У меня ошибка при оценке политики. Вышеуказанная политика - это пользовательская политика, которую я определил в моем configtx.yml Здесь приведен фрагмент, в котором определены профиль моего системного канала и профиль моего канала приложения (я включаю только соответствующие части).
Organizations:
- &Org
Name: MyOrg
ID: MyOrg
MSPDir: crypto-config/organizations/org.com/msp
Policies: &OrgPolicy
System:
Type: Signature
Rule: "OR(' MyOrg.admin')"
Readers:
Type: Signature
Rule: "OR(' MyOrg.member')"
Writers:
Type: Signature
Rule: "OR(' MyOrg.member')"
Admins:
Type: Signature
Rule: "OR(' MyOrg.admin')"
AnchorPeers:
- Host: 127.0.0.1
Port: 7051
Application: &ApplicationDefaults
ACLs: &ACLsDefault
qscc/GetBlockByNumber: /Channel/Application/Admins
Policies: &ApplicationDefaultPolicies
System:
Type: ImplicitMeta
Rule: "ANY System"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "MAJORITY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Orderer: &OrdererDefaults
....
Policies:
System:
Type: ImplicitMeta
Rule: "ANY Admins"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ALL Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"Policies:
System:
Type: ImplicitMeta
Rule: "ANY Admins"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ALL Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
....
Profiles:
ApplicationChannel:
Consortium: MyOrgConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *MyOrg
Capabilities:
<<: *ApplicationCapabilities
MyOrgSysChannelConfiguration:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *MyOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *MyOrg
Consortiums:
MyOrgConsortium:
Organizations:
- *MyOrg
Я затем генерирую свои артефакты:
bin/configtxgen -profile MyOrgSysChannelConfiguration -channelID sys-channel -outputBlock ./channel-artifacts/genesis.block
bin/configtxgen -profile ApplicationChannel -outputCreateChannelTx ./channel-artifacts/blockchain.tx -channelID application-channel
Затем я могу проверить мой блок генеза и соответствующие части вывода bin/configtxgen -inspectBlock:
{
"data": {
"data": [
{
"payload": {
"data": {
"config": {
"channel_group": {
"groups": {
"Application": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
....
},
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Admins"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "System"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Writers"
}
},
}
},
"values": {
"ACLs": {
"value": {
"acls": {
"qscc/GetBlockByNumber": {
"policy_ref": "/Channel/Application/System"
},
}
},
},
"Capabilities": {
...
}
},
},
"Consortiums": {
"groups": {
"MyOrgConsortium": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
....
},
}
},
....
}
},
"mod_policy": "/Channel/Orderer/Admins",
"policies": {
"Admins": {
"mod_policy": "/Channel/Orderer/Admins",
"policy": {
"type": 1,
"value": {
"identities": [],
"rule": {
"n_out_of": {
"n": 0,
"rules": []
}
},
"version": 0
}
},
}
},
"values": {},
},
"Orderer": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
...
},
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "ALL",
"sub_policy": "Admins"
}
},
},
"BlockValidation": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Admins"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
}
},
"values": {
"BatchSize": {
"value": {
"absolute_max_bytes": 10485760,
"max_message_count": 500,
"preferred_max_bytes": 2097152
},
},
"BatchTimeout": {
"value": {
"timeout": "2s"
},
},
"Capabilities": {
"value": {
"capabilities": {
"V1_4_2": {}
}
},
},
"ChannelRestrictions": {
"value": null,
},
"ConsensusType": {
...
}
},
}
},
"policies": {
...
},
"values": {
...
}
}
}
}
}
}
]
}
}
Как и ожидалось, я могуобратите внимание, что моя система пользовательских политик, которую я использую для управления списком доступа через блок get по номеру ресурса, включена на всех уровнях, которые я определил. То, что вы хотите заметить, это то, что он определен в группе приложений, где MyOrg.policy.
Так что я готов развернуть мой системный канал и запустить отправить транзакцию создания канала, ранее сгенерированную из моего configtx.yml.
Пока все хорошо!
Я сейчас извлекаю последнюю версию конфигурации для моего application-channel, в которой ниже опущены не соответствующие части:
{
"data": {
"data": [
{
"payload": {
"data": {
"config": {
"channel_group": {
"groups": {
"Application": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< HERE! HERE! IT IS MISSING HERE! >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
},
"values": {
...
},
"version": "1"
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Admins"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "System"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Writers"
}
},
}
},
"values": {
"ACLs": {
...
},
"version": "1"
},
"Orderer": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
....
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "ALL",
"sub_policy": "Admins"
}
},
},
"BlockValidation": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Admins"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
}
},
"values": {
...
},
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "ALL",
"sub_policy": "Admins"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
}
},
"values": {
...
},
},
"sequence": "2"
},
"last_update": {
"payload": {
"data": {
"config_update": {
"channel_id": "application-channel",
"isolated_data": {},
"read_set": {
"groups": {
"Application": {
"groups": {
"MyOrg": {
"groups": {},
"mod_policy": "",
"policies": {
"Admins": {
"mod_policy": "",
"policy": null,
},
"Readers": {
"mod_policy": "",
"policy": null,
},
"Writers": {
"mod_policy": "",
"policy": null,
}
},
"values": {
"MSP": {
"mod_policy": "",
"value": null,
}
},
}
},
"policies": {},
"values": {},
"version": "1"
}
},
"mod_policy": "",
"policies": {},
"values": {},
},
"write_set": {
"groups": {
"Application": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"mod_policy": "",
"policy": null,
},
"Readers": {
"mod_policy": "",
"policy": null,
},
"Writers": {
"mod_policy": "",
"policy": null,
}
},
"values": {
...
}
},
"policies": {},
"values": {},
"version": "1"
}
},
"mod_policy": "",
"policies": {},
"values": {},
}
},
"signatures": [
...
]
},
"header": {
...
}
},
}
},
"header": {
...
}
},
}
]
},
"header": {
...
},
"metadata": {
....
}
}
Это не имеет смысла для меня .. Юо может заметить, что на Application.group.MyOrg.policy моя пользовательская политика не определена. Однако он определен на всех других уровнях, где MyOrg был включен в определение канала в файле confitx.yml. Тот факт, что политика подписи типа не определена на уровне Application, приводит к невозможности одобрения GetBlockByNumber, поскольку она сначала оценивается как неявная метаполитика, которая не может быть разрешена в политике подписи.
Что-то не так в определении канала приложения?
Спасибо за чтение.