-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsanitycheck.go
130 lines (109 loc) · 3.68 KB
/
sanitycheck.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
/*
Copyright IBM Corp. 2017 All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package sanitycheck
import (
"fmt"
"github.com/golang/protobuf/proto"
newchannelconfig "github.com/hyperledger/fabric/common/channelconfig"
cb "github.com/hyperledger/fabric/protos/common"
mspprotos "github.com/hyperledger/fabric/protos/msp"
)
type Messages struct {
GeneralErrors []string `json:"general_errors"`
ElementWarnings []*ElementMessage `json:"element_warnings"`
ElementErrors []*ElementMessage `json:"element_errors"`
}
type ElementMessage struct {
Path string `json:"path"`
Message string `json:"message"`
}
func Check(config *cb.Config) (*Messages, error) {
result := &Messages{}
bundle, err := newchannelconfig.NewBundle("sanitycheck", config)
if err != nil {
result.GeneralErrors = []string{err.Error()}
return result, nil
}
// This should come from the MSP manager, but, for some reason
// the MSP manager is not intialized if there are no orgs, so,
// we collect this manually.
mspMap := make(map[string]struct{})
if ac, ok := bundle.ApplicationConfig(); ok {
for _, org := range ac.Organizations() {
mspMap[org.MSPID()] = struct{}{}
}
}
if oc, ok := bundle.OrdererConfig(); ok {
for _, org := range oc.Organizations() {
mspMap[org.MSPID()] = struct{}{}
}
}
policyWarnings, policyErrors := checkPolicyPrincipals(config.ChannelGroup, "", mspMap)
result.ElementWarnings = policyWarnings
result.ElementErrors = policyErrors
return result, nil
}
func checkPolicyPrincipals(group *cb.ConfigGroup, basePath string, mspMap map[string]struct{}) (warnings []*ElementMessage, errors []*ElementMessage) {
for policyName, configPolicy := range group.Policies {
appendError := func(err string) {
errors = append(errors, &ElementMessage{
Path: basePath + ".policies." + policyName,
Message: err,
})
}
appendWarning := func(err string) {
warnings = append(errors, &ElementMessage{
Path: basePath + ".policies." + policyName,
Message: err,
})
}
if configPolicy.Policy == nil {
appendError(fmt.Sprintf("no policy value set for %s", policyName))
continue
}
if configPolicy.Policy.Type != int32(cb.Policy_SIGNATURE) {
continue
}
spe := &cb.SignaturePolicyEnvelope{}
err := proto.Unmarshal(configPolicy.Policy.Value, spe)
if err != nil {
appendError(fmt.Sprintf("error unmarshaling policy value to SignaturePolicyEnvelope: %s", err))
continue
}
for i, identity := range spe.Identities {
var mspID string
switch identity.PrincipalClassification {
case mspprotos.MSPPrincipal_ROLE:
role := &mspprotos.MSPRole{}
err = proto.Unmarshal(identity.Principal, role)
if err != nil {
appendError(fmt.Sprintf("value of identities array at index %d is of type ROLE, but could not be unmarshaled to msp.MSPRole: %s", i, err))
continue
}
mspID = role.MspIdentifier
case mspprotos.MSPPrincipal_ORGANIZATION_UNIT:
ou := &mspprotos.OrganizationUnit{}
err = proto.Unmarshal(identity.Principal, ou)
if err != nil {
appendError(fmt.Sprintf("value of identities array at index %d is of type ORGANIZATION_UNIT, but could not be unmarshaled to msp.OrganizationUnit: %s", i, err))
continue
}
mspID = ou.MspIdentifier
default:
continue
}
_, ok := mspMap[mspID]
if !ok {
appendWarning(fmt.Sprintf("identity principal at index %d refers to MSP ID '%s', which is not an MSP in the network", i, mspID))
}
}
}
for subGroupName, subGroup := range group.Groups {
subWarnings, subErrors := checkPolicyPrincipals(subGroup, basePath+".groups."+subGroupName, mspMap)
warnings = append(warnings, subWarnings...)
errors = append(errors, subErrors...)
}
return
}