Merge changes from topic 'consortium-stack'

* changes:
  [FAB-2735] (PA) Clean up config mocks
  [FAB-2723] (PA) Remove old ChainCreationPolicyName
  [FAB-1302] (PA) Add channel create authorization
  [FAB-2783] (PA) configtxgen specify admin principl
  [FAB-2703] (PA) Expose committed configEnvelope
  [FAB-2702] (PA) Specify consortium in chan config
  [FAB-2646] (PA) Create consortium configuration

common/cauthdsl/cauthdsl.go

@@ -41,7 +41,7 @@ func compile(policy *cb.SignaturePolicy, identities []*mb.MSPPrincipal, deserial
 
 		}
 		return func(signedData []*cb.SignedData, used []bool) bool {
-			cauthdslLogger.Debugf("Gate evaluation starts: (%s)", t)
+			cauthdslLogger.Debugf("Gate evaluation starts: (%v)", t)
 			verified := int32(0)
 			_used := make([]bool, len(used))
 			for _, policy := range policies {
@@ -53,20 +53,20 @@ func compile(policy *cb.SignaturePolicy, identities []*mb.MSPPrincipal, deserial
 			}
 
 			if verified >= t.NOutOf.N {
-				cauthdslLogger.Debugf("Gate evaluation succeeds: (%s)", t)
+				cauthdslLogger.Debugf("Gate evaluation succeeds: (%v)", t)
 			} else {
-				cauthdslLogger.Debugf("Gate evaluation fails: (%s)", t)
+				cauthdslLogger.Debugf("Gate evaluation fails: (%v)", t)
 			}
 
 			return verified >= t.NOutOf.N
 		}, nil
 	case *cb.SignaturePolicy_SignedBy:
 		if t.SignedBy < 0 || t.SignedBy >= int32(len(identities)) {
-			return nil, fmt.Errorf("Identity index out of range, requested %d, but identies length is %d", t.SignedBy, len(identities))
+			return nil, fmt.Errorf("Identity index out of range, requested %v, but identies length is %d", t.SignedBy, len(identities))
 		}
 		signedByID := identities[t.SignedBy]
 		return func(signedData []*cb.SignedData, used []bool) bool {
-			cauthdslLogger.Debugf("Principal evaluation starts: (%s) (used %s)", t, used)
+			cauthdslLogger.Debugf("Principal evaluation starts: (%v) (used %v)", t, used)
 			for i, sd := range signedData {
 				if used[i] {
 					continue
@@ -78,15 +78,18 @@ func compile(policy *cb.SignaturePolicy, identities []*mb.MSPPrincipal, deserial
 				}
 				err = identity.SatisfiesPrincipal(signedByID)
 				if err == nil {
-					err := identity.Verify(sd.Data, sd.Signature)
+					cauthdslLogger.Debugf("Principal matched by identity: (%v) for %v", t, sd.Identity)
+					err = identity.Verify(sd.Data, sd.Signature)
 					if err == nil {
-						cauthdslLogger.Debugf("Principal evaluation succeeds: (%s) (used %s)", t, used)
+						cauthdslLogger.Debugf("Principal evaluation succeeds: (%v) (used %v)", t, used)
 						used[i] = true
 						return true
 					}
+				} else {
+					cauthdslLogger.Debugf("Identity (%v) does not satisfy principal: %s", sd.Identity, err)
 				}
 			}
-			cauthdslLogger.Debugf("Principal evaluation fails: (%s)", t, used)
+			cauthdslLogger.Debugf("Principal evaluation fails: (%v) %v", t, used)
 			return false
 		}, nil
 	default:

common/config/api.go

@@ -21,6 +21,7 @@ package config
 import (
 	"time"
 
+	cb "github.com/hyperledger/fabric/protos/common"
 	ab "github.com/hyperledger/fabric/protos/orderer"
 	pb "github.com/hyperledger/fabric/protos/peer"
 )
@@ -62,6 +63,18 @@ type Channel interface {
 	OrdererAddresses() []string
 }
 
+// Consortiums represents the set of consortiums serviced by an ordering service
+type Consortiums interface {
+	// Consortiums returns the set of consortiums
+	Consortiums() map[string]Consortium
+}
+
+// Consortium represents a group of orgs which may create channels together
+type Consortium interface {
+	// ChannelCreationPolicy returns the policy to check when instantiating a channel for this consortium
+	ChannelCreationPolicy() *cb.Policy
+}
+
 // Orderer stores the common shared orderer config
 type Orderer interface {
 	// ConsensusType returns the configured consensus type
@@ -73,10 +86,6 @@ type Orderer interface {
 	// BatchTimeout returns the amount of time to wait before creating a batch
 	BatchTimeout() time.Duration
 
