Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FAB-11694] Improve user management test coverage
Added test cases for: - configuration with only users embedded in client configuration - configuration with only users in orgs' msp directories Change-Id: I7d685dc27414a4e6aafac0ebee5c14d7f274d57f Signed-off-by: Aleksandar Likic <aleksandar.likic@securekey.com>
- Loading branch information
Aleksandar Likic
committed
Aug 22, 2018
1 parent
a83c688
commit 8d8c7b8
Showing
6 changed files
with
435 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,368 @@ | ||
# | ||
# Copyright SecureKey Technologies Inc. All Rights Reserved. | ||
# | ||
# SPDX-License-Identifier: Apache-2.0 | ||
# | ||
# | ||
# The network connection profile provides client applications the information about the target | ||
# blockchain network that are necessary for the applications to interact with it. These are all | ||
# knowledge that must be acquired from out-of-band sources. This file provides such a source. | ||
# | ||
|
||
|
||
# | ||
# Schema version of the content. Used by the SDK to apply the corresponding parsing rules. | ||
# | ||
version: 1.0.0 | ||
|
||
# | ||
# The client section used by GO SDK. | ||
# | ||
client: | ||
|
||
# Which organization does this application instance belong to? The value must be the name of an org | ||
# defined under "organizations" | ||
organization: org1 | ||
|
||
logging: | ||
level: info | ||
|
||
# Needed to load users crypto keys and certs. | ||
cryptoconfig: | ||
path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH} | ||
|
||
# Some SDKs support pluggable KV stores, the properties under "credentialStore" | ||
# are implementation specific | ||
#credentialStore: | ||
# [Optional]. Used by user store. Not needed if all credentials are embedded in configuration | ||
# and enrollments are performed elswhere. | ||
#path: "/tmp/hfc-kvs" | ||
|
||
# [Optional]. Specific to the CryptoSuite implementation used by GO SDK. Software-based implementations | ||
# requiring a key store. PKCS#11 based implementations does not. | ||
#cryptoStore: | ||
# Specific to the underlying KeyValueStore that backs the crypto key store. | ||
#path: /tmp/msp | ||
|
||
# BCCSP config for the client. Used by GO SDK. | ||
BCCSP: | ||
security: | ||
enabled: true | ||
default: | ||
provider: "SW" | ||
hashAlgorithm: "SHA2" | ||
softVerify: true | ||
level: 256 | ||
|
||
tlsCerts: | ||
# [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false | ||
systemCertPool: true | ||
|
||
# | ||
# [Optional]. But most apps would have this section so that channel objects can be constructed | ||
# based on the content below. If an app is creating channels, then it likely will not need this | ||
# section. | ||
# | ||
channels: | ||
# name of the channel | ||
mychannel: | ||
# Required. list of orderers designated by the application to use for transactions on this | ||
# channel. This list can be a result of access control ("org1" can only access "ordererA"), or | ||
# operational decisions to share loads from applications among the orderers. The values must | ||
# be "names" of orgs defined under "organizations/peers" | ||
orderers: | ||
- orderer.example.com | ||
|
||
# Required. list of peers from participating orgs | ||
peers: | ||
peer0.org1.example.com: | ||
# [Optional]. will this peer be sent transaction proposals for endorsement? The peer must | ||
# have the chaincode installed. The app can also use this property to decide which peers | ||
# to send the chaincode install request. Default: true | ||
endorsingPeer: true | ||
|
||
# [Optional]. will this peer be sent query proposals? The peer must have the chaincode | ||
# installed. The app can also use this property to decide which peers to send the | ||
# chaincode install request. Default: true | ||
chaincodeQuery: true | ||
|
||
# [Optional]. will this peer be sent query proposals that do not require chaincodes, like | ||
# queryBlock(), queryTransaction(), etc. Default: true | ||
ledgerQuery: true | ||
