github.com/lzy4123/fabric@v2.1.1+incompatible/common/policies/convert_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package policies_test 8 9 import ( 10 "testing" 11 12 cb "github.com/hyperledger/fabric-protos-go/common" 13 mb "github.com/hyperledger/fabric-protos-go/msp" 14 "github.com/hyperledger/fabric/common/cauthdsl" 15 "github.com/hyperledger/fabric/common/policies" 16 "github.com/hyperledger/fabric/common/policydsl" 17 "github.com/hyperledger/fabric/msp" 18 "github.com/hyperledger/fabric/protoutil" 19 "github.com/pkg/errors" 20 "github.com/stretchr/testify/assert" 21 ) 22 23 func TestImplicitMetaPolicy_Convert(t *testing.T) { 24 25 // Scenario: we attempt the conversion of a simple metapolicy requiring 26 // ALL of 2 sub-policies, each of which are plain signedby 27 28 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 29 30 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 31 Version: 0, 32 Rule: policydsl.SignedBy(0), 33 Identities: []*mb.MSPPrincipal{ 34 { 35 PrincipalClassification: mb.MSPPrincipal_ROLE, 36 Principal: protoutil.MarshalOrPanic( 37 &mb.MSPRole{ 38 Role: mb.MSPRole_MEMBER, 39 MspIdentifier: "A", 40 }, 41 ), 42 }, 43 }, 44 }) 45 assert.NotNil(t, p1) 46 assert.NoError(t, err) 47 48 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 49 Version: 0, 50 Rule: policydsl.SignedBy(0), 51 Identities: []*mb.MSPPrincipal{ 52 { 53 PrincipalClassification: mb.MSPPrincipal_ROLE, 54 Principal: protoutil.MarshalOrPanic( 55 &mb.MSPRole{ 56 Role: mb.MSPRole_MEMBER, 57 MspIdentifier: "B", 58 }, 59 ), 60 }, 61 }, 62 }) 63 assert.NotNil(t, p2) 64 assert.NoError(t, err) 65 66 p := &policies.PolicyLogger{ 67 Policy: &policies.ImplicitMetaPolicy{ 68 Threshold: 2, 69 SubPolicyName: "mypolicy", 70 SubPolicies: []policies.Policy{p1, p2}, 71 }, 72 } 73 74 spe, err := p.Convert() 75 assert.NoError(t, err) 76 assert.NotNil(t, spe) 77 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 78 Version: 0, 79 Rule: policydsl.And( 80 policydsl.SignedBy(0), 81 policydsl.SignedBy(1), 82 ), 83 Identities: []*mb.MSPPrincipal{ 84 { 85 PrincipalClassification: mb.MSPPrincipal_ROLE, 86 Principal: protoutil.MarshalOrPanic( 87 &mb.MSPRole{ 88 Role: mb.MSPRole_MEMBER, 89 MspIdentifier: "A", 90 }, 91 ), 92 }, 93 { 94 PrincipalClassification: mb.MSPPrincipal_ROLE, 95 Principal: protoutil.MarshalOrPanic( 96 &mb.MSPRole{ 97 Role: mb.MSPRole_MEMBER, 98 MspIdentifier: "B", 99 }, 100 ), 101 }, 102 }, 103 }, spe) 104 } 105 106 func TestImplicitMetaPolicy_Convert1(t *testing.T) { 107 108 // Scenario: we attempt the conversion of a metapolicy requiring 109 // ALL of 2 sub-policies, where the first one is an OR of 2 and 110 // the second one is an OR of 1, with a principal that is already 111 // referenced by the first 112 113 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 114 115 p1, err := pfs.NewPolicy(policydsl.SignedByAnyMember([]string{"A", "B"})) 116 assert.NotNil(t, p1) 117 assert.NoError(t, err) 118 119 p2, err := pfs.NewPolicy(policydsl.SignedByAnyMember([]string{"B"})) 120 assert.NotNil(t, p2) 121 assert.NoError(t, err) 