unit_identifier": "OUID" 990 } 991 }, 992 "intermediate_certs": [ 993 "%[1]s" 994 ], 995 "name": "MSPID", 996 "organizational_unit_identifiers": [ 997 { 998 "certificate": "%[1]s", 999 "organizational_unit_identifier": "OUID" 1000 } 1001 ], 1002 "revocation_list": [ 1003 "%[2]s" 1004 ], 1005 "root_certs": [ 1006 "%[1]s" 1007 ], 1008 "signing_identity": null, 1009 "tls_intermediate_certs": [ 1010 "%[1]s" 1011 ], 1012 "tls_root_certs": [ 1013 "%[1]s" 1014 ] 1015 }, 1016 "type": 0 1017 }, 1018 "version": "0" 1019 } 1020 }, 1021 "version": "0" 1022 }, 1023 "Org2": { 1024 "groups": {}, 1025 "mod_policy": "Admins", 1026 "policies": { 1027 "Admins": { 1028 "mod_policy": "Admins", 1029 "policy": { 1030 "type": 3, 1031 "value": { 1032 "rule": "MAJORITY", 1033 "sub_policy": "Admins" 1034 } 1035 }, 1036 "version": "0" 1037 }, 1038 "Endorsement": { 1039 "mod_policy": "Admins", 1040 "policy": { 1041 "type": 3, 1042 "value": { 1043 "rule": "MAJORITY", 1044 "sub_policy": "Endorsement" 1045 } 1046 }, 1047 "version": "0" 1048 }, 1049 "Readers": { 1050 "mod_policy": "Admins", 1051 "policy": { 1052 "type": 3, 1053 "value": { 1054 "rule": "ANY", 1055 "sub_policy": "Readers" 1056 } 1057 }, 1058 "version": "0" 1059 }, 1060 "Writers": { 1061 "mod_policy": "Admins", 1062 "policy": { 1063 "type": 3, 1064 "value": { 1065 "rule": "ANY", 1066 "sub_policy": "Writers" 1067 } 1068 }, 1069 "version": "0" 1070 } 1071 }, 1072 "values": { 1073 "MSP": { 1074 "mod_policy": "Admins", 1075 "value": { 1076 "config": { 1077 "admins": [ 1078 "%[3]s" 1079 ], 1080 "crypto_config": { 1081 "identity_identifier_hash_function": "SHA256", 1082 "signature_hash_family": "SHA3" 1083 }, 1084 "fabric_node_ous": { 1085 "admin_ou_identifier": { 1086 "certificate": "%[3]s", 1087 "organizational_unit_identifier": "OUID" 1088 }, 1089 "client_ou_identifier": { 1090 "certificate": "%[3]s", 1091 "organizational_unit_identifier": "OUID" 1092 }, 1093 "enable": false, 1094 "orderer_ou_identifier": { 1095 "certificate": "%[3]s", 1096 "organizational_unit_identifier": "OUID" 1097 }, 1098 "peer_ou_identifier": { 1099 "certificate": "%[3]s", 1100 "organizational_unit_identifier": "OUID" 1101 } 1102 }, 1103 "intermediate_certs": [ 1104 "%[3]s" 1105 ], 1106 "name": "MSPID", 1107 "organizational_unit_identifiers": [ 1108 { 1109 "certificate": "%[3]s", 1110 "organizational_unit_identifier": "OUID" 1111 } 1112 ], 1113 "revocation_list": [ 1114 "%[4]s" 1115 ], 1116 "root_certs": [ 1117 "%[3]s" 1118 ], 1119 "signing_identity": null, 1120 "tls_intermediate_certs": [ 1121 "%[3]s" 1122 ], 1123 "tls_root_certs": [ 1124 "%[3]s" 1125 ] 1126 }, 1127 "type": 0 1128 }, 1129 "version": "0" 1130 } 1131 }, 1132 "version": "0" 1133 } 1134 }, 1135 "mod_policy": "/Channel/Orderer/Admins", 1136 "policies": {}, 1137 "values": { 1138 "ChannelCreationPolicy": { 1139 "mod_policy": "/Channel/Orderer/Admins", 1140 "value": { 1141 "type": 3, 1142 "value": { 1143 "rule": "ANY", 1144 "sub_policy": "Admins" 1145 } 1146 }, 1147 "version": "0" 1148 } 1149 }, 1150 "version": "0" 1151 }, 1152 "Consortium2": { 1153 "groups": { 1154 "Org1": { 1155 "groups": {}, 1156 "mod_policy": "Admins", 1157 "policies": { 1158 "Admins": { 1159 "mod_policy": "Admins", 1160 "policy": { 1161 "type": 3, 1162 "value": { 1163 "rule": "MAJORITY", 1164 "sub_policy": "Admins" 1165 } 1166 }, 1167 "version": "0" 1168 }, 1169 "Endorsement": { 1170 "mod_policy": "Admins", 1171 "policy": { 1172 "type": 3, 1173 "value": { 1174 "rule": "MAJORITY", 1175 "sub_policy": "Endorsement" 1176 } 1177 }, 1178 "version": "0" 1179 }, 1180 "Readers": { 1181 "mod_policy": "Admins", 1182 "policy": { 1183 "type": 3, 1184 "value": { 1185 "rule": "ANY", 1186 "sub_policy": "Readers" 1187 } 1188 }, 1189 "version": "0" 1190 }, 1191 "Writers": { 1192 "mod_policy": "Admins", 1193 "policy": { 1194 "type": 3, 1195 "value": { 1196 "rule": "ANY", 1197 "sub_policy": "Writers" 