[FAB-9981] Remove RegisterACLProvider/GetACLProvider

Explicitly wire the ACL provider created by the peer to the code that
depends on it.

Change-Id: Idd1d83c3cfbc06c537a4344db9ea98176e7285d9
Signed-off-by: Matthew Sykes <[email protected]>

core/aclmgmt/aclmgmt.go

@@ -7,8 +7,6 @@ SPDX-License-Identifier: Apache-2.0
 package aclmgmt
 
 import (
-	"sync"
-
 	"github.com/hyperledger/fabric/common/flogging"
 )
 
@@ -20,36 +18,3 @@ type ACLProvider interface {
 	//id can be extracted for testing against a policy
 	CheckACL(resName string, channelID string, idinfo interface{}) error
 }
-
-//---------- custom tx processor initialized once by peer -------
-var configtxLock sync.RWMutex
-
-//---------- ACLProvider intialized once SCCs are brought up by peer ---------
-var aclProvider ACLProvider
-
-var once sync.Once
-
-//---------- ACLProvider intialized once SCCs are brought up by peer ---------
-//RegisterACLProvider will be called to register an ACLProvider.
-//Users can write their own ACLProvider and register. If not provided,
-//the standard resource based ACLProvider will be created and registered
-func RegisterACLProvider(prov ACLProvider) {
-	once.Do(func() {
-		configtxLock.Lock()
-		defer configtxLock.Unlock()
-
-		//if an external prov is not supplied, create
-		//a resource based ACLProvider and register
-		if aclProvider = prov; aclProvider == nil {
-			aclProvider = newACLMgmt(nil)
-		}
-	})
-}
-
-//GetACLProvider returns ACLProvider
-func GetACLProvider() ACLProvider {
-	if aclProvider == nil {
-		panic("-----RegisterACLProvider not called -----")
-	}
-	return aclProvider
-}

core/aclmgmt/aclmgmtimpl.go

@@ -8,6 +8,7 @@ package aclmgmt
 
 import (
 	"github.com/hyperledger/fabric/common/flogging"
+	"github.com/hyperledger/fabric/core/peer"
 )
 
 var aclMgmtLogger = flogging.MustGetLogger("aclmgmt")
@@ -39,8 +40,14 @@ func (am *aclMgmtImpl) CheckACL(resName string, channelID string, idinfo interfa
 func newACLMgmt(prov ACLProvider) ACLProvider {
 	rp := prov
 	if rp == nil {
-		rp = newResourceProvider(nil, newDefaultACLProvider())
+		rp = newResourceProvider(peer.GetStableChannelConfig, newDefaultACLProvider())
 	}
 
 	return &aclMgmtImpl{rescfgProvider: rp}
 }
+
+func NewACLProvider() ACLProvider {
+	return &aclMgmtImpl{
+		rescfgProvider: newResourceProvider(peer.GetStableChannelConfig, newDefaultACLProvider()),
+	}
+}

core/aclmgmt/resourceprovider.go

@@ -10,7 +10,6 @@ import (
 	"fmt"
 
 	"github.com/hyperledger/fabric/common/channelconfig"
-	"github.com/hyperledger/fabric/core/peer"
 	"github.com/hyperledger/fabric/protos/common"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	"github.com/hyperledger/fabric/protos/utils"
@@ -154,10 +153,6 @@ type resourceProvider struct {
 
 //create a new resourceProvider
 func newResourceProvider(rg resourceGetter, defprov ACLProvider) *resourceProvider {
-	if rg == nil {
-		rg = peer.GetStableChannelConfig
-	}
-
 	return &resourceProvider{rg, defprov}
 }
 

core/chaincode/chaincode_support_test.go

@@ -26,7 +26,6 @@ import (
 	mocklgr "github.com/hyperledger/fabric/common/mocks/ledger"
 	mockpeer "github.com/hyperledger/fabric/common/mocks/peer"
 	"github.com/hyperledger/fabric/common/util"
-	"github.com/hyperledger/fabric/core/aclmgmt"
 	"github.com/hyperledger/fabric/core/aclmgmt/mocks"
 	"github.com/hyperledger/fabric/core/aclmgmt/resources"
 	"github.com/hyperledger/fabric/core/chaincode/accesscontrol"
@@ -156,8 +155,6 @@ func initMockPeer(chainIDs ...string) (*ChaincodeSupport, error) {
 	mockAclProvider = &mocks.MockACLProvider{}
 	mockAclProvider.Reset()
 
