diff --git a/core/aclmgmt/aclmgmt.go b/core/aclmgmt/aclmgmt.go index 99806ca1f09..e6fff484d50 100644 --- a/core/aclmgmt/aclmgmt.go +++ b/core/aclmgmt/aclmgmt.go @@ -7,8 +7,6 @@ SPDX-License-Identifier: Apache-2.0 package aclmgmt import ( - "sync" - "github.com/hyperledger/fabric/common/flogging" ) @@ -20,36 +18,3 @@ type ACLProvider interface { //id can be extracted for testing against a policy CheckACL(resName string, channelID string, idinfo interface{}) error } - -//---------- custom tx processor initialized once by peer ------- -var configtxLock sync.RWMutex - -//---------- ACLProvider intialized once SCCs are brought up by peer --------- -var aclProvider ACLProvider - -var once sync.Once - -//---------- ACLProvider intialized once SCCs are brought up by peer --------- -//RegisterACLProvider will be called to register an ACLProvider. -//Users can write their own ACLProvider and register. If not provided, -//the standard resource based ACLProvider will be created and registered -func RegisterACLProvider(prov ACLProvider) { - once.Do(func() { - configtxLock.Lock() - defer configtxLock.Unlock() - - //if an external prov is not supplied, create - //a resource based ACLProvider and register - if aclProvider = prov; aclProvider == nil { - aclProvider = newACLMgmt(nil) - } - }) -} - -//GetACLProvider returns ACLProvider -func GetACLProvider() ACLProvider { - if aclProvider == nil { - panic("-----RegisterACLProvider not called -----") - } - return aclProvider -} diff --git a/core/aclmgmt/aclmgmt_test.go b/core/aclmgmt/aclmgmt_test.go deleted file mode 100644 index 06bb618fc2f..00000000000 --- a/core/aclmgmt/aclmgmt_test.go +++ /dev/null @@ -1,80 +0,0 @@ -/* - -Copyright IBM Corp. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package aclmgmt - -import ( - "sync" - "testing" - - "github.com/hyperledger/fabric/core/aclmgmt/mocks" - "github.com/hyperledger/fabric/core/aclmgmt/resources" - pb "github.com/hyperledger/fabric/protos/peer" - "github.com/stretchr/testify/assert" - - "github.com/pkg/errors" -) - -//treat each test as an independent isolated one -func reinit() { - aclProvider = nil - once = sync.Once{} -} - -func registerACLProvider() *mocks.MockACLProvider { - aclProv := &mocks.MockACLProvider{} - aclProv.Reset() - - RegisterACLProvider(aclProv) - - return aclProv -} - -func TestPanicOnUnregistered(t *testing.T) { - reinit() - assert.Panics(t, func() { - GetACLProvider() - }, "Should have paniced on unregistered call") -} - -func TestRegisterNilProvider(t *testing.T) { - reinit() - RegisterACLProvider(nil) - assert.NotNil(t, GetACLProvider(), "Expected non-nil retval") -} - -func TestBadID(t *testing.T) { - reinit() - RegisterACLProvider(nil) - err := GetACLProvider().CheckACL(resources.Peer_Propose, "somechain", "badidtype") - assert.Error(t, err, "Expected error") -} - -func TestBadResource(t *testing.T) { - reinit() - RegisterACLProvider(nil) - err := GetACLProvider().CheckACL("unknownresource", "somechain", &pb.SignedProposal{}) - assert.Error(t, err, "Expected error") -} - -func TestWithProvider(t *testing.T) { - reinit() - aclprov := registerACLProvider() - prop := &pb.SignedProposal{} - aclprov.On("CheckACL", resources.Peer_Propose, "somechain", prop).Return(nil) - err := GetACLProvider().CheckACL(resources.Peer_Propose, "somechain", prop) - assert.NoError(t, err) -} - -func TestBadACL(t *testing.T) { - reinit() - aclprov := registerACLProvider() - prop := &pb.SignedProposal{} - aclprov.On("CheckACL", resources.Peer_Propose, "somechain", prop).Return(errors.New("badacl")) - err := GetACLProvider().CheckACL(resources.Peer_Propose, "somechain", prop) - assert.Error(t, err, "Expected error") -} diff --git a/core/aclmgmt/aclmgmtimpl.go b/core/aclmgmt/aclmgmtimpl.go index cce4dffb41c..b51981b3458 100644 --- a/core/aclmgmt/aclmgmtimpl.go +++ b/core/aclmgmt/aclmgmtimpl.go @@ -8,6 +8,7 @@ package aclmgmt import ( "github.com/hyperledger/fabric/common/flogging" + "github.com/hyperledger/fabric/core/peer" ) var aclMgmtLogger = flogging.MustGetLogger("aclmgmt") @@ -39,8 +40,14 @@ func (am *aclMgmtImpl) CheckACL(resName string, channelID string, idinfo interfa func newACLMgmt(prov ACLProvider) ACLProvider { rp := prov if rp == nil { - rp = newResourceProvider(nil, newDefaultACLProvider()) + rp = newResourceProvider(peer.GetStableChannelConfig, newDefaultACLProvider()) } return &aclMgmtImpl{rescfgProvider: rp} } + +func NewACLProvider() ACLProvider { + return &aclMgmtImpl{ + rescfgProvider: newResourceProvider(peer.GetStableChannelConfig, newDefaultACLProvider()), + } +} diff --git a/core/aclmgmt/resourceprovider.go b/core/aclmgmt/resourceprovider.go index c5e63115a2e..bf2dad0447d 100644 --- a/core/aclmgmt/resourceprovider.go +++ b/core/aclmgmt/resourceprovider.go @@ -10,7 +10,6 @@ import ( "fmt" "github.com/hyperledger/fabric/common/channelconfig" - "github.com/hyperledger/fabric/core/peer" "github.com/hyperledger/fabric/protos/common" pb "github.com/hyperledger/fabric/protos/peer" "github.com/hyperledger/fabric/protos/utils" @@ -154,10 +153,6 @@ type resourceProvider struct { //create a new resourceProvider func newResourceProvider(rg resourceGetter, defprov ACLProvider) *resourceProvider { - if rg == nil { - rg = peer.GetStableChannelConfig - } - return &resourceProvider{rg, defprov} } diff --git a/core/chaincode/chaincode_support_test.go b/core/chaincode/chaincode_support_test.go index 84d346d73f7..1bd1b57488e 100644 --- a/core/chaincode/chaincode_support_test.go +++ b/core/chaincode/chaincode_support_test.go @@ -26,7 +26,6 @@ import ( mocklgr "github.com/hyperledger/fabric/common/mocks/ledger" mockpeer "github.com/hyperledger/fabric/common/mocks/peer" "github.com/hyperledger/fabric/common/util" - "github.com/hyperledger/fabric/core/aclmgmt" "github.com/hyperledger/fabric/core/aclmgmt/mocks" "github.com/hyperledger/fabric/core/aclmgmt/resources" "github.com/hyperledger/fabric/core/chaincode/accesscontrol" @@ -156,8 +155,6 @@ func initMockPeer(chainIDs ...string) (*ChaincodeSupport, error) { mockAclProvider = &mocks.MockACLProvider{} mockAclProvider.Reset() - aclmgmt.RegisterACLProvider(mockAclProvider) - peer.MockInitialize() mspGetter := func(cid string) []string { @@ -179,7 +176,7 @@ func initMockPeer(chainIDs ...string) (*ChaincodeSupport, error) { ca.CertBytes(), certGenerator, &ccprovider.CCInfoFSImpl{}, - aclmgmt.GetACLProvider(), + mockAclProvider, container.NewVMController( map[string]container.VMProvider{ dockercontroller.ContainerType: dockercontroller.NewProvider("", ""), @@ -193,7 +190,7 @@ func initMockPeer(chainIDs ...string) (*ChaincodeSupport, error) { policy.RegisterPolicyCheckerFactory(&mockPolicyCheckerFactory{}) ccp := &CCProviderImpl{cs: chaincodeSupport} - for _, cc := range scc.CreateSysCCs(ccp, sccp) { + for _, cc := range scc.CreateSysCCs(ccp, sccp, mockAclProvider) { sccp.RegisterSysCC(cc) } diff --git a/core/chaincode/exectransaction_test.go b/core/chaincode/exectransaction_test.go index eb3985c536f..2011030481f 100644 --- a/core/chaincode/exectransaction_test.go +++ b/core/chaincode/exectransaction_test.go @@ -29,7 +29,6 @@ import ( mockpolicies "github.com/hyperledger/fabric/common/mocks/policies" "github.com/hyperledger/fabric/common/policies" "github.com/hyperledger/fabric/common/util" - "github.com/hyperledger/fabric/core/aclmgmt" aclmocks "github.com/hyperledger/fabric/core/aclmgmt/mocks" "github.com/hyperledger/fabric/core/chaincode/accesscontrol" "github.com/hyperledger/fabric/core/common/ccprovider" @@ -84,7 +83,6 @@ func initPeer(chainIDs ...string) (net.Listener, *ChaincodeSupport, func(), erro mockAclProvider = &aclmocks.MockACLProvider{} mockAclProvider.Reset() - aclmgmt.RegisterACLProvider(mockAclProvider) peer.MockInitialize() @@ -128,7 +126,7 @@ func initPeer(chainIDs ...string) (net.Listener, *ChaincodeSupport, func(), erro ca.CertBytes(), certGenerator, &ccprovider.CCInfoFSImpl{}, - aclmgmt.GetACLProvider(), + mockAclProvider, container.NewVMController( map[string]container.VMProvider{ dockercontroller.ContainerType: dockercontroller.NewProvider("", ""), @@ -143,7 +141,7 @@ func initPeer(chainIDs ...string) (net.Listener, *ChaincodeSupport, func(), erro policy.RegisterPolicyCheckerFactory(&mockPolicyCheckerFactory{}) ccp := &CCProviderImpl{cs: chaincodeSupport} - for _, cc := range scc.CreateSysCCs(ccp, sccp) { + for _, cc := range scc.CreateSysCCs(ccp, sccp, mockAclProvider) { sccp.RegisterSysCC(cc) } diff --git a/core/chaincode/systemchaincode_test.go b/core/chaincode/systemchaincode_test.go index 964271e0e9e..bde0d9f814d 100644 --- a/core/chaincode/systemchaincode_test.go +++ b/core/chaincode/systemchaincode_test.go @@ -13,7 +13,6 @@ import ( "time" "github.com/hyperledger/fabric/common/util" - "github.com/hyperledger/fabric/core/aclmgmt" "github.com/hyperledger/fabric/core/chaincode/accesscontrol" "github.com/hyperledger/fabric/core/chaincode/shim" "github.com/hyperledger/fabric/core/common/ccprovider" @@ -133,7 +132,7 @@ func initSysCCTests() (*oldSysCCInfo, net.Listener, *ChaincodeSupport, error) { ca.CertBytes(), certGenerator, &ccprovider.CCInfoFSImpl{}, - aclmgmt.GetACLProvider(), + mockAclProvider, container.NewVMController( map[string]container.VMProvider{ dockercontroller.ContainerType: dockercontroller.NewProvider("", ""), diff --git a/core/endorser/support.go b/core/endorser/support.go index a640679b411..3b77271adee 100644 --- a/core/endorser/support.go +++ b/core/endorser/support.go @@ -34,6 +34,7 @@ type SupportImpl struct { PeerSupport peer.Support ChaincodeSupport *chaincode.ChaincodeSupport SysCCProvider *scc.Provider + ACLProvider aclmgmt.ACLProvider } func (s *SupportImpl) NewQueryCreator(channel string) (QueryCreator, error) { @@ -131,7 +132,7 @@ func (s *SupportImpl) GetChaincodeDefinition(ctx context.Context, chainID string // CheckACL checks the ACL for the resource for the Channel using the // SignedProposal from which an id can be extracted for testing against a policy func (s *SupportImpl) CheckACL(signedProp *pb.SignedProposal, chdr *common.ChannelHeader, shdr *common.SignatureHeader, hdrext *pb.ChaincodeHeaderExtension) error { - return aclmgmt.GetACLProvider().CheckACL(resources.Peer_Propose, chdr.ChannelId, signedProp) + return s.ACLProvider.CheckACL(resources.Peer_Propose, chdr.ChannelId, signedProp) } // IsJavaCC returns true if the CDS package bytes describe a chaincode diff --git a/core/scc/cscc/configure.go b/core/scc/cscc/configure.go index ecb75e3fd7b..8d3a825ffff 100644 --- a/core/scc/cscc/configure.go +++ b/core/scc/cscc/configure.go @@ -36,16 +36,17 @@ import ( // New creates a new instance of the CSCC. // Typically, only one will be created per peer instance. -func New(ccp ccprovider.ChaincodeProvider, sccp sysccprovider.SystemChaincodeProvider) *PeerConfiger { +func New(ccp ccprovider.ChaincodeProvider, sccp sysccprovider.SystemChaincodeProvider, aclProvider aclmgmt.ACLProvider) *PeerConfiger { return &PeerConfiger{ policyChecker: policy.NewPolicyChecker( peer.NewChannelPolicyManagerGetter(), mgmt.GetLocalMSP(), mgmt.NewLocalMSPPrincipalGetter(), ), - configMgr: peer.NewConfigSupport(), - ccp: ccp, - sccp: sccp, + configMgr: peer.NewConfigSupport(), + ccp: ccp, + sccp: sccp, + aclProvider: aclProvider, } } @@ -57,6 +58,7 @@ type PeerConfiger struct { configMgr config.Manager ccp ccprovider.ChaincodeProvider sccp sysccprovider.SystemChaincodeProvider + aclProvider aclmgmt.ACLProvider } var cnflogger = flogging.MustGetLogger("cscc") @@ -149,21 +151,21 @@ func (e *PeerConfiger) Invoke(stub shim.ChaincodeStubInterface) pb.Response { return joinChain(cid, block, e.ccp, e.sccp) case GetConfigBlock: // 2. check policy - if err = aclmgmt.GetACLProvider().CheckACL(resources.Cscc_GetConfigBlock, string(args[1]), sp); err != nil { + if err = e.aclProvider.CheckACL(resources.Cscc_GetConfigBlock, string(args[1]), sp); err != nil { return shim.Error(fmt.Sprintf("\"GetConfigBlock\" request failed authorization check for channel [%s]: [%s]", args[1], err)) } return getConfigBlock(args[1]) case GetConfigTree: // 2. check policy - if err = aclmgmt.GetACLProvider().CheckACL(resources.Cscc_GetConfigTree, string(args[1]), sp); err != nil { + if err = e.aclProvider.CheckACL(resources.Cscc_GetConfigTree, string(args[1]), sp); err != nil { return shim.Error(fmt.Sprintf("\"GetConfigTree\" request failed authorization check for channel [%s]: [%s]", args[1], err)) } return e.getConfigTree(args[1]) case SimulateConfigTreeUpdate: // Check policy - if err = aclmgmt.GetACLProvider().CheckACL(resources.Cscc_SimulateConfigTreeUpdate, string(args[1]), sp); err != nil { + if err = e.aclProvider.CheckACL(resources.Cscc_SimulateConfigTreeUpdate, string(args[1]), sp); err != nil { return shim.Error(fmt.Sprintf("\"SimulateConfigTreeUpdate\" request failed authorization check for channel [%s]: [%s]", args[1], err)) } return e.simulateConfigTreeUpdate(args[1], args[2]) diff --git a/core/scc/cscc/configure_test.go b/core/scc/cscc/configure_test.go index 3511cd24552..b230ad8ff2a 100644 --- a/core/scc/cscc/configure_test.go +++ b/core/scc/cscc/configure_test.go @@ -21,7 +21,6 @@ import ( "github.com/hyperledger/fabric/common/tools/configtxgen/configtxgentest" "github.com/hyperledger/fabric/common/tools/configtxgen/encoder" genesisconfig "github.com/hyperledger/fabric/common/tools/configtxgen/localconfig" - "github.com/hyperledger/fabric/core/aclmgmt" aclmocks "github.com/hyperledger/fabric/core/aclmgmt/mocks" "github.com/hyperledger/fabric/core/aclmgmt/resources" "github.com/hyperledger/fabric/core/chaincode" @@ -90,13 +89,11 @@ func TestMain(m *testing.M) { mockAclProvider = &aclmocks.MockACLProvider{} mockAclProvider.Reset() - aclmgmt.RegisterACLProvider(mockAclProvider) - os.Exit(m.Run()) } func TestConfigerInit(t *testing.T) { - e := New(nil, nil) + e := New(nil, nil, mockAclProvider) stub := shim.NewMockStub("PeerConfiger", e) if res := stub.MockInit("1", nil); res.Status != shim.OK { @@ -106,7 +103,7 @@ func TestConfigerInit(t *testing.T) { } func TestConfigerInvokeInvalidParameters(t *testing.T) { - e := New(nil, nil) + e := New(nil, nil, mockAclProvider) stub := shim.NewMockStub("PeerConfiger", e) res := stub.MockInit("1", nil) @@ -140,7 +137,7 @@ func TestConfigerInvokeJoinChainMissingParams(t *testing.T) { os.Mkdir("/tmp/hyperledgertest", 0755) defer os.RemoveAll("/tmp/hyperledgertest/") - e := New(nil, nil) + e := New(nil, nil, mockAclProvider) stub := shim.NewMockStub("PeerConfiger", e) if res := stub.MockInit("1", nil); res.Status != shim.OK { @@ -161,7 +158,7 @@ func TestConfigerInvokeJoinChainWrongParams(t *testing.T) { os.Mkdir("/tmp/hyperledgertest", 0755) defer os.RemoveAll("/tmp/hyperledgertest/") - e := New(nil, nil) + e := New(nil, nil, mockAclProvider) stub := shim.NewMockStub("PeerConfiger", e) if res := stub.MockInit("1", nil); res.Status != shim.OK { @@ -189,7 +186,7 @@ func TestConfigerInvokeJoinChainCorrectParams(t *testing.T) { defer ledgermgmt.CleanupTestEnv() defer os.RemoveAll("/tmp/hyperledgertest/") - e := New(ccp, mp) + e := New(ccp, mp, mockAclProvider) stub := shim.NewMockStub("PeerConfiger", e) peerEndpoint := "localhost:13611" @@ -205,7 +202,7 @@ func TestConfigerInvokeJoinChainCorrectParams(t *testing.T) { ca.CertBytes(), certGenerator, &ccprovider.CCInfoFSImpl{}, - aclmgmt.GetACLProvider(), + mockAclProvider, container.NewVMController( map[string]container.VMProvider{ inproccontroller.ContainerType: inproccontroller.NewRegistry(), @@ -336,7 +333,7 @@ func TestPeerConfiger_SubmittingOrdererGenesis(t *testing.T) { os.Mkdir("/tmp/hyperledgertest", 0755) defer os.RemoveAll("/tmp/hyperledgertest/") - e := New(nil, nil) + e := New(nil, nil, nil) stub := shim.NewMockStub("PeerConfiger", e) if res := stub.MockInit("1", nil); res.Status != shim.OK { diff --git a/core/scc/importsysccs.go b/core/scc/importsysccs.go index b14823cde59..d992e08bb4c 100644 --- a/core/scc/importsysccs.go +++ b/core/scc/importsysccs.go @@ -8,6 +8,7 @@ package scc import ( //import system chaincodes here + "github.com/hyperledger/fabric/core/aclmgmt" "github.com/hyperledger/fabric/core/common/ccprovider" "github.com/hyperledger/fabric/core/scc/cscc" "github.com/hyperledger/fabric/core/scc/lscc" @@ -15,14 +16,14 @@ import ( "github.com/hyperledger/fabric/core/scc/vscc" ) -func builtInSystemChaincodes(ccp ccprovider.ChaincodeProvider, p *Provider) []*SystemChaincode { +func builtInSystemChaincodes(ccp ccprovider.ChaincodeProvider, p *Provider, aclProvider aclmgmt.ACLProvider) []*SystemChaincode { return []*SystemChaincode{ { Enabled: true, Name: "cscc", Path: "github.com/hyperledger/fabric/core/scc/cscc", InitArgs: nil, - Chaincode: cscc.New(ccp, p), + Chaincode: cscc.New(ccp, p, aclProvider), InvokableExternal: true, // cscc is invoked to join a channel }, { @@ -30,7 +31,7 @@ func builtInSystemChaincodes(ccp ccprovider.ChaincodeProvider, p *Provider) []*S Name: "lscc", Path: "github.com/hyperledger/fabric/core/scc/lscc", InitArgs: nil, - Chaincode: lscc.New(p), + Chaincode: lscc.New(p, aclProvider), InvokableExternal: true, // lscc is invoked to deploy new chaincodes InvokableCC2CC: true, // lscc can be invoked by other chaincodes }, @@ -46,7 +47,7 @@ func builtInSystemChaincodes(ccp ccprovider.ChaincodeProvider, p *Provider) []*S Name: "qscc", Path: "github.com/hyperledger/fabric/core/chaincode/qscc", InitArgs: nil, - Chaincode: qscc.New(), + Chaincode: qscc.New(aclProvider), InvokableExternal: true, // qscc can be invoked to retrieve blocks InvokableCC2CC: true, // qscc can be invoked to retrieve blocks also by a cc }, diff --git a/core/scc/lscc/lscc.go b/core/scc/lscc/lscc.go index 469c4eeedc0..f16415a9000 100644 --- a/core/scc/lscc/lscc.go +++ b/core/scc/lscc/lscc.go @@ -100,6 +100,9 @@ type FilesystemSupport interface { // LifeCycleSysCC implements chaincode lifecycle and policies around it type lifeCycleSysCC struct { + // aclProvider is responsible for access control evaluation + aclProvider aclmgmt.ACLProvider + // sccprovider is the interface which is passed into system chaincodes // to access other parts of the system sccprovider sysccprovider.SystemChaincodeProvider @@ -115,19 +118,15 @@ type lifeCycleSysCC struct { // New creates a new instance of the LSCC // Typically there is only one of these per peer -func New(sccp sysccprovider.SystemChaincodeProvider) *lifeCycleSysCC { +func New(sccp sysccprovider.SystemChaincodeProvider, aclProvider aclmgmt.ACLProvider) *lifeCycleSysCC { return &lifeCycleSysCC{ support: &supportImpl{}, policyChecker: policyprovider.GetPolicyChecker(), sccprovider: sccp, + aclProvider: aclProvider, } } -// NewAsChaincode returns New as a shim.Chaincode -func NewAsChaincode(sccp sysccprovider.SystemChaincodeProvider) shim.Chaincode { - return New(sccp) -} - //-------------- helper functions ------------------ //create the chaincode on the given chain @@ -750,7 +749,7 @@ func (lscc *lifeCycleSysCC) Invoke(stub shim.ChaincodeStubInterface) pb.Response case GETCCDATA: resource = resources.Lscc_GetChaincodeData } - if err = aclmgmt.GetACLProvider().CheckACL(resource, chain, sp); err != nil { + if err = lscc.aclProvider.CheckACL(resource, chain, sp); err != nil { return shim.Error(fmt.Sprintf("Authorization request failed %s: %s", chain, err)) } diff --git a/core/scc/lscc/lscc_test.go b/core/scc/lscc/lscc_test.go index c96af06b747..15bb70f175a 100644 --- a/core/scc/lscc/lscc_test.go +++ b/core/scc/lscc/lscc_test.go @@ -21,7 +21,6 @@ import ( mscc "github.com/hyperledger/fabric/common/mocks/scc" "github.com/hyperledger/fabric/common/policies" "github.com/hyperledger/fabric/common/util" - "github.com/hyperledger/fabric/core/aclmgmt" "github.com/hyperledger/fabric/core/aclmgmt/mocks" "github.com/hyperledger/fabric/core/aclmgmt/resources" "github.com/hyperledger/fabric/core/chaincode/shim" @@ -98,7 +97,7 @@ func TestInstall(t *testing.T) { // TODO cceventmgmt singleton should be refactored out of peer in the future. See CR 16549 for details. cceventmgmt.Initialize() - scc := New(NewMockProvider()) + scc := New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub := shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -177,7 +176,7 @@ func TestDeploy(t *testing.T) { testDeploy(t, "example02", "1{}0", path, false, false, true, InvalidVersionErr("1{}0").Error(), nil, nil, nil) testDeploy(t, "example02", "0", path, true, true, true, EmptyChaincodeNameErr("").Error(), nil, nil, nil) - scc := New(NewMockProvider()) + scc := New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub := shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -195,7 +194,7 @@ func TestDeploy(t *testing.T) { testDeploy(t, "example02", "1.0", path, false, false, true, "", scc, stub, nil) testDeploy(t, "example02", "1.0", path, false, false, true, "chaincode exists example02", scc, stub, nil) - scc = New(NewMockProvider()) + scc = New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -204,7 +203,7 @@ func TestDeploy(t *testing.T) { testDeploy(t, "example02", "1.0", path, false, false, true, "barf", scc, stub, nil) - scc = New(NewMockProvider()) + scc = New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -213,7 +212,7 @@ func TestDeploy(t *testing.T) { testDeploy(t, "example02", "1.0", path, false, false, true, "barf", scc, stub, nil) - scc = New(NewMockProvider()) + scc = New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -222,7 +221,7 @@ func TestDeploy(t *testing.T) { testDeploy(t, "example02", "1.0", path, false, false, true, "vscc is not a valid validation system chaincode", scc, stub, nil) - scc = New(NewMockProvider()) + scc = New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -243,7 +242,7 @@ func TestDeploy(t *testing.T) { }, }).NewSystemChaincodeProvider().(*mscc.MocksccProviderImpl) - scc = New(mocksccProvider) + scc = New(mocksccProvider, mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -271,7 +270,7 @@ func TestDeploy(t *testing.T) { assert.NoError(t, err) assert.NotNil(t, ccpBytes) - scc = New(mocksccProvider) + scc = New(mocksccProvider, mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -287,7 +286,7 @@ func TestDeploy(t *testing.T) { assert.Equal(t, true, ok) assert.Equal(t, ccpBytes, actualccpBytes) - scc = New(mocksccProvider) + scc = New(mocksccProvider, mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -326,7 +325,7 @@ func createCollectionConfig(collectionName string, signaturePolicyEnvelope *comm func testDeploy(t *testing.T, ccname string, version string, path string, forceBlankCCName bool, forceBlankVersion bool, install bool, expectedErrorMsg string, scc *lifeCycleSysCC, stub *shim.MockStub, collectionConfigBytes []byte) { if scc == nil { - scc = New(NewMockProvider()) + scc = New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -423,7 +422,7 @@ func TestUpgrade(t *testing.T) { testUpgrade(t, "example02", "0", "example*02", "1{}0", path, InvalidChaincodeNameErr("example*02").Error(), nil, nil, nil) testUpgrade(t, "example02", "0", "", "1", path, EmptyChaincodeNameErr("").Error(), nil, nil, nil) - scc := New(NewMockProvider()) + scc := New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub := shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -433,7 +432,7 @@ func TestUpgrade(t *testing.T) { testUpgrade(t, "example02", "0", "example02", "1", path, "barf", scc, stub, nil) - scc = New(NewMockProvider()) + scc = New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -441,7 +440,7 @@ func TestUpgrade(t *testing.T) { testUpgrade(t, "example02", "0", "example02", "1", path, "instantiation policy missing", scc, stub, nil) - scc = New(NewMockProvider()) + scc = New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -452,7 +451,7 @@ func TestUpgrade(t *testing.T) { testUpgrade(t, "example02", "0", "example02", "1", path, "barf", scc, stub, nil) - scc = New(NewMockProvider()) + scc = New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -473,7 +472,7 @@ func TestUpgrade(t *testing.T) { }, }).NewSystemChaincodeProvider().(*mscc.MocksccProviderImpl) - scc = New(mocksccProvider) + scc = New(mocksccProvider, mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -513,7 +512,7 @@ func TestUpgrade(t *testing.T) { }, }).NewSystemChaincodeProvider().(*mscc.MocksccProviderImpl) - scc = New(mocksccProvider) + scc = New(mocksccProvider, mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -527,7 +526,7 @@ func TestUpgrade(t *testing.T) { _, ok = stub.State["example02"] assert.Equal(t, true, ok) - scc = New(mocksccProvider) + scc = New(mocksccProvider, mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res = stub.MockInit("1", nil) @@ -549,7 +548,7 @@ func TestUpgrade(t *testing.T) { func testUpgrade(t *testing.T, ccname string, version string, newccname string, newversion string, path string, expectedErrorMsg string, scc *lifeCycleSysCC, stub *shim.MockStub, collectionConfigBytes []byte) { if scc == nil { - scc = New(NewMockProvider()) + scc = New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub = shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -611,7 +610,7 @@ func testUpgrade(t *testing.T, ccname string, version