|
||
# [Optional]. will this peer be the target of the SDK's listener registration? All peers can | ||
# produce events but the app typically only needs to connect to one to listen to events. | ||
# Default: true | ||
eventSource: true | ||
|
||
peer0.org2.example.com: | ||
endorsingPeer: true | ||
chaincodeQuery: true | ||
ledgerQuery: true | ||
eventSource: true | ||
|
||
# [Optional]. The application can use these options to perform channel operations like retrieving channel | ||
# config etc. | ||
policies: | ||
#[Optional] options for retrieving channel configuration blocks | ||
queryChannelConfig: | ||
#[Optional] min number of success responses (from targets/peers) | ||
minResponses: 1 | ||
#[Optional] channel config will be retrieved for these number of random targets | ||
maxTargets: 1 | ||
#[Optional] retry options for query config block | ||
retryOpts: | ||
#[Optional] number of retry attempts | ||
attempts: 5 | ||
#[Optional] the back off interval for the first retry attempt | ||
initialBackoff: 500ms | ||
#[Optional] the maximum back off interval for any retry attempt | ||
maxBackoff: 5s | ||
#[Optional] he factor by which the initial back off period is exponentially incremented | ||
backoffFactor: 2.0 | ||
|
||
# multi-org test channel | ||
orgchannel: | ||
|
||
orderers: | ||
- orderer.example.com | ||
|
||
peers: | ||
peer0.org1.example.com: | ||
endorsingPeer: true | ||
chaincodeQuery: true | ||
ledgerQuery: true | ||
eventSource: true | ||
|
||
peer0.org2.example.com: | ||
endorsingPeer: true | ||
chaincodeQuery: true | ||
ledgerQuery: true | ||
eventSource: true | ||
|
||
# | ||
# list of participating organizations in this network | ||
# | ||
organizations: | ||
org1: | ||
mspid: Org1MSP | ||
|
||
cryptoPath: peerOrganizations/org1.example.com/users/{username}@org1.example.com/msp | ||
|
||
peers: | ||
- peer0.org1.example.com | ||
|
||
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based | ||
# network. Typically certificates provisioning is done in a separate process outside of the | ||
# runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for | ||
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for | ||
# Fabric-CA servers. | ||
certificateAuthorities: | ||
- ca-org1 | ||
|
||
# the profile will contain public information about organizations other than the one it belongs to. | ||
# These are necessary information to make transaction lifecycles work, including MSP IDs and | ||
# peers with a public URL to send transaction proposals. The file will not contain private | ||
# information reserved for members of the organization, such as admin key and certificate, | ||
# fabric-ca registrar enroll ID and secret, etc. | ||
org2: | ||
mspid: Org2MSP | ||
|
||
cryptoPath: peerOrganizations/org2.example.com/users/{username}@org2.example.com/msp | ||
|
||
peers: | ||
- peer0.org2.example.com | ||
|
||
certificateAuthorities: | ||
- ca-org2 | ||
|
||
# Orderer Org name | ||
ordererorg: | ||
# Membership Service Provider ID for this organization | ||
mspID: OrdererMSP | ||
|
||
# Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode) | ||
cryptoPath: ordererOrganizations/example.com/users/{username}@example.com/msp | ||
|
||
|
||
# | ||
# List of orderers to send transaction and channel create/update requests to. For the time | ||
# being only one orderer is needed. If more than one is defined, which one get used by the | ||
# SDK is implementation specific. Consult each SDK's documentation for its handling of orderers. | ||
# | ||
orderers: | ||
orderer.example.com: | ||
url: orderer.example.com:7050 | ||
|
||
# these are standard properties defined by the gRPC library | ||
# they will be passed in as-is to gRPC client constructor | ||
#TODO to be moved to high level, common for all grpc connections | ||
grpcOptions: | ||
ssl-target-name-override: orderer.example.com | ||