1198 } 1199 }, 1200 "version": "0" 1201 } 1202 }, 1203 "values": { 1204 "MSP": { 1205 "mod_policy": "Admins", 1206 "value": { 1207 "config": { 1208 "admins": [ 1209 "%[1]s" 1210 ], 1211 "crypto_config": { 1212 "identity_identifier_hash_function": "SHA256", 1213 "signature_hash_family": "SHA3" 1214 }, 1215 "fabric_node_ous": { 1216 "admin_ou_identifier": { 1217 "certificate": "%[1]s", 1218 "organizational_unit_identifier": "OUID" 1219 }, 1220 "client_ou_identifier": { 1221 "certificate": "%[1]s", 1222 "organizational_unit_identifier": "OUID" 1223 }, 1224 "enable": false, 1225 "orderer_ou_identifier": { 1226 "certificate": "%[1]s", 1227 "organizational_unit_identifier": "OUID" 1228 }, 1229 "peer_ou_identifier": { 1230 "certificate": "%[1]s", 1231 "organizational_unit_identifier": "OUID" 1232 } 1233 }, 1234 "intermediate_certs": [ 1235 "%[1]s" 1236 ], 1237 "name": "MSPID", 1238 "organizational_unit_identifiers": [ 1239 { 1240 "certificate": "%[1]s", 1241 "organizational_unit_identifier": "OUID" 1242 } 1243 ], 1244 "revocation_list": [ 1245 "%[2]s" 1246 ], 1247 "root_certs": [ 1248 "%[1]s" 1249 ], 1250 "signing_identity": null, 1251 "tls_intermediate_certs": [ 1252 "%[1]s" 1253 ], 1254 "tls_root_certs": [ 1255 "%[1]s" 1256 ] 1257 }, 1258 "type": 0 1259 }, 1260 "version": "0" 1261 } 1262 }, 1263 "version": "0" 1264 }, 1265 "Org2": { 1266 "groups": {}, 1267 "mod_policy": "Admins", 1268 "policies": { 1269 "Admins": { 1270 "mod_policy": "Admins", 1271 "policy": { 1272 "type": 3, 1273 "value": { 1274 "rule": "MAJORITY", 1275 "sub_policy": "Admins" 1276 } 1277 }, 1278 "version": "0" 1279 }, 1280 "Endorsement": { 1281 "mod_policy": "Admins", 1282 "policy": { 1283 "type": 3, 1284 "value": { 1285 "rule": "MAJORITY", 1286 "sub_policy": "Endorsement" 1287 } 1288 }, 1289 "version": "0" 1290 }, 1291 "Readers": { 1292 "mod_policy": "Admins", 1293 "policy": { 1294 "type": 3, 1295 "value": { 1296 "rule": "ANY", 1297 "sub_policy": "Readers" 1298 } 1299 }, 1300 "version": "0" 1301 }, 1302 "Writers": { 1303 "mod_policy": "Admins", 1304 "policy": { 1305 "type": 3, 1306 "value": { 1307 "rule": "ANY", 1308 "sub_policy": "Writers" 1309 } 1310 }, 1311 "version": "0" 1312 } 1313 }, 1314 "values": { 1315 "MSP": { 1316 "mod_policy": "Admins", 1317 "value": { 1318 "config": { 1319 "admins": [ 1320 "%[3]s" 1321 ], 1322 "crypto_config": { 1323 "identity_identifier_hash_function": "SHA256", 1324 "signature_hash_family": "SHA3" 1325 }, 1326 "fabric_node_ous": { 1327 "admin_ou_identifier": { 1328 "certificate": "%[3]s", 1329 "organizational_unit_identifier": "OUID" 1330 }, 1331 "client_ou_identifier": { 1332 "certificate": "%[3]s", 1333 "organizational_unit_identifier": "OUID" 1334 }, 1335 "enable": false, 1336 "orderer_ou_identifier": { 1337 "certificate": "%[3]s", 1338 "organizational_unit_identifier": "OUID" 1339 }, 1340 "peer_ou_identifier": { 1341 "certificate": "%[3]s", 1342 "organizational_unit_identifier": "OUID" 1343 } 1344 }, 1345 "intermediate_certs": [ 1346 "%[3]s" 1347 ], 1348 "name": "MSPID", 1349 "organizational_unit_identifiers": [ 1350 { 1351 "certificate": "%[3]s", 1352 "organizational_unit_identifier": "OUID" 1353 } 1354 ], 1355 "revocation_list": [ 1356 "%[4]s" 1357 ], 1358 "root_certs": [ 1359 "%[3]s" 1360 ], 1361 "signing_identity": null, 1362 "tls_intermediate_certs": [ 1363 "%[3]s" 1364 ], 1365 "tls_root_certs": [ 1366 "%[3]s" 1367 ] 1368 }, 1369 "type": 0 1370 }, 1371 "version": "0" 1372 } 1373 }, 1374 "version": "0" 1375 } 1376 }, 1377 "mod_policy": "", 1378 "policies": {}, 1379 "values": {}, 1380 "version": "0" 1381 } 1382 }, 1383 "mod_policy": "/Channel/Orderer/Admins", 1384 "policies": { 1385 "Admins": { 1386 "mod_policy": "/Channel/Orderer/Admins", 1387 "policy": { 1388 "type": 1, 1389 "value": { 1390 "identities": [], 1391 "rule": { 1392 "n_out_of": { 1393 "n": 0, 1394 "rules": [] 1395 } 1396 }, 