[FAB-10266] enable cc-2-cc policy integration test

Change-Id: I1d0d6c4e578e0d9cfd99a175c112cc728a1df4a6 Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>
hyperledger · May 23, 2018 · b794b72 · b794b72
1 parent c37715b
commit b794b72
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 34 deletions.
diff --git a/core/aclmgmt/aclmgmtimpl.go b/core/aclmgmt/aclmgmtimpl.go
@@ -8,13 +8,10 @@ package aclmgmt
 
 import (
 	"github.com/hyperledger/fabric/common/flogging"
-	"github.com/hyperledger/fabric/core/peer"
 )
 
 var aclMgmtLogger = flogging.MustGetLogger("aclmgmt")
 
-type aclMethod func(resName string, channelID string, idinfo interface{}) error
-
 //implementation of aclMgmt. CheckACL calls in fabric result in the following flow
 //    if resourceProvider[resourceName]
 //       return resourceProvider[resourceName].CheckACL(...)
@@ -37,17 +34,8 @@ func (am *aclMgmtImpl) CheckACL(resName string, channelID string, idinfo interfa
 //ACLProvider consists of two providers, supplied one and a default one (1.0 ACL management
 //using ChannelReaders and ChannelWriters). If supplied provider is nil, a resource based
 //ACL provider is created.
-func newACLMgmt(prov ACLProvider) ACLProvider {
-	rp := prov
-	if rp == nil {
-		rp = newResourceProvider(peer.GetStableChannelConfig, newDefaultACLProvider())
-	}
-
-	return &aclMgmtImpl{rescfgProvider: rp}
-}
-
-func NewACLProvider() ACLProvider {
+func NewACLProvider(rg ResourceGetter) ACLProvider {
 	return &aclMgmtImpl{
-		rescfgProvider: newResourceProvider(peer.GetStableChannelConfig, newDefaultACLProvider()),
+		rescfgProvider: newResourceProvider(rg, NewDefaultACLProvider()),
 	}
 }
diff --git a/core/aclmgmt/defaultaclprovider.go b/core/aclmgmt/defaultaclprovider.go
@@ -35,7 +35,7 @@ type defaultACLProvider struct {
 	cResourcePolicyMap map[string]string
 }
 
-func newDefaultACLProvider() ACLProvider {
+func NewDefaultACLProvider() ACLProvider {
 	d := &defaultACLProvider{}
 	d.initialize()
 

diff --git a/core/aclmgmt/resourceprovider.go b/core/aclmgmt/resourceprovider.go
@@ -140,19 +140,19 @@ func (rp *aclmgmtPolicyProviderImpl) CheckACL(polName string, idinfo interface{}
 //-------- resource provider - entry point API used by aclmgmtimpl for doing resource based ACL ----------
 
 //resource getter gets channelconfig.Resources given channel ID
-type resourceGetter func(channelID string) channelconfig.Resources
+type ResourceGetter func(channelID string) channelconfig.Resources
 
 //resource provider that uses the resource configuration information to provide ACL support
 type resourceProvider struct {
 	//resource getter
-	resGetter resourceGetter
+	resGetter ResourceGetter
 
 	//default provider to be used for undefined resources
 	defaultProvider ACLProvider
 }
 
 //create a new resourceProvider
-func newResourceProvider(rg resourceGetter, defprov ACLProvider) *resourceProvider {
+func newResourceProvider(rg ResourceGetter, defprov ACLProvider) *resourceProvider {
 	return &resourceProvider{rg, defprov}
 }
 

diff --git a/core/chaincode/exectransaction_test.go b/core/chaincode/exectransaction_test.go
@@ -25,10 +25,12 @@ import (
 