#will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs | ||
allow-insecure: false | ||
|
||
tlsCACerts: | ||
# pem supersedes path | ||
pem: | | ||
-----BEGIN CERTIFICATE----- | ||
MIICNjCCAdygAwIBAgIRAILSPmMB3BzoLIQGsFxwZr8wCgYIKoZIzj0EAwIwbDEL | ||
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG | ||
cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l | ||
eGFtcGxlLmNvbTAeFw0xNzA3MjgxNDI3MjBaFw0yNzA3MjYxNDI3MjBaMGwxCzAJ | ||
BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh | ||
bmNpc2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEaMBgGA1UEAxMRdGxzY2EuZXhh | ||
bXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQfgKb4db53odNzdMXn | ||
P5FZTZTFztOO1yLvCHDofSNfTPq/guw+YYk7ZNmhlhj8JHFG6dTybc9Qb/HOh9hh | ||
gYpXo18wXTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMB | ||
Af8EBTADAQH/MCkGA1UdDgQiBCBxaEP3nVHQx4r7tC+WO//vrPRM1t86SKN0s6XB | ||
8LWbHTAKBggqhkjOPQQDAgNIADBFAiEA96HXwCsuMr7tti8lpcv1oVnXg0FlTxR/ | ||
SQtE5YgdxkUCIHReNWh/pluHTxeGu2jNCH1eh6o2ajSGeeizoapvdJbN | ||
-----END CERTIFICATE----- | ||
# Certificate location absolute path | ||
path: | ||
#path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH}/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem | ||
|
||
# | ||
# List of peers to send various requests to, including endorsement, query | ||
# and event listener registration. | ||
# | ||
peers: | ||
peer0.org1.example.com: | ||
# this URL is used to send endorsement and query requests | ||
url: peer0.org1.example.com:7051 | ||
|
||
#TODO to be moved to high level, common for all grpc connections | ||
grpcOptions: | ||
ssl-target-name-override: peer0.org1.example.com | ||
fail-fast: false | ||
#will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs | ||
allow-insecure: false | ||
|
||
tlsCACerts: | ||
pem: | | ||
-----BEGIN CERTIFICATE----- | ||
MIICSTCCAfCgAwIBAgIRAPQIzfkrCZjcpGwVhMSKd0AwCgYIKoZIzj0EAwIwdjEL | ||
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG | ||
cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHzAdBgNVBAMTFnRs | ||
c2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTcwNzI4MTQyNzIwWhcNMjcwNzI2MTQy | ||
NzIwWjB2MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE | ||
BxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEfMB0G | ||
A1UEAxMWdGxzY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49 | ||
AwEHA0IABMOiG8UplWTs898zZ99+PhDHPbKjZIDHVG+zQXopw8SqNdX3NAmZUKUU | ||
sJ8JZ3M49Jq4Ms8EHSEwQf0Ifx3ICHujXzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNV | ||
HSUECDAGBgRVHSUAMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEID9qJz7xhZko | ||
V842OVjxCYYQwCjPIY+5e9ORR+8pxVzcMAoGCCqGSM49BAMCA0cAMEQCIGZ+KTfS | ||
eezqv0ml1VeQEmnAEt5sJ2RJA58+LegUYMd6AiAfEe6BKqdY03qFUgEYmtKG+3Dr | ||
O94CDp7l2k7hMQI0zQ== | ||
-----END CERTIFICATE----- | ||
# Certificate location absolute path | ||
path: | ||
#path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem | ||
|
||
peer0.org2.example.com: | ||
url: peer0.org2.example.com:7051 | ||
#TODO to be moved to high level, common for all grpc connections | ||
grpcOptions: | ||
ssl-target-name-override: peer0.org2.example.com | ||
fail-fast: false | ||
#will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs | ||
allow-insecure: false | ||
tlsCACerts: | ||
path: | ||
#path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem | ||
|
||
# | ||
# Fabric-CA is a special kind of Certificate Authority provided by Hyperledger Fabric which allows | ||
# certificate management to be done via REST APIs. Application may choose to use a standard | ||
# Certificate Authority instead of Fabric-CA, in which case this section would not be specified. | ||
# | ||
certificateAuthorities: | ||
ca-org1: | ||
url: https://ca_peerOrg1:7054 | ||
# [Optional] The optional server name for target override | ||
grpcOptions: | ||
ssl-target-name-override: ca_peerOrg1 | ||
tlsCACerts: | ||
pem: | ||
- | | ||
-----BEGIN CERTIFICATE----- | ||
MIIC5TCCAkegAwIBAgIUOZ3VsFt7bN0zFKu96MZPVuwcFlswCgYIKoZIzj0EAwQw | ||
gYwxCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMRAwDgYDVQQHEwdUb3Jv | ||
bnRvMREwDwYDVQQKEwhsaW51eGN0bDEMMAoGA1UECxMDTGFiMTgwNgYDVQQDEy9s | ||
aW51eGN0bCBFQ0MgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoTGFiKTAe | ||
Fw0xNzA3MTkxOTUxMDBaFw00NzA3MTIxOTUxMDBaMIGMMQswCQYDVQQGEwJDQTEQ | ||
MA4GA1UECBMHT250YXJpbzEQMA4GA1UEBxMHVG9yb250bzERMA8GA1UEChMIbGlu | ||
dXhjdGwxDDAKBgNVBAsTA0xhYjE4MDYGA1UEAxMvbGludXhjdGwgRUNDIFJvb3Qg | ||
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKExhYikwgZswEAYHKoZIzj0CAQYFK4EE | ||
ACMDgYYABAC+EyelOCNoDqOdNwrt5/8K/1VpzVX7p6a8RcTrPbkYRAMOwax625fa | ||
WX7hgzgfyi1aQLgBSbwoBr+DBix8kcMR/gBl9Z+W8OeFWC2ZqFxC05qJxq8Cm1pe | ||
4YV70ughp9H/rnZVsJ3t5taQur01hPlRok/HXLwsbh/fINyYEDOdckhbQ6NCMEAw | ||
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBRwn4eb | ||
3CN8w7iOHQTssEhcEBMPMAoGCCqGSM49BAMEA4GLADCBhwJCARgr4jiAH8Pymi3Y | ||
RINmArZEzCcAGPnu5kBuGjsugs/AHqvv0UxTZZE5R/jMt7TpqLk6HaUkvaK2L4Gn | ||
ALv3KBYxAkFjCPgwG9KRdaHpeYEUj5vrbam6UlslOafb4VKMXJABKTN9UPodEdPP | ||
oxwVKDzoWzRq5LruKZYYYmNzCuuUMoAzUQ== | ||
-----END CERTIFICATE----- | ||
# Comma-Separated list of paths | ||
path: | ||
# Client key and cert for SSL handshake with Fabric CA | ||
client: | ||
key: | ||
pem: | | ||
-----BEGIN EC PRIVATE KEY----- | ||
MIGkAgEBBDAeWRhdAl+olgpLiI9mXHwcgJ1g4NNgPrYFSkkukISeAGfvK348izwG | ||
0Aub948H5IygBwYFK4EEACKhZANiAATJb6oe7bpmnuJwjYMaQX7D2YQ0vLHmRWKs | ||
QSn674xQJ5N8rMHAA/DXtpIMKI5uulot0jJ5xFkpikLGd8+6soQp8pd5tkMqZB0a | ||
nFoUptdom8LjgRus6rnHbXxGqcIN6oA= | ||
-----END EC PRIVATE KEY----- | ||
cert: | ||
pem: | | ||
-----BEGIN CERTIFICATE----- | ||
MIIC5TCCAkegAwIBAgIUBzAG7MTjO4n9GFkYTkJBnvCInRIwCgYIKoZIzj0EAwQw | ||
gYwxCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMRAwDgYDVQQHEwdUb3Jv | ||
bnRvMREwDwYDVQQKEwhsaW51eGN0bDEMMAoGA1UECxMDTGFiMTgwNgYDVQQDEy9s | ||
aW51eGN0bCBFQ0MgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoTGFiKTAe | ||
Fw0xNzA3MTkxOTUyMDBaFw0xODA3MTkxOTUyMDBaMGoxCzAJBgNVBAYTAkNBMRAw | ||
DgYDVQQIEwdPbnRhcmlvMRAwDgYDVQQHEwdUb3JvbnRvMREwDwYDVQQKEwhsaW51 | ||
eGN0bDEMMAoGA1UECxMDTGFiMRYwFAYDVQQDDA1mYWJyaWNfY2xpZW50MHYwEAYH | ||
KoZIzj0CAQYFK4EEACIDYgAEyW+qHu26Zp7icI2DGkF+w9mENLyx5kVirEEp+u+M | ||
UCeTfKzBwAPw17aSDCiObrpaLdIyecRZKYpCxnfPurKEKfKXebZDKmQdGpxaFKbX | ||
aJvC44EbrOq5x218RqnCDeqAo4GKMIGHMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUE | ||
DDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRBA9pDyeovnjWP | ||
uvftCfEagM/wKjAfBgNVHSMEGDAWgBQUcJ+Hm9wjfMO4jh0E7LBIXBATDzASBgNV | ||
HREECzAJggd0ZXN0aW5nMAoGCCqGSM49BAMEA4GLADCBhwJCATMHAs0T6yZFDByA | ||
XNzhG5LwkITa+GcMJNR9qXlFBG18P+LM/2cdT6Y2+Fz9ZEvGjYMC+c+yg4nyRwu3 | ||
rIYog3WBAkECntF217dk3VCZHXfl+rik6wm+ijzYk+k336UERiSJRu09YHHEh7x6 | ||
NRCHI3uXUJ5/3zDZM3qtV8UYHou4KDS35Q== | ||
-----END CERTIFICATE----- | ||
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is | ||
# needed to enroll and invoke new users. | ||
registrar: | ||
enrollId: admin | ||
enrollSecret: adminpw | ||
# [Optional] The optional name of the CA. | ||
caName: ca-org1 | ||
ca-org2: | ||
url: https://ca_peerOrg2:7054 | ||
# [Optional] The optional server name for target override | ||
grpcOptions: | ||
ssl-target-name-override: ca_peerOrg2 | ||
tlsCACerts: | ||
# Comma-Separated list of paths | ||
path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/pkg/core/config/testdata/certs/ca.crt | ||
# Client key and cert for SSL handshake with Fabric CA | ||
client: | ||
key: | ||
path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/pkg/core/config/testdata/certs/client_sdk_go-key.pem | ||
cert: | ||
path: ${GOPATH}/src/github.com/hyperledger/fabric-sdk-go/pkg/core/config/testdata/certs/client_sdk_go.pem | ||
|
||
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is | ||
# needed to enroll and invoke new users. | ||
registrar: | ||
enrollId: admin | ||
enrollSecret: adminpw | ||
# [Optional] The optional name of the CA. | ||
caName: ca-org2 |
Oops, something went wrong.