-	aclmgmt.RegisterACLProvider(mockAclProvider)
-
 	peer.MockInitialize()
 
 	mspGetter := func(cid string) []string {
@@ -179,7 +176,7 @@ func initMockPeer(chainIDs ...string) (*ChaincodeSupport, error) {
 		ca.CertBytes(),
 		certGenerator,
 		&ccprovider.CCInfoFSImpl{},
-		aclmgmt.GetACLProvider(),
+		mockAclProvider,
 		container.NewVMController(
 			map[string]container.VMProvider{
 				dockercontroller.ContainerType: dockercontroller.NewProvider("", ""),
@@ -193,7 +190,7 @@ func initMockPeer(chainIDs ...string) (*ChaincodeSupport, error) {
 	policy.RegisterPolicyCheckerFactory(&mockPolicyCheckerFactory{})
 
 	ccp := &CCProviderImpl{cs: chaincodeSupport}
-	for _, cc := range scc.CreateSysCCs(ccp, sccp) {
+	for _, cc := range scc.CreateSysCCs(ccp, sccp, mockAclProvider) {
 		sccp.RegisterSysCC(cc)
 	}
 

core/chaincode/exectransaction_test.go

@@ -29,7 +29,6 @@ import (
 	mockpolicies "github.com/hyperledger/fabric/common/mocks/policies"
 	"github.com/hyperledger/fabric/common/policies"
 	"github.com/hyperledger/fabric/common/util"
-	"github.com/hyperledger/fabric/core/aclmgmt"
 	aclmocks "github.com/hyperledger/fabric/core/aclmgmt/mocks"
 	"github.com/hyperledger/fabric/core/chaincode/accesscontrol"
 	"github.com/hyperledger/fabric/core/common/ccprovider"
@@ -84,7 +83,6 @@ func initPeer(chainIDs ...string) (net.Listener, *ChaincodeSupport, func(), erro
 
 	mockAclProvider = &aclmocks.MockACLProvider{}
 	mockAclProvider.Reset()
-	aclmgmt.RegisterACLProvider(mockAclProvider)
 
 	peer.MockInitialize()
 
@@ -128,7 +126,7 @@ func initPeer(chainIDs ...string) (net.Listener, *ChaincodeSupport, func(), erro
 		ca.CertBytes(),
 		certGenerator,
 		&ccprovider.CCInfoFSImpl{},
-		aclmgmt.GetACLProvider(),
+		mockAclProvider,
 		container.NewVMController(
 			map[string]container.VMProvider{
 				dockercontroller.ContainerType: dockercontroller.NewProvider("", ""),
@@ -143,7 +141,7 @@ func initPeer(chainIDs ...string) (net.Listener, *ChaincodeSupport, func(), erro
 	policy.RegisterPolicyCheckerFactory(&mockPolicyCheckerFactory{})
 
 	ccp := &CCProviderImpl{cs: chaincodeSupport}
-	for _, cc := range scc.CreateSysCCs(ccp, sccp) {
+	for _, cc := range scc.CreateSysCCs(ccp, sccp, mockAclProvider) {
 		sccp.RegisterSysCC(cc)
 	}
 

core/chaincode/systemchaincode_test.go

@@ -13,7 +13,6 @@ import (
 	"time"
 
 	"github.com/hyperledger/fabric/common/util"
-	"github.com/hyperledger/fabric/core/aclmgmt"
 	"github.com/hyperledger/fabric/core/chaincode/accesscontrol"
 	"github.com/hyperledger/fabric/core/chaincode/shim"
 	"github.com/hyperledger/fabric/core/common/ccprovider"
@@ -133,7 +132,7 @@ func initSysCCTests() (*oldSysCCInfo, net.Listener, *ChaincodeSupport, error) {
 		ca.CertBytes(),
 		certGenerator,
 		&ccprovider.CCInfoFSImpl{},
-		aclmgmt.GetACLProvider(),
+		mockAclProvider,
 		container.NewVMController(
 			map[string]container.VMProvider{
 				dockercontroller.ContainerType: dockercontroller.NewProvider("", ""),

core/endorser/support.go

@@ -34,6 +34,7 @@ type SupportImpl struct {
 	PeerSupport      peer.Support
 	ChaincodeSupport *chaincode.ChaincodeSupport
 	SysCCProvider    *scc.Provider
+	ACLProvider      aclmgmt.ACLProvider
 }
 
