github.com/kaituanwang/hyperledger@v2.0.1+incompatible/core/peer/config_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 package peer 7 8 import ( 9 "crypto/tls" 10 "fmt" 11 "net" 12 "os" 13 "path/filepath" 14 "runtime" 15 "testing" 16 "time" 17 18 "github.com/hyperledger/fabric/core/comm" 19 "github.com/spf13/viper" 20 "github.com/stretchr/testify/assert" 21 ) 22 23 func TestCacheConfigurationNegative(t *testing.T) { 24 // set a bad peer.address 25 viper.Set("peer.addressAutoDetect", true) 26 viper.Set("peer.address", "testing.com") 27 _, err := GlobalConfig() 28 assert.Error(t, err, "Expected error for bad configuration") 29 30 viper.Set("peer.addressAutoDetect", false) 31 viper.Set("peer.address", "") 32 _, err = GlobalConfig() 33 assert.Error(t, err, "Expected error for bad configuration") 34 35 viper.Set("peer.address", "wrongAddress") 36 _, err = GlobalConfig() 37 assert.Error(t, err, "Expected error for bad configuration") 38 39 } 40 41 func TestConfiguration(t *testing.T) { 42 // get the interface addresses 43 addresses, err := net.InterfaceAddrs() 44 if err != nil { 45 t.Fatal("Failed to get interface addresses") 46 } 47 48 var ips []string 49 for _, address := range addresses { 50 // eliminate loopback interfaces 51 if ip, ok := address.(*net.IPNet); ok && !ip.IP.IsLoopback() { 52 ips = append(ips, ip.IP.String()+":7051") 53 t.Logf("found interface address [%s]", ip.IP.String()) 54 } 55 } 56 57 // There is a flake where sometimes this returns no IP address. 58 localIP, err := comm.GetLocalIP() 59 assert.NoError(t, err) 60 61 var tests = []struct { 62 name string 63 settings map[string]interface{} 64 validAddresses []string 65 invalidAddresses []string 66 expectedPeerAddress string 67 }{ 68 { 69 name: "test1", 70 settings: map[string]interface{}{ 71 "peer.addressAutoDetect": false, 72 "peer.address": "testing.com:7051", 73 "peer.id": "testPeer", 74 }, 75 validAddresses: []string{"testing.com:7051"}, 76 invalidAddresses: ips, 77 expectedPeerAddress: "testing.com:7051", 78 }, 79 { 80 name: "test2", 81 settings: map[string]interface{}{ 82 "peer.addressAutoDetect": true, 83 "peer.address": "testing.com:7051", 84 "peer.id": "testPeer", 85 }, 86 validAddresses: ips, 87 invalidAddresses: []string{"testing.com:7051"}, 88 expectedPeerAddress: net.JoinHostPort(localIP, "7051"), 89 }, 90 { 91 name: "test3", 92 settings: map[string]interface{}{ 93 "peer.addressAutoDetect": false, 94 "peer.address": "0.0.0.0:7051", 95 "peer.id": "testPeer", 96 }, 97 validAddresses: []string{fmt.Sprintf("%s:7051", localIP)}, 98 invalidAddresses: []string{"0.0.0.0:7051"}, 99 expectedPeerAddress: net.JoinHostPort(localIP, "7051"), 100 }, 101 } 102 103 for _, test := range tests { 104 test := test 105 t.Run(test.name, func(t *testing.T) { 106 for k, v := range test.settings { 107 viper.Set(k, v) 108 } 109 // load Config file 110 _, err := GlobalConfig() 111 assert.NoError(t, err, "GlobalConfig returned unexpected error") 112 }) 113 } 114 } 115 116 func TestGetServerConfig(t *testing.T) { 117 // good config without TLS 118 viper.Set("peer.tls.enabled", false) 119 viper.Set("peer.connectiontimeout", "7s") 120 sc, _ := GetServerConfig() 121 assert.Equal(t, false, sc.SecOpts.UseTLS, "ServerConfig.SecOpts.UseTLS should be false") 122 assert.Equal(t, sc.ConnectionTimeout, 7*time.Second, "ServerConfig.ConnectionTimeout should be 7 seconds") 123 124 // keepalive options 125 assert.Equal(t, comm.DefaultKeepaliveOptions, sc.KaOpts, "ServerConfig.KaOpts should be set to default values") 126 viper.Set("peer.keepalive.interval", "60m") 