1397 "version": 0 1398 } 1399 }, 1400 "version": "0" 1401 } 1402 }, 1403 "values": {}, 1404 "version": "0" 1405 } 1406 }, 1407 "mod_policy": "", 1408 "policies": {}, 1409 "values": {}, 1410 "version": "0" 1411 }, 1412 "sequence": "0" 1413 } 1414 `, org1CertBase64, org1CRLBase64, org2CertBase64, org2CRLBase64) 1415 1416 expectedConfigProto := &cb.Config{} 1417 err = protolator.DeepUnmarshalJSON(bytes.NewBufferString(expectedConfigJSON), expectedConfigProto) 1418 gt.Expect(err).NotTo(HaveOccurred()) 1419 1420 gt.Expect(proto.Equal(c.updated, expectedConfigProto)).To(BeTrue()) 1421 } 1422 1423 func TestConsortiumOrg(t *testing.T) { 1424 t.Parallel() 1425 gt := NewGomegaWithT(t) 1426 1427 channel, _, _ := baseSystemChannelProfile(t) 1428 channelGroup, err := newSystemChannelGroup(channel) 1429 gt.Expect(err).NotTo(HaveOccurred()) 1430 1431 config := &cb.Config{ 1432 ChannelGroup: channelGroup, 1433 } 1434 1435 c := New(config) 1436 1437 expectedOrg := channel.Consortiums[0].Organizations[0] 1438 1439 tests := []struct { 1440 name string 1441 consortiumName string 1442 orgName string 1443 expectedErr string 1444 }{ 1445 { 1446 name: "success", 1447 consortiumName: "Consortium1", 1448 orgName: "Org1", 1449 expectedErr: "", 1450 }, 1451 } 1452 1453 for _, tc := range tests { 1454 tc := tc 1455 t.Run(tc.name, func(t *testing.T) { 1456 t.Parallel() 1457 gt := NewGomegaWithT(t) 1458 1459 org, err := c.Consortium(tc.consortiumName).Organization(tc.orgName).Configuration() 1460 if tc.expectedErr != "" { 1461 gt.Expect(Organization{}).To(Equal(org)) 1462 gt.Expect(err).To(MatchError(tc.expectedErr)) 1463 } else { 1464 gt.Expect(err).ToNot(HaveOccurred()) 1465 gt.Expect(expectedOrg).To(Equal(org)) 1466 } 1467 }) 1468 } 1469 } 1470 1471 func TestRemoveConsortiumOrg(t *testing.T) { 1472 t.Parallel() 1473 gt := NewGomegaWithT(t) 1474 1475 channel, _, _ := baseSystemChannelProfile(t) 1476 channelGroup, err := newSystemChannelGroup(channel) 1477 gt.Expect(err).NotTo(HaveOccurred()) 1478 1479 config := &cb.Config{ 1480 ChannelGroup: channelGroup, 1481 } 1482 1483 c := New(config) 1484 1485 c.Consortium("Consortium1").RemoveOrganization("Org1") 1486 gt.Expect(c.Consortium("Consortium1").Organization("Org1")).To(BeNil()) 1487 } 1488 1489 func TestSetConsortiumOrgModPolicy(t *testing.T) { 1490 t.Parallel() 1491 1492 gt := NewGomegaWithT(t) 1493 1494 consortiums, _ := baseConsortiums(t) 1495 consortiumsGroup, err := newConsortiumsGroup(consortiums) 1496 gt.Expect(err).NotTo(HaveOccurred()) 1497 1498 config := &cb.Config{ 1499 ChannelGroup: &cb.ConfigGroup{ 1500 Groups: map[string]*cb.ConfigGroup{ 1501 ConsortiumsGroupKey: consortiumsGroup, 1502 }, 1503 }, 1504 } 1505 1506 c := New(config) 1507 1508 consortium1Org1 := c.Consortium("Consortium1").Organization("Org1") 1509 err = consortium1Org1.SetModPolicy("TestModPolicy") 1510 gt.Expect(err).NotTo(HaveOccurred()) 1511 1512 updatedModPolicy := consortium1Org1.orgGroup.GetModPolicy() 1513 gt.Expect(updatedModPolicy).To(Equal("TestModPolicy")) 1514 } 1515 1516 func TestSetConsortiumOrgModPolicyFailures(t *testing.T) { 1517 t.Parallel() 1518 1519 gt := NewGomegaWithT(t) 1520 1521 consortiums, _ := baseConsortiums(t) 1522 consortiumsGroup, err := newConsortiumsGroup(consortiums) 1523 gt.Expect(err).NotTo(HaveOccurred()) 1524 1525 config := &cb.Config{ 1526 ChannelGroup: &cb.ConfigGroup{ 1527 Groups: map[string]*cb.ConfigGroup{ 1528 ConsortiumsGroupKey: consortiumsGroup, 1529 }, 1530 }, 1531 } 1532 1533 c := New(config) 1534 1535 err = c.Consortium("Consortium1").Organization("Org1").SetModPolicy("") 1536 gt.Expect(err).To(MatchError("non empty mod policy is required")) 1537 } 1538 1539 func TestSetConsortiumOrgPolicy(t *testing.T) { 1540 t.Parallel() 1541 1542 gt := NewGomegaWithT(t) 1543 1544 consortiums, _ := baseConsortiums(t) 1545 1546 consortiumsGroup, err := newConsortiumsGroup(consortiums) 