github.com/kchristidis/fabric@v1.0.4-0.20171028114726-837acd08cde1/protos/common/policies.proto (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 syntax = "proto3"; 18 19 import "msp/msp_principal.proto"; 20 21 option go_package = "github.com/hyperledger/fabric/protos/common"; 22 option java_package = "org.hyperledger.fabric.protos.common"; 23 24 package common; 25 26 // Policy expresses a policy which the orderer can evaluate, because there has been some desire expressed to support 27 // multiple policy engines, this is typed as a oneof for now 28 message Policy { 29 enum PolicyType { 30 UNKNOWN = 0; // Reserved to check for proper initialization 31 SIGNATURE = 1; 32 MSP = 2; 33 IMPLICIT_META = 3; 34 } 35 int32 type = 1; // For outside implementors, consider the first 1000 types reserved, otherwise one of PolicyType 36 bytes value = 2; 37 } 38 39 // SignaturePolicyEnvelope wraps a SignaturePolicy and includes a version for future enhancements 40 message SignaturePolicyEnvelope { 41 int32 version = 1; 42 SignaturePolicy rule = 2; 43 repeated MSPPrincipal identities = 3; 44 } 45 46 // SignaturePolicy is a recursive message structure which defines a featherweight DSL for describing 47 // policies which are more complicated than 'exactly this signature'. The NOutOf operator is sufficent 48 // to express AND as well as OR, as well as of course N out of the following M policies 49 // SignedBy implies that the signature is from a valid certificate which is signed by the trusted 50 // authority specified in the bytes. This will be the certificate itself for a self-signed certificate 51 // and will be the CA for more traditional certificates 52 message SignaturePolicy { 53 message NOutOf { 54 int32 n = 1; 55 repeated SignaturePolicy rules = 2; 56 } 57 oneof Type { 58 int32 signed_by = 1; 59 NOutOf n_out_of = 2; 60 } 61 } 62 63 // ImplicitMetaPolicy is a policy type which depends on the hierarchical nature of the configuration 64 // It is implicit because the rule is generate implicitly based on the number of sub policies 65 // It is meta because it depends only on the result of other policies 66 // When evaluated, this policy iterates over all immediate child sub-groups, retrieves the policy 67 // of name sub_policy, evaluates the collection and applies the rule. 68 // For example, with 4 sub-groups, and a policy name of "foo", ImplicitMetaPolicy retrieves 69 // each sub-group, retrieves policy "foo" for each subgroup, evaluates it, and, in the case of ANY 70 // 1 satisfied is sufficient, ALL would require 4 signatures, and MAJORITY would require 3 signatures. 71 message ImplicitMetaPolicy { 72 enum Rule { 73 ANY = 0; // Requires any of the sub-policies be satisfied, if no sub-policies exist, always returns true 74 ALL = 1; // Requires all of the sub-policies be satisfied 75 MAJORITY = 2; // Requires a strict majority (greater than half) of the sub-policies be satisfied 76 } 77 string sub_policy = 1; 78 Rule rule = 2; 79 }