 	"github.com/golang/protobuf/proto"
 	"github.com/hyperledger/fabric/bccsp/factory"
+	"github.com/hyperledger/fabric/common/channelconfig"
 	mc "github.com/hyperledger/fabric/common/mocks/config"
 	mockpolicies "github.com/hyperledger/fabric/common/mocks/policies"
 	"github.com/hyperledger/fabric/common/policies"
 	"github.com/hyperledger/fabric/common/util"
+	"github.com/hyperledger/fabric/core/aclmgmt"
 	aclmocks "github.com/hyperledger/fabric/core/aclmgmt/mocks"
 	"github.com/hyperledger/fabric/core/chaincode/accesscontrol"
 	"github.com/hyperledger/fabric/core/chaincode/shim"
@@ -55,6 +57,7 @@ import (
 	pb "github.com/hyperledger/fabric/protos/peer"
 	putils "github.com/hyperledger/fabric/protos/utils"
 	"github.com/spf13/viper"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
@@ -128,7 +131,7 @@ func initPeer(chainIDs ...string) (net.Listener, *ChaincodeSupport, func(), erro
 		ca.CertBytes(),
 		certGenerator,
 		&ccprovider.CCInfoFSImpl{},
-		mockAclProvider,
+		aclmgmt.NewACLProvider(func(string) channelconfig.Resources { return nil }),
 		container.NewVMController(
 			map[string]container.VMProvider{
 				dockercontroller.ContainerType: dockercontroller.NewProvider("", ""),
@@ -755,18 +758,18 @@ func runChaincodeInvokeChaincode(t *testing.T, channel1 string, channel2 string,
 		},
 	}
 
-	// TODO: Restore setup for policy and acl validation
-	// // as Bob, invoke chaincode2 on channel2 so that it invokes chaincode1 on channel1
-	// _, _, _, err = invoke(ctxt, channel2, chaincode2InvokeSpec, nextBlockNumber2, []byte("Bob"), chaincodeSupport)
-	// if err == nil {
-	// 	// Bob should not be able to call
-	// 	stopChaincode(ctxt, cccid1, chaincodeSupport)
-	// 	stopChaincode(ctxt, cccid2, chaincodeSupport)
-	// 	stopChaincode(ctxt, cccid3, chaincodeSupport)
-	// 	nextBlockNumber2++
-	// 	t.Fatalf("As Bob, invoking <%s/%s> via <%s/%s> should fail, but it succeeded.", cccid1.Name, cccid1.ChainID, chaincode2Name, channel2)
-	// 	return nextBlockNumber1, nextBlockNumber2
-	// }
+	// as Bob, invoke chaincode2 on channel2 so that it invokes chaincode1 on channel1
+	_, _, _, err = invoke(ctxt, channel2, chaincode2InvokeSpec, nextBlockNumber2, []byte("Bob"), chaincodeSupport)
+	if err == nil {
+		// Bob should not be able to call
+		stopChaincode(ctxt, cccid1, chaincodeSupport)
+		stopChaincode(ctxt, cccid2, chaincodeSupport)
+		stopChaincode(ctxt, cccid3, chaincodeSupport)
+		nextBlockNumber2++
+		t.Fatalf("As Bob, invoking <%s/%s> via <%s/%s> should fail, but it succeeded.", cccid1.Name, cccid1.ChainID, chaincode2Name, channel2)
+		return nextBlockNumber1, nextBlockNumber2
+	}
+	assert.True(t, strings.Contains(err.Error(), "[Creator not recognized [Bob]]"))
 
 	// as Alice, invoke chaincode2 on channel2 so that it invokes chaincode1 on channel1
 	_, _, _, err = invoke(ctxt, channel2, chaincode2InvokeSpec, nextBlockNumber2, []byte("Alice"), chaincodeSupport)
@@ -915,7 +918,6 @@ func TestChaincodeInvokeChaincode(t *testing.T) {
 	}
 	defer cleanup()
 
-	// TODO: Restore setup for policy and acl validation
 	mockAclProvider.On("CheckACL", mock.Anything, mock.Anything, mock.Anything).Return(nil)
 
 	testCases := []tcicTc{
@@ -1007,7 +1009,6 @@ func TestChaincodeInvokeChaincodeErrorCase(t *testing.T) {
 	}
 	defer cleanup()
 
-	// TODO: Restore setup for policy and acl validation
 	mockAclProvider.On("CheckACL", mock.Anything, mock.Anything, mock.Anything).Return(nil)
 
 	// Deploy first chaincode

diff --git a/peer/node/start.go b/peer/node/start.go
@@ -140,7 +140,9 @@ func serve(args []string) error {
 
 	//startup aclmgmt with default ACL providers (resource based and default 1.0 policies based).
 	//Users can pass in their own ACLProvider to RegisterACLProvider (currently unit tests do this)
-	aclProvider := aclmgmt.NewACLProvider() // TODO: provide resource getter / peer.GetStableChannelConfig
+	aclProvider := aclmgmt.NewACLProvider(
+		aclmgmt.ResourceGetter(peer.GetStableChannelConfig),
+	)
 
 	//initialize resource management exit
 	ledgermgmt.Initialize(peer.ConfigTxProcessors)