1547 gt.Expect(err).NotTo(HaveOccurred()) 1548 1549 config := &cb.Config{ 1550 ChannelGroup: &cb.ConfigGroup{ 1551 Groups: map[string]*cb.ConfigGroup{ 1552 ConsortiumsGroupKey: consortiumsGroup, 1553 }, 1554 }, 1555 } 1556 1557 c := New(config) 1558 1559 expectedPolicies := map[string]Policy{ 1560 ReadersPolicyKey: { 1561 Type: ImplicitMetaPolicyType, 1562 Rule: "ANY Readers", 1563 ModPolicy: AdminsPolicyKey, 1564 }, 1565 WritersPolicyKey: { 1566 Type: ImplicitMetaPolicyType, 1567 Rule: "ANY Writers", 1568 ModPolicy: AdminsPolicyKey, 1569 }, 1570 AdminsPolicyKey: { 1571 Type: ImplicitMetaPolicyType, 1572 Rule: "MAJORITY Admins", 1573 ModPolicy: AdminsPolicyKey, 1574 }, 1575 EndorsementPolicyKey: { 1576 Type: ImplicitMetaPolicyType, 1577 Rule: "MAJORITY Endorsement", 1578 ModPolicy: AdminsPolicyKey, 1579 }, 1580 "TestPolicy": { 1581 Type: ImplicitMetaPolicyType, 1582 Rule: "MAJORITY Endorsement", 1583 ModPolicy: AdminsPolicyKey, 1584 }, 1585 } 1586 1587 consortium1Org1 := c.Consortium("Consortium1").Organization("Org1") 1588 err = consortium1Org1.SetPolicy("TestPolicy", Policy{Type: ImplicitMetaPolicyType, Rule: "MAJORITY Endorsement"}) 1589 gt.Expect(err).NotTo(HaveOccurred()) 1590 1591 updatedPolicies, err := consortium1Org1.Policies() 1592 gt.Expect(err).NotTo(HaveOccurred()) 1593 gt.Expect(updatedPolicies).To(Equal(expectedPolicies)) 1594 } 1595 1596 func TestSetConsortiumOrgPolicyFailures(t *testing.T) { 1597 t.Parallel() 1598 1599 gt := NewGomegaWithT(t) 1600 1601 consortiums, _ := baseConsortiums(t) 1602 1603 consortiumsGroup, err := newConsortiumsGroup(consortiums) 1604 gt.Expect(err).NotTo(HaveOccurred()) 1605 1606 config := &cb.Config{ 1607 ChannelGroup: &cb.ConfigGroup{ 1608 Groups: map[string]*cb.ConfigGroup{ 1609 ConsortiumsGroupKey: consortiumsGroup, 1610 }, 1611 }, 1612 } 1613 1614 c := New(config) 1615 1616 for _, test := range []struct { 1617 name string 1618 consortium string 1619 org string 1620 policy Policy 1621 expectedErr string 1622 }{ 1623 { 1624 name: "When setting empty policy fails", 1625 consortium: "Consortium1", 1626 org: "Org1", 1627 policy: Policy{}, 1628 expectedErr: "failed to set policy 'TestPolicy' to consortium org 'Org1': unknown policy type: ", 1629 }, 1630 } { 1631 err := c.Consortium(test.consortium).Organization(test.org).SetPolicy("TestPolicy", test.policy) 1632 gt.Expect(err).To(MatchError(test.expectedErr)) 1633 } 1634 } 1635 1636 func TestSetConsortiumOrgPolicies(t *testing.T) { 1637 t.Parallel() 1638 1639 gt := NewGomegaWithT(t) 1640 1641 consortiums, _ := baseConsortiums(t) 1642 consortiums[0].Organizations[0].Policies["TestPolicy_Remove"] = Policy{Type: ImplicitMetaPolicyType, Rule: "MAJORITY Endorsement"} 1643 1644 consortiumsGroup, err := newConsortiumsGroup(consortiums) 1645 gt.Expect(err).NotTo(HaveOccurred()) 1646 1647 config := &cb.Config{ 1648 ChannelGroup: &cb.ConfigGroup{ 1649 Groups: map[string]*cb.ConfigGroup{ 1650 ConsortiumsGroupKey: consortiumsGroup, 1651 }, 1652 }, 1653 } 1654 1655 c := New(config) 1656 1657 newPolicies := map[string]Policy{ 1658 ReadersPolicyKey: { 1659 Type: ImplicitMetaPolicyType, 1660 Rule: "ANY Readers", 1661 ModPolicy: AdminsPolicyKey, 1662 }, 1663 WritersPolicyKey: { 1664 Type: ImplicitMetaPolicyType, 1665 Rule: "ANY Writers", 1666 ModPolicy: AdminsPolicyKey, 1667 }, 1668 AdminsPolicyKey: { 1669 Type: ImplicitMetaPolicyType, 1670 Rule: "MAJORITY Admins", 1671 ModPolicy: AdminsPolicyKey, 1672 }, 1673 EndorsementPolicyKey: { 1674 Type: ImplicitMetaPolicyType, 1675 Rule: "MAJORITY Endorsement", 1676 ModPolicy: AdminsPolicyKey, 1677 }, 1678 "TestPolicy_Add1": { 1679 Type: ImplicitMetaPolicyType, 1680 Rule: "MAJORITY Endorsement", 1681 ModPolicy: AdminsPolicyKey, 1682 }, 1683 "TestPolicy_Add2": { 1684 Type: ImplicitMetaPolicyType, 1685 Rule: "MAJORITY Endorsement", 1686 ModPolicy: AdminsPolicyKey, 1687 }, 