127 sc, _ = GetServerConfig() 128 assert.Equal(t, time.Duration(60)*time.Minute, sc.KaOpts.ServerInterval, "ServerConfig.KaOpts.ServerInterval should be set to 60 min") 129 viper.Set("peer.keepalive.timeout", "30s") 130 sc, _ = GetServerConfig() 131 assert.Equal(t, time.Duration(30)*time.Second, sc.KaOpts.ServerTimeout, "ServerConfig.KaOpts.ServerTimeout should be set to 30 sec") 132 viper.Set("peer.keepalive.minInterval", "2m") 133 sc, _ = GetServerConfig() 134 assert.Equal(t, time.Duration(2)*time.Minute, sc.KaOpts.ServerMinInterval, "ServerConfig.KaOpts.ServerMinInterval should be set to 2 min") 135 136 // good config with TLS 137 viper.Set("peer.tls.enabled", true) 138 viper.Set("peer.tls.cert.file", filepath.Join("testdata", "Org1-server1-cert.pem")) 139 viper.Set("peer.tls.key.file", filepath.Join("testdata", "Org1-server1-key.pem")) 140 viper.Set("peer.tls.rootcert.file", filepath.Join("testdata", "Org1-cert.pem")) 141 sc, _ = GetServerConfig() 142 assert.Equal(t, true, sc.SecOpts.UseTLS, "ServerConfig.SecOpts.UseTLS should be true") 143 assert.Equal(t, false, sc.SecOpts.RequireClientCert, "ServerConfig.SecOpts.RequireClientCert should be false") 144 viper.Set("peer.tls.clientAuthRequired", true) 145 viper.Set("peer.tls.clientRootCAs.files", []string{ 146 filepath.Join("testdata", "Org1-cert.pem"), 147 filepath.Join("testdata", "Org2-cert.pem"), 148 }) 149 sc, _ = GetServerConfig() 150 assert.Equal(t, true, sc.SecOpts.RequireClientCert, "ServerConfig.SecOpts.RequireClientCert should be true") 151 assert.Equal(t, 2, len(sc.SecOpts.ClientRootCAs), "ServerConfig.SecOpts.ClientRootCAs should contain 2 entries") 152 153 // bad config with TLS 154 viper.Set("peer.tls.rootcert.file", filepath.Join("testdata", "Org11-cert.pem")) 155 _, err := GetServerConfig() 156 assert.Error(t, err, "GetServerConfig should return error with bad root cert path") 157 viper.Set("peer.tls.cert.file", filepath.Join("testdata", "Org11-cert.pem")) 158 _, err = GetServerConfig() 159 assert.Error(t, err, "GetServerConfig should return error with bad tls cert path") 160 161 // disable TLS for remaining tests 162 viper.Set("peer.tls.enabled", false) 163 viper.Set("peer.tls.clientAuthRequired", false) 164 } 165 166 func TestGetClientCertificate(t *testing.T) { 167 viper.Set("peer.tls.key.file", "") 168 viper.Set("peer.tls.cert.file", "") 169 viper.Set("peer.tls.clientKey.file", "") 170 viper.Set("peer.tls.clientCert.file", "") 171 172 // neither client nor server key pairs set - expect error 173 _, err := GetClientCertificate() 174 assert.Error(t, err) 175 176 viper.Set("peer.tls.key.file", "") 177 viper.Set("peer.tls.cert.file", filepath.Join("testdata", "Org1-server1-cert.pem")) 178 // missing server key file - expect error 179 _, err = GetClientCertificate() 180 assert.Error(t, err) 181 182 viper.Set("peer.tls.key.file", filepath.Join("testdata", "Org1-server1-key.pem")) 183 viper.Set("peer.tls.cert.file", "") 184 // missing server cert file - expect error 185 _, err = GetClientCertificate() 186 assert.Error(t, err) 187 188 // set server TLS settings to ensure we get the client TLS settings 189 // when they are set properly 190 viper.Set("peer.tls.key.file", filepath.Join("testdata", "Org1-server1-key.pem")) 191 viper.Set("peer.tls.cert.file", filepath.Join("testdata", "Org1-server1-cert.pem")) 192 193 // peer.tls.clientCert.file not set - expect error 194 viper.Set("peer.tls.clientKey.file", filepath.Join("testdata", "Org2-server1-key.pem")) 195 _, err = GetClientCertificate() 196 assert.Error(t, err) 197 198 // peer.tls.clientKey.file