122 123 p := &policies.ImplicitMetaPolicy{ 124 Threshold: 2, 125 SubPolicyName: "mypolicy", 126 SubPolicies: []policies.Policy{p1, p2}, 127 } 128 129 spe, err := p.Convert() 130 assert.NoError(t, err) 131 assert.NotNil(t, spe) 132 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 133 Version: 0, 134 Rule: policydsl.And( 135 policydsl.Or( 136 policydsl.SignedBy(0), 137 policydsl.SignedBy(1), 138 ), 139 policydsl.NOutOf(1, 140 []*cb.SignaturePolicy{policydsl.SignedBy(1)}, 141 ), 142 ), 143 Identities: []*mb.MSPPrincipal{ 144 { 145 PrincipalClassification: mb.MSPPrincipal_ROLE, 146 Principal: protoutil.MarshalOrPanic( 147 &mb.MSPRole{ 148 Role: mb.MSPRole_MEMBER, 149 MspIdentifier: "A", 150 }, 151 ), 152 }, 153 { 154 PrincipalClassification: mb.MSPPrincipal_ROLE, 155 Principal: protoutil.MarshalOrPanic( 156 &mb.MSPRole{ 157 Role: mb.MSPRole_MEMBER, 158 MspIdentifier: "B", 159 }, 160 ), 161 }, 162 }, 163 }, spe) 164 } 165 166 func TestImplicitMetaPolicy_Convert2(t *testing.T) { 167 168 // Scenario: we attempt the conversion of a metapolicy requiring 169 // ALL of 2 sub-policies, where the first one is an OR of an AND 170 // of 2 and an OR of 1 and the second one is an AND of 2, with 171 // principal deduplication required 172 173 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 174 175 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 176 Version: 0, 177 Rule: policydsl.NOutOf(1, 178 []*cb.SignaturePolicy{ 179 policydsl.NOutOf(2, 180 []*cb.SignaturePolicy{ 181 policydsl.SignedBy(0), 182 policydsl.SignedBy(1), 183 }, 184 ), 185 policydsl.NOutOf(1, 186 []*cb.SignaturePolicy{ 187 policydsl.SignedBy(2), 188 }, 189 ), 190 }, 191 ), 192 Identities: []*mb.MSPPrincipal{ 193 { 194 PrincipalClassification: mb.MSPPrincipal_ROLE, 195 Principal: protoutil.MarshalOrPanic( 196 &mb.MSPRole{ 197 Role: mb.MSPRole_MEMBER, 198 MspIdentifier: "B", 199 }, 200 ), 201 }, 202 { 203 PrincipalClassification: mb.MSPPrincipal_ROLE, 204 Principal: protoutil.MarshalOrPanic( 205 &mb.MSPRole{ 206 Role: mb.MSPRole_MEMBER, 207 MspIdentifier: "C", 208 }, 209 ), 210 }, 211 { 212 PrincipalClassification: mb.MSPPrincipal_ROLE, 213 Principal: protoutil.MarshalOrPanic( 214 &mb.MSPRole{ 215 Role: mb.MSPRole_MEMBER, 216 MspIdentifier: "D", 217 }, 218 ), 219 }, 220 }, 221 }) 222 assert.NotNil(t, p1) 223 assert.NoError(t, err) 224 225 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 226 Version: 0, 227 Rule: policydsl.NOutOf(2, 228 []*cb.SignaturePolicy{ 229 policydsl.SignedBy(0), 230 policydsl.SignedBy(1), 231 }, 232 ), 233 Identities: []*mb.MSPPrincipal{ 234 { 235 PrincipalClassification: mb.MSPPrincipal_ROLE, 236 Principal: protoutil.MarshalOrPanic( 237 &mb.MSPRole{ 238 Role: mb.MSPRole_MEMBER, 239 MspIdentifier: "A", 240 }, 241 ), 242 }, 243 { 244 PrincipalClassification: mb.MSPPrincipal_ROLE, 245 Principal: protoutil.MarshalOrPanic( 246 &mb.MSPRole{ 247 Role: mb.MSPRole_MEMBER, 248 MspIdentifier: "B", 249 }, 250 ), 251 }, 252 }, 253 }) 254 assert.NotNil(t, p2) 255 assert.NoError(t, err) 256 257 p := &policies.ImplicitMetaPolicy{ 