1688 } 1689 1690 consortium1Org1 := c.Consortium("Consortium1").Organization("Org1") 1691 err = consortium1Org1.SetPolicies(newPolicies) 1692 gt.Expect(err).NotTo(HaveOccurred()) 1693 1694 updatedPolicies, err := consortium1Org1.Policies() 1695 gt.Expect(err).NotTo(HaveOccurred()) 1696 gt.Expect(updatedPolicies).To(Equal(newPolicies)) 1697 } 1698 1699 func TestSetConsortiumOrgPoliciesFailures(t *testing.T) { 1700 t.Parallel() 1701 1702 gt := NewGomegaWithT(t) 1703 1704 consortiums, _ := baseConsortiums(t) 1705 1706 consortiumsGroup, err := newConsortiumsGroup(consortiums) 1707 gt.Expect(err).NotTo(HaveOccurred()) 1708 1709 config := &cb.Config{ 1710 ChannelGroup: &cb.ConfigGroup{ 1711 Groups: map[string]*cb.ConfigGroup{ 1712 ConsortiumsGroupKey: consortiumsGroup, 1713 }, 1714 }, 1715 } 1716 1717 c := New(config) 1718 1719 newPolicies := map[string]Policy{ 1720 ReadersPolicyKey: { 1721 Type: ImplicitMetaPolicyType, 1722 Rule: "ANY Readers", 1723 }, 1724 WritersPolicyKey: { 1725 Type: ImplicitMetaPolicyType, 1726 Rule: "ANY Writers", 1727 }, 1728 AdminsPolicyKey: { 1729 Type: ImplicitMetaPolicyType, 1730 Rule: "MAJORITY Admins", 1731 }, 1732 EndorsementPolicyKey: { 1733 Type: ImplicitMetaPolicyType, 1734 Rule: "MAJORITY Endorsement", 1735 }, 1736 "TestPolicy": {}, 1737 } 1738 1739 consortium1Org1 := c.Consortium("Consortium1").Organization("Org1") 1740 err = consortium1Org1.SetPolicies(newPolicies) 1741 gt.Expect(err).To(MatchError("failed to set policies to consortium org 'Org1': unknown policy type: ")) 1742 } 1743 1744 func TestRemoveConsortiumOrgPolicy(t *testing.T) { 1745 t.Parallel() 1746 1747 gt := NewGomegaWithT(t) 1748 1749 consortiums, _ := baseConsortiums(t) 1750 1751 consortiums[0].Organizations[0].Policies["TestPolicy"] = Policy{Type: ImplicitMetaPolicyType, Rule: "MAJORITY Endorsement"} 1752 1753 consortiumsGroup, err := newConsortiumsGroup(consortiums) 1754 gt.Expect(err).NotTo(HaveOccurred()) 1755 1756 config := &cb.Config{ 1757 ChannelGroup: &cb.ConfigGroup{ 1758 Groups: map[string]*cb.ConfigGroup{ 1759 ConsortiumsGroupKey: consortiumsGroup, 1760 }, 1761 }, 1762 } 1763 1764 c := New(config) 1765 1766 expectedPolicies := map[string]Policy{ 1767 ReadersPolicyKey: { 1768 Type: ImplicitMetaPolicyType, 1769 Rule: "ANY Readers", 1770 ModPolicy: AdminsPolicyKey, 1771 }, 1772 WritersPolicyKey: { 1773 Type: ImplicitMetaPolicyType, 1774 Rule: "ANY Writers", 1775 ModPolicy: AdminsPolicyKey, 1776 }, 1777 AdminsPolicyKey: { 1778 Type: ImplicitMetaPolicyType, 1779 Rule: "MAJORITY Admins", 1780 ModPolicy: AdminsPolicyKey, 1781 }, 1782 EndorsementPolicyKey: { 1783 Type: ImplicitMetaPolicyType, 1784 Rule: "MAJORITY Endorsement", 1785 ModPolicy: AdminsPolicyKey, 1786 }, 1787 } 1788 1789 consortium1Org1 := c.Consortium("Consortium1").Organization("Org1") 1790 consortium1Org1.RemovePolicy("TestPolicy") 1791 1792 updatedPolicies, err := consortium1Org1.Policies() 1793 gt.Expect(err).NotTo(HaveOccurred()) 1794 gt.Expect(updatedPolicies).To(Equal(expectedPolicies)) 1795 } 1796 1797 func TestConsortiumOrgPolicies(t *testing.T) { 1798 t.Parallel() 1799 1800 gt := NewGomegaWithT(t) 1801 1802 consortiums, _ := baseConsortiums(t) 1803 1804 consortiumsGroup, err := newConsortiumsGroup(consortiums) 1805 gt.Expect(err).NotTo(HaveOccurred()) 1806 1807 config := &cb.Config{ 1808 ChannelGroup: &cb.ConfigGroup{ 1809 Groups: map[string]*cb.ConfigGroup{ 1810 ConsortiumsGroupKey: consortiumsGroup, 1811 }, 1812 }, 1813 } 1814 1815 c := New(config) 1816 1817 expectedPolicies := map[string]Policy{ 1818 ReadersPolicyKey: { 1819 Type: ImplicitMetaPolicyType, 1820 Rule: "ANY Readers", 1821 ModPolicy: AdminsPolicyKey, 1822 }, 1823 WritersPolicyKey: { 1824 Type: ImplicitMetaPolicyType, 1825 Rule: "ANY Writers", 1826 ModPolicy: AdminsPolicyKey, 1827 }, 1828 AdminsPolicyKey: { 1829 Type: ImplicitMetaPolicyType, 1830 Rule: "MAJORITY