From fb234fc32e8aa93047ab0640f69895454c0c2c64 Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Sat, 2 Nov 2024 08:05:29 +0100 Subject: [PATCH 1/6] allow the user to disable tls for the ordering service Signed-off-by: Angelo De Caro --- docs/core-fabric.md | 4 +- .../nwo/fabric/network/network_support.go | 3 +- .../nwo/fabric/topology/core_template.go | 2 + .../nwo/fabric/topology/orderer_template.go | 2 +- integration/nwo/fabric/topology/topology.go | 59 ++++++++++--------- .../core/generic/committer/committer.go | 11 ++-- .../fabric/core/generic/config/service.go | 20 +++++-- platform/fabric/driver/config.go | 1 + 8 files changed, 62 insertions(+), 40 deletions(-) diff --git a/docs/core-fabric.md b/docs/core-fabric.md index 5abe63626..b3356d035 100644 --- a/docs/core-fabric.md +++ b/docs/core-fabric.md @@ -291,8 +291,8 @@ fabric: interval: 60s # If not provided, the default is 20 seconds timeout: 600s + # If not provided, the default is 10 seconds connectionTimeout: 10s - tlsEnabled: true ordering: # number of retries to attempt to send a transaction to an orderer @@ -300,6 +300,8 @@ fabric: numRetries: 3 # retryInternal specifies the amount of time to wait before retrying a connection to the ordering service, it has no default and must be specified retryInterval: 3s + # here is possible to disable tls just for the ordering service + tlsEnabled: true # List of orderers on top of those discovered in the channel # This is optional and as such it should be left to those orderers discovered on the channel diff --git a/integration/nwo/fabric/network/network_support.go b/integration/nwo/fabric/network/network_support.go index b367553b9..8d0f5a984 100755 --- a/integration/nwo/fabric/network/network_support.go +++ b/integration/nwo/fabric/network/network_support.go @@ -958,7 +958,7 @@ func (n *Network) PeerRunner(p *topology.Peer, env ...string) *runner2.Runner { }, "", fmt.Sprintf("FABRIC_CFG_PATH=%s", n.PeerDir(p)), fmt.Sprintf("CORE_PEER_ID=%s", fmt.Sprintf("%s.%s", p.Name, n.Organization(p.Organization).Domain))) cmd.Env = append(cmd.Env, env...) - //cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} + // cmd.SysProcAttr = &syscall.SysProcAttr{Setpgid: true} config := runner2.Config{ AnsiColorCode: n.nextColor(), @@ -1539,6 +1539,7 @@ func (n *Network) GenerateOrdererConfig(o *topology.Orderer) { "Orderer": func() *topology.Orderer { return o }, "ToLower": func(s string) string { return strings.ToLower(s) }, "ReplaceAll": func(s, old, new string) string { return strings.Replace(s, old, new, -1) }, + "TLSEnabled": func() bool { return n.topology.OrderingTLSEnabled }, }).Parse(n.Templates.OrdererTemplate()) Expect(err).NotTo(HaveOccurred()) diff --git a/integration/nwo/fabric/topology/core_template.go b/integration/nwo/fabric/topology/core_template.go index 4d8f37257..60bec1d7c 100644 --- a/integration/nwo/fabric/topology/core_template.go +++ b/integration/nwo/fabric/topology/core_template.go @@ -287,9 +287,11 @@ fabric: keepalive: interval: 60s timeout: 600s + connectionTimeout: 10s ordering: numRetries: 3 retryInterval: 3s + tlsEnabled: true peers: {{ range Peers }} - address: {{ PeerAddress . "Listen" }} connectionTimeout: 10s diff --git a/integration/nwo/fabric/topology/orderer_template.go b/integration/nwo/fabric/topology/orderer_template.go index b8f747463..94537968f 100644 --- a/integration/nwo/fabric/topology/orderer_template.go +++ b/integration/nwo/fabric/topology/orderer_template.go @@ -12,7 +12,7 @@ General: ListenAddress: 0.0.0.0 ListenPort: {{ .OrdererPort Orderer "Listen" }} TLS: - Enabled: true + Enabled: {{ TLSEnabled }} PrivateKey: {{ $w.OrdererLocalTLSDir Orderer }}/server.key Certificate: {{ $w.OrdererLocalTLSDir Orderer }}/server.crt RootCAs: diff --git a/integration/nwo/fabric/topology/topology.go b/integration/nwo/fabric/topology/topology.go index 5f4af6f2c..833d710cc 100755 --- a/integration/nwo/fabric/topology/topology.go +++ b/integration/nwo/fabric/topology/topology.go @@ -15,35 +15,36 @@ import ( // Topology holds the basic information needed to generate // fabric configuration files. type Topology struct { - TopologyName string `yaml:"name,omitempty"` - TopologyType string `yaml:"type,omitempty"` - Default bool `yaml:"default,omitempty"` - Driver string `yaml:"driver,omitempty"` - Logging *Logging `yaml:"logging,omitempty"` - Organizations []*Organization `yaml:"organizations,omitempty"` - Peers []*Peer `yaml:"peers,omitempty"` - Consortiums []*Consortium `yaml:"consortiums,omitempty"` - SystemChannel *SystemChannel `yaml:"system_channel,omitempty"` - Channels []*Channel `yaml:"channels,omitempty"` - Consensus *Consensus `yaml:"consensus,omitempty"` - Orderers []*Orderer `yaml:"orderers,omitempty"` - Profiles []*Profile `yaml:"profiles,omitempty"` - Templates *Templates `yaml:"templates,omitempty"` - Chaincodes []*ChannelChaincode `yaml:"chaincodes,omitempty"` - PvtTxSupport bool `yaml:"pvttxsupport,omitempty"` - PvtTxCCSupport bool `yaml:"pvttxccsupport,omitempty"` - MSPvtTxSupport bool `yaml:"mspvttxsupport,omitempty"` - MSPvtCCSupport bool `yaml:"mspvtccsupport,omitempty"` - FabTokenSupport bool `yaml:"fabtokensupport,omitempty"` - FabTokenCCSupport bool `yaml:"fabtokenccsupport,omitempty"` - GRPCLogging bool `yaml:"grpcLogging,omitempty"` - NodeOUs bool `yaml:"nodeous,omitempty"` - FPC bool `yaml:"fpc,omitempty"` - Weaver bool `yaml:"weaver,omitempty"` - LogPeersToFile bool `yaml:"logPeersToFile,omitempty"` - LogOrderersToFile bool `yaml:"logOrderersToFile,omitempty"` - TLSEnabled bool `yaml:"tlsEnabled,omitempty"` - ExtraParams map[string]interface{} `yaml:"-"` + TopologyName string `yaml:"name,omitempty"` + TopologyType string `yaml:"type,omitempty"` + Default bool `yaml:"default,omitempty"` + Driver string `yaml:"driver,omitempty"` + Logging *Logging `yaml:"logging,omitempty"` + Organizations []*Organization `yaml:"organizations,omitempty"` + Peers []*Peer `yaml:"peers,omitempty"` + Consortiums []*Consortium `yaml:"consortiums,omitempty"` + SystemChannel *SystemChannel `yaml:"system_channel,omitempty"` + Channels []*Channel `yaml:"channels,omitempty"` + Consensus *Consensus `yaml:"consensus,omitempty"` + OrderingTLSEnabled bool `yaml:"orderingTLSEnabled,omitempty"` + Orderers []*Orderer `yaml:"orderers,omitempty"` + Profiles []*Profile `yaml:"profiles,omitempty"` + Templates *Templates `yaml:"templates,omitempty"` + Chaincodes []*ChannelChaincode `yaml:"chaincodes,omitempty"` + PvtTxSupport bool `yaml:"pvttxsupport,omitempty"` + PvtTxCCSupport bool `yaml:"pvttxccsupport,omitempty"` + MSPvtTxSupport bool `yaml:"mspvttxsupport,omitempty"` + MSPvtCCSupport bool `yaml:"mspvtccsupport,omitempty"` + FabTokenSupport bool `yaml:"fabtokensupport,omitempty"` + FabTokenCCSupport bool `yaml:"fabtokenccsupport,omitempty"` + GRPCLogging bool `yaml:"grpcLogging,omitempty"` + NodeOUs bool `yaml:"nodeous,omitempty"` + FPC bool `yaml:"fpc,omitempty"` + Weaver bool `yaml:"weaver,omitempty"` + LogPeersToFile bool `yaml:"logPeersToFile,omitempty"` + LogOrderersToFile bool `yaml:"logOrderersToFile,omitempty"` + TLSEnabled bool `yaml:"tlsEnabled,omitempty"` + ExtraParams map[string]interface{} `yaml:"-"` } func (t *Topology) Name() string { diff --git a/platform/fabric/core/generic/committer/committer.go b/platform/fabric/core/generic/committer/committer.go index 060dcfcd1..6404bce8e 100644 --- a/platform/fabric/core/generic/committer/committer.go +++ b/platform/fabric/core/generic/committer/committer.go @@ -849,6 +849,9 @@ func (c *Committer) applyBundle(bundle *channelconfig.Bundle) error { } c.logger.Debugf("[Channel: %s] Orderer config has changed, updating the list of orderers", c.ChannelConfig.ID()) + tlsEnabled := c.ConfigService.OrderingTLSEnabled() + connectionTimeout := c.ConfigService.ClientConnTimeout() + var newOrderers []*grpc.ConnectionConfig orgs := ordererConfig.Organizations() for _, org := range orgs { @@ -861,8 +864,8 @@ func (c *Committer) applyBundle(bundle *channelconfig.Bundle) error { // TODO: load from configuration newOrderers = append(newOrderers, &grpc.ConnectionConfig{ Address: endpoint, - ConnectionTimeout: 10 * time.Second, - TLSEnabled: true, + ConnectionTimeout: connectionTimeout, + TLSEnabled: tlsEnabled, TLSRootCertBytes: tlsRootCerts, }) } @@ -872,8 +875,8 @@ func (c *Committer) applyBundle(bundle *channelconfig.Bundle) error { c.logger.Debugf("[Channel: %s] Adding orderer address [%s:%s:%s]", c.ChannelConfig.ID(), org.Name(), org.MSPID(), endpoint) newOrderers = append(newOrderers, &grpc.ConnectionConfig{ Address: endpoint, - ConnectionTimeout: 10 * time.Second, - TLSEnabled: true, + ConnectionTimeout: connectionTimeout, + TLSEnabled: tlsEnabled, TLSRootCertBytes: tlsRootCerts, }) } diff --git a/platform/fabric/core/generic/config/service.go b/platform/fabric/core/generic/config/service.go index 19e46f1c2..5706d5fba 100644 --- a/platform/fabric/core/generic/config/service.go +++ b/platform/fabric/core/generic/config/service.go @@ -13,7 +13,7 @@ import ( "strings" "time" - driver2 "github.com/hyperledger-labs/fabric-smart-client/platform/common/driver" + cdriver "github.com/hyperledger-labs/fabric-smart-client/platform/common/driver" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" @@ -29,6 +29,8 @@ const ( defaultRetrySleep = 1 * time.Second defaultCacheSize = 100 + DefaultConnectionTimeout = 10 * time.Second + GenericDriver = "generic" ) @@ -145,6 +147,13 @@ func (s *Service) NetworkName() string { return s.name } +func (s *Service) OrderingTLSEnabled() bool { + if !s.Configuration.IsSet("ordering.tlsEnabled") { + return true + } + return s.GetBool("ordering.tlsEnabled") +} + func (s *Service) DriverName() string { return s.driver } @@ -162,7 +171,10 @@ func (s *Service) TLSServerHostOverride() string { } func (s *Service) ClientConnTimeout() time.Duration { - return s.GetDuration("client.connTimeout") + if !s.Configuration.IsSet("keepalive.connectionTimeout") { + return DefaultConnectionTimeout + } + return s.GetDuration("keepalive.connectionTimeout") } func (s *Service) TLSClientKeyFile() string { @@ -196,8 +208,8 @@ func (s *Service) Orderers() []*grpc.ConnectionConfig { return s.orderers } -func (s *Service) VaultPersistenceType() driver2.PersistenceType { - return driver2.PersistenceType(s.GetString("vault.persistence.type")) +func (s *Service) VaultPersistenceType() cdriver.PersistenceType { + return cdriver.PersistenceType(s.GetString("vault.persistence.type")) } func (s *Service) VaultPersistencePrefix() string { diff --git a/platform/fabric/driver/config.go b/platform/fabric/driver/config.go index 88e06c182..b874aa641 100644 --- a/platform/fabric/driver/config.go +++ b/platform/fabric/driver/config.go @@ -91,6 +91,7 @@ type ConfigService interface { Channel(name string) ChannelConfig ChannelIDs() []string Orderers() []*grpc.ConnectionConfig + OrderingTLSEnabled() bool SetConfigOrderers([]*grpc.ConnectionConfig) error PickOrderer() *grpc.ConnectionConfig BroadcastNumRetries() int From e03789f2b0f027aebe942c34919f373acb1fb2b4 Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Sat, 2 Nov 2024 08:11:14 +0100 Subject: [PATCH 2/6] add integration test Signed-off-by: Angelo De Caro --- integration/fabric/iou/iou_test.go | 24 +++++-- integration/fabric/iou/topology.go | 24 ++++--- .../msp/driver/mock/config_provider.go | 65 +++++++++++++++++++ 3 files changed, 99 insertions(+), 14 deletions(-) diff --git a/integration/fabric/iou/iou_test.go b/integration/fabric/iou/iou_test.go index 4cec5c6ed..4b18441b6 100644 --- a/integration/fabric/iou/iou_test.go +++ b/integration/fabric/iou/iou_test.go @@ -16,14 +16,21 @@ import ( var _ = Describe("EndToEnd", func() { Describe("IOU Life Cycle With LibP2P", func() { - s := NewTestSuite(fsc.LibP2P, integration.NoReplication) + s := NewTestSuite(fsc.LibP2P, integration.NoReplication, true) BeforeEach(s.Setup) AfterEach(s.TearDown) It("succeeded", s.TestSucceeded) }) Describe("IOU Life Cycle With Websockets", func() { - s := NewTestSuite(fsc.WebSocket, integration.NoReplication) + s := NewTestSuite(fsc.WebSocket, integration.NoReplication, true) + BeforeEach(s.Setup) + AfterEach(s.TearDown) + It("succeeded", s.TestSucceeded) + }) + + Describe("IOU Life Cycle With Websockets and no Ordering TLS", func() { + s := NewTestSuite(fsc.WebSocket, integration.NoReplication, false) BeforeEach(s.Setup) AfterEach(s.TearDown) It("succeeded", s.TestSucceeded) @@ -39,7 +46,7 @@ var _ = Describe("EndToEnd", func() { "borrower": postgres.DefaultConfig("borrower-db"), "lender": postgres.DefaultConfig("lender-db"), }, - }) + }, true) BeforeEach(s.Setup) AfterEach(s.TearDown) It("succeeded", s.TestSucceededWithReplicas) @@ -50,9 +57,14 @@ type TestSuite struct { *integration.TestSuite } -func NewTestSuite(commType fsc.P2PCommunicationType, nodeOpts *integration.ReplicationOptions) *TestSuite { - return &TestSuite{integration.NewTestSuiteWithSQL(nodeOpts.SQLConfigs, func() (*integration.Infrastructure, error) { - return integration.Generate(StartPort(), true, integration.ReplaceTemplate(iou.Topology(&iou.SDK{}, commType, nodeOpts))...) +func NewTestSuite(commType fsc.P2PCommunicationType, nodeOpts *integration.ReplicationOptions, orderingTLSEnabled bool) *TestSuite { + return &TestSuite{TestSuite: integration.NewTestSuiteWithSQL(nodeOpts.SQLConfigs, func() (*integration.Infrastructure, error) { + return integration.Generate(StartPort(), true, integration.ReplaceTemplate(iou.Topology(&iou.Opts{ + SDK: &iou.SDK{}, + CommType: commType, + ReplicationOpts: nodeOpts, + OrderingTLSEnabled: orderingTLSEnabled, + }))...) })} } diff --git a/integration/fabric/iou/topology.go b/integration/fabric/iou/topology.go index 714765caa..2abb84683 100644 --- a/integration/fabric/iou/topology.go +++ b/integration/fabric/iou/topology.go @@ -17,7 +17,14 @@ import ( "github.com/hyperledger-labs/fabric-smart-client/platform/view/sdk/tracing" ) -func Topology(sdk api2.SDK, commType fsc.P2PCommunicationType, replicationOpts *integration.ReplicationOptions) []api.Topology { +type Opts struct { + SDK api2.SDK + CommType fsc.P2PCommunicationType + ReplicationOpts *integration.ReplicationOptions + OrderingTLSEnabled bool +} + +func Topology(opts *Opts) []api.Topology { // Define a Fabric topology with: // 1. Three organization: Org1, Org2, and Org3 // 2. A namespace whose changes can be endorsed by Org1. @@ -25,14 +32,15 @@ func Topology(sdk api2.SDK, commType fsc.P2PCommunicationType, replicationOpts * fabricTopology.AddOrganizationsByName("Org1", "Org2", "Org3") fabricTopology.SetNamespaceApproverOrgs("Org1") fabricTopology.AddNamespaceWithUnanimity("iou", "Org1") + fabricTopology.OrderingTLSEnabled = opts.OrderingTLSEnabled // Define an FSC topology with 3 FCS nodes. // One for the approver, one for the borrower, and one for the lender. fscTopology := fsc.NewTopology() - fscTopology.P2PCommunicationType = commType + fscTopology.P2PCommunicationType = opts.CommType fscTopology.EnablePrometheusMetrics() - //fscTopology.SetLogging("debug", "") + // fscTopology.SetLogging("debug", "") fscTopology.EnableTracing(tracing.Otpl) // Add the approver FSC node. @@ -40,7 +48,7 @@ func Topology(sdk api2.SDK, commType fsc.P2PCommunicationType, replicationOpts * // This option equips the approver's FSC node with an identity belonging to Org1. // Therefore, the approver is an endorser of the Fabric namespace we defined above. AddOptions(fabric.WithOrganization("Org1")). - AddOptions(replicationOpts.For("approver1")...). + AddOptions(opts.ReplicationOpts.For("approver1")...). RegisterResponder(&views.ApproverView{}, &views.CreateIOUView{}). RegisterResponder(&views.ApproverView{}, &views.UpdateIOUView{}). RegisterViewFactory("init", &views.ApproverInitViewFactory{}) @@ -50,7 +58,7 @@ func Topology(sdk api2.SDK, commType fsc.P2PCommunicationType, replicationOpts * // This option equips the approver's FSC node with an identity belonging to Org1. // Therefore, the approver is an endorser of the Fabric namespace we defined above. AddOptions(fabric.WithOrganization("Org1")). - AddOptions(replicationOpts.For("approver2")...). + AddOptions(opts.ReplicationOpts.For("approver2")...). RegisterResponder(&views.ApproverView{}, &views.CreateIOUView{}). RegisterResponder(&views.ApproverView{}, &views.UpdateIOUView{}). RegisterViewFactory("init", &views.ApproverInitViewFactory{}) @@ -58,7 +66,7 @@ func Topology(sdk api2.SDK, commType fsc.P2PCommunicationType, replicationOpts * // Add the borrower's FSC node fscTopology.AddNodeByName("borrower"). AddOptions(fabric.WithOrganization("Org2")). - AddOptions(replicationOpts.For("borrower")...). + AddOptions(opts.ReplicationOpts.For("borrower")...). RegisterViewFactory("create", &views.CreateIOUViewFactory{}). RegisterViewFactory("update", &views.UpdateIOUViewFactory{}). RegisterViewFactory("query", &views.QueryViewFactory{}) @@ -66,7 +74,7 @@ func Topology(sdk api2.SDK, commType fsc.P2PCommunicationType, replicationOpts * // Add the lender's FSC node fscTopology.AddNodeByName("lender"). AddOptions(fabric.WithOrganization("Org3")). - AddOptions(replicationOpts.For("lender")...). + AddOptions(opts.ReplicationOpts.For("lender")...). RegisterResponder(&views.CreateIOUResponderView{}, &views.CreateIOUView{}). RegisterResponder(&views.UpdateIOUResponderView{}, &views.UpdateIOUView{}). RegisterViewFactory("query", &views.QueryViewFactory{}) @@ -77,7 +85,7 @@ func Topology(sdk api2.SDK, commType fsc.P2PCommunicationType, replicationOpts * monitoringTopology.EnableOPTL() // Add Fabric SDK to FSC Nodes - fscTopology.AddSDK(sdk) + fscTopology.AddSDK(opts.SDK) return []api.Topology{ fabricTopology, diff --git a/platform/fabric/core/generic/msp/driver/mock/config_provider.go b/platform/fabric/core/generic/msp/driver/mock/config_provider.go index 2549f9e66..c083bbe64 100644 --- a/platform/fabric/core/generic/msp/driver/mock/config_provider.go +++ b/platform/fabric/core/generic/msp/driver/mock/config_provider.go @@ -242,6 +242,16 @@ type ConfigProvider struct { orderersReturnsOnCall map[int]struct { result1 []*grpc.ConnectionConfig } + OrderingTLSEnabledStub func() bool + orderingTLSEnabledMutex sync.RWMutex + orderingTLSEnabledArgsForCall []struct { + } + orderingTLSEnabledReturns struct { + result1 bool + } + orderingTLSEnabledReturnsOnCall map[int]struct { + result1 bool + } PickOrdererStub func() *grpc.ConnectionConfig pickOrdererMutex sync.RWMutex pickOrdererArgsForCall []struct { @@ -1627,6 +1637,59 @@ func (fake *ConfigProvider) OrderersReturnsOnCall(i int, result1 []*grpc.Connect }{result1} } +func (fake *ConfigProvider) OrderingTLSEnabled() bool { + fake.orderingTLSEnabledMutex.Lock() + ret, specificReturn := fake.orderingTLSEnabledReturnsOnCall[len(fake.orderingTLSEnabledArgsForCall)] + fake.orderingTLSEnabledArgsForCall = append(fake.orderingTLSEnabledArgsForCall, struct { + }{}) + stub := fake.OrderingTLSEnabledStub + fakeReturns := fake.orderingTLSEnabledReturns + fake.recordInvocation("OrderingTLSEnabled", []interface{}{}) + fake.orderingTLSEnabledMutex.Unlock() + if stub != nil { + return stub() + } + if specificReturn { + return ret.result1 + } + return fakeReturns.result1 +} + +func (fake *ConfigProvider) OrderingTLSEnabledCallCount() int { + fake.orderingTLSEnabledMutex.RLock() + defer fake.orderingTLSEnabledMutex.RUnlock() + return len(fake.orderingTLSEnabledArgsForCall) +} + +func (fake *ConfigProvider) OrderingTLSEnabledCalls(stub func() bool) { + fake.orderingTLSEnabledMutex.Lock() + defer fake.orderingTLSEnabledMutex.Unlock() + fake.OrderingTLSEnabledStub = stub +} + +func (fake *ConfigProvider) OrderingTLSEnabledReturns(result1 bool) { + fake.orderingTLSEnabledMutex.Lock() + defer fake.orderingTLSEnabledMutex.Unlock() + fake.OrderingTLSEnabledStub = nil + fake.orderingTLSEnabledReturns = struct { + result1 bool + }{result1} +} + +func (fake *ConfigProvider) OrderingTLSEnabledReturnsOnCall(i int, result1 bool) { + fake.orderingTLSEnabledMutex.Lock() + defer fake.orderingTLSEnabledMutex.Unlock() + fake.OrderingTLSEnabledStub = nil + if fake.orderingTLSEnabledReturnsOnCall == nil { + fake.orderingTLSEnabledReturnsOnCall = make(map[int]struct { + result1 bool + }) + } + fake.orderingTLSEnabledReturnsOnCall[i] = struct { + result1 bool + }{result1} +} + func (fake *ConfigProvider) PickOrderer() *grpc.ConnectionConfig { fake.pickOrdererMutex.Lock() ret, specificReturn := fake.pickOrdererReturnsOnCall[len(fake.pickOrdererArgsForCall)] @@ -2401,6 +2464,8 @@ func (fake *ConfigProvider) Invocations() map[string][][]interface{} { defer fake.ordererConnectionPoolSizeMutex.RUnlock() fake.orderersMutex.RLock() defer fake.orderersMutex.RUnlock() + fake.orderingTLSEnabledMutex.RLock() + defer fake.orderingTLSEnabledMutex.RUnlock() fake.pickOrdererMutex.RLock() defer fake.pickOrdererMutex.RUnlock() fake.pickPeerMutex.RLock() From cc0aea2bb17d05bf1b67bdf8efd38db5ee3b2041 Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Sun, 3 Nov 2024 07:53:02 +0100 Subject: [PATCH 3/6] introducing additiona variable Signed-off-by: Angelo De Caro --- Makefile | 4 ++ integration/fabric/iou/iou_test.go | 22 ++++++---- integration/nwo/fabric/network/network.go | 41 ++++++++++--------- .../nwo/fabric/network/network_support.go | 20 +++++---- integration/nwo/fabric/topology.go | 1 + integration/nwo/fabric/topology/topology.go | 1 + .../core/generic/committer/committer.go | 5 ++- .../fabric/core/generic/config/service.go | 6 +-- .../msp/driver/mock/config_provider.go | 23 +++++++---- platform/fabric/driver/config.go | 3 +- 10 files changed, 74 insertions(+), 52 deletions(-) diff --git a/Makefile b/Makefile index 5284f53e0..266cebbb9 100755 --- a/Makefile +++ b/Makefile @@ -180,6 +180,10 @@ clean: rm -rf ./cmd/fsccli/cmd rm -rf ./samples/fabric/iou/cmd +.PHONY: clean-fabric-peer-images +clean-fabric-peer-images: + docker images -a | grep "_peer_" | awk '{print $3}' | xargs docker rmi + .PHONY: fsccli fsccli: @go install ./cmd/fsccli \ No newline at end of file diff --git a/integration/fabric/iou/iou_test.go b/integration/fabric/iou/iou_test.go index 4b18441b6..44046032f 100644 --- a/integration/fabric/iou/iou_test.go +++ b/integration/fabric/iou/iou_test.go @@ -37,16 +37,20 @@ var _ = Describe("EndToEnd", func() { }) Describe("IOU Life Cycle With Websockets and replicas", func() { - s := NewTestSuite(fsc.WebSocket, &integration.ReplicationOptions{ - ReplicationFactors: map[string]int{ - "borrower": 3, - "lender": 2, + s := NewTestSuite( + fsc.WebSocket, + &integration.ReplicationOptions{ + ReplicationFactors: map[string]int{ + "borrower": 3, + "lender": 2, + }, + SQLConfigs: map[string]*postgres.ContainerConfig{ + "borrower": postgres.DefaultConfig("borrower-db"), + "lender": postgres.DefaultConfig("lender-db"), + }, }, - SQLConfigs: map[string]*postgres.ContainerConfig{ - "borrower": postgres.DefaultConfig("borrower-db"), - "lender": postgres.DefaultConfig("lender-db"), - }, - }, true) + true, + ) BeforeEach(s.Setup) AfterEach(s.TearDown) It("succeeded", s.TestSucceededWithReplicas) diff --git a/integration/nwo/fabric/network/network.go b/integration/nwo/fabric/network/network.go index 79313a5d5..1dce6a9cd 100644 --- a/integration/nwo/fabric/network/network.go +++ b/integration/nwo/fabric/network/network.go @@ -97,25 +97,26 @@ func New(reg api.Context, topology *topology.Topology, builderClient BuilderClie EventuallyTimeout: 20 * time.Minute, MetricsProvider: "prometheus", - Organizations: topology.Organizations, - Consensus: topology.Consensus, - Orderers: topology.Orderers, - Peers: topology.Peers, - SystemChannel: topology.SystemChannel, - Channels: topology.Channels, - Profiles: topology.Profiles, - Consortiums: topology.Consortiums, - Templates: topology.Templates, - Logging: topology.Logging, - MSPvtTxSupport: topology.MSPvtTxSupport, - MSPvtCCSupport: topology.MSPvtCCSupport, - FabTokenSupport: topology.FabTokenSupport, - FabTokenCCSupport: topology.FabTokenCCSupport, - GRPCLogging: topology.GRPCLogging, - PvtTxSupport: topology.PvtTxSupport, - PvtTxCCSupport: topology.PvtTxCCSupport, - ccps: ccps, - Extensions: []Extension{}, + Organizations: topology.Organizations, + Consensus: topology.Consensus, + Orderers: topology.Orderers, + Peers: topology.Peers, + SystemChannel: topology.SystemChannel, + Channels: topology.Channels, + Profiles: topology.Profiles, + Consortiums: topology.Consortiums, + Templates: topology.Templates, + Logging: topology.Logging, + MSPvtTxSupport: topology.MSPvtTxSupport, + MSPvtCCSupport: topology.MSPvtCCSupport, + FabTokenSupport: topology.FabTokenSupport, + FabTokenCCSupport: topology.FabTokenCCSupport, + GRPCLogging: topology.GRPCLogging, + PvtTxSupport: topology.PvtTxSupport, + PvtTxCCSupport: topology.PvtTxCCSupport, + ClientAuthRequired: topology.ClientAuthRequired, + ccps: ccps, + Extensions: []Extension{}, PackagerFactory: func() Packager { return packager.New() }, @@ -282,7 +283,7 @@ func (n *Network) DeployChaincode(chaincode *topology.ChannelChaincode) { if chaincode.Chaincode.InitRequired { InitChaincode(n, chaincode.Channel, orderer, &chaincode.Chaincode, peers...) } - //add new chaincode to the topology + // add new chaincode to the topology n.topology.AddChaincode(chaincode) } diff --git a/integration/nwo/fabric/network/network_support.go b/integration/nwo/fabric/network/network_support.go index 8d0f5a984..2187be03f 100755 --- a/integration/nwo/fabric/network/network_support.go +++ b/integration/nwo/fabric/network/network_support.go @@ -1035,17 +1035,19 @@ func (n *Network) peerCommand(command common.Command, tlsDir string, env ...stri cmd.Env = append(cmd.Env, "GRPC_GO_LOG_SEVERITY_LEVEL=debug") } - if common.ConnectsToOrderer(command) { - cmd.Args = append(cmd.Args, "--tls") - cmd.Args = append(cmd.Args, "--cafile", n.CACertsBundlePath()) - } + if n.topology.OrderingTLSEnabled { + if common.ConnectsToOrderer(command) { + cmd.Args = append(cmd.Args, "--tls") + cmd.Args = append(cmd.Args, "--cafile", n.CACertsBundlePath()) + } - if common.ClientAuthEnabled(command) { - certfilePath := filepath.Join(tlsDir, "client.crt") - keyfilePath := filepath.Join(tlsDir, "client.key") + if common.ClientAuthEnabled(command) { + certfilePath := filepath.Join(tlsDir, "client.crt") + keyfilePath := filepath.Join(tlsDir, "client.key") - cmd.Args = append(cmd.Args, "--certfile", certfilePath) - cmd.Args = append(cmd.Args, "--keyfile", keyfilePath) + cmd.Args = append(cmd.Args, "--certfile", certfilePath) + cmd.Args = append(cmd.Args, "--keyfile", keyfilePath) + } } cmd.Env = append(cmd.Env, fmt.Sprintf("FABRIC_LOGGING_SPEC=%s", n.Logging.Spec)) diff --git a/integration/nwo/fabric/topology.go b/integration/nwo/fabric/topology.go index adbcc1899..978805312 100644 --- a/integration/nwo/fabric/topology.go +++ b/integration/nwo/fabric/topology.go @@ -162,6 +162,7 @@ func NewTopologyWithName(name string) *topology.Topology { Orderers: []*topology.Orderer{ {Name: "orderer", Organization: "OrdererOrg"}, }, + OrderingTLSEnabled: true, Channels: []*topology.Channel{ {Name: "testchannel", Profile: "OrgsChannel", Default: true}, }, diff --git a/integration/nwo/fabric/topology/topology.go b/integration/nwo/fabric/topology/topology.go index 833d710cc..60437487c 100755 --- a/integration/nwo/fabric/topology/topology.go +++ b/integration/nwo/fabric/topology/topology.go @@ -44,6 +44,7 @@ type Topology struct { LogPeersToFile bool `yaml:"logPeersToFile,omitempty"` LogOrderersToFile bool `yaml:"logOrderersToFile,omitempty"` TLSEnabled bool `yaml:"tlsEnabled,omitempty"` + ClientAuthRequired bool `yaml:"clientAuthRequired,omitempty"` ExtraParams map[string]interface{} `yaml:"-"` } diff --git a/platform/fabric/core/generic/committer/committer.go b/platform/fabric/core/generic/committer/committer.go index 6404bce8e..0457fee7a 100644 --- a/platform/fabric/core/generic/committer/committer.go +++ b/platform/fabric/core/generic/committer/committer.go @@ -849,7 +849,10 @@ func (c *Committer) applyBundle(bundle *channelconfig.Bundle) error { } c.logger.Debugf("[Channel: %s] Orderer config has changed, updating the list of orderers", c.ChannelConfig.ID()) - tlsEnabled := c.ConfigService.OrderingTLSEnabled() + tlsEnabled, isSet := c.ConfigService.OrderingTLSEnabled() + if !isSet { + tlsEnabled = c.ConfigService.TLSEnabled() + } connectionTimeout := c.ConfigService.ClientConnTimeout() var newOrderers []*grpc.ConnectionConfig diff --git a/platform/fabric/core/generic/config/service.go b/platform/fabric/core/generic/config/service.go index 5706d5fba..492fa774b 100644 --- a/platform/fabric/core/generic/config/service.go +++ b/platform/fabric/core/generic/config/service.go @@ -147,11 +147,11 @@ func (s *Service) NetworkName() string { return s.name } -func (s *Service) OrderingTLSEnabled() bool { +func (s *Service) OrderingTLSEnabled() (bool, bool) { if !s.Configuration.IsSet("ordering.tlsEnabled") { - return true + return true, false } - return s.GetBool("ordering.tlsEnabled") + return s.GetBool("ordering.tlsEnabled"), true } func (s *Service) DriverName() string { diff --git a/platform/fabric/core/generic/msp/driver/mock/config_provider.go b/platform/fabric/core/generic/msp/driver/mock/config_provider.go index c083bbe64..1723a6e4a 100644 --- a/platform/fabric/core/generic/msp/driver/mock/config_provider.go +++ b/platform/fabric/core/generic/msp/driver/mock/config_provider.go @@ -242,15 +242,17 @@ type ConfigProvider struct { orderersReturnsOnCall map[int]struct { result1 []*grpc.ConnectionConfig } - OrderingTLSEnabledStub func() bool + OrderingTLSEnabledStub func() (bool, bool) orderingTLSEnabledMutex sync.RWMutex orderingTLSEnabledArgsForCall []struct { } orderingTLSEnabledReturns struct { result1 bool + result2 bool } orderingTLSEnabledReturnsOnCall map[int]struct { result1 bool + result2 bool } PickOrdererStub func() *grpc.ConnectionConfig pickOrdererMutex sync.RWMutex @@ -1637,7 +1639,7 @@ func (fake *ConfigProvider) OrderersReturnsOnCall(i int, result1 []*grpc.Connect }{result1} } -func (fake *ConfigProvider) OrderingTLSEnabled() bool { +func (fake *ConfigProvider) OrderingTLSEnabled() (bool, bool) { fake.orderingTLSEnabledMutex.Lock() ret, specificReturn := fake.orderingTLSEnabledReturnsOnCall[len(fake.orderingTLSEnabledArgsForCall)] fake.orderingTLSEnabledArgsForCall = append(fake.orderingTLSEnabledArgsForCall, struct { @@ -1650,9 +1652,9 @@ func (fake *ConfigProvider) OrderingTLSEnabled() bool { return stub() } if specificReturn { - return ret.result1 + return ret.result1, ret.result2 } - return fakeReturns.result1 + return fakeReturns.result1, fakeReturns.result2 } func (fake *ConfigProvider) OrderingTLSEnabledCallCount() int { @@ -1661,33 +1663,36 @@ func (fake *ConfigProvider) OrderingTLSEnabledCallCount() int { return len(fake.orderingTLSEnabledArgsForCall) } -func (fake *ConfigProvider) OrderingTLSEnabledCalls(stub func() bool) { +func (fake *ConfigProvider) OrderingTLSEnabledCalls(stub func() (bool, bool)) { fake.orderingTLSEnabledMutex.Lock() defer fake.orderingTLSEnabledMutex.Unlock() fake.OrderingTLSEnabledStub = stub } -func (fake *ConfigProvider) OrderingTLSEnabledReturns(result1 bool) { +func (fake *ConfigProvider) OrderingTLSEnabledReturns(result1 bool, result2 bool) { fake.orderingTLSEnabledMutex.Lock() defer fake.orderingTLSEnabledMutex.Unlock() fake.OrderingTLSEnabledStub = nil fake.orderingTLSEnabledReturns = struct { result1 bool - }{result1} + result2 bool + }{result1, result2} } -func (fake *ConfigProvider) OrderingTLSEnabledReturnsOnCall(i int, result1 bool) { +func (fake *ConfigProvider) OrderingTLSEnabledReturnsOnCall(i int, result1 bool, result2 bool) { fake.orderingTLSEnabledMutex.Lock() defer fake.orderingTLSEnabledMutex.Unlock() fake.OrderingTLSEnabledStub = nil if fake.orderingTLSEnabledReturnsOnCall == nil { fake.orderingTLSEnabledReturnsOnCall = make(map[int]struct { result1 bool + result2 bool }) } fake.orderingTLSEnabledReturnsOnCall[i] = struct { result1 bool - }{result1} + result2 bool + }{result1, result2} } func (fake *ConfigProvider) PickOrderer() *grpc.ConnectionConfig { diff --git a/platform/fabric/driver/config.go b/platform/fabric/driver/config.go index b874aa641..1000e3db4 100644 --- a/platform/fabric/driver/config.go +++ b/platform/fabric/driver/config.go @@ -91,7 +91,8 @@ type ConfigService interface { Channel(name string) ChannelConfig ChannelIDs() []string Orderers() []*grpc.ConnectionConfig - OrderingTLSEnabled() bool + // OrderingTLSEnabled returns true, true if TLS is enabled because the key was set. + OrderingTLSEnabled() (bool, bool) SetConfigOrderers([]*grpc.ConnectionConfig) error PickOrderer() *grpc.ConnectionConfig BroadcastNumRetries() int From aff7b6bfdac7dab0243da1e6ceca569f976fac8b Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Sun, 3 Nov 2024 09:46:17 +0100 Subject: [PATCH 4/6] introducing services to get peer and orderer clients Signed-off-by: Angelo De Caro --- docs/core-fabric.md | 11 +- .../core/fabricdev/channelprovider.go | 6 +- .../core/generic/chaincode/chaincode.go | 12 +- .../core/generic/chaincode/discovery.go | 4 +- .../fabric/core/generic/chaincode/invoke.go | 15 +- .../fabric/core/generic/chaincode/manager.go | 4 +- platform/fabric/core/generic/channel.go | 4 +- .../fabric/core/generic/channelprovider.go | 6 +- .../core/generic/committer/committer.go | 7 +- .../fabric/core/generic/config/service.go | 17 +- .../core/generic/delivery/deliverclient.go | 6 +- .../fabric/core/generic/delivery/delivery.go | 16 +- .../fabric/core/generic/delivery/service.go | 4 +- .../fabric/core/generic/finality/fabric.go | 14 +- .../msp/driver/mock/config_provider.go | 70 ++++++++ platform/fabric/core/generic/network.go | 10 ++ platform/fabric/core/generic/ordering/bft.go | 19 +- platform/fabric/core/generic/ordering/cft.go | 27 ++- .../fabric/core/generic/ordering/client.go | 163 +----------------- .../fabric/core/generic/ordering/ordering.go | 12 +- platform/fabric/core/generic/peer/service.go | 27 --- .../{peer/peer.go => services/client.go} | 22 ++- .../core/generic/{peer => services}/conn.go | 54 ++++-- .../{peer/client.go => services/grpc.go} | 20 ++- .../fabric/core/generic/services/services.go | 36 ++++ platform/fabric/driver/config.go | 4 + platform/view/services/grpc/config.go | 1 + 27 files changed, 312 insertions(+), 279 deletions(-) delete mode 100644 platform/fabric/core/generic/peer/service.go rename platform/fabric/core/generic/{peer/peer.go => services/client.go} (83%) rename platform/fabric/core/generic/{peer => services}/conn.go (77%) rename platform/fabric/core/generic/{peer/client.go => services/grpc.go} (89%) create mode 100644 platform/fabric/core/generic/services/services.go diff --git a/docs/core-fabric.md b/docs/core-fabric.md index b3356d035..959183a6d 100644 --- a/docs/core-fabric.md +++ b/docs/core-fabric.md @@ -273,6 +273,7 @@ fabric: # TBD: idemix-folder, bccsp-folder + # define the default values for the tls connections tls: # Species the fabric network requires TLS or not enabled: true @@ -300,11 +301,16 @@ fabric: numRetries: 3 # retryInternal specifies the amount of time to wait before retrying a connection to the ordering service, it has no default and must be specified retryInterval: 3s - # here is possible to disable tls just for the ordering service + # here is possible to disable tls just for the ordering service. + # if this key is not specified, then the `tls` section is used. tlsEnabled: true + # here is possible to enable tls client-side authentication just for the ordering service + # if this key is not specified, then the `tls` section is used. + tlsClientAuthRequired: false # List of orderers on top of those discovered in the channel # This is optional and as such it should be left to those orderers discovered on the channel + # tls configuration is governed by the `tls` section, if not otherwise specified in the `ordering` section orderers: # address of orderer - address: 'orderer0:7050' @@ -316,7 +322,8 @@ fabric: serverNameOverride: # List of trusted peers this node can connect to. - # usually this will be the fabric peers in the same organisation as the FSC node + # usually this will be the fabric peers in the same organisation as the FSC node. + # tls configuration is governed by the `tls` section. peers: # address of orderer - address: 'peer2:7051' diff --git a/docs/fabric/fabricdev/core/fabricdev/channelprovider.go b/docs/fabric/fabricdev/core/fabricdev/channelprovider.go index aabed8bba..356a5f816 100644 --- a/docs/fabric/fabricdev/core/fabricdev/channelprovider.go +++ b/docs/fabric/fabricdev/core/fabricdev/channelprovider.go @@ -16,8 +16,8 @@ import ( "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/delivery" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/finality" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/membership" - "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/peer" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/rwset" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/transaction" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" driver2 "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/db/driver" @@ -90,7 +90,7 @@ func (p *provider) NewChannel(nw driver.FabricNetworkService, channelName string envelopeService := transaction.NewEnvelopeService(p.kvss, nw.Name(), channelName) transactionService := transaction.NewEndorseTransactionService(p.kvss, nw.Name(), channelName) metadataService := transaction.NewMetadataService(p.kvss, nw.Name(), channelName) - peerService := peer.NewService(nw.ConfigService(), nw.LocalMembership().DefaultSigningIdentity()) + peerService := services.NewClientFactory(nw.ConfigService(), nw.LocalMembership().DefaultSigningIdentity()) // Fabric finality fabricFinality, err := finality.NewFabricFinality( @@ -193,7 +193,7 @@ func (p *provider) NewChannel(nw driver.FabricNetworkService, channelName string ChannelMembershipService: channelMembershipService, ChaincodeManagerService: chaincodeManagerService, CommitterService: committerService, - PeerManager: peerService, + PeerService: peerService, } if err := c.Init(); err != nil { return nil, errors.WithMessagef(err, "failed initializing Channel [%s]", channelName) diff --git a/platform/fabric/core/generic/chaincode/chaincode.go b/platform/fabric/core/generic/chaincode/chaincode.go index ed41698c9..8ce1cd484 100644 --- a/platform/fabric/core/generic/chaincode/chaincode.go +++ b/platform/fabric/core/generic/chaincode/chaincode.go @@ -11,7 +11,7 @@ import ( "sync" "time" - "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/peer" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" @@ -20,8 +20,8 @@ import ( var logger = flogging.MustGetLogger("fabric-sdk.core.generic.chaincode") -type PeerManager interface { - NewClient(cc grpc.ConnectionConfig) (peer.Client, error) +type Services interface { + NewPeerClient(cc grpc.ConnectionConfig) (services.PeerClient, error) } type Broadcaster interface { @@ -47,7 +47,7 @@ type Chaincode struct { NumRetries uint RetrySleep time.Duration LocalMembership driver.LocalMembership - PeerManager PeerManager + Services Services SignerService driver.SignerService Broadcaster Broadcaster Finality driver.Finality @@ -62,7 +62,7 @@ func NewChaincode( networkConfig driver.ConfigService, channelConfig driver.ChannelConfig, localMembership driver.LocalMembership, - peerManager PeerManager, + peerManager Services, signerService driver.SignerService, broadcaster Broadcaster, finality driver.Finality, @@ -77,7 +77,7 @@ func NewChaincode( NumRetries: channelConfig.GetNumRetries(), RetrySleep: channelConfig.GetRetrySleep(), LocalMembership: localMembership, - PeerManager: peerManager, + Services: peerManager, SignerService: signerService, Broadcaster: broadcaster, Finality: finality, diff --git a/platform/fabric/core/generic/chaincode/discovery.go b/platform/fabric/core/generic/chaincode/discovery.go index 0c9a1c509..ef04a65d7 100644 --- a/platform/fabric/core/generic/chaincode/discovery.go +++ b/platform/fabric/core/generic/chaincode/discovery.go @@ -11,7 +11,7 @@ import ( "strings" "time" - peer2 "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/peer" + peer2 "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" "github.com/hyperledger-labs/fabric-smart-client/platform/view/view" discovery2 "github.com/hyperledger/fabric-protos-go/discovery" @@ -212,7 +212,7 @@ func (d *Discovery) query(req *discovery.Request) (discovery.Response, error) { pCli.Close() } }() - pc, err := d.chaincode.PeerManager.NewClient(*d.chaincode.ConfigService.PickPeer(driver.PeerForDiscovery)) + pc, err := d.chaincode.Services.NewPeerClient(*d.chaincode.ConfigService.PickPeer(driver.PeerForDiscovery)) if err != nil { return nil, err } diff --git a/platform/fabric/core/generic/chaincode/invoke.go b/platform/fabric/core/generic/chaincode/invoke.go index a6eeb805d..6049e6831 100644 --- a/platform/fabric/core/generic/chaincode/invoke.go +++ b/platform/fabric/core/generic/chaincode/invoke.go @@ -15,7 +15,7 @@ import ( "sync" "time" - peer2 "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/peer" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/transaction" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" @@ -258,7 +258,7 @@ func (i *Invoke) WithRetrySleep(duration time.Duration) driver.ChaincodeInvocati } func (i *Invoke) prepare(query bool) (string, *pb.Proposal, []*pb.ProposalResponse, driver.SigningIdentity, error) { - var peerClients []peer2.Client + var peerClients []services.PeerClient defer func() { for _, pCli := range peerClients { pCli.Close() @@ -279,7 +279,7 @@ func (i *Invoke) prepare(query bool) (string, *pb.Proposal, []*pb.ProposalRespon case len(i.EndorsersByConnConfig) != 0: // get a peer client for each connection config for _, config := range i.EndorsersByConnConfig { - peerClient, err := i.Chaincode.PeerManager.NewClient(*config) + peerClient, err := i.Chaincode.Services.NewPeerClient(*config) if err != nil { return "", nil, nil, nil, err } @@ -329,10 +329,11 @@ func (i *Invoke) prepare(query bool) (string, *pb.Proposal, []*pb.ProposalRespon // get a peer client for all discovered peers for _, peer := range discoveredPeers { - peerClient, err := i.Chaincode.PeerManager.NewClient(grpc.ConnectionConfig{ - Address: peer.Endpoint, - TLSEnabled: i.Chaincode.ConfigService.TLSEnabled(), - TLSRootCertBytes: peer.TLSRootCerts, + peerClient, err := i.Chaincode.Services.NewPeerClient(grpc.ConnectionConfig{ + Address: peer.Endpoint, + TLSEnabled: i.Chaincode.ConfigService.TLSEnabled(), + TLSClientSideAuth: i.Chaincode.ConfigService.TLSClientAuthRequired(), + TLSRootCertBytes: peer.TLSRootCerts, }) if err != nil { return "", nil, nil, nil, errors.WithMessagef(err, "error getting endorser client for %s", peer.Endpoint) diff --git a/platform/fabric/core/generic/chaincode/manager.go b/platform/fabric/core/generic/chaincode/manager.go index ea2713001..e101430fd 100644 --- a/platform/fabric/core/generic/chaincode/manager.go +++ b/platform/fabric/core/generic/chaincode/manager.go @@ -21,7 +21,7 @@ type Manager struct { NumRetries uint RetrySleep time.Duration LocalMembership driver.LocalMembership - PeerManager PeerManager + PeerManager Services SignerService driver.SignerService Broadcaster Broadcaster Finality driver.Finality @@ -40,7 +40,7 @@ func NewManager( numRetries uint, retrySleep time.Duration, localMembership driver.LocalMembership, - peerManager PeerManager, + peerManager Services, signerService driver.SignerService, broadcaster Broadcaster, finality driver.Finality, diff --git a/platform/fabric/core/generic/channel.go b/platform/fabric/core/generic/channel.go index 373b31607..68477d17a 100644 --- a/platform/fabric/core/generic/channel.go +++ b/platform/fabric/core/generic/channel.go @@ -11,7 +11,7 @@ import ( "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/delivery" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/membership" - "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/peer" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" "github.com/pkg/errors" ) @@ -42,7 +42,7 @@ type Channel struct { ChannelMembershipService *membership.Service ChaincodeManagerService driver.ChaincodeManager CommitterService committerService - PeerManager *peer.Service + PeerService *services.ClientFactory } func (c *Channel) Name() string { diff --git a/platform/fabric/core/generic/channelprovider.go b/platform/fabric/core/generic/channelprovider.go index 997699c39..1309c0e56 100644 --- a/platform/fabric/core/generic/channelprovider.go +++ b/platform/fabric/core/generic/channelprovider.go @@ -15,8 +15,8 @@ import ( "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/finality" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/ledger" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/membership" - "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/peer" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/rwset" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/transaction" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/vault" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" @@ -96,7 +96,7 @@ func (p *provider) NewChannel(nw driver.FabricNetworkService, channelName string envelopeService := transaction.NewEnvelopeService(p.kvss, nw.Name(), channelName) transactionService := transaction.NewEndorseTransactionService(p.kvss, nw.Name(), channelName) metadataService := transaction.NewMetadataService(p.kvss, nw.Name(), channelName) - peerService := peer.NewService(nw.ConfigService(), nw.LocalMembership().DefaultSigningIdentity()) + peerService := services.NewClientFactory(nw.ConfigService(), nw.LocalMembership().DefaultSigningIdentity()) // Fabric finality fabricFinality, err := finality.NewFabricFinality( @@ -205,7 +205,7 @@ func (p *provider) NewChannel(nw driver.FabricNetworkService, channelName string ChannelMembershipService: channelMembershipService, ChaincodeManagerService: chaincodeManagerService, CommitterService: committerService, - PeerManager: peerService, + PeerService: peerService, } if err := c.Init(); err != nil { return nil, errors.WithMessagef(err, "failed initializing Channel [%s]", channelName) diff --git a/platform/fabric/core/generic/committer/committer.go b/platform/fabric/core/generic/committer/committer.go index 0457fee7a..0297cea65 100644 --- a/platform/fabric/core/generic/committer/committer.go +++ b/platform/fabric/core/generic/committer/committer.go @@ -853,6 +853,10 @@ func (c *Committer) applyBundle(bundle *channelconfig.Bundle) error { if !isSet { tlsEnabled = c.ConfigService.TLSEnabled() } + tlsClientSideAuth, isSet := c.ConfigService.OrderingTLSClientAuthRequired() + if !isSet { + tlsEnabled = c.ConfigService.TLSClientAuthRequired() + } connectionTimeout := c.ConfigService.ClientConnTimeout() var newOrderers []*grpc.ConnectionConfig @@ -864,11 +868,11 @@ func (c *Committer) applyBundle(bundle *channelconfig.Bundle) error { tlsRootCerts = append(tlsRootCerts, msp.GetTLSIntermediateCerts()...) for _, endpoint := range org.Endpoints() { c.logger.Debugf("[Channel: %s] Adding orderer endpoint: [%s:%s:%s]", c.ChannelConfig.ID(), org.Name(), org.MSPID(), endpoint) - // TODO: load from configuration newOrderers = append(newOrderers, &grpc.ConnectionConfig{ Address: endpoint, ConnectionTimeout: connectionTimeout, TLSEnabled: tlsEnabled, + TLSClientSideAuth: tlsClientSideAuth, TLSRootCertBytes: tlsRootCerts, }) } @@ -880,6 +884,7 @@ func (c *Committer) applyBundle(bundle *channelconfig.Bundle) error { Address: endpoint, ConnectionTimeout: connectionTimeout, TLSEnabled: tlsEnabled, + TLSClientSideAuth: tlsClientSideAuth, TLSRootCertBytes: tlsRootCerts, }) } diff --git a/platform/fabric/core/generic/config/service.go b/platform/fabric/core/generic/config/service.go index 492fa774b..2adad3505 100644 --- a/platform/fabric/core/generic/config/service.go +++ b/platform/fabric/core/generic/config/service.go @@ -123,13 +123,13 @@ func createChannelMap(channels []*Channel) (map[string]*Channel, string, error) func createPeerMap(peers []*grpc.ConnectionConfig, tlsEnabled bool) map[driver.PeerFunctionType][]*grpc.ConnectionConfig { peerMapping := map[driver.PeerFunctionType][]*grpc.ConnectionConfig{} - for _, v := range peers { - v.TLSEnabled = tlsEnabled && !v.TLSDisabled + for _, peerCC := range peers { + peerCC.TLSEnabled = tlsEnabled && !peerCC.TLSDisabled - if funcType, ok := funcTypeMap[strings.ToLower(v.Usage)]; ok { - peerMapping[funcType] = append(peerMapping[funcType], v) + if funcType, ok := funcTypeMap[strings.ToLower(peerCC.Usage)]; ok { + peerMapping[funcType] = append(peerMapping[funcType], peerCC) } else { - logger.Warn("connection usage [%s] not recognized [%v]", v.Usage, v) + logger.Warn("connection usage [%s] not recognized [%v]", peerCC.Usage, peerCC) } } return peerMapping @@ -154,6 +154,13 @@ func (s *Service) OrderingTLSEnabled() (bool, bool) { return s.GetBool("ordering.tlsEnabled"), true } +func (s *Service) OrderingTLSClientAuthRequired() (bool, bool) { + if !s.Configuration.IsSet("ordering.tlsClientAuthRequired") { + return false, false + } + return s.GetBool("ordering.tlsClientAuthRequired"), true +} + func (s *Service) DriverName() string { return s.driver } diff --git a/platform/fabric/core/generic/delivery/deliverclient.go b/platform/fabric/core/generic/delivery/deliverclient.go index dfdca0559..7203f59e7 100644 --- a/platform/fabric/core/generic/delivery/deliverclient.go +++ b/platform/fabric/core/generic/delivery/deliverclient.go @@ -12,7 +12,7 @@ import ( "math" "github.com/hyperledger-labs/fabric-smart-client/pkg/utils/proto" - "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/peer" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" grpc2 "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" "github.com/hyperledger/fabric-protos-go/common" @@ -73,10 +73,10 @@ type DeliverClient interface { // deliverClient implements DeliverClient interface type deliverClient struct { - client peer.Client + client services.PeerClient } -func NewDeliverClient(client peer.Client) (DeliverClient, error) { +func NewDeliverClient(client services.PeerClient) (DeliverClient, error) { return &deliverClient{ client: client, }, nil diff --git a/platform/fabric/core/generic/delivery/delivery.go b/platform/fabric/core/generic/delivery/delivery.go index 6861e0467..b842803d0 100644 --- a/platform/fabric/core/generic/delivery/delivery.go +++ b/platform/fabric/core/generic/delivery/delivery.go @@ -12,7 +12,7 @@ import ( "time" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/committer" - "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/peer" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" @@ -59,8 +59,8 @@ type Vault interface { GetLastTxID() (string, error) } -type PeerManager interface { - NewClient(cc grpc.ConnectionConfig) (peer.Client, error) +type Services interface { + NewPeerClient(cc grpc.ConnectionConfig) (services.PeerClient, error) } type Delivery struct { @@ -70,12 +70,12 @@ type Delivery struct { NetworkName string LocalMembership driver.LocalMembership ConfigService driver.ConfigService - PeerManager PeerManager + Services Services Ledger driver.Ledger waitForEventTimeout time.Duration callback Callback vault Vault - client peer.Client + client services.PeerClient tracer trace.Tracer lastBlockReceived uint64 stop chan bool @@ -87,7 +87,7 @@ func New( hasher Hasher, LocalMembership driver.LocalMembership, ConfigService driver.ConfigService, - PeerManager PeerManager, + PeerManager Services, Ledger driver.Ledger, callback Callback, vault Vault, @@ -106,7 +106,7 @@ func New( hasher: hasher, LocalMembership: LocalMembership, ConfigService: ConfigService, - PeerManager: PeerManager, + Services: PeerManager, Ledger: Ledger, waitForEventTimeout: waitForEventTimeout, tracer: tracerProvider.Tracer("delivery", tracing.WithMetricsOpts(tracing.MetricsOpts{ @@ -239,7 +239,7 @@ func (d *Delivery) connect(ctx context.Context) (DeliverStream, error) { logger.Debugf("connecting to deliver service at [%s] for [%s:%s]", address, d.NetworkName, d.channel) } var err error - d.client, err = d.PeerManager.NewClient(*peerConnConf) + d.client, err = d.Services.NewPeerClient(*peerConnConf) if err != nil { return nil, errors.WithMessagef(err, "failed creating peer client for address [%s][%s:%s]", address, d.NetworkName, d.channel) } diff --git a/platform/fabric/core/generic/delivery/service.go b/platform/fabric/core/generic/delivery/service.go index c37559806..84b5ed3e6 100644 --- a/platform/fabric/core/generic/delivery/service.go +++ b/platform/fabric/core/generic/delivery/service.go @@ -30,7 +30,7 @@ type Service struct { NetworkName string LocalMembership driver.LocalMembership ConfigService driver.ConfigService - PeerManager PeerManager + PeerManager Services Ledger driver.Ledger transactionManager driver.TransactionManager waitForEventTimeout time.Duration @@ -45,7 +45,7 @@ func NewService( networkName string, localMembership driver.LocalMembership, configService driver.ConfigService, - peerManager PeerManager, + peerManager Services, ledger driver.Ledger, waitForEventTimeout time.Duration, txIDStore driver.TXIDStore, diff --git a/platform/fabric/core/generic/finality/fabric.go b/platform/fabric/core/generic/finality/fabric.go index cccb084c9..5c469a2c0 100644 --- a/platform/fabric/core/generic/finality/fabric.go +++ b/platform/fabric/core/generic/finality/fabric.go @@ -11,7 +11,7 @@ import ( "time" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/delivery" - "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/peer" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" @@ -22,8 +22,8 @@ import ( var logger = flogging.MustGetLogger("fabric-sdk.core") -type PeerService interface { - NewClient(cc grpc.ConnectionConfig) (peer.Client, error) +type Services interface { + NewPeerClient(cc grpc.ConnectionConfig) (services.PeerClient, error) } type Hasher interface { @@ -33,7 +33,7 @@ type Hasher interface { type FabricFinality struct { Channel string ConfigService driver.ConfigService - PeerService PeerService + Services Services DefaultSigningIdentity driver.SigningIdentity Hasher Hasher WaitForEventTimeout time.Duration @@ -42,7 +42,7 @@ type FabricFinality struct { func NewFabricFinality( channel string, ConfigService driver.ConfigService, - peerService PeerService, + peerService Services, defaultSigningIdentity driver.SigningIdentity, hasher Hasher, waitForEventTimeout time.Duration, @@ -54,7 +54,7 @@ func NewFabricFinality( d := &FabricFinality{ Channel: channel, ConfigService: ConfigService, - PeerService: peerService, + Services: peerService, DefaultSigningIdentity: defaultSigningIdentity, Hasher: hasher, WaitForEventTimeout: waitForEventTimeout, @@ -71,7 +71,7 @@ func (d *FabricFinality) IsFinal(txID string, address string) error { var ctx context.Context var cancelFunc context.CancelFunc - client, err := d.PeerService.NewClient(*d.ConfigService.PickPeer(driver.PeerForFinality)) + client, err := d.Services.NewPeerClient(*d.ConfigService.PickPeer(driver.PeerForFinality)) if err != nil { return errors.WithMessagef(err, "failed creating peer client for address [%s]", address) } diff --git a/platform/fabric/core/generic/msp/driver/mock/config_provider.go b/platform/fabric/core/generic/msp/driver/mock/config_provider.go index 1723a6e4a..08ea399af 100644 --- a/platform/fabric/core/generic/msp/driver/mock/config_provider.go +++ b/platform/fabric/core/generic/msp/driver/mock/config_provider.go @@ -242,6 +242,18 @@ type ConfigProvider struct { orderersReturnsOnCall map[int]struct { result1 []*grpc.ConnectionConfig } + OrderingTLSClientAuthRequiredStub func() (bool, bool) + orderingTLSClientAuthRequiredMutex sync.RWMutex + orderingTLSClientAuthRequiredArgsForCall []struct { + } + orderingTLSClientAuthRequiredReturns struct { + result1 bool + result2 bool + } + orderingTLSClientAuthRequiredReturnsOnCall map[int]struct { + result1 bool + result2 bool + } OrderingTLSEnabledStub func() (bool, bool) orderingTLSEnabledMutex sync.RWMutex orderingTLSEnabledArgsForCall []struct { @@ -1639,6 +1651,62 @@ func (fake *ConfigProvider) OrderersReturnsOnCall(i int, result1 []*grpc.Connect }{result1} } +func (fake *ConfigProvider) OrderingTLSClientAuthRequired() (bool, bool) { + fake.orderingTLSClientAuthRequiredMutex.Lock() + ret, specificReturn := fake.orderingTLSClientAuthRequiredReturnsOnCall[len(fake.orderingTLSClientAuthRequiredArgsForCall)] + fake.orderingTLSClientAuthRequiredArgsForCall = append(fake.orderingTLSClientAuthRequiredArgsForCall, struct { + }{}) + stub := fake.OrderingTLSClientAuthRequiredStub + fakeReturns := fake.orderingTLSClientAuthRequiredReturns + fake.recordInvocation("OrderingTLSClientAuthRequired", []interface{}{}) + fake.orderingTLSClientAuthRequiredMutex.Unlock() + if stub != nil { + return stub() + } + if specificReturn { + return ret.result1, ret.result2 + } + return fakeReturns.result1, fakeReturns.result2 +} + +func (fake *ConfigProvider) OrderingTLSClientAuthRequiredCallCount() int { + fake.orderingTLSClientAuthRequiredMutex.RLock() + defer fake.orderingTLSClientAuthRequiredMutex.RUnlock() + return len(fake.orderingTLSClientAuthRequiredArgsForCall) +} + +func (fake *ConfigProvider) OrderingTLSClientAuthRequiredCalls(stub func() (bool, bool)) { + fake.orderingTLSClientAuthRequiredMutex.Lock() + defer fake.orderingTLSClientAuthRequiredMutex.Unlock() + fake.OrderingTLSClientAuthRequiredStub = stub +} + +func (fake *ConfigProvider) OrderingTLSClientAuthRequiredReturns(result1 bool, result2 bool) { + fake.orderingTLSClientAuthRequiredMutex.Lock() + defer fake.orderingTLSClientAuthRequiredMutex.Unlock() + fake.OrderingTLSClientAuthRequiredStub = nil + fake.orderingTLSClientAuthRequiredReturns = struct { + result1 bool + result2 bool + }{result1, result2} +} + +func (fake *ConfigProvider) OrderingTLSClientAuthRequiredReturnsOnCall(i int, result1 bool, result2 bool) { + fake.orderingTLSClientAuthRequiredMutex.Lock() + defer fake.orderingTLSClientAuthRequiredMutex.Unlock() + fake.OrderingTLSClientAuthRequiredStub = nil + if fake.orderingTLSClientAuthRequiredReturnsOnCall == nil { + fake.orderingTLSClientAuthRequiredReturnsOnCall = make(map[int]struct { + result1 bool + result2 bool + }) + } + fake.orderingTLSClientAuthRequiredReturnsOnCall[i] = struct { + result1 bool + result2 bool + }{result1, result2} +} + func (fake *ConfigProvider) OrderingTLSEnabled() (bool, bool) { fake.orderingTLSEnabledMutex.Lock() ret, specificReturn := fake.orderingTLSEnabledReturnsOnCall[len(fake.orderingTLSEnabledArgsForCall)] @@ -2469,6 +2537,8 @@ func (fake *ConfigProvider) Invocations() map[string][][]interface{} { defer fake.ordererConnectionPoolSizeMutex.RUnlock() fake.orderersMutex.RLock() defer fake.orderersMutex.RUnlock() + fake.orderingTLSClientAuthRequiredMutex.RLock() + defer fake.orderingTLSClientAuthRequiredMutex.RUnlock() fake.orderingTLSEnabledMutex.RLock() defer fake.orderingTLSEnabledMutex.RUnlock() fake.pickOrdererMutex.RLock() diff --git a/platform/fabric/core/generic/network.go b/platform/fabric/core/generic/network.go index 82a3cba85..9a3963be2 100644 --- a/platform/fabric/core/generic/network.go +++ b/platform/fabric/core/generic/network.go @@ -12,6 +12,7 @@ import ( "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/metrics" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/ordering" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/rwset" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/transaction" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging" @@ -176,6 +177,7 @@ func (f *Network) Init() error { f.sigService, f.configService, f.Metrics, + services.NewClientFactory(f.configService, f.LocalMembership().DefaultSigningIdentity()), ) return nil } @@ -197,3 +199,11 @@ func (f *Network) SetTransactionManager(tm driver.TransactionManager) { func (f *Network) SetProcessorManager(pm driver.ProcessorManager) { f.processorManager = pm } + +type OrdererClientFactory struct { + *services.ClientFactory +} + +func (o *OrdererClientFactory) NewOrdererClient(cc grpc.ConnectionConfig) (ordering.Client, error) { + return o.ClientFactory.NewOrdererClient(cc) +} diff --git a/platform/fabric/core/generic/ordering/bft.go b/platform/fabric/core/generic/ordering/bft.go index 5d848cb11..581a7d114 100644 --- a/platform/fabric/core/generic/ordering/bft.go +++ b/platform/fabric/core/generic/ordering/bft.go @@ -18,10 +18,12 @@ import ( common2 "github.com/hyperledger/fabric-protos-go/common" "github.com/pkg/errors" "golang.org/x/sync/semaphore" + "google.golang.org/grpc/status" ) type BFTBroadcaster struct { ConfigService driver.ConfigService + ClientFactory Services connSem *semaphore.Weighted metrics *metrics.Metrics @@ -31,9 +33,10 @@ type BFTBroadcaster struct { connections map[string]chan *Connection } -func NewBFTBroadcaster(configService driver.ConfigService, metrics *metrics.Metrics) *BFTBroadcaster { +func NewBFTBroadcaster(configService driver.ConfigService, cf Services, metrics *metrics.Metrics) *BFTBroadcaster { return &BFTBroadcaster{ ConfigService: configService, + ClientFactory: cf, connections: map[string]chan *Connection{}, connSem: semaphore.NewWeighted(int64(configService.OrdererConnectionPoolSize())), metrics: metrics, @@ -160,20 +163,26 @@ func (o *BFTBroadcaster) getConnection(ctx context.Context, to *grpc.ConnectionC cancel() // create connection - oClient, err := NewClient(to) + client, err := o.ClientFactory.NewOrdererClient(*to) if err != nil { return nil, errors.Wrapf(err, "failed creating orderer client for %s", to.Address) } - stream, err := oClient.NewBroadcast(ctx) + oClient, err := client.OrdererClient() if err != nil { - oClient.Close() + rpcStatus, _ := status.FromError(err) + return nil, errors.Wrapf(err, "failed to new a broadcast, rpcStatus=%+v", rpcStatus) + } + + stream, err := oClient.Broadcast(ctx) + if err != nil { + client.Close() return nil, errors.Wrapf(err, "failed creating orderer stream for %s", to.Address) } return &Connection{ Stream: stream, - Client: oClient, + Client: client, }, nil } } diff --git a/platform/fabric/core/generic/ordering/cft.go b/platform/fabric/core/generic/ordering/cft.go index 1d8b92134..672798333 100644 --- a/platform/fabric/core/generic/ordering/cft.go +++ b/platform/fabric/core/generic/ordering/cft.go @@ -16,22 +16,25 @@ import ( ab "github.com/hyperledger/fabric-protos-go/orderer" "github.com/pkg/errors" "golang.org/x/sync/semaphore" + "google.golang.org/grpc/status" ) type CFTBroadcaster struct { NetworkID string ConfigService driver.ConfigService + ClientFactory Services connSem *semaphore.Weighted connections chan *Connection metrics *metrics.Metrics } -func NewCFTBroadcaster(configService driver.ConfigService, metrics *metrics.Metrics) *CFTBroadcaster { +func NewCFTBroadcaster(configService driver.ConfigService, clientFactory Services, metrics *metrics.Metrics) *CFTBroadcaster { poolSize := configService.OrdererConnectionPoolSize() return &CFTBroadcaster{ NetworkID: configService.NetworkName(), ConfigService: configService, + ClientFactory: clientFactory, connections: make(chan *Connection, poolSize), connSem: semaphore.NewWeighted(int64(poolSize)), metrics: metrics, @@ -107,25 +110,31 @@ func (o *CFTBroadcaster) getConnection(ctx context.Context) (*Connection, error) cancel() // create connection - ordererConfig := o.ConfigService.PickOrderer() - if ordererConfig == nil { + to := o.ConfigService.PickOrderer() + if to == nil { return nil, errors.New("no orderer configured") } - oClient, err := NewClient(ordererConfig) + client, err := o.ClientFactory.NewOrdererClient(*to) if err != nil { - return nil, errors.Wrapf(err, "failed creating orderer client for %s", ordererConfig.Address) + return nil, errors.Wrapf(err, "failed creating orderer client for %s", to.Address) } - stream, err := oClient.NewBroadcast(ctx) + oClient, err := client.OrdererClient() if err != nil { - oClient.Close() - return nil, errors.Wrapf(err, "failed creating orderer stream for %s", ordererConfig.Address) + rpcStatus, _ := status.FromError(err) + return nil, errors.Wrapf(err, "failed to new a broadcast, rpcStatus=%+v", rpcStatus) + } + + stream, err := oClient.Broadcast(ctx) + if err != nil { + client.Close() + return nil, errors.Wrapf(err, "failed creating orderer stream for %s", to.Address) } return &Connection{ Stream: stream, - Client: oClient, + Client: client, }, nil } } diff --git a/platform/fabric/core/generic/ordering/client.go b/platform/fabric/core/generic/ordering/client.go index b0c7a5d4d..ff629e179 100644 --- a/platform/fabric/core/generic/ordering/client.go +++ b/platform/fabric/core/generic/ordering/client.go @@ -7,24 +7,18 @@ SPDX-License-Identifier: Apache-2.0 package ordering import ( - "context" - "crypto/tls" - "io" - "strings" "sync" - grpc2 "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/services" + "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" "github.com/hyperledger/fabric-protos-go/common" ab "github.com/hyperledger/fabric-protos-go/orderer" - "github.com/pkg/errors" - "google.golang.org/grpc" - "google.golang.org/grpc/status" ) type Connection struct { lock sync.Mutex Stream Broadcast - Client *Client + Client Client } func (c *Connection) Send(m *common.Envelope) error { @@ -41,7 +35,11 @@ func (c *Connection) Recv() (*ab.BroadcastResponse, error) { return c.Stream.Recv() } -//go:generate counterfeiter -o mock/Broadcaster.go -fake-name Broadcast . Broadcast +type Client = services.OrdererClient + +type Services interface { + NewOrdererClient(cc grpc.ConnectionConfig) (Client, error) +} // Broadcast defines the interface that abstracts grpc calls to broadcast transactions to orderer type Broadcast interface { @@ -49,148 +47,3 @@ type Broadcast interface { Recv() (*ab.BroadcastResponse, error) CloseSend() error } - -//go:generate counterfeiter -o mock/ordererclient.go -fake-name OrdererClient . OrdererClient - -// OrdererClient defines the interface to create a Broadcast -type OrdererClient interface { - // NewBroadcast returns a Broadcast - NewBroadcast(ctx context.Context, opts ...grpc.CallOption) (Broadcast, error) - - // Certificate returns tls certificate for the orderer client - Certificate() *tls.Certificate - - Close() -} - -// Client implements OrdererClient interface -type Client struct { - ordererAddr string - serverNameOverride string - grpcClient *grpc2.Client - conn *grpc.ClientConn -} - -func NewClient(config *grpc2.ConnectionConfig) (*Client, error) { - grpcClient, err := grpc2.CreateGRPCClient(config) - if err != nil { - err = errors.WithMessagef(err, "failed to create a Client to orderer %s", config.Address) - return nil, err - } - conn, err := grpcClient.NewConnection(config.Address) - if err != nil { - return nil, errors.WithMessagef(err, "failed to connect to orderer %s", config.Address) - } - - return &Client{ - ordererAddr: config.Address, - serverNameOverride: config.ServerNameOverride, - grpcClient: grpcClient, - conn: conn, - }, nil -} - -func (oc *Client) Close() { - go oc.grpcClient.Close() -} - -// NewBroadcast creates a Broadcast -func (oc *Client) NewBroadcast(ctx context.Context, opts ...grpc.CallOption) (Broadcast, error) { - // reuse the existing connection to create Broadcast client - broadcast, err := ab.NewAtomicBroadcastClient(oc.conn).Broadcast(ctx) - if err == nil { - return broadcast, nil - } - - // error occurred with the existing connection, so create a new connection to orderer - oc.conn, err = oc.grpcClient.NewConnection(oc.ordererAddr) - if err != nil { - return nil, errors.WithMessagef(err, "failed to connect to orderer %s", oc.ordererAddr) - } - - // create a new Broadcast - broadcast, err = ab.NewAtomicBroadcastClient(oc.conn).Broadcast(ctx) - if err != nil { - rpcStatus, _ := status.FromError(err) - return nil, errors.Wrapf(err, "failed to new a broadcast, rpcStatus=%+v", rpcStatus) - } - return broadcast, nil -} - -func (oc *Client) Certificate() *tls.Certificate { - cert := oc.grpcClient.Certificate() - return &cert -} - -// BroadcastSend sends transaction envelope to orderer Service -func BroadcastSend(broadcast Broadcast, envelope *common.Envelope) error { - return broadcast.Send(envelope) -} - -// BroadcastReceive waits until it receives the response from broadcast stream -func BroadcastReceive(broadcast Broadcast, addr string, responses chan common.Status, errs chan error) { - for { - broadcastResponse, err := broadcast.Recv() - if err == io.EOF { - close(responses) - return - } - - if err != nil { - rpcStatus, _ := status.FromError(err) - errs <- errors.Wrapf(err, "broadcast recv error from orderer %s, rpcStatus=%+v", addr, rpcStatus) - close(responses) - return - } - - if broadcastResponse.Status == common.Status_SUCCESS { - responses <- broadcastResponse.Status - } else { - errs <- errors.Errorf("broadcast response error %d from orderer %s", int32(broadcastResponse.Status), addr) - } - } -} - -// BroadcastWaitForResponse reads from response and errs chans until responses chan is closed -func BroadcastWaitForResponse(responses chan common.Status, errs chan error) (common.Status, error) { - var st common.Status - allErrs := make([]error, 0) - -read: - for { - select { - case s, ok := <-responses: - if !ok { - break read - } - st = s - case e := <-errs: - allErrs = append(allErrs, e) - } - } - - // drain remaining errors - for i := 0; i < len(errs); i++ { - e := <-errs - allErrs = append(allErrs, e) - } - // close errs channel since we have read all of them - close(errs) - return st, toError(allErrs) -} - -// toError converts []error to error -func toError(errs []error) error { - if len(errs) == 0 { - return nil - } - if len(errs) == 1 { - return errs[0] - } - - errmsgs := []string{"Multiple errors occurred in order broadcast stream: "} - for _, err := range errs { - errmsgs = append(errmsgs, err.Error()) - } - return errors.New(strings.Join(errmsgs, "\n")) -} diff --git a/platform/fabric/core/generic/ordering/ordering.go