not set - expect error 199 viper.Set("peer.tls.clientKey.file", "") 200 viper.Set("peer.tls.clientCert.file", filepath.Join("testdata", "Org2-server1-cert.pem")) 201 _, err = GetClientCertificate() 202 assert.Error(t, err) 203 204 // client auth required and clientKey/clientCert set 205 expected, err := tls.LoadX509KeyPair( 206 filepath.Join("testdata", "Org2-server1-cert.pem"), 207 filepath.Join("testdata", "Org2-server1-key.pem"), 208 ) 209 if err != nil { 210 t.Fatalf("Failed to load test certificate (%s)", err) 211 } 212 viper.Set("peer.tls.clientKey.file", filepath.Join("testdata", "Org2-server1-key.pem")) 213 cert, err := GetClientCertificate() 214 assert.NoError(t, err) 215 assert.Equal(t, expected, cert) 216 217 // client auth required and clientKey/clientCert not set - expect 218 // client cert to be the server cert 219 viper.Set("peer.tls.clientKey.file", "") 220 viper.Set("peer.tls.clientCert.file", "") 221 expected, err = tls.LoadX509KeyPair( 222 filepath.Join("testdata", "Org1-server1-cert.pem"), 223 filepath.Join("testdata", "Org1-server1-key.pem"), 224 ) 225 if err != nil { 226 t.Fatalf("Failed to load test certificate (%s)", err) 227 } 228 cert, err = GetClientCertificate() 229 assert.NoError(t, err) 230 assert.Equal(t, expected, cert) 231 } 232 233 func TestGlobalConfig(t *testing.T) { 234 defer viper.Reset() 235 cwd, err := os.Getwd() 236 assert.NoError(t, err, "failed to get current working directory") 237 viper.SetConfigFile(filepath.Join(cwd, "core.yaml")) 238 239 //Capture the configuration from viper 240 viper.Set("peer.addressAutoDetect", false) 241 viper.Set("peer.address", "localhost:8080") 242 viper.Set("peer.id", "testPeerID") 243 viper.Set("peer.localMspId", "SampleOrg") 244 viper.Set("peer.listenAddress", "0.0.0.0:7051") 245 viper.Set("peer.authentication.timewindow", "15m") 246 viper.Set("peer.tls.enabled", "false") 247 viper.Set("peer.networkId", "testNetwork") 248 viper.Set("peer.limits.concurrency.qscc", 5000) 249 viper.Set("peer.discovery.enabled", true) 250 viper.Set("peer.profile.enabled", false) 251 viper.Set("peer.profile.listenAddress", "peer.authentication.timewindow") 252 viper.Set("peer.discovery.orgMembersAllowedAccess", false) 253 viper.Set("peer.discovery.authCacheEnabled", true) 254 viper.Set("peer.discovery.authCacheMaxSize", 1000) 255 viper.Set("peer.discovery.authCachePurgeRetentionRatio", 0.75) 256 viper.Set("peer.chaincodeListenAddress", "0.0.0.0:7052") 257 viper.Set("peer.chaincodeAddress", "0.0.0.0:7052") 258 viper.Set("peer.validatorPoolSize", 1) 259 260 viper.Set("vm.endpoint", "unix:///var/run/docker.sock") 261 viper.Set("vm.docker.tls.enabled", false) 262 viper.Set("vm.docker.attachStdout", false) 263 viper.Set("vm.docker.hostConfig.NetworkMode", "TestingHost") 264 viper.Set("vm.docker.tls.cert.file", "test/vm/tls/cert/file") 265 viper.Set("vm.docker.tls.key.file", "test/vm/tls/key/file") 266 viper.Set("vm.docker.tls.ca.file", "test/vm/tls/ca/file") 267 268 viper.Set("operations.listenAddress", "127.0.0.1:9443") 269 viper.Set("operations.tls.enabled", false) 270 viper.Set("operations.tls.cert.file", "test/tls/cert/file") 271 viper.Set("operations.tls.key.file", "test/tls/key/file") 272 viper.Set("operations.tls.clientAuthRequired", false) 273 viper.Set("operations.tls.clientRootCAs.files", []string{"relative/file1", "/absolute/file2"}) 274 275 viper.Set("metrics.provider", "disabled") 276 viper.Set("metrics.statsd.network", "udp") 277 viper.Set("metrics.statsd.address", "127.0.0.1:8125") 278 viper.Set("metrics.statsd.writeInterval", "10s") 