258 Threshold: 2, 259 SubPolicyName: "mypolicy", 260 SubPolicies: []policies.Policy{p1, p2}, 261 } 262 263 spe, err := p.Convert() 264 assert.NoError(t, err) 265 assert.NotNil(t, spe) 266 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 267 Version: 0, 268 Rule: policydsl.And( 269 policydsl.NOutOf(1, 270 []*cb.SignaturePolicy{ 271 policydsl.NOutOf(2, 272 []*cb.SignaturePolicy{ 273 policydsl.SignedBy(0), 274 policydsl.SignedBy(1), 275 }, 276 ), 277 policydsl.NOutOf(1, 278 []*cb.SignaturePolicy{ 279 policydsl.SignedBy(2), 280 }, 281 ), 282 }, 283 ), 284 policydsl.NOutOf(2, 285 []*cb.SignaturePolicy{ 286 policydsl.SignedBy(3), 287 policydsl.SignedBy(0), 288 }, 289 ), 290 ), 291 Identities: []*mb.MSPPrincipal{ 292 { 293 PrincipalClassification: mb.MSPPrincipal_ROLE, 294 Principal: protoutil.MarshalOrPanic( 295 &mb.MSPRole{ 296 Role: mb.MSPRole_MEMBER, 297 MspIdentifier: "B", 298 }, 299 ), 300 }, 301 { 302 PrincipalClassification: mb.MSPPrincipal_ROLE, 303 Principal: protoutil.MarshalOrPanic( 304 &mb.MSPRole{ 305 Role: mb.MSPRole_MEMBER, 306 MspIdentifier: "C", 307 }, 308 ), 309 }, 310 { 311 PrincipalClassification: mb.MSPPrincipal_ROLE, 312 Principal: protoutil.MarshalOrPanic( 313 &mb.MSPRole{ 314 Role: mb.MSPRole_MEMBER, 315 MspIdentifier: "D", 316 }, 317 ), 318 }, 319 { 320 PrincipalClassification: mb.MSPPrincipal_ROLE, 321 Principal: protoutil.MarshalOrPanic( 322 &mb.MSPRole{ 323 Role: mb.MSPRole_MEMBER, 324 MspIdentifier: "A", 325 }, 326 ), 327 }, 328 }, 329 }, spe) 330 } 331 332 func TestImplicitMetaPolicy_Convert3(t *testing.T) { 333 334 // Scenario: we attempt the conversion of a metapolicy requiring 335 // ALL of 2 sub-policies, where the first one is a metapolicy itself, 336 // requiring ALL of 2 simple subpolicies to be satisfied and the 337 // second is a simple subpolicy, with no principal deduplication 338 339 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 340 341 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 342 Version: 0, 343 Rule: policydsl.SignedBy(0), 344 Identities: []*mb.MSPPrincipal{ 345 { 346 PrincipalClassification: mb.MSPPrincipal_ROLE, 347 Principal: protoutil.MarshalOrPanic( 348 &mb.MSPRole{ 349 Role: mb.MSPRole_MEMBER, 350 MspIdentifier: "A", 351 }, 352 ), 353 }, 354 }, 355 }) 356 assert.NotNil(t, p1) 357 assert.NoError(t, err) 358 359 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 360 Version: 0, 361 Rule: policydsl.SignedBy(0), 362 Identities: []*mb.MSPPrincipal{ 363 { 364 PrincipalClassification: mb.MSPPrincipal_ROLE, 365 Principal: protoutil.MarshalOrPanic( 366 &mb.MSPRole{ 367 Role: mb.MSPRole_MEMBER, 368 MspIdentifier: "B", 369 }, 370 ), 371 }, 372 }, 373 }) 374 assert.NotNil(t, p2) 375 assert.NoError(t, err) 376 377 p3, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 378 Version: 0, 379 Rule: policydsl.SignedBy(0), 380 Identities: []*mb.MSPPrincipal{ 381 { 382 PrincipalClassification: mb.MSPPrincipal_ROLE, 383 Principal: protoutil.MarshalOrPanic( 384 &mb.MSPRole{ 385 Role: mb.MSPRole_MEMBER, 386 MspIdentifier: "C", 387 }, 388 ), 389 }, 390 }, 391 }) 