string, newccname string, } func TestGETCCINFO(t *testing.T) { - scc := New(NewMockProvider()) + scc := New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub := shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -647,7 +646,7 @@ func TestGETCCINFO(t *testing.T) { } func TestGETCHAINCODES(t *testing.T) { - scc := New(NewMockProvider()) + scc := New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub := shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -676,7 +675,7 @@ func TestGETCHAINCODES(t *testing.T) { } func TestGETINSTALLEDCHAINCODES(t *testing.T) { - scc := New(NewMockProvider()) + scc := New(NewMockProvider(), mockAclProvider) scc.support = &lscc.MockSupport{} stub := shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -735,7 +734,7 @@ func TestGETINSTALLEDCHAINCODES(t *testing.T) { } func TestNewLifeCycleSysCC(t *testing.T) { - scc := New(NewMockProvider()) + scc := New(NewMockProvider(), mockAclProvider) assert.NotNil(t, scc) stub := shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -746,7 +745,7 @@ func TestNewLifeCycleSysCC(t *testing.T) { } func TestGetChaincodeData(t *testing.T) { - scc := New(NewMockProvider()) + scc := New(NewMockProvider(), mockAclProvider) assert.NotNil(t, scc) stub := shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -761,7 +760,7 @@ func TestGetChaincodeData(t *testing.T) { } func TestExecuteInstall(t *testing.T) { - scc := New(NewMockProvider()) + scc := New(NewMockProvider(), mockAclProvider) assert.NotNil(t, scc) stub := shim.NewMockStub("lscc", scc) res := stub.MockInit("1", nil) @@ -841,7 +840,6 @@ func TestMain(m *testing.M) { mockAclProvider = &mocks.MockACLProvider{} mockAclProvider.Reset() - aclmgmt.RegisterACLProvider(mockAclProvider) os.Exit(m.Run()) } diff --git a/core/scc/qscc/query.go b/core/scc/qscc/query.go index f8aa72a6c08..802a875b494 100644 --- a/core/scc/qscc/query.go +++ b/core/scc/qscc/query.go @@ -14,7 +14,6 @@ import ( "github.com/hyperledger/fabric/core/aclmgmt" "github.com/hyperledger/fabric/core/chaincode/shim" - "github.com/hyperledger/fabric/core/common/sysccprovider" "github.com/hyperledger/fabric/core/ledger" "github.com/hyperledger/fabric/core/peer" pb "github.com/hyperledger/fabric/protos/peer" @@ -23,13 +22,10 @@ import ( // New returns an instance of QSCC. // Typically this is called once per peer. -func New() *LedgerQuerier { - return &LedgerQuerier{} -} - -// NewAsChaincode wraps New() to return a shim.Chaincode. -func NewAsChaincode(sccp sysccprovider.SystemChaincodeProvider) shim.Chaincode { - return New() +func New(aclProvider aclmgmt.ACLProvider) *LedgerQuerier { + return &LedgerQuerier{ + aclProvider: aclProvider, + } } // LedgerQuerier implements the ledger query functions, including: @@ -38,6 +34,7 @@ func NewAsChaincode(sccp sysccprovider.SystemChaincodeProvider) shim.Chaincode { // - GetBlockByHash returns a block // - GetTransactionByID returns a transaction type LedgerQuerier struct { + aclProvider aclmgmt.ACLProvider } var qscclogger = flogging.MustGetLogger("qscc") @@ -96,7 +93,7 @@ func (e *LedgerQuerier) Invoke(stub shim.ChaincodeStubInterface) pb.Response { // 2. check the channel reader policy res := getACLResource(fname) - if err = aclmgmt.GetACLProvider().CheckACL(res, cid, sp); err != nil { + if err = e.aclProvider.CheckACL(res, cid, sp); err != nil { return shim.Error(fmt.Sprintf("Authorization request for [%s][%s] failed: [%s]", fname, cid, err)) } diff --git a/core/scc/qscc/query_test.go b/core/scc/qscc/query_test.go index 9b1aa8d118c..56e97658a54 100644 --- a/core/scc/qscc/query_test.go +++ b/core/scc/qscc/query_test.go @@ -23,7 +23,6 @@ import ( "github.com/hyperledger/fabric/common/ledger/testutil" "github.com/hyperledger/fabric/common/util" - "github.com/hyperledger/fabric/core/aclmgmt" "github.com/hyperledger/fabric/core/aclmgmt/mocks" "github.com/hyperledger/fabric/core/aclmgmt/resources" "github.com/hyperledger/fabric/core/chaincode/shim" @@ -45,7 +44,9 @@ func setupTestLedger(chainid string, path string) (*shim.MockStub, error) { peer.MockInitialize() peer.MockCreateChain(chainid) - lq := new(LedgerQuerier) + lq := &LedgerQuerier{ + aclProvider: mockAclProvider, + } stub := shim.NewMockStub("LedgerQuerier", lq) if res := stub.MockInit("1", nil); res.Status != shim.OK { return nil, fmt.Errorf("Init failed for test ledger [%s] with message: %s", chainid, string(res.Message)) @@ -187,7 +188,9 @@ func TestFailingAccessControl(t *testing.T) { if err != nil { t.Fatalf(err.Error()) } - e := new(LedgerQuerier) + e := &LedgerQuerier{ + aclProvider: mockAclProvider, + } stub := shim.NewMockStub("LedgerQuerier", e) // GetChainInfo @@ -360,6 +363,5 @@ func TestMain(m *testing.M) { mockAclProvider = &mocks.MockACLProvider{} mockAclProvider.Reset() - aclmgmt.RegisterACLProvider(mockAclProvider) os.Exit(m.Run()) } diff --git a/core/scc/register.go b/core/scc/register.go index 971afa3b7e8..b9295f2a638 100644 --- a/core/scc/register.go +++ b/core/scc/register.go @@ -8,9 +8,12 @@ SPDX-License-Identifier: Apache-2.0 package scc -import "github.com/hyperledger/fabric/core/common/ccprovider" +import ( + "github.com/hyperledger/fabric/core/aclmgmt" + "github.com/hyperledger/fabric/core/common/ccprovider" +) // CreateSysCCs creates all of the system chaincodes which are compiled into fabric -func CreateSysCCs(ccp ccprovider.ChaincodeProvider, p *Provider) []*SystemChaincode { - return builtInSystemChaincodes(ccp, p) +func CreateSysCCs(ccp ccprovider.ChaincodeProvider, p *Provider, aclProvider aclmgmt.ACLProvider) []*SystemChaincode { + return builtInSystemChaincodes(ccp, p, aclProvider) } diff --git a/core/scc/register_pluginsenabled.go b/core/scc/register_pluginsenabled.go index b0831e455fc..39ac861e441 100644 --- a/core/scc/register_pluginsenabled.go +++ b/core/scc/register_pluginsenabled.go @@ -9,10 +9,13 @@ SPDX-License-Identifier: Apache-2.0 package scc -import "github.com/hyperledger/fabric/core/common/ccprovider" +import ( + "github.com/hyperledger/fabric/core/aclmgmt" + "github.com/hyperledger/fabric/core/common/ccprovider" +) // CreateSysCCs creates all of the system chaincodes which are compiled into fabric // as well as those which are loaded by plugin -func CreateSysCCs(ccp ccprovider.ChaincodeProvider, p *Provider) []*SystemChaincode { - return append(builtInSystemChaincodes(ccp, p), loadSysCCs(p)...) +func CreateSysCCs(ccp ccprovider.ChaincodeProvider, p *Provider, aclProvider aclmgmt.ACLProvider) []*SystemChaincode { + return append(builtInSystemChaincodes(ccp, p, aclProvider), loadSysCCs(p)...) } diff --git a/core/scc/scc_test.go b/core/scc/scc_test.go index 8d05ed87a55..ddcf9a8df8d 100644 --- a/core/scc/scc_test.go +++ b/core/scc/scc_test.go @@ -11,6 +11,7 @@ import ( "os" "testing" + aclmocks "github.com/hyperledger/fabric/core/aclmgmt/mocks" "github.com/hyperledger/fabric/core/container/inproccontroller" "github.com/hyperledger/fabric/core/ledger/ledgermgmt" ccprovider2 "github.com/hyperledger/fabric/core/mocks/ccprovider" @@ -26,8 +27,9 @@ func init() { func newTestProvider() *Provider { ccp := &ccprovider2.MockCcProviderImpl{} + mockAclProvider := &aclmocks.MockACLProvider{} p := NewProvider(peer.Default, peer.DefaultSupport, inproccontroller.NewRegistry()) - for _, cc := range CreateSysCCs(ccp, p) { + for _, cc := range CreateSysCCs(ccp, p, mockAclProvider) { p.RegisterSysCC(cc) } return p @@ -86,7 +88,8 @@ func TestSccProviderImpl_GetQueryExecutorForLedger(t *testing.T) { func TestRegisterSysCC(t *testing.T) { ccp := &ccprovider2.MockCcProviderImpl{} - assert.NotPanics(t, func() { CreateSysCCs(ccp, newTestProvider()) }, "expected successful init") + mockAclProvider := &aclmocks.MockACLProvider{} + assert.NotPanics(t, func() { CreateSysCCs(ccp, newTestProvider(), mockAclProvider) }, "expected successful init") p := &Provider{ Registrar: inproccontroller.NewRegistry(), diff --git a/core/scc/vscc/validator_onevalidsignature.go b/core/scc/vscc/validator_onevalidsignature.go index 7c982dd2734..6833716d0aa 100644 --- a/core/scc/vscc/validator_onevalidsignature.go +++ b/core/scc/vscc/validator_onevalidsignature.go @@ -45,11 +45,6 @@ func New(sccp sysccprovider.SystemChaincodeProvider) *ValidatorOneValidSignature } } -// NewAsChaincode wraps New() to return a shim.Chaincode -func NewAsChaincode(sccp sysccprovider.SystemChaincodeProvider) shim.Chaincode { - return New(sccp) -} - // ValidatorOneValidSignature implements the default transaction validation policy, // which is to check the correctness of the read-write set and the endorsement // signatures against an endorsement policy that is supplied as argument to diff --git a/core/scc/vscc/validator_onevalidsignature_test.go b/core/scc/vscc/validator_onevalidsignature_test.go index efd41e29c7d..4ad02a32bd5 100644 --- a/core/scc/vscc/validator_onevalidsignature_test.go +++ b/core/scc/vscc/validator_onevalidsignature_test.go @@ -21,6 +21,7 @@ import ( lm "github.com/hyperledger/fabric/common/mocks/ledger" "github.com/hyperledger/fabric/common/mocks/scc" "github.com/hyperledger/fabric/common/util" + aclmocks "github.com/hyperledger/fabric/core/aclmgmt/mocks" "github.com/hyperledger/fabric/core/chaincode/shim" "github.com/hyperledger/fabric/core/common/ccpackage" "github.com/hyperledger/fabric/core/common/ccprovider" @@ -424,8 +425,9 @@ func TestRWSetTooBig(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) + mockAclProvider := &aclmocks.MockACLProvider{} - lccc := lscc.New(mp) + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -493,8 +495,9 @@ func TestValidateDeployFail(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) + mockAclProvider := &aclmocks.MockACLProvider{} - lccc := lscc.New(mp) + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -782,8 +785,9 @@ func TestAlreadyDeployed(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) + mockAclProvider := &aclmocks.MockACLProvider{} - lccc := lscc.New(mp) + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -861,8 +865,9 @@ func