-	// ChainCreationPolicyNames returns the policy names which are allowed for chain creation
-	// This field is only set for the system ordering chain
-	ChainCreationPolicyNames() []string
-
 	// MaxChannelsCount returns the maximum count of channels to allow for an ordering network
 	MaxChannelsCount() uint64
 

common/config/channel.go

@@ -28,6 +28,9 @@ import (
 
 // Channel config keys
 const (
+	// ConsortiumKey is the key for the cb.ConfigValue for the Consortium message
+	ConsortiumKey = "Consortium"
+
 	// HashingAlgorithmKey is the cb.ConfigItem type key name for the HashingAlgorithm message
 	HashingAlgorithmKey = "HashingAlgorithm"
 
@@ -60,6 +63,7 @@ type ChannelProtos struct {
 	HashingAlgorithm          *cb.HashingAlgorithm
 	BlockDataHashingStructure *cb.BlockDataHashingStructure
 	OrdererAddresses          *cb.OrdererAddresses
+	Consortium                *cb.Consortium
 }
 
 type channelConfigSetter struct {
@@ -105,13 +109,20 @@ func (cg *ChannelGroup) ApplicationConfig() *ApplicationGroup {
 	return cg.ChannelConfig.appConfig
 }
 
+// ConsortiumsConfig returns the consortium config associated with this channel if it exists
+func (cg *ChannelGroup) ConsortiumsConfig() *ConsortiumsGroup {
+	return cg.ChannelConfig.consortiumsConfig
+}
+
 // NewGroup instantiates either a new application or orderer config
 func (cg *ChannelGroup) NewGroup(group string) (ValueProposer, error) {
 	switch group {
 	case ApplicationGroupKey:
 		return NewApplicationGroup(cg.mspConfigHandler), nil
 	case OrdererGroupKey:
 		return NewOrdererGroup(cg.mspConfigHandler), nil
+	case ConsortiumsGroupKey:
+		return NewConsortiumsGroup(), nil
 	default:
 		return nil, fmt.Errorf("Disallowed channel group: %s", group)
 	}
@@ -124,8 +135,9 @@ type ChannelConfig struct {
 
 	hashingAlgorithm func(input []byte) []byte
 
-	appConfig     *ApplicationGroup
-	ordererConfig *OrdererGroup
+	appConfig         *ApplicationGroup
+	ordererConfig     *OrdererGroup
+	consortiumsConfig *ConsortiumsGroup
 }
 
 // NewChannelConfig creates a new ChannelConfig
@@ -157,6 +169,11 @@ func (cc *ChannelConfig) OrdererAddresses() []string {
 	return cc.protos.OrdererAddresses.Addresses
 }
 
+// ConsortiumName returns the name of the consortium this channel was created under
+func (cc *ChannelConfig) ConsortiumName() string {
+	return cc.protos.Consortium.Name
+}
+
 // Validate inspects the generated configuration protos, ensures that the values are correct, and
 // sets the ChannelConfig fields that may be referenced after Commit
 func (cc *ChannelConfig) Validate(tx interface{}, groups map[string]ValueProposer) error {
@@ -183,6 +200,11 @@ func (cc *ChannelConfig) Validate(tx interface{}, groups map[string]ValuePropose
 			if !ok {
 				return fmt.Errorf("Orderer group was not Orderer config")
 			}
+		case ConsortiumsGroupKey:
+			cc.consortiumsConfig, ok = value.(*ConsortiumsGroup)
+			if !ok {
+				return fmt.Errorf("Consortiums group was no Consortium config")
+			}
 		default:
 			return fmt.Errorf("Disallowed channel group: %s", key)
 		}

common/config/channel_util.go

@@ -34,10 +34,14 @@ func configGroup(key string, value []byte) *cb.ConfigGroup {
 	return result
 }
 
+// TemplateConsortiumName creates a ConfigGroup representing the ConsortiumName
+func TemplateConsortium(name string) *cb.ConfigGroup {
+	return configGroup(ConsortiumKey, utils.MarshalOrPanic(&cb.Consortium{Name: name}))
+}
+
 // TemplateHashingAlgorithm creates a ConfigGroup representing the HashingAlgorithm
 func TemplateHashingAlgorithm(name string) *cb.ConfigGroup {
 	return configGroup(HashingAlgorithmKey, utils.MarshalOrPanic(&cb.HashingAlgorithm{Name: name}))
-
 }
 