392 assert.NotNil(t, p3) 393 assert.NoError(t, err) 394 395 mp1 := &policies.ImplicitMetaPolicy{ 396 Threshold: 2, 397 SubPolicyName: "mypolicy", 398 SubPolicies: []policies.Policy{p1, p2}, 399 } 400 401 mp2 := &policies.ImplicitMetaPolicy{ 402 Threshold: 2, 403 SubPolicyName: "mypolicy", 404 SubPolicies: []policies.Policy{mp1, p3}, 405 } 406 407 spe, err := mp2.Convert() 408 assert.NoError(t, err) 409 assert.NotNil(t, spe) 410 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 411 Version: 0, 412 Rule: policydsl.And( 413 policydsl.And( 414 policydsl.SignedBy(0), 415 policydsl.SignedBy(1), 416 ), 417 policydsl.SignedBy(2), 418 ), 419 Identities: []*mb.MSPPrincipal{ 420 { 421 PrincipalClassification: mb.MSPPrincipal_ROLE, 422 Principal: protoutil.MarshalOrPanic( 423 &mb.MSPRole{ 424 Role: mb.MSPRole_MEMBER, 425 MspIdentifier: "A", 426 }, 427 ), 428 }, 429 { 430 PrincipalClassification: mb.MSPPrincipal_ROLE, 431 Principal: protoutil.MarshalOrPanic( 432 &mb.MSPRole{ 433 Role: mb.MSPRole_MEMBER, 434 MspIdentifier: "B", 435 }, 436 ), 437 }, 438 { 439 PrincipalClassification: mb.MSPPrincipal_ROLE, 440 Principal: protoutil.MarshalOrPanic( 441 &mb.MSPRole{ 442 Role: mb.MSPRole_MEMBER, 443 MspIdentifier: "C", 444 }, 445 ), 446 }, 447 }, 448 }, spe) 449 } 450 451 func TestImplicitMetaPolicy_Convert4(t *testing.T) { 452 453 // Scenario: we attempt the conversion of a metapolicy requiring 454 // ALL of 2 sub-policies, where the first one is a metapolicy itself, 455 // requiring ALL of 2 simple subpolicies to be satisfied and the 456 // second is a simple subpolicy, with principal deduplication 457 458 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 459 460 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 461 Version: 0, 462 Rule: policydsl.SignedBy(0), 463 Identities: []*mb.MSPPrincipal{ 464 { 465 PrincipalClassification: mb.MSPPrincipal_ROLE, 466 Principal: protoutil.MarshalOrPanic( 467 &mb.MSPRole{ 468 Role: mb.MSPRole_MEMBER, 469 MspIdentifier: "A", 470 }, 471 ), 472 }, 473 }, 474 }) 475 assert.NotNil(t, p1) 476 assert.NoError(t, err) 477 478 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 479 Version: 0, 480 Rule: policydsl.SignedBy(0), 481 Identities: []*mb.MSPPrincipal{ 482 { 483 PrincipalClassification: mb.MSPPrincipal_ROLE, 484 Principal: protoutil.MarshalOrPanic( 485 &mb.MSPRole{ 486 Role: mb.MSPRole_MEMBER, 487 MspIdentifier: "A", 488 }, 489 ), 490 }, 491 }, 492 }) 493 assert.NotNil(t, p2) 494 assert.NoError(t, err) 495 496 p3, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 497 Version: 0, 498 Rule: policydsl.SignedBy(0), 499 Identities: []*mb.MSPPrincipal{ 500 { 501 PrincipalClassification: mb.MSPPrincipal_ROLE, 502 Principal: protoutil.MarshalOrPanic( 503 &mb.MSPRole{ 504 Role: mb.MSPRole_MEMBER, 505 MspIdentifier: "A", 506 }, 507 ), 508 }, 509 }, 510 }) 511 assert.NotNil(t, p3) 512 assert.NoError(t, err) 513 514 mp1 := &policies.ImplicitMetaPolicy{ 515 Threshold: 2, 516 SubPolicyName: "mypolicy", 517 SubPolicies: []policies.Policy{p1, p2}, 518 } 519 520 mp2 := &policies.ImplicitMetaPolicy{ 