b/platform/fabric/core/generic/ordering/ordering.go index 1707c424f..be8f4f5f3 100644 --- a/platform/fabric/core/generic/ordering/ordering.go +++ b/platform/fabric/core/generic/ordering/ordering.go @@ -59,7 +59,13 @@ type Service struct { Broadcaster BroadcastFnc } -func NewService(getEndorserTransactionService GetEndorserTransactionServiceFunc, sigService driver.SignerService, configService driver.ConfigService, metrics *metrics.Metrics) *Service { +func NewService( + getEndorserTransactionService GetEndorserTransactionServiceFunc, + sigService driver.SignerService, + configService driver.ConfigService, + metrics *metrics.Metrics, + services Services, +) *Service { s := &Service{ GetEndorserTransactionService: getEndorserTransactionService, SigService: sigService, @@ -68,8 +74,8 @@ func NewService(getEndorserTransactionService GetEndorserTransactionServiceFunc, BroadcastMutex: sync.RWMutex{}, Broadcaster: nil, } - s.Broadcasters[BFT] = NewBFTBroadcaster(configService, metrics).Broadcast - cft := NewCFTBroadcaster(configService, metrics) + s.Broadcasters[BFT] = NewBFTBroadcaster(configService, services, metrics).Broadcast + cft := NewCFTBroadcaster(configService, services, metrics) s.Broadcasters[Raft] = cft.Broadcast s.Broadcasters[Solo] = cft.Broadcast diff --git a/platform/fabric/core/generic/peer/service.go b/platform/fabric/core/generic/peer/service.go deleted file mode 100644 index 4237a79ba..000000000 --- a/platform/fabric/core/generic/peer/service.go +++ /dev/null @@ -1,27 +0,0 @@ -/* -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package peer - -import ( - "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" - "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging" - "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" -) - -var logger = flogging.MustGetLogger("fabric-sdk.core.generic.peer") - -type Service struct { - ConnCache ClientFactory -} - -func NewService(configService driver.ConfigService, signer driver.Signer) *Service { - return &Service{ConnCache: NewCachingClientFactory(configService, signer)} -} - -func (c *Service) NewClient(cc grpc.ConnectionConfig) (Client, error) { - return c.ConnCache.NewClient(cc) -} diff --git a/platform/fabric/core/generic/peer/peer.go b/platform/fabric/core/generic/services/client.go similarity index 83% rename from platform/fabric/core/generic/peer/peer.go rename to platform/fabric/core/generic/services/client.go index 2cc991bde..d394082c0 100644 --- a/platform/fabric/core/generic/peer/peer.go +++ b/platform/fabric/core/generic/services/client.go @@ -4,22 +4,18 @@ Copyright IBM Corp. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -package peer +package services import ( "context" "crypto/tls" - grpc2 "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" "github.com/hyperledger/fabric-protos-go/discovery" + ab "github.com/hyperledger/fabric-protos-go/orderer" "github.com/hyperledger/fabric-protos-go/peer" dclient "github.com/hyperledger/fabric/discovery/client" ) -type ClientFactory interface { - NewClient(cc grpc2.ConnectionConfig) (Client, error) -} - // DiscoveryClient represents an interface for discovery service type DiscoveryClient interface { // Send sends a request to the discovery service @@ -35,6 +31,12 @@ type Client interface { // when client certificates are required by the server Certificate() tls.Certificate + // Close closes this client + Close() +} + +type PeerClient interface { + Client // EndorserClient returns an endorser client for the peer EndorserClient() (peer.EndorserClient, error) @@ -43,7 +45,11 @@ type Client interface { // DeliverClient returns a deliver client for the peer DeliverClient() (peer.DeliverClient, error) +} - // Close closes this client - Close() +type OrdererClient interface { + Client + + // OrdererClient returns an orderer client + OrdererClient() (ab.AtomicBroadcastClient, error) } diff --git a/platform/fabric/core/generic/peer/conn.go b/platform/fabric/core/generic/services/conn.go similarity index 77% rename from platform/fabric/core/generic/peer/conn.go rename to platform/fabric/core/generic/services/conn.go index 05564428e..384deab82 100644 --- a/platform/fabric/core/generic/peer/conn.go +++ b/platform/fabric/core/generic/services/conn.go @@ -4,7 +4,7 @@ Copyright IBM Corp. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -package peer +package services import ( "context" @@ -14,6 +14,7 @@ import ( "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" "github.com/hyperledger/fabric-protos-go/discovery" + ab "github.com/hyperledger/fabric-protos-go/orderer" "github.com/hyperledger/fabric-protos-go/peer" dclient "github.com/hyperledger/fabric/discovery/client" "github.com/pkg/errors" @@ -65,7 +66,8 @@ func (c *StatefulClient) Send(ctx context.Context, req *dclient.Request, auth *d } type resettableClient interface { - Client + PeerClient + OrdererClient Reset() error } @@ -101,6 +103,10 @@ func (c *ClientWrapper) DiscoveryClient() (DiscoveryClient, error) { return &StatefulClient{DC: dc, onErr: c.client.Reset}, nil } +func (c *ClientWrapper) OrdererClient() (ab.AtomicBroadcastClient, error) { + return c.client.OrdererClient() +} + func (c *ClientWrapper) Certificate() tls.Certificate { return c.client.Certificate() } @@ -115,19 +121,30 @@ func (c *ClientWrapper) Close() { func NewCachingClientFactory(configService driver.ConfigService, signer driver.Signer) *CachingClientFactory { f := newFactory(configService, signer) - return &CachingClientFactory{cache: lazy.NewProviderWithKeyMapper( - func(cc grpc.ConnectionConfig) string { return cc.Address }, - f.newWrappedClient, - ), + + return &CachingClientFactory{ + cachePeer: lazy.NewProviderWithKeyMapper( + func(cc grpc.ConnectionConfig) string { return cc.Address }, + f.NewPeerClient, + ), + cacheOrderer: lazy.NewProviderWithKeyMapper( + func(cc grpc.ConnectionConfig) string { return cc.Address }, + f.NewOrdererClient, + ), } } type CachingClientFactory struct { - cache lazy.Provider[grpc.ConnectionConfig, Client] + cachePeer lazy.Provider[grpc.ConnectionConfig, PeerClient] + cacheOrderer lazy.Provider[grpc.ConnectionConfig, OrdererClient] } -func (cep *CachingClientFactory) NewClient(cc grpc.ConnectionConfig) (Client, error) { - return cep.cache.Get(cc) +func (cep *CachingClientFactory) NewPeerClient(cc grpc.ConnectionConfig) (PeerClient, error) { + return cep.cachePeer.Get(cc) +} + +func (cep *CachingClientFactory) NewOrdererClient(cc grpc.ConnectionConfig) (OrdererClient, error) { + return cep.cacheOrderer.Get(cc) } type GRPCClientFactory struct { @@ -142,20 +159,29 @@ func newFactory(configService driver.ConfigService, signer driver.Signer) *GRPCC } } -func (c *GRPCClientFactory) newWrappedClient(cc grpc.ConnectionConfig) (Client, error) { - cl, err := c.NewClient(cc) +func (c *GRPCClientFactory) NewPeerClient(cc grpc.ConnectionConfig) (PeerClient, error) { + cl, err := c.newClient(cc) + if err != nil { + return nil, err + } + + return NewClientWrapper(cl), nil +} + +func (c *GRPCClientFactory) NewOrdererClient(cc grpc.ConnectionConfig) (OrdererClient, error) { + cl, err := c.newClient(cc) if err != nil { return nil, err } - return NewClientWrapper(cl.(*GRPCClient)), nil + return NewClientWrapper(cl), nil } -func (c *GRPCClientFactory) NewClient(cc grpc.ConnectionConfig) (Client, error) { +func (c *GRPCClientFactory) newClient(cc grpc.ConnectionConfig) (*GRPCClient, error) { logger.Debugf("Creating new peer GRPCClient for address [%s]", cc.Address) secOpts, err := grpc.CreateSecOpts(cc, grpc.TLSClientConfig{ - TLSClientAuthRequired: c.ConfigService.TLSClientAuthRequired(), + TLSClientAuthRequired: cc.TLSClientSideAuth, TLSClientKeyFile: c.ConfigService.TLSClientKeyFile(), TLSClientCertFile: c.ConfigService.TLSClientCertFile(), }) diff --git a/platform/fabric/core/generic/peer/client.go b/platform/fabric/core/generic/services/grpc.go similarity index 89% rename from platform/fabric/core/generic/peer/client.go rename to platform/fabric/core/generic/services/grpc.go index 7ee46828c..3ffbbc1f5 100644 --- a/platform/fabric/core/generic/peer/client.go +++ b/platform/fabric/core/generic/services/grpc.go @@ -4,13 +4,14 @@ Copyright IBM Corp. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -package peer +package services import ( "crypto/tls" "github.com/hyperledger-labs/fabric-smart-client/platform/common/utils/lazy" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" + ab "github.com/hyperledger/fabric-protos-go/orderer" pb "github.com/hyperledger/fabric-protos-go/peer" discovery2 "github.com/hyperledger/fabric/discovery/client" grpc2 "google.golang.org/grpc" @@ -61,6 +62,15 @@ func (c *GRPCClient) DeliverClient() (pb.DeliverClient, error) { return pb.NewDeliverClient(conn), nil } +func (c *GRPCClient) OrdererClient() (ab.AtomicBroadcastClient, error) { + conn, err := c.connect() + if err != nil { + return nil, err + } + + return ab.NewAtomicBroadcastClient(conn), nil +} + func (c *GRPCClient) Certificate() tls.Certificate { return c.Client.Certificate() } @@ -79,10 +89,6 @@ type lazyGRPCClient struct { reset func() error } -func (c *lazyGRPCClient) Reset() error { - return c.reset() -} - func NewLazyGRPCClient(pc *GRPCClient) *lazyGRPCClient { holder := lazy.NewCloserHolder(pc.connect) return &lazyGRPCClient{ @@ -90,3 +96,7 @@ func NewLazyGRPCClient(pc *GRPCClient) *lazyGRPCClient { reset: holder.Reset, } } + +func (c *lazyGRPCClient) Reset() error { + return c.reset() +} diff --git a/platform/fabric/core/generic/services/services.go b/platform/fabric/core/generic/services/services.go new file mode 100644 index 000000000..2a88d1607 --- /dev/null +++ b/platform/fabric/core/generic/services/services.go @@ -0,0 +1,36 @@ +/* +Copyright IBM Corp. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package services + +import ( + "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" + "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging" + "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" +) + +var logger = flogging.MustGetLogger("fabric-sdk.core.generic.services") + +type clientFactory interface { + NewPeerClient(cc grpc.ConnectionConfig) (PeerClient, error) + NewOrdererClient(cc grpc.ConnectionConfig) (OrdererClient, error) +} + +type ClientFactory struct { + factory clientFactory +} + +func NewClientFactory(configService driver.ConfigService, signer driver.Signer) *ClientFactory { + return &ClientFactory{factory: NewCachingClientFactory(configService, signer)} +} + +func (c *ClientFactory) NewPeerClient(cc grpc.ConnectionConfig) (PeerClient, error) { + return c.factory.NewPeerClient(cc) +} + +func (c *ClientFactory) NewOrdererClient(cc grpc.ConnectionConfig) (OrdererClient, error) { + return c.factory.NewOrdererClient(cc) +} diff --git a/platform/fabric/driver/config.go b/platform/fabric/driver/config.go index 1000e3db4..74b3d0e48 100644 --- a/platform/fabric/driver/config.go +++ b/platform/fabric/driver/config.go @@ -92,7 +92,11 @@ type ConfigService interface { ChannelIDs() []string Orderers() []*grpc.ConnectionConfig // OrderingTLSEnabled returns true, true if TLS is enabled because the key was set. + // Default value is true. OrderingTLSEnabled() (bool, bool) + // OrderingTLSClientAuthRequired returns true, true if TLS client-side authentication is enabled because the key was set. + // Default value is false + OrderingTLSClientAuthRequired() (bool, bool) SetConfigOrderers([]*grpc.ConnectionConfig) error PickOrderer() *grpc.ConnectionConfig BroadcastNumRetries() int diff --git a/platform/view/services/grpc/config.go b/platform/view/services/grpc/config.go index 47adfe0c3..a9ea564a7 100644 --- a/platform/view/services/grpc/config.go +++ b/platform/view/services/grpc/config.go @@ -49,6 +49,7 @@ type ConnectionConfig struct { Address string `yaml:"address,omitempty"` ConnectionTimeout time.Duration `yaml:"connectionTimeout,omitempty"` TLSEnabled bool `yaml:"tlsEnabled,omitempty"` + TLSClientSideAuth bool `yaml:"tlsClientSideAuth,omitempty"` TLSDisabled bool `yaml:"tlsDisabled,omitempty"` TLSRootCertFile string `yaml:"tlsRootCertFile,omitempty"` TLSRootCertBytes [][]byte `yaml:"tlsRootCertBytes,omitempty"` From ffeb0d3d35637e153dbd1abd8ab119897cbf0743 Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Sun, 3 Nov 2024 10:18:36 +0100 Subject: [PATCH 5/6] diable TSL Signed-off-by: Angelo De Caro --- docs/core-fabric.md | 10 +++++++++- integration/fabric/iou/iou_test.go | 12 ++++++------ integration/fabric/iou/topology.go | 10 +++++----- integration/nwo/fabric/network/network.go | 2 ++ .../nwo/fabric/network/network_support.go | 6 +++--- integration/nwo/fabric/topology.go | 1 - .../nwo/fabric/topology/core_template.go | 2 +- integration/nwo/fabric/topology/topology.go | 1 - platform/fabric/core/generic/config/ds.go | 19 ++++++++++--------- 9 files changed, 36 insertions(+), 27 deletions(-) diff --git a/docs/core-fabric.md b/docs/core-fabric.md index 959183a6d..e30c52d7b 100644 --- a/docs/core-fabric.md +++ b/docs/core-fabric.md @@ -320,6 +320,10 @@ fabric: tlsRootCertFile: /path/to/ordererorg/ca.crt # server name override if tls cert SANS doesn't match address serverNameOverride: + # it is possible to customize per orderer the TLS behaviour, by using the following attributes + tlsClientSideAuth: true + tlsDisabled: true + tlsEnabled: false # List of trusted peers this node can connect to. # usually this will be the fabric peers in the same organisation as the FSC node. @@ -332,8 +336,12 @@ fabric: # path to peer org's ca cert if tls is enabled tlsRootCertFile: /path/to/peerorg/ca.crt serverNameOverride: + # it is possible to customize per peer the TLS behaviour, by using the following attributes + tlsClientSideAuth: true + tlsDisabled: true + tlsEnabled: false - # List of channels and deployed chaincode + # List of channels and deployed chaincode channels: - name: mychannel # whether this is the default channel or not diff --git a/integration/fabric/iou/iou_test.go b/integration/fabric/iou/iou_test.go index 44046032f..3a8b4bf1c 100644 --- a/integration/fabric/iou/iou_test.go +++ b/integration/fabric/iou/iou_test.go @@ -29,7 +29,7 @@ var _ = Describe("EndToEnd", func() { It("succeeded", s.TestSucceeded) }) - Describe("IOU Life Cycle With Websockets and no Ordering TLS", func() { + Describe("IOU Life Cycle With Websockets and no TLS", func() { s := NewTestSuite(fsc.WebSocket, integration.NoReplication, false) BeforeEach(s.Setup) AfterEach(s.TearDown) @@ -61,13 +61,13 @@ type TestSuite struct { *integration.TestSuite } -func NewTestSuite(commType fsc.P2PCommunicationType, nodeOpts *integration.ReplicationOptions, orderingTLSEnabled bool) *TestSuite { +func NewTestSuite(commType fsc.P2PCommunicationType, nodeOpts *integration.ReplicationOptions, tlsEnabled bool) *TestSuite { return &TestSuite{TestSuite: integration.NewTestSuiteWithSQL(nodeOpts.SQLConfigs, func() (*integration.Infrastructure, error) { return integration.Generate(StartPort(), true, integration.ReplaceTemplate(iou.Topology(&iou.Opts{ - SDK: &iou.SDK{}, - CommType: commType, - ReplicationOpts: nodeOpts, - OrderingTLSEnabled: orderingTLSEnabled, + SDK: &iou.SDK{}, + CommType: commType, + ReplicationOpts: nodeOpts, + TLSEnabled: tlsEnabled, }))...) })} } diff --git a/integration/fabric/iou/topology.go b/integration/fabric/iou/topology.go index 2abb84683..8ec30d33c 100644 --- a/integration/fabric/iou/topology.go +++ b/integration/fabric/iou/topology.go @@ -18,10 +18,10 @@ import ( ) type Opts struct { - SDK api2.SDK - CommType fsc.P2PCommunicationType - ReplicationOpts *integration.ReplicationOptions - OrderingTLSEnabled bool + SDK api2.SDK + CommType fsc.P2PCommunicationType + ReplicationOpts *integration.ReplicationOptions + TLSEnabled bool } func Topology(opts *Opts) []api.Topology { @@ -32,7 +32,7 @@ func Topology(opts *Opts) []api.Topology { fabricTopology.AddOrganizationsByName("Org1", "Org2", "Org3") fabricTopology.SetNamespaceApproverOrgs("Org1") fabricTopology.AddNamespaceWithUnanimity("iou", "Org1") - fabricTopology.OrderingTLSEnabled = opts.OrderingTLSEnabled + fabricTopology.TLSEnabled = opts.TLSEnabled // Define an FSC topology with 3 FCS nodes. // One for the approver, one for the borrower, and one for the lender. diff --git a/integration/nwo/fabric/network/network.go b/integration/nwo/fabric/network/network.go index 1dce6a9cd..b7581882e 100644 --- a/integration/nwo/fabric/network/network.go +++ b/integration/nwo/fabric/network/network.go @@ -53,6 +53,7 @@ type Network struct { EventuallyTimeout time.Duration MetricsProvider string StatsdEndpoint string + TLSEnabled bool ClientAuthRequired bool Logging *topology.Logging @@ -115,6 +116,7 @@ func New(reg api.Context, topology *topology.Topology, builderClient BuilderClie PvtTxSupport: topology.PvtTxSupport, PvtTxCCSupport: topology.PvtTxCCSupport, ClientAuthRequired: topology.ClientAuthRequired, + TLSEnabled: topology.TLSEnabled, ccps: ccps, Extensions: []Extension{}, PackagerFactory: func() Packager { diff --git a/integration/nwo/fabric/network/network_support.go b/integration/nwo/fabric/network/network_support.go index 2187be03f..a0a65d026 100755 --- a/integration/nwo/fabric/network/network_support.go +++ b/integration/nwo/fabric/network/network_support.go @@ -1035,7 +1035,7 @@ func (n *Network) peerCommand(command common.Command, tlsDir string, env ...stri cmd.Env = append(cmd.Env, "GRPC_GO_LOG_SEVERITY_LEVEL=debug") } - if n.topology.OrderingTLSEnabled { + if n.topology.TLSEnabled { if common.ConnectsToOrderer(command) { cmd.Args = append(cmd.Args, "--tls") cmd.Args = append(cmd.Args, "--cafile", n.CACertsBundlePath()) @@ -1536,12 +1536,12 @@ func (n *Network) GenerateOrdererConfig(o *topology.Orderer) { orderer, err := os.Create(n.OrdererConfigPath(o)) Expect(err).NotTo(HaveOccurred()) defer orderer.Close() - + tlsEnabled := n.topology.TLSEnabled t, err := template.New("orderer").Funcs(template.FuncMap{ "Orderer": func() *topology.Orderer { return o }, "ToLower": func(s string) string { return strings.ToLower(s) }, "ReplaceAll": func(s, old, new string) string { return strings.Replace(s, old, new, -1) }, - "TLSEnabled": func() bool { return n.topology.OrderingTLSEnabled }, + "TLSEnabled": func() bool { return tlsEnabled }, }).Parse(n.Templates.OrdererTemplate()) Expect(err).NotTo(HaveOccurred()) diff --git a/integration/nwo/fabric/topology.go b/integration/nwo/fabric/topology.go index 978805312..adbcc1899 100644 --- a/integration/nwo/fabric/topology.go +++ b/integration/nwo/fabric/topology.go @@ -162,7 +162,6 @@ func NewTopologyWithName(name string) *topology.Topology { Orderers: []*topology.Orderer{ {Name: "orderer", Organization: "OrdererOrg"}, }, - OrderingTLSEnabled: true, Channels: []*topology.Channel{ {Name: "testchannel", Profile: "OrgsChannel", Default: true}, }, diff --git a/integration/nwo/fabric/topology/core_template.go b/integration/nwo/fabric/topology/core_template.go index 60bec1d7c..949023f24 100644 --- a/integration/nwo/fabric/topology/core_template.go +++ b/integration/nwo/fabric/topology/core_template.go @@ -85,7 +85,7 @@ peer: keepalive: minInterval: 60s tls: - enabled: true + enabled: {{ .TLSEnabled }} clientAuthRequired: {{ .ClientAuthRequired }} cert: file: {{ .PeerLocalTLSDir Peer }}/server.crt diff --git a/integration/nwo/fabric/topology/topology.go b/integration/nwo/fabric/topology/topology.go index 60437487c..730c85df3 100755 --- a/integration/nwo/fabric/topology/topology.go +++ b/integration/nwo/fabric/topology/topology.go @@ -26,7 +26,6 @@ type Topology struct { SystemChannel *SystemChannel `yaml:"system_channel,omitempty"` Channels []*Channel `yaml:"channels,omitempty"` Consensus *Consensus `yaml:"consensus,omitempty"` - OrderingTLSEnabled bool `yaml:"orderingTLSEnabled,omitempty"` Orderers []*Orderer `yaml:"orderers,omitempty"` Profiles []*Profile `yaml:"profiles,omitempty"` Templates *Templates `yaml:"templates,omitempty"` diff --git a/platform/fabric/core/generic/config/ds.go b/platform/fabric/core/generic/config/ds.go index bdb21a14a..6e9830dda 100644 --- a/platform/fabric/core/generic/config/ds.go +++ b/platform/fabric/core/generic/config/ds.go @@ -10,6 +10,7 @@ import ( "time" "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" + "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc" ) type BCCSP struct { @@ -241,13 +242,13 @@ func (c *Channel) GetRetrySleep() time.Duration { } type Network struct { - Default bool `yaml:"default,omitempty"` - DefaultMSP string `yaml:"defaultMSP"` - MSPs []*MSP `yaml:"msps"` - TLS TLS `yaml:"tls"` - Orderers []*ConnectionConfig `yaml:"orderers"` - Peers []*ConnectionConfig `yaml:"peers"` - Channels []*Channel `yaml:"channels"` - Vault Vault `yaml:"vault"` - Endpoint *Endpoint `yaml:"endpoint,omitempty"` + Default bool `yaml:"default,omitempty"` + DefaultMSP string `yaml:"defaultMSP"` + MSPs []*MSP `yaml:"msps"` + TLS TLS `yaml:"tls"` + Orderers []*grpc.ConnectionConfig `yaml:"orderers"` + Peers []*grpc.ConnectionConfig `yaml:"peers"` + Channels []*Channel `yaml:"channels"` + Vault Vault `yaml:"vault"` + Endpoint *Endpoint `yaml:"endpoint,omitempty"` } From 5b44c342ad24fc555da339e370705826e94d12fb Mon Sep 17 00:00:00 2001 From: Angelo De Caro Date: Sun, 3 Nov 2024 10:54:18 +0100 Subject: [PATCH 6/6] bug fix Signed-off-by: Angelo De Caro --- integration/nwo/fabric/network/network_support.go | 4 ++-- integration/nwo/fabric/topology/core_template.go | 2 +- platform/fabric/core/generic/committer/committer.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/integration/nwo/fabric/network/network_support.go b/integration/nwo/fabric/network/network_support.go index a0a65d026..78849f4f4 100755 --- a/integration/nwo/fabric/network/network_support.go +++ b/integration/nwo/fabric/network/network_support.go @@ -1545,8 +1545,8 @@ func (n *Network) GenerateOrdererConfig(o *topology.Orderer) { }).Parse(n.Templates.OrdererTemplate()) Expect(err).NotTo(HaveOccurred()) - // pw := gexec.NewPrefixedWriter(fmt.Sprintf("[%s#orderer.yaml] ", o.ID()), ginkgo.GinkgoWriter) - err = t.Execute(io.MultiWriter(orderer), n) + pw := gexec.NewPrefixedWriter(fmt.Sprintf("[%s#orderer.yaml] ", o.ID()), ginkgo.GinkgoWriter) + err = t.Execute(io.MultiWriter(orderer, pw), n) Expect(err).NotTo(HaveOccurred()) } diff --git a/integration/nwo/fabric/topology/core_template.go b/integration/nwo/fabric/topology/core_template.go index 949023f24..e4a5c1c9e 100644 --- a/integration/nwo/fabric/topology/core_template.go +++ b/integration/nwo/fabric/topology/core_template.go @@ -291,7 +291,7 @@ fabric: ordering: numRetries: 3 retryInterval: 3s - tlsEnabled: true + tlsEnabled: {{ TLSEnabled }} peers: {{ range Peers }} - address: {{ PeerAddress . "Listen" }} connectionTimeout: 10s diff --git a/platform/fabric/core/generic/committer/committer.go b/platform/fabric/core/generic/committer/committer.go index 0297cea65..dd8d24dec 100644 --- a/platform/fabric/core/generic/committer/committer.go +++ b/platform/fabric/core/generic/committer/committer.go @@ -855,7 +855,7 @@ func (c *Committer) applyBundle(bundle *channelconfig.Bundle) error { } tlsClientSideAuth, isSet := c.ConfigService.OrderingTLSClientAuthRequired() if !isSet { - tlsEnabled = c.ConfigService.TLSClientAuthRequired() + tlsClientSideAuth = c.ConfigService.TLSClientAuthRequired() } connectionTimeout := c.ConfigService.ClientConnTimeout()