 // DefaultHashingAlgorithm creates a headerless config item for the default hashing algorithm

common/config/consortium.go

@@ -0,0 +1,137 @@
+/*
+Copyright IBM Corp. 2017 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+                 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package config
+
+import (
+	"fmt"
+
+	"github.com/hyperledger/fabric/common/config/msp"
+	cb "github.com/hyperledger/fabric/protos/common"
+)
+
+// ConsortiumProtos holds the config protos for the consortium config
+type ConsortiumProtos struct {
+	ChannelCreationPolicy *cb.Policy
+}
+
+// ConsortiumGroup stores the set of Consortium
+type ConsortiumGroup struct {
+	*Proposer
+	*ConsortiumConfig
+
+	mspConfig        *msp.MSPConfigHandler
+	consortiumsGroup *ConsortiumsGroup
+}
+
+// NewConsortiumGroup creates a new *ConsortiumGroup
+func NewConsortiumGroup(consortiumsGroup *ConsortiumsGroup) *ConsortiumGroup {
+	cg := &ConsortiumGroup{
+		mspConfig:        msp.NewMSPConfigHandler(),
+		consortiumsGroup: consortiumsGroup,
+	}
+	cg.Proposer = NewProposer(cg)
+	return cg
+}
+
+// NewGroup returns a Consortium instance
+func (cg *ConsortiumGroup) NewGroup(name string) (ValueProposer, error) {
+	return NewOrganizationGroup(name, cg.mspConfig), nil
+}
+
+// Allocate returns the resources for a new config proposal
+func (cg *ConsortiumGroup) Allocate() Values {
+	return NewConsortiumConfig(cg)
+}
+
+// BeginValueProposals calls through to Proposer after calling into the MSP config Handler
+func (cg *ConsortiumGroup) BeginValueProposals(tx interface{}, groups []string) (ValueDeserializer, []ValueProposer, error) {
+	cg.mspConfig.BeginConfig(tx)
+	return cg.Proposer.BeginValueProposals(tx, groups)
+}
+
+// PreCommit intercepts the precommit request and commits the MSP config handler before calling the underlying proposer
+func (cg *ConsortiumGroup) PreCommit(tx interface{}) error {
+	err := cg.mspConfig.PreCommit(tx)
+	if err != nil {
+		return err
+	}
+	return cg.Proposer.PreCommit(tx)
+}
+
+// RollbackProposals intercepts the rollback request and commits the MSP config handler before calling the underlying proposer
+func (cg *ConsortiumGroup) RollbackProposals(tx interface{}) {
+	cg.mspConfig.RollbackProposals(tx)
+	cg.Proposer.RollbackProposals(tx)
+}
+
+// CommitProposals intercepts the commit request and commits the MSP config handler before calling the underlying proposer
+func (cg *ConsortiumGroup) CommitProposals(tx interface{}) {
+	cg.mspConfig.CommitProposals(tx)
+	cg.Proposer.CommitProposals(tx)
+}
+
+// ConsortiumConfig holds the consoritums configuration information
+type ConsortiumConfig struct {
+	*standardValues
+	protos *ConsortiumProtos
+	orgs   map[string]*OrganizationGroup
+
+	consortiumGroup *ConsortiumGroup
+}
+
+// NewConsortiumConfig creates a new instance of the consoritums config
+func NewConsortiumConfig(cg *ConsortiumGroup) *ConsortiumConfig {
+	cc := &ConsortiumConfig{
+		protos:          &ConsortiumProtos{},
+		orgs:            make(map[string]*OrganizationGroup),
+		consortiumGroup: cg,
+	}
+	var err error
+	cc.standardValues, err = NewStandardValues(cc.protos)
+	if err != nil {
+		logger.Panicf("Programming error: %s", err)
+	}
+	return cc
+}
+
+// Organizations returns the set of organizations in the consortium
+func (cc *ConsortiumConfig) Organizations() map[string]*OrganizationGroup {
+	return cc.orgs
+}
+
+// CreationPolicy returns the policy structure used to validate
+// the channel creation
+func (cc *ConsortiumConfig) ChannelCreationPolicy() *cb.Policy {
+	return cc.protos.ChannelCreationPolicy
+}
+
+// Commit commits the ConsortiumConfig
+func (cc *ConsortiumConfig) Commit() {
+	cc.consortiumGroup.ConsortiumConfig = cc
+}
+
+// Validate builds the Consortium map
+func (cc *ConsortiumConfig) Validate(tx interface{}, groups map[string]ValueProposer) error {
+	var ok bool
+	for key, group := range groups {
+		cc.orgs[key], ok = group.(*OrganizationGroup)
+		if !ok {
+			return fmt.Errorf("Unexpected group type: %T", group)
+		}
+	}
+	return nil
+}