521 Threshold: 2, 522 SubPolicyName: "mypolicy", 523 SubPolicies: []policies.Policy{mp1, p3}, 524 } 525 526 spe, err := mp2.Convert() 527 assert.NoError(t, err) 528 assert.NotNil(t, spe) 529 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 530 Version: 0, 531 Rule: policydsl.And( 532 policydsl.And( 533 policydsl.SignedBy(0), 534 policydsl.SignedBy(0), 535 ), 536 policydsl.SignedBy(0), 537 ), 538 Identities: []*mb.MSPPrincipal{ 539 { 540 PrincipalClassification: mb.MSPPrincipal_ROLE, 541 Principal: protoutil.MarshalOrPanic( 542 &mb.MSPRole{ 543 Role: mb.MSPRole_MEMBER, 544 MspIdentifier: "A", 545 }, 546 ), 547 }, 548 }, 549 }, spe) 550 } 551 552 func TestImplicitMetaPolicy_Convert5(t *testing.T) { 553 554 // Scenario: we attempt the conversion of a metapolicy requiring 555 // ALL of 2 sub-policies, where the first one is an OR of an AND 556 // of 2 and an OR of 1 and the second one is an AND of 2, with 557 // principal deduplication required both across the two subpolicies 558 // and within the first 559 560 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 561 562 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 563 Version: 0, 564 Rule: policydsl.NOutOf(1, 565 []*cb.SignaturePolicy{ 566 policydsl.NOutOf(2, 567 []*cb.SignaturePolicy{ 568 policydsl.SignedBy(0), 569 policydsl.SignedBy(1), 570 }, 571 ), 572 policydsl.NOutOf(1, 573 []*cb.SignaturePolicy{ 574 policydsl.SignedBy(2), 575 }, 576 ), 577 }, 578 ), 579 Identities: []*mb.MSPPrincipal{ 580 { 581 PrincipalClassification: mb.MSPPrincipal_ROLE, 582 Principal: protoutil.MarshalOrPanic( 583 &mb.MSPRole{ 584 Role: mb.MSPRole_MEMBER, 585 MspIdentifier: "B", 586 }, 587 ), 588 }, 589 { 590 PrincipalClassification: mb.MSPPrincipal_ROLE, 591 Principal: protoutil.MarshalOrPanic( 592 &mb.MSPRole{ 593 Role: mb.MSPRole_MEMBER, 594 MspIdentifier: "C", 595 }, 596 ), 597 }, 598 { 599 PrincipalClassification: mb.MSPPrincipal_ROLE, 600 Principal: protoutil.MarshalOrPanic( 601 &mb.MSPRole{ 602 Role: mb.MSPRole_MEMBER, 603 MspIdentifier: "B", 604 }, 605 ), 606 }, 607 }, 608 }) 609 assert.NotNil(t, p1) 610 assert.NoError(t, err) 611 612 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 613 Version: 0, 614 Rule: policydsl.NOutOf(2, 615 []*cb.SignaturePolicy{ 616 policydsl.SignedBy(0), 617 policydsl.SignedBy(1), 618 }, 619 ), 620 Identities: []*mb.MSPPrincipal{ 621 { 622 PrincipalClassification: mb.MSPPrincipal_ROLE, 623 Principal: protoutil.MarshalOrPanic( 624 &mb.MSPRole{ 625 Role: mb.MSPRole_MEMBER, 626 MspIdentifier: "A", 627 }, 628 ), 629 }, 630 { 631 PrincipalClassification: mb.MSPPrincipal_ROLE, 632 Principal: protoutil.MarshalOrPanic( 633 &mb.MSPRole{ 634 Role: mb.MSPRole_MEMBER, 635 MspIdentifier: "B", 636 }, 637 ), 638 }, 639 }, 640 }) 641 assert.NotNil(t, p2) 642 assert.NoError(t, err) 643 644 p := &policies.ImplicitMetaPolicy{ 645 Threshold: 2, 646 SubPolicyName: "mypolicy", 647 SubPolicies: []policies.Policy{p1, p2}, 648 } 649 650 spe, err := p.Convert() 651 assert.NoError(t, err) 652 assert.NotNil(t, spe) 653 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 