-
Notifications
You must be signed in to change notification settings - Fork 8.8k
/
aclmgmt.go
124 lines (99 loc) · 3.69 KB
/
aclmgmt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package aclmgmt
import (
"fmt"
"sync"
"github.com/hyperledger/fabric/common/flogging"
"github.com/hyperledger/fabric/core/ledger"
"github.com/hyperledger/fabric/core/ledger/customtx"
"github.com/hyperledger/fabric/protos/common"
)
var aclLogger = flogging.MustGetLogger("aclmgmt")
//fabric resources used for ACL checks. Note that some of the checks
//such as LSCC_INSTALL are "peer wide" (current access checks in peer are
//based on local MSP). These are not currently covered by RSCC or defaultProvider
const (
PROPOSE = "PROPOSE"
//LSCC resources
LSCC_INSTALL = "LSCC.INSTALL"
LSCC_DEPLOY = "LSCC.DEPLOY"
LSCC_UPGRADE = "LSCC.UPGRADE"
LSCC_GETCCINFO = "LSCC.GETCCINFO"
LSCC_GETDEPSPEC = "LSCC.GETDEPSPEC"
LSCC_GETCCDATA = "LSCC.GETCCDATA"
LSCC_GETCHAINCODES = "LSCC.GETCHAINCODES"
LSCC_GETINSTALLEDCHAINCODES = "LSCC.GETINSTALLEDCHAINCODES"
//QSCC resources
QSCC_GetChainInfo = "QSCC.GetChainInfo"
QSCC_GetBlockByNumber = "QSCC.GetBlockByNumber"
QSCC_GetBlockByHash = "QSCC.GetBlockByHash"
QSCC_GetTransactionByID = "QSCC.GetTransactionByID"
QSCC_GetBlockByTxID = "QSCC.GetBlockByTxID"
//CSCC resources
CSCC_JoinChain = "CSCC.JoinChain"
CSCC_GetConfigBlock = "CSCC.GetConfigBlock"
CSCC_GetChannels = "CSCC.GetChannels"
//Chaincode-to-Chaincode call
CC2CC = "CC2CC"
//Events
BLOCKEVENT = "BLOCKEVENT"
FILTEREDBLOCKEVENT = "FILTEREDBLOCKEVENT"
)
type ACLProvider interface {
//the provider also provides config processor to build state from
//config
customtx.Processor
//CheckACL checks the ACL for the resource for the channel using the
//idinfo. idinfo is an object such as SignedProposal from which an
//id can be extracted for testing against a policy
CheckACL(resName string, channelID string, idinfo interface{}) error
}
//---------- custom tx processor initialized once by peer -------
var configtxLock sync.RWMutex
type AclMgmtConfigTxProcessor struct {
}
var aclMgmtCfgTxProcessor = &AclMgmtConfigTxProcessor{}
//GenerateSimulationResults this is just a proxy to delegate registered aclProvider.
//Need this as aclmgmt is initialized with ledger initialization as required by ledger
func (*AclMgmtConfigTxProcessor) GenerateSimulationResults(txEnvelop *common.Envelope, simulator ledger.TxSimulator) error {
configtxLock.RLock()
defer configtxLock.RUnlock()
//this should not be nil (aclProvider is initialized at the outset to either
//rscc or default)
if aclProvider != nil {
return aclProvider.GenerateSimulationResults(txEnvelop, simulator)
}
return fmt.Errorf("warning! call to handle config tx before setting ACL provider")
}
//GetConfigTxProcessor initialized at peer startup with ledgermgmt to receive config blocks
//for channels
func GetConfigTxProcessor() customtx.Processor {
aclLogger.Info("Initializing CONFIG processor")
return aclMgmtCfgTxProcessor
}
//---------- ACLProvider intialized once SCCs are brought up by peer ---------
var aclProvider ACLProvider
var once sync.Once
//RegisterACLProvider will be called to register actual SCC if RSCC (an ACLProvider) is enabled
func RegisterACLProvider(r ACLProvider) {
once.Do(func() {
configtxLock.Lock()
defer configtxLock.Unlock()
aclProvider = newACLMgmt(r)
})
}
//GetACLProvider returns ACLProvider
func GetACLProvider() ACLProvider {
if aclProvider == nil {
panic("-----RegisterACLProvider not called -----")
}
return aclProvider
}
//NewDefaultACLProvider constructs a new default provider for other systems
//such as RSCC to use
func NewDefaultACLProvider() ACLProvider {
return newDefaultACLProvider()
}