Merge "[FAB-3971] Register id with multiple attrs"

api/client.go

@@ -40,8 +40,6 @@ type RegistrationRequest struct {
 	// The identity's affiliation.
 	// For example, an affiliation of "org1.department1" associates the identity with "department1" in "org1".
 	Affiliation string `json:"affiliation" help:"The identity's affiliation"`
-	// Attr is used to support a single attribute provided through the fabric-ca-client CLI
-	Attr string `help:"Attributes associated with this identity (e.g. hf.Revoker=true)"`
 	// Attributes associated with this identity
 	Attributes []Attribute `json:"attrs,omitempty"`
 	// CAName is the name of the CA to connect to

cmd/fabric-ca-client/config.go

@@ -201,6 +201,10 @@ var (
 	// cfgFileName is the name of the client's config file
 	cfgFileName string
 
+	// cfgAttrs are the attributes specified via flags or env variables
+	// and translated to Attributes field in registration
+	cfgAttrs []string
+
 	// clientCfg is the client's config
 	clientCfg *lib.ClientConfig
 )
@@ -273,9 +277,11 @@ func configInit(command string) error {
 
 	clientCfg.TLS.Enabled = purl.Scheme == "https"
 
-	if clientCfg.ID.Attr != "" {
-		processAttributes()
+	err = processAttributes()
+	if err != nil {
+		return err
 	}
+
 	return nil
 }
 
@@ -314,14 +320,20 @@ func createDefaultConfigFile() error {
 	return ioutil.WriteFile(cfgFileName, []byte(cfg), 0755)
 }
 
-// processAttributes parses attributes from command line
-func processAttributes() {
-	splitAttr := strings.Split(clientCfg.ID.Attr, "=")
-	if len(clientCfg.ID.Attributes) == 0 {
-		clientCfg.ID.Attributes = make([]api.Attribute, 1)
+// processAttributes parses attributes from command line or env variable
+func processAttributes() error {
+	if cfgAttrs != nil {
+		clientCfg.ID.Attributes = make([]api.Attribute, len(cfgAttrs))
+		for idx, attr := range cfgAttrs {
+			sattr := strings.SplitN(attr, "=", 2)
+			if len(sattr) != 2 {
+				return fmt.Errorf("Attribute '%s' is missing '=' ; it must be of the form <name>=<value>", attr)
+			}
+			clientCfg.ID.Attributes[idx].Name = sattr[0]
+			clientCfg.ID.Attributes[idx].Value = sattr[1]
+		}
 	}
-	clientCfg.ID.Attributes[0].Name = splitAttr[0]
-	clientCfg.ID.Attributes[0].Value = strings.Join(splitAttr[1:], "")
+	return nil
 }
 
 func checkForEnrollment() error {

cmd/fabric-ca-client/main.go

@@ -81,14 +81,16 @@ func init() {
 	// Set global flags used by all commands
 	pflags := rootCmd.PersistentFlags()
 	pflags.StringVarP(&cfgFileName, "config", "c", cfg, "Configuration file")
+	pflags.StringSliceVarP(
+		&cfgAttrs, "id.attrs", "", nil, "A space separated list of attributes of the form <name>=<value> (e.g. foo=foo1 bar=bar1)")
 	util.FlagString(pflags, "myhost", "m", host,
 		"Hostname to include in the certificate signing request during enrollment")
 
 	clientCfg = &lib.ClientConfig{}
 	tags := map[string]string{
 		"skip.csr.cn":           "true", // Skip CN on client side as enrollment ID is used as CN
 		"help.csr.serialnumber": "The serial number in a certificate signing request, which becomes part of the DN (Distinquished Name)",
-		"help.csr.hosts":        "A list of space-separated host names in a certificate signing request",
+		"help.csr.hosts":        "A list of host names in a certificate signing request",
 	}
 	err = util.RegisterFlags(pflags, clientCfg, tags)
 	if err != nil {

cmd/fabric-ca-client/main_test.go

@@ -395,7 +395,7 @@ func testRegisterCommandLine(t *testing.T) {
 	t.Log("Testing Register CMD")
 	defYaml = util.GetDefaultConfigFile("fabric-ca-client")
 
-	err := RunMain([]string{cmdName, "register", "-d", "--id.name", "testRegister3", "--id.affiliation", "hyperledger.org1", "--id.type", "client", "--id.attr", "hf.test=a=b"})
+	err := RunMain([]string{cmdName, "register", "-d", "--id.name", "testRegister3", "--id.affiliation", "hyperledger.org1", "--id.type", "client", "--id.attrs", "foo=a=b bar=c"})
 	if err != nil {
 		t.Errorf("client register failed: %s", err)
 	}

docs/source/users-guide.rst

@@ -244,7 +244,7 @@ The following shows the Fabric CA client usage message:
           --enrollment.label string      Label to use in HSM operations
           --enrollment.profile string    Name of the signing profile to use in issuing the certificate
           --id.affiliation string        The identity's affiliation
-          --id.attr string               Attributes associated with this identity (e.g. hf.Revoker=true)
+          --id.attrs stringSlice         A space-separated list of attributes of the form <name>=<value> (e.g. foo=foo1 bar=bar1)
           --id.maxenrollments int        The maximum number of times the secret can be reused to enroll
           --id.name string               Unique name of the identity
           --id.secret string             The enrollment secret for the identity being registered
@@ -1219,12 +1219,13 @@ during registration as follows:
 
 The following command uses the **admin** identity's credentials to register a new
 identity with an enrollment id of "admin2", a type of "user", an affiliation of
-"org1.department1", and an attribute named "hf.Revoker" with a value of "true".
+"org1.department1", an attribute named "hf.Revoker" with a value of "true", and
+an attribute named "foo" with a value of "bar".
 
 ::
 
     # export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
-    # fabric-ca-client register --id.name admin2 --id.type user --id.affiliation org1.department1 --id.attr hf.Revoker=true
+    # fabric-ca-client register --id.name admin2 --id.type user --id.affiliation org1.department1 --id.attrs "hf.Revoker=true foo=bar"
 
 The password, also known as the enrollment secret, is printed.
 This password is required to enroll the identity.

scripts/fvt/fabric-ca_utils

@@ -303,7 +303,7 @@ register() {
                            --id.type "$USERTYPE" \
                            --id.maxenrollments 1 \
                            $USERGRP_OPT \
-                           --id.attr "$USERATTR" \
+                           --id.attrs "$USERATTR" \
                            -c $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
    local rc=$?
    return $rc