基于对等角色和订单,您可能在策略检查器中失败。
Peer roles:
org1peer1:member
org1peer2:member
org2peer1:admin
org2peer2:member`
节点sdk e2eUtils.js
中指定的认可政策'endorsement-policy': {
identities: [
{ role: { name: 'member', mspId: ORGS['org1'].mspid }},
{ role: { name: 'member', mspId: ORGS['org2'].mspid }},
{ role: { name: 'admin', mspId: ORGS['org1'].mspid }},
{ role: { name: 'admin', mspId: ORGS['org2'].mspid }}
],
policy: {
'2-of': [
{ 'signed-by': 1},
{ 'signed-by': 3}
]
}
}
在e2eUtils.js中使用节点sdk e2e func invokeChaincode调用事务
send endorsement responses with order (Org2Member,Org2Admin) -> SUCCESS
send endorsement responses with order (Org2Admin, Org2Member) -> ENDORSEMENT_POLICY_FAILURE
only send proposal to Org2Admin, and make another copy of response from Org2Admin, to make it (Org2Admin, Org2Admin) -> SUCCESS
问题是订单或添加同行的问题。我们希望添加同行的顺序不应影响认可结果。
答案 0 :(得分:1)
政策检查员的行为,当代言政策同时需要时 同一组织的“admin”和“member”主体,某些有效 支持可能无法通过政策检查。
为了说明这一点,我们使用以下示例:
您有背书政策:“AND(org1.member,org1.admin)” 或者以与node.js SDK一起使用的JSON格式指定时:
{ “身份”:[ {“role”:{“name”:“member”,“mspId”:“org1”}, {“role”:{“name”:“admin”,“mspId”:“org1”}], “2-of”:[ {“signed-by”:0}, {“签名”:1 ] }
策略检查程序的当前行为取决于顺序 两个MSP负责人在代言政策中的作用。这是对的描述 目前的实施:
If the policy is similar to the code illustrated above, where the "member"
role is put ahead of the "admin" role of the same organization. AND the
policy requires both roles to be satisfied. Then the policy check will fail.
If the order of the endorsements inside the ProposalResponsePayload is
flipped. Meaning that E2 comes before E1, then the policy check will succeed.
However, if the "admin" role is put ahead of the "member" role, then the
policy check always succeeds regardless of the order of the endorsements."
解决方法
始终在策略的成员标识之前在策略中指定管理员标识 相同的组织,无论代言人的顺序如何,都将始终有效。
可以找到更多技术细节 FAB-4248