279 viper.Set("metrics.statsd.prefix", "testPrefix") 280 281 viper.Set("chaincode.pull", false) 282 viper.Set("chaincode.externalBuilders", &[]ExternalBuilder{ 283 { 284 Path: "relative/plugin_dir", 285 Name: "relative", 286 }, 287 { 288 Path: "/absolute/plugin_dir", 289 Name: "absolute", 290 }, 291 }) 292 293 coreConfig, err := GlobalConfig() 294 assert.NoError(t, err) 295 296 expectedConfig := &Config{ 297 LocalMSPID: "SampleOrg", 298 ListenAddress: "0.0.0.0:7051", 299 AuthenticationTimeWindow: 15 * time.Minute, 300 PeerTLSEnabled: false, 301 PeerAddress: "localhost:8080", 302 PeerID: "testPeerID", 303 NetworkID: "testNetwork", 304 LimitsConcurrencyQSCC: 5000, 305 DiscoveryEnabled: true, 306 ProfileEnabled: false, 307 ProfileListenAddress: "peer.authentication.timewindow", 308 DiscoveryOrgMembersAllowed: false, 309 DiscoveryAuthCacheEnabled: true, 310 DiscoveryAuthCacheMaxSize: 1000, 311 DiscoveryAuthCachePurgeRetentionRatio: 0.75, 312 ChaincodeListenAddress: "0.0.0.0:7052", 313 ChaincodeAddress: "0.0.0.0:7052", 314 ValidatorPoolSize: 1, 315 DeliverClientKeepaliveOptions: comm.DefaultKeepaliveOptions, 316 317 VMEndpoint: "unix:///var/run/docker.sock", 318 VMDockerTLSEnabled: false, 319 VMDockerAttachStdout: false, 320 VMNetworkMode: "TestingHost", 321 322 ChaincodePull: false, 323 ExternalBuilders: []ExternalBuilder{ 324 { 325 Path: "relative/plugin_dir", 326 Name: "relative", 327 }, 328 { 329 Path: "/absolute/plugin_dir", 330 Name: "absolute", 331 }, 332 }, 333 OperationsListenAddress: "127.0.0.1:9443", 334 OperationsTLSEnabled: false, 335 OperationsTLSCertFile: filepath.Join(cwd, "test/tls/cert/file"), 336 OperationsTLSKeyFile: filepath.Join(cwd, "test/tls/key/file"), 337 OperationsTLSClientAuthRequired: false, 338 OperationsTLSClientRootCAs: []string{ 339 filepath.Join(cwd, "relative", "file1"), 340 "/absolute/file2", 341 }, 342 343 MetricsProvider: "disabled", 344 StatsdNetwork: "udp", 345 StatsdAaddress: "127.0.0.1:8125", 346 StatsdWriteInterval: 10 * time.Second, 347 StatsdPrefix: "testPrefix", 348 349 DockerCert: filepath.Join(cwd, "test/vm/tls/cert/file"), 350 DockerKey: filepath.Join(cwd, "test/vm/tls/key/file"), 351 DockerCA: filepath.Join(cwd, "test/vm/tls/ca/file"), 352 } 353 354 assert.Equal(t, coreConfig, expectedConfig) 355 } 356 357 func TestGlobalConfigDefault(t *testing.T) { 358 defer viper.Reset() 359 viper.Set("peer.address", "localhost:8080") 360 361 coreConfig, err := GlobalConfig() 362 assert.NoError(t, err) 363 364 expectedConfig := &Config{ 365 AuthenticationTimeWindow: 15 * time.Minute, 366 PeerAddress: "localhost:8080", 367 ValidatorPoolSize: runtime.NumCPU(), 368 VMNetworkMode: "host", 369 DeliverClientKeepaliveOptions: comm.DefaultKeepaliveOptions, 370 } 371 372 assert.Equal(t, expectedConfig, coreConfig) 373 } 374 375 func TestMissingExternalBuilderPath(t *testing.T) { 376 defer viper.Reset() 377 viper.Set("peer.address", "localhost:8080") 378 viper.Set("chaincode.externalBuilders", &[]ExternalBuilder{ 379 { 380 Name: "testName", 381 }, 382 }) 383 _, err := GlobalConfig() 384 assert.EqualError(t, err, "invalid external builder configuration, path attribute missing in one or more builders") 385 } 386 387 func TestMissingExternalBuilderName(t *testing.T) { 388 defer viper.Reset() 389 viper.Set("peer.address", "localhost:8080") 390 viper.Set("chaincode.externalBuilders", &[]ExternalBuilder{ 391 { 392 Path: "relative/plugin_dir", 393 }, 394 }) 395 _, err := GlobalConfig() 396 assert.EqualError(t, err, "external builder at path relative/plugin_dir has no name attribute") 397 }