 func (s *SupportImpl) NewQueryCreator(channel string) (QueryCreator, error) {
@@ -131,7 +132,7 @@ func (s *SupportImpl) GetChaincodeDefinition(ctx context.Context, chainID string
 // CheckACL checks the ACL for the resource for the Channel using the
 // SignedProposal from which an id can be extracted for testing against a policy
 func (s *SupportImpl) CheckACL(signedProp *pb.SignedProposal, chdr *common.ChannelHeader, shdr *common.SignatureHeader, hdrext *pb.ChaincodeHeaderExtension) error {
-	return aclmgmt.GetACLProvider().CheckACL(resources.Peer_Propose, chdr.ChannelId, signedProp)
+	return s.ACLProvider.CheckACL(resources.Peer_Propose, chdr.ChannelId, signedProp)
 }
 
 // IsJavaCC returns true if the CDS package bytes describe a chaincode

core/scc/cscc/configure.go

@@ -36,16 +36,17 @@ import (
 
 // New creates a new instance of the CSCC.
 // Typically, only one will be created per peer instance.
-func New(ccp ccprovider.ChaincodeProvider, sccp sysccprovider.SystemChaincodeProvider) *PeerConfiger {
+func New(ccp ccprovider.ChaincodeProvider, sccp sysccprovider.SystemChaincodeProvider, aclProvider aclmgmt.ACLProvider) *PeerConfiger {
 	return &PeerConfiger{
 		policyChecker: policy.NewPolicyChecker(
 			peer.NewChannelPolicyManagerGetter(),
 			mgmt.GetLocalMSP(),
 			mgmt.NewLocalMSPPrincipalGetter(),
 		),
-		configMgr: peer.NewConfigSupport(),
-		ccp:       ccp,
-		sccp:      sccp,
+		configMgr:   peer.NewConfigSupport(),
+		ccp:         ccp,
+		sccp:        sccp,
+		aclProvider: aclProvider,
 	}
 }
 
@@ -57,6 +58,7 @@ type PeerConfiger struct {
 	configMgr     config.Manager
 	ccp           ccprovider.ChaincodeProvider
 	sccp          sysccprovider.SystemChaincodeProvider
+	aclProvider   aclmgmt.ACLProvider
 }
 
 var cnflogger = flogging.MustGetLogger("cscc")
@@ -149,21 +151,21 @@ func (e *PeerConfiger) Invoke(stub shim.ChaincodeStubInterface) pb.Response {
 		return joinChain(cid, block, e.ccp, e.sccp)
 	case GetConfigBlock:
 		// 2. check policy
-		if err = aclmgmt.GetACLProvider().CheckACL(resources.Cscc_GetConfigBlock, string(args[1]), sp); err != nil {
+		if err = e.aclProvider.CheckACL(resources.Cscc_GetConfigBlock, string(args[1]), sp); err != nil {
 			return shim.Error(fmt.Sprintf("\"GetConfigBlock\" request failed authorization check for channel [%s]: [%s]", args[1], err))
 		}
 
 		return getConfigBlock(args[1])
 	case GetConfigTree:
 		// 2. check policy
-		if err = aclmgmt.GetACLProvider().CheckACL(resources.Cscc_GetConfigTree, string(args[1]), sp); err != nil {
+		if err = e.aclProvider.CheckACL(resources.Cscc_GetConfigTree, string(args[1]), sp); err != nil {
 			return shim.Error(fmt.Sprintf("\"GetConfigTree\" request failed authorization check for channel [%s]: [%s]", args[1], err))
 		}
 
 		return e.getConfigTree(args[1])
 	case SimulateConfigTreeUpdate:
 		// Check policy
-		if err = aclmgmt.GetACLProvider().CheckACL(resources.Cscc_SimulateConfigTreeUpdate, string(args[1]), sp); err != nil {
+		if err = e.aclProvider.CheckACL(resources.Cscc_SimulateConfigTreeUpdate, string(args[1]), sp); err != nil {
 			return shim.Error(fmt.Sprintf("\"SimulateConfigTreeUpdate\" request failed authorization check for channel [%s]: [%s]", args[1], err))
 		}
 		return e.simulateConfigTreeUpdate(args[1], args[2])