TestValidateDeployNoLedger(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) + mockAclProvider := &aclmocks.MockACLProvider{} - lccc := lscc.New(mp) + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -920,7 +925,8 @@ func TestValidateDeployOK(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -980,7 +986,8 @@ func TestValidateDeployWithCollection(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -1082,7 +1089,7 @@ func TestValidateDeployWithCollection(t *testing.T) { v = New(mp) stub = shim.NewMockStub("validatoronevalidsignature", v) - lccc = lscc.New(mp) + lccc = lscc.New(mp, mockAclProvider) stublccc = shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -1116,7 +1123,8 @@ func TestValidateDeployWithPolicies(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -1204,7 +1212,8 @@ func TestInvalidUpgrade(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -1260,7 +1269,8 @@ func TestValidateUpgradeOK(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -1341,7 +1351,8 @@ func TestInvalidateUpgradeBadVersion(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -1423,7 +1434,8 @@ func validateUpgradeWithCollection(t *testing.T, V1_2Validation bool) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -1626,7 +1638,8 @@ func TestValidateUpgradeWithPoliciesOK(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -1723,7 +1736,8 @@ func validateUpgradeWithNewFailAllIP(t *testing.T, v11capability, expecterr bool v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) @@ -1820,7 +1834,8 @@ func TestValidateUpgradeWithPoliciesFail(t *testing.T) { v := New(mp) stub := shim.NewMockStub("validatoronevalidsignature", v) - lccc := lscc.New(mp) + mockAclProvider := &aclmocks.MockACLProvider{} + lccc := lscc.New(mp, mockAclProvider) stublccc := shim.NewMockStub("lscc", lccc) State["lscc"] = stublccc.State stub.MockPeerChaincode("lscc", stublccc) diff --git a/peer/node/start.go b/peer/node/start.go index 30e31af1b2e..62c1791d8fe 100644 --- a/peer/node/start.go +++ b/peer/node/start.go @@ -138,7 +138,7 @@ func serve(args []string) error { //startup aclmgmt with default ACL providers (resource based and default 1.0 policies based). //Users can pass in their own ACLProvider to RegisterACLProvider (currently unit tests do this) - aclmgmt.RegisterACLProvider(nil) + aclProvider := aclmgmt.NewACLProvider() // TODO: provide resource getter / peer.GetStableChannelConfig //initialize resource management exit ledgermgmt.Initialize(peer.ConfigTxProcessors) @@ -202,7 +202,7 @@ func serve(args []string) error { mutualTLS := serverConfig.SecOpts.UseTLS && serverConfig.SecOpts.RequireClientCert policyCheckerProvider := func(resourceName string) deliver.PolicyCheckerFunc { return func(env *cb.Envelope, channelID string) error { - return aclmgmt.GetACLProvider().CheckACL(resourceName, channelID, env) + return aclProvider.CheckACL(resourceName, channelID, env) } } @@ -224,7 +224,7 @@ func serve(args []string) error { if err != nil { logger.Panicf("Failed to create chaincode server: %s", err) } - chaincodeSupport, ccp, sccp := registerChaincodeSupport(ccSrv, ccEndpoint, ca) + chaincodeSupport, ccp, sccp := registerChaincodeSupport(ccSrv, ccEndpoint, ca, aclProvider) go ccSrv.Start() logger.Debugf("Running peer") @@ -255,6 +255,7 @@ func serve(args []string) error { PeerSupport: peer.DefaultSupport, ChaincodeSupport: chaincodeSupport, SysCCProvider: sccp, + ACLProvider: aclProvider, } pluginsByName := reg.Lookup(library.Endorsement).(map[string]endorsement2.PluginFactory) signingIdentityFetcher := (endorsement3.SigningIdentityFetcher)(endorserSupport) @@ -583,7 +584,7 @@ func computeChaincodeEndpoint(peerHostname string) (ccEndpoint string, err error //NOTE - when we implement JOIN we will no longer pass the chainID as param //The chaincode support will come up without registering system chaincodes //which will be registered only during join phase. -func registerChaincodeSupport(grpcServer *comm.GRPCServer, ccEndpoint string, ca accesscontrol.CA) (*chaincode.ChaincodeSupport, ccprovider.ChaincodeProvider, *scc.Provider) { +func registerChaincodeSupport(grpcServer *comm.GRPCServer, ccEndpoint string, ca accesscontrol.CA, aclProvider aclmgmt.ACLProvider) (*chaincode.ChaincodeSupport, ccprovider.ChaincodeProvider, *scc.Provider) { //get user mode userRunsCC := chaincode.IsDevMode() tlsEnabled := viper.GetBool("peer.tls.enabled") @@ -598,7 +599,7 @@ func registerChaincodeSupport(grpcServer *comm.GRPCServer, ccEndpoint string, ca ca.CertBytes(), authenticator, &ccprovider.CCInfoFSImpl{}, - aclmgmt.GetACLProvider(), + aclProvider, container.NewVMController(map[string]container.VMProvider{ dockercontroller.ContainerType: dockercontroller.NewProvider( viper.GetString("peer.id"), @@ -616,7 +617,7 @@ func registerChaincodeSupport(grpcServer *comm.GRPCServer, ccEndpoint string, ca } //Now that chaincode is initialized, register all system chaincodes. - sccs := scc.CreateSysCCs(ccp, sccp) + sccs := scc.CreateSysCCs(ccp, sccp, aclProvider) for _, cc := range sccs { sccp.RegisterSysCC(cc) }