654 Version: 0, 655 Rule: policydsl.And( 656 policydsl.NOutOf(1, 657 []*cb.SignaturePolicy{ 658 policydsl.NOutOf(2, 659 []*cb.SignaturePolicy{ 660 policydsl.SignedBy(0), 661 policydsl.SignedBy(1), 662 }, 663 ), 664 policydsl.NOutOf(1, 665 []*cb.SignaturePolicy{ 666 policydsl.SignedBy(0), 667 }, 668 ), 669 }, 670 ), 671 policydsl.NOutOf(2, 672 []*cb.SignaturePolicy{ 673 policydsl.SignedBy(2), 674 policydsl.SignedBy(0), 675 }, 676 ), 677 ), 678 Identities: []*mb.MSPPrincipal{ 679 { 680 PrincipalClassification: mb.MSPPrincipal_ROLE, 681 Principal: protoutil.MarshalOrPanic( 682 &mb.MSPRole{ 683 Role: mb.MSPRole_MEMBER, 684 MspIdentifier: "B", 685 }, 686 ), 687 }, 688 { 689 PrincipalClassification: mb.MSPPrincipal_ROLE, 690 Principal: protoutil.MarshalOrPanic( 691 &mb.MSPRole{ 692 Role: mb.MSPRole_MEMBER, 693 MspIdentifier: "C", 694 }, 695 ), 696 }, 697 { 698 PrincipalClassification: mb.MSPPrincipal_ROLE, 699 Principal: protoutil.MarshalOrPanic( 700 &mb.MSPRole{ 701 Role: mb.MSPRole_MEMBER, 702 MspIdentifier: "A", 703 }, 704 ), 705 }, 706 }, 707 }, spe) 708 } 709 710 func TestImplicitMetaPolicy_Convert6(t *testing.T) { 711 712 // Scenario: we attempt the conversion of a metapolicy requiring 713 // ALL of 2 sub-policies, where the first one is an OR of an AND 714 // of 2 and an OR of 1 and the second one is an AND of 2, with 715 // principal deduplication required both across the two subpolicies 716 // and within the first and the second 717 718 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 719 720 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 721 Version: 0, 722 Rule: policydsl.NOutOf(1, 723 []*cb.SignaturePolicy{ 724 policydsl.NOutOf(2, 725 []*cb.SignaturePolicy{ 726 policydsl.SignedBy(0), 727 policydsl.SignedBy(1), 728 }, 729 ), 730 policydsl.NOutOf(1, 731 []*cb.SignaturePolicy{ 732 policydsl.SignedBy(2), 733 }, 734 ), 735 }, 736 ), 737 Identities: []*mb.MSPPrincipal{ 738 { 739 PrincipalClassification: mb.MSPPrincipal_ROLE, 740 Principal: protoutil.MarshalOrPanic( 741 &mb.MSPRole{ 742 Role: mb.MSPRole_MEMBER, 743 MspIdentifier: "B", 744 }, 745 ), 746 }, 747 { 748 PrincipalClassification: mb.MSPPrincipal_ROLE, 749 Principal: protoutil.MarshalOrPanic( 750 &mb.MSPRole{ 751 Role: mb.MSPRole_MEMBER, 752 MspIdentifier: "C", 753 }, 754 ), 755 }, 756 { 757 PrincipalClassification: mb.MSPPrincipal_ROLE, 758 Principal: protoutil.MarshalOrPanic( 759 &mb.MSPRole{ 760 Role: mb.MSPRole_MEMBER, 761 MspIdentifier: "B", 762 }, 763 ), 764 }, 765 }, 766 }) 767 assert.NotNil(t, p1) 768 assert.NoError(t, err) 769 770 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 771 Version: 0, 772 Rule: policydsl.NOutOf(2, 773 []*cb.SignaturePolicy{ 774 policydsl.SignedBy(0), 775 policydsl.SignedBy(1), 776 }, 777 ), 778 Identities: []*mb.MSPPrincipal{ 779 { 780 PrincipalClassification: mb.MSPPrincipal_ROLE, 781 Principal: protoutil.MarshalOrPanic( 782 &mb.MSPRole{ 783 Role: mb.MSPRole_MEMBER, 784 MspIdentifier: "B", 785 }, 786 ), 787 }, 788 { 789 PrincipalClassification: mb.MSPPrincipal_ROLE, 790 Principal: protoutil.MarshalOrPanic( 791 &mb.MSPRole{ 792 Role: mb.MSPRole_MEMBER, 793 MspIdentifier: "B", 794 }, 795 ), 796 }, 797 }, 798 }) 799 assert.NotNil(t, p2) 800 assert.NoError(t, err) 801 802 p := &policies.ImplicitMetaPolicy{ 803 Threshold: 2, 804 SubPolicyName: "mypolicy", 805 SubPolicies: []policies.Policy{p1, p2}, 806 } 807 808 spe, err := p.Convert() 809 assert.NoError(t, err) 810 assert.NotNil(t, spe) 811 assert.Equal(t, &cb.SignaturePolicyEnvelope{ 812 Version: 0, 813 Rule: policydsl.And( 814 policydsl.NOutOf(1, 815 []*cb.SignaturePolicy{ 816 policydsl.NOutOf(2, 817 []*cb.SignaturePolicy{ 818 policydsl.SignedBy(0), 819 policydsl.SignedBy(1), 820 }, 821 ), 822 policydsl.NOutOf(1, 823 []*cb.SignaturePolicy{ 824 policydsl.SignedBy(0), 825 }, 826 ), 827 }, 828 ), 829 policydsl.NOutOf(2, 830 []*cb.SignaturePolicy{ 831 policydsl.SignedBy(0), 832 policydsl.SignedBy(0), 833 }, 834 ), 835 ), 836 Identities: []*mb.MSPPrincipal{ 837 { 838 PrincipalClassification: mb.MSPPrincipal_ROLE, 839 Principal: protoutil.MarshalOrPanic( 840 &mb.MSPRole{ 841 Role: mb.MSPRole_MEMBER, 842 MspIdentifier: "B", 843 }, 844 ), 845 }, 846 { 847 PrincipalClassification: mb.MSPPrincipal_ROLE, 848 Principal: protoutil.MarshalOrPanic( 849 &mb.MSPRole{ 850 Role: mb.MSPRole_MEMBER, 851 MspIdentifier: "C", 852 }, 853 ), 854 }, 855 }, 856 }, spe) 857 } 858 859 type inconvertiblePolicy struct{} 860 861 func (i *inconvertiblePolicy) EvaluateSignedData(signatureSet []*protoutil.SignedData) error { 862 return nil 863 } 864 865 func (i *inconvertiblePolicy) EvaluateIdentities(signatureSet []msp.Identity) error { 866 return nil 867 } 868 869 func TestImplicitMetaPolicy_Convert7(t *testing.T) { 870 871 // Scenario: we attempt the conversion of a metapolicy 872 // with an incovertible subpolicy 873 874 p := &policies.ImplicitMetaPolicy{ 875 Threshold: 2, 876 SubPolicyName: "mypolicy", 877 SubPolicies: []policies.Policy{&inconvertiblePolicy{}}, 878 } 879 880 spe, err := p.Convert() 881 assert.EqualError(t, err, "subpolicy number 0 type *policies_test.inconvertiblePolicy of policy mypolicy is not convertible") 882 assert.Nil(t, spe) 883 } 884 885 type convertFailurePolicy struct{} 886 887 func (i *convertFailurePolicy) EvaluateSignedData(signatureSet []*protoutil.SignedData) error { 888 return nil 889 } 890 891 func (i *convertFailurePolicy) EvaluateIdentities(identities []msp.Identity) error { 892 return nil 893 } 894 895 func (i *convertFailurePolicy) Convert() (*cb.SignaturePolicyEnvelope, error) { 896 return nil, errors.New("nope") 897 } 898 899 func TestImplicitMetaPolicy_Convert8(t *testing.T) { 900 901 // Scenario: we attempt the conversion of a metapolicy 902 // with a subpolicy whose conversion fails 903 904 p := &policies.PolicyLogger{ 905 Policy: &policies.ImplicitMetaPolicy{ 906 Threshold: 2, 907 SubPolicyName: "mypolicy", 908 SubPolicies: []policies.Policy{&convertFailurePolicy{}}, 909 }, 910 } 911 912 spe, err := p.Convert() 913 assert.EqualError(t, err, "failed to convert subpolicy number 0 of policy mypolicy: nope") 914 assert.Nil(t, spe) 915 }