Admins", 1831 ModPolicy: AdminsPolicyKey, 1832 }, 1833 EndorsementPolicyKey: { 1834 Type: ImplicitMetaPolicyType, 1835 Rule: "MAJORITY Endorsement", 1836 ModPolicy: AdminsPolicyKey, 1837 }, 1838 } 1839 1840 policies, err := c.Consortium("Consortium1").Organization("Org1").Policies() 1841 gt.Expect(err).NotTo(HaveOccurred()) 1842 gt.Expect(policies).To(Equal(expectedPolicies)) 1843 } 1844 1845 func TestConsortiumMSP(t *testing.T) { 1846 t.Parallel() 1847 1848 gt := NewGomegaWithT(t) 1849 1850 consortiums, _ := baseConsortiums(t) 1851 expectedMSP := consortiums[0].Organizations[0].MSP 1852 1853 consortiumsGroup, err := newConsortiumsGroup(consortiums) 1854 gt.Expect(err).NotTo(HaveOccurred()) 1855 1856 config := &cb.Config{ 1857 ChannelGroup: &cb.ConfigGroup{ 1858 Groups: map[string]*cb.ConfigGroup{ 1859 ConsortiumsGroupKey: consortiumsGroup, 1860 }, 1861 }, 1862 } 1863 1864 c := New(config) 1865 1866 msp, err := c.Consortium("Consortium1").Organization("Org1").MSP().Configuration() 1867 gt.Expect(err).NotTo(HaveOccurred()) 1868 gt.Expect(msp).To(Equal(expectedMSP)) 1869 } 1870 1871 func TestSetConsortiumMSP(t *testing.T) { 1872 t.Parallel() 1873 gt := NewGomegaWithT(t) 1874 1875 consortiumGroup, privKeys, err := baseConsortiumChannelGroup(t) 1876 gt.Expect(err).NotTo(HaveOccurred()) 1877 1878 config := &cb.Config{ 1879 ChannelGroup: consortiumGroup, 1880 } 1881 c := New(config) 1882 1883 consortium1 := c.Consortium("Consortium1") 1884 consortiumOrg1MSP, err := consortium1.Organization("Org1").MSP().Configuration() 1885 gt.Expect(err).NotTo(HaveOccurred()) 1886 consortiumOrg2MSP, err := consortium1.Organization("Org2").MSP().Configuration() 1887 gt.Expect(err).NotTo(HaveOccurred()) 1888 consortiumOrg1CertBase64, consortiumOrg1CRLBase64 := certCRLBase64(t, consortiumOrg1MSP) 1889 consortiumOrg2CertBase64, consortiumOrg2CRLBase64 := certCRLBase64(t, consortiumOrg2MSP) 1890 1891 newRootCert, newRootPrivKey := generateCACertAndPrivateKey(t, "anotherca-org1.example.com") 1892 newRootCertBase64 := base64.StdEncoding.EncodeToString(pemEncodeX509Certificate(newRootCert)) 1893 consortiumOrg1MSP.RootCerts = append(consortiumOrg1MSP.RootCerts, newRootCert) 1894 1895 newIntermediateCert, _ := generateIntermediateCACertAndPrivateKey(t, "anotherca-org1.example.com", newRootCert, newRootPrivKey) 1896 newIntermediateCertBase64 := base64.StdEncoding.EncodeToString(pemEncodeX509Certificate(newIntermediateCert)) 1897 consortiumOrg1MSP.IntermediateCerts = append(consortiumOrg1MSP.IntermediateCerts, newIntermediateCert) 1898 1899 cert := consortiumOrg1MSP.RootCerts[0] 1900 privKey := privKeys[0] 1901 certToRevoke, _ := generateCertAndPrivateKeyFromCACert(t, "org1.example.com", cert, privKey) 1902 signingIdentity := &SigningIdentity{ 1903 Certificate: cert, 1904 PrivateKey: privKey, 1905 MSPID: "MSPID", 1906 } 1907 newCRL, err := consortiumOrg1MSP.CreateMSPCRL(signingIdentity, certToRevoke) 1908 gt.Expect(err).NotTo(HaveOccurred()) 1909 pemNewCRL, err := pemEncodeCRL(newCRL) 1910 gt.Expect(err).NotTo(HaveOccurred()) 1911 newCRLBase64 := base64.StdEncoding.EncodeToString(pemNewCRL) 1912 consortiumOrg1MSP.RevocationList = append(consortiumOrg1MSP.RevocationList, newCRL) 1913 1914 err = consortium1.Organization("Org1").SetMSP(consortiumOrg1MSP) 1915 gt.Expect(err).NotTo(HaveOccurred()) 1916 1917 expectedConfigJSON := fmt.Sprintf(` 1918 { 1919 "channel_group": { 1920 "groups": { 1921 "Consortiums": { 1922 "groups": { 1923 "Consortium1": { 1924 "groups": { 1925 "Org1": { 1926 "groups": {}, 1927 "mod_policy": "Admins", 1928 "policies": { 1929 "Admins": { 1930 "mod_policy": "Admins", 1931 "policy": { 1932 "type": 3, 1933 "value": { 1934 "rule": "MAJORITY", 1935 "sub_policy": "Admins" 1936 } 1937 }, 1938 "version": "0" 1939 }, 1940 "Endorsement": { 1941 "mod_policy": "Admins", 1942 "policy": { 1943 "type": 3, 1944 "value": { 1945 "rule": "MAJORITY", 1946 "sub_policy": "Endorsement" 1947 } 1948 }, 1949 "version": "0" 1950 }, 1951 "Readers": { 1952 "mod_policy": "Admins", 1953 "policy": { 1954 "type": 3, 1955 "value": { 1956 "rule": "ANY", 1957 "sub_policy": "Readers" 1958 } 1959 }, 1960 "version": "0" 1961 }, 1962 "Writers": { 1963 "mod_policy": "Admins", 1964 "policy": { 1965 "type": 3, 1966 "value": { 1967 "rule": "ANY", 1968 "sub_policy": "Writers" 1969 } 1970 }, 1971 "version": "0" 1972 } 1973 }, 1974 "values": { 1975 "MSP": { 1976 "mod_policy": "Admins", 1977 "value": { 1978 "config": { 1979 "admins": [ 1980 "%[1]s" 1981 ], 1982 "crypto_config": { 1983 "identity_identifier_hash_function": "SHA256", 1984 "signature_hash_family": "SHA3" 1985 }, 1986 "fabric_node_ous": { 1987 "admin_ou_identifier": { 1988 "certificate": "%[1]s", 1989 "organizational_unit_identifier": "OUID" 1990 }, 1991 "client_ou_identifier": { 1992 "certificate": "%[1]s", 1993 "organizational_unit_identifier": "OUID" 1994 }, 1995 "enable": false, 1996 "orderer_ou_identifier": { 1997 "certificate": "%[1]s", 1998 "organizational_unit_identifier": "OUID" 1999 }, 2000 "peer_ou_identifier": { 2001 "certificate": "%[1]s", 2002 "organizational_unit_identifier": "OUID" 2003 } 2004 }, 2005 "intermediate_certs": [ 2006 "%[1]s", 2007 "%[2]s" 2008 ], 2009 "name": "MSPID", 2010 "organizational_unit_identifiers": [ 2011 { 2012 "certificate": "%[1]s", 2013 "organizational_unit_identifier": "OUID" 2014 } 2015 ], 2016 "revocation_list": [ 2017 "%[3]s", 2018 "%[4]s" 2019 ], 2020 "root_certs": [ 2021 "%[1]s", 2022 "%[5]s" 2023 ], 2024 "signing_identity": null, 2025 "tls_intermediate_certs": [ 2026 "%[1]s" 2027 ], 2028 "tls_root_certs": [ 2029 "%[1]s" 2030 ] 2031 }, 2032 "type": 0 2033 }, 2034 "version": "0" 2035 } 2036 }, 2037 "version": "0" 2038 }, 2039 "Org2": { 2040 "groups": {}, 2041 "mod_policy": "Admins", 2042 "policies": { 2043 "Admins": { 2044 "mod_policy": "Admins", 2045 "policy": { 2046 "type": 3, 2047 "value": { 2048 "rule": "MAJORITY", 2049 "sub_policy": "Admins" 2050 } 2051 }, 2052 "version": "0" 2053 }, 2054 "Endorsement": { 2055 "mod_policy": "Admins", 2056 "policy": { 2057 "type": 3, 2058 "value": { 2059 "rule": "MAJORITY", 2060 "sub_policy": "Endorsement" 2061 } 2062 }, 2063 "version": "0" 2064 }, 2065 "Readers": { 2066 "mod_policy": "Admins", 2067 "policy": { 2068 "type": 3, 2069 "value": { 2070 "rule": "ANY", 2071 "sub_policy": "Readers" 2072 } 2073 }, 2074 "version": "0" 2075 }, 2076 "Writers": { 2077 "mod_policy": "Admins", 2078 "policy": { 2079 "type": 3, 2080 "value": { 2081 "rule": "ANY", 2082 "sub_policy": "Writers" 2083 } 2084 }, 2085 "version": "0" 2086 } 2087 }, 2088 "values": { 2089 "MSP": { 2090 "mod_policy": "Admins", 2091 "value": { 2092 "config": { 2093 "admins": [ 2094 "%[6]s" 2095 ], 2096 "crypto_config": { 2097 "identity_identifier_hash_function": "SHA256", 2098 "signature_hash_family": "SHA3" 2099 }, 2100 "fabric_node_ous": { 2101 "admin_ou_identifier": { 2102 "certificate": "%[6]s", 2103 "organizational_unit_identifier": "OUID" 2104 }, 2105 "client_ou_identifier": { 2106 "certificate": "%[6]s", 2107 "organizational_unit_identifier": "OUID" 2108 }, 2109 "enable": false, 2110 "orderer_ou_identifier": { 2111 "certificate": "%[6]s", 2112 "organizational_unit_identifier": "OUID" 2113 }, 2114 "peer_ou_identifier": { 2115 "certificate": "%[6]s", 2116 "organizational_unit_identifier": "OUID" 2117 } 2118 }, 2119 "intermediate_certs": [ 2120 "%[6]s" 2121 ], 2122 "name": "MSPID", 2123 "organizational_unit_identifiers": [ 2124 { 2125 "certificate": "%[6]s", 2126 "organizational_unit_identifier": "OUID" 2127 } 2128 ], 2129 "revocation_list": [ 2130 "%[7]s" 2131 ], 2132 "root_certs": [ 2133 "%[6]s" 2134 ], 2135 "signing_identity": null, 2136 "tls_intermediate_certs": [ 2137 "%[6]s" 2138 ], 2139 "tls_root_certs": [ 2140 "%[6]s" 2141 ] 2142 }, 2143 "type": 0 2144 }, 2145 "version": "0" 2146 } 2147 }, 2148 "version": "0" 2149 } 2150 }, 2151 "mod_policy": "/Channel/Orderer/Admins", 2152 "policies": {}, 2153 "values": { 2154 "ChannelCreationPolicy": { 2155 "mod_policy": "/Channel/Orderer/Admins", 2156 "value": { 2157 "type": 3, 2158 "value": { 2159 "rule": "ANY", 2160 "sub_policy": "Admins" 2161 } 2162 }, 2163 "version": "0" 2164 } 2165 }, 2166 "version": "0" 2167 } 2168 }, 2169 "mod_policy": "/Channel/Orderer/Admins", 2170 "policies": { 2171 "Admins": { 2172 "mod_policy": "/Channel/Orderer/Admins", 2173 "policy": { 2174 "type": 1, 2175 "value": { 2176 "identities": [], 2177 "rule": { 2178 "n_out_of": { 2179 "n": 0, 2180 "rules": [] 2181 } 2182 }, 2183 "version": 0 2184 } 2185 }, 2186 "version": "0" 2187 } 2188 }, 2189 "values": {}, 2190 "version": "0" 2191 } 2192 }, 2193 "mod_policy": "", 2194 "policies": {}, 2195 "values": {}, 2196 "version": "0" 2197 }, 2198 "sequence": "0" 2199 } 2200 `, consortiumOrg1CertBase64, newIntermediateCertBase64, consortiumOrg1CRLBase64, newCRLBase64, newRootCertBase64, consortiumOrg2CertBase64, consortiumOrg2CRLBase64) 2201 2202 buf := bytes.Buffer{} 2203 err = protolator.DeepMarshalJSON(&buf, c.updated) 2204 gt.Expect(err).NotTo(HaveOccurred()) 2205 2206 gt.Expect(buf.String()).To(MatchJSON(expectedConfigJSON)) 2207 } 2208 2209 func TestSetConsortiumMSPFailure(t *testing.T) { 2210 t.Parallel() 2211 2212 tests := []struct { 2213 spec string 2214 mspMod func(MSP) MSP 2215 consortiumName string 2216 orgName string 2217 expectedErr string 2218 }{ 2219 { 2220 spec: "updating msp name", 2221 mspMod: func(msp MSP) MSP { 2222 msp.Name = "thiscantbegood" 2223 return msp 2224 }, 2225 consortiumName: "Consortium1", 2226 orgName: "Org1", 2227 expectedErr: "MSP name cannot be changed", 2228 }, 2229 { 2230 spec: "invalid root ca cert keyusage", 2231 mspMod: func(msp MSP) MSP { 2232 msp.RootCerts = []*x509.Certificate{ 2233 { 2234 SerialNumber: big.NewInt(7), 2235 KeyUsage: x509.KeyUsageKeyAgreement, 2236 }, 2237 } 2238 return msp 2239 }, 2240 consortiumName: "Consortium1", 2241 orgName: "Org1", 2242 expectedErr: "invalid root cert: KeyUsage must be x509.KeyUsageCertSign. serial number: 7", 2243 }, 2244 } 2245 2246 for _, tc := range tests { 2247 tc := tc 2248 t.Run(tc.spec, func(t *testing.T) { 2249 t.Parallel() 2250 gt := NewGomegaWithT(t) 2251 2252 consortiumGroup, _, err := baseConsortiumChannelGroup(t) 2253 gt.Expect(err).NotTo(HaveOccurred()) 2254 2255 config := &cb.Config{ 2256 ChannelGroup: consortiumGroup, 2257 } 2258 c := New(config) 2259 2260 consortiumOrg1 := c.Consortium("Consortium1").Organization("Org1") 2261 consortiumOrg1MSP, err := consortiumOrg1.MSP().Configuration() 2262 gt.Expect(err).NotTo(HaveOccurred()) 2263 2264 consortiumOrg1MSP = tc.mspMod(consortiumOrg1MSP) 2265 err = consortiumOrg1.SetMSP(consortiumOrg1MSP) 2266 gt.Expect(err).To(MatchError(tc.expectedErr)) 2267 }) 2268 } 2269 } 2270 2271 func baseConsortiums(t *testing.T) ([]Consortium, []*ecdsa.PrivateKey) { 2272 org1MSP, org1PrivKey := baseMSP(t) 2273 org2MSP, org2PrivKey := baseMSP(t) 2274 2275 return []Consortium{ 2276 { 2277 Name: "Consortium1", 2278 Organizations: []Organization{ 2279 { 2280 Name: "Org1", 2281 Policies: orgStandardPolicies(), 2282 MSP: org1MSP, 2283 }, 2284 { 2285 Name: "Org2", 2286 Policies: orgStandardPolicies(), 2287 MSP: org2MSP, 2288 }, 2289 }, 2290 }, 2291 }, []*ecdsa.PrivateKey{org1PrivKey, org2PrivKey} 2292 } 2293 2294 func baseConsortiumChannelGroup(t *testing.T) (*cb.ConfigGroup, []*ecdsa.PrivateKey, error) { 2295 channelGroup := newConfigGroup() 2296 2297 consortiums, privKeys := baseConsortiums(t) 2298 consortiumsGroup, err := newConsortiumsGroup(consortiums) 2299 if err != nil { 2300 return nil, nil, err 2301 } 2302 2303 channelGroup.Groups[ConsortiumsGroupKey] = consortiumsGroup 2304 2305 return channelGroup, privKeys, nil 2306 }