在评估策略期间出现错误。上面的策略是我在configtx.yml中定义的自定义策略
这是其中的一小段,其中定义了我的系统通道配置文件和应用程序通道配置文件(我仅包括相关部分)。
Organizations:
- &Org
Name: MyOrg
ID: MyOrg
MSPDir: crypto-config/organizations/org.com/msp
Policies: &OrgPolicy
System:
Type: Signature
Rule: "OR(' MyOrg.admin')"
Readers:
Type: Signature
Rule: "OR(' MyOrg.member')"
Writers:
Type: Signature
Rule: "OR(' MyOrg.member')"
Admins:
Type: Signature
Rule: "OR(' MyOrg.admin')"
AnchorPeers:
- Host: 127.0.0.1
Port: 7051
Application: &ApplicationDefaults
ACLs: &ACLsDefault
qscc/GetBlockByNumber: /Channel/Application/Admins
Policies: &ApplicationDefaultPolicies
System:
Type: ImplicitMeta
Rule: "ANY System"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "MAJORITY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Orderer: &OrdererDefaults
....
Policies:
System:
Type: ImplicitMeta
Rule: "ANY Admins"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ALL Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"Policies:
System:
Type: ImplicitMeta
Rule: "ANY Admins"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "ALL Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
....
Profiles:
ApplicationChannel:
Consortium: MyOrgConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *MyOrg
Capabilities:
<<: *ApplicationCapabilities
MyOrgSysChannelConfiguration:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *MyOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *MyOrg
Consortiums:
MyOrgConsortium:
Organizations:
- *MyOrg
我要生成我的工件:
bin/configtxgen -profile MyOrgSysChannelConfiguration -channelID sys-channel -outputBlock ./channel-artifacts/genesis.block
bin/configtxgen -profile ApplicationChannel -outputCreateChannelTx ./channel-artifacts/blockchain.tx -channelID application-channel
然后我可以检查我的创始块以及bin/configtxgen -inspectBlock输出的相关部分:
{
"data": {
"data": [
{
"payload": {
"data": {
"config": {
"channel_group": {
"groups": {
"Application": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
....
},
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Admins"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "System"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Writers"
}
},
}
},
"values": {
"ACLs": {
"value": {
"acls": {
"qscc/GetBlockByNumber": {
"policy_ref": "/Channel/Application/System"
},
}
},
},
"Capabilities": {
...
}
},
},
"Consortiums": {
"groups": {
"MyOrgConsortium": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
....
},
}
},
....
}
},
"mod_policy": "/Channel/Orderer/Admins",
"policies": {
"Admins": {
"mod_policy": "/Channel/Orderer/Admins",
"policy": {
"type": 1,
"value": {
"identities": [],
"rule": {
"n_out_of": {
"n": 0,
"rules": []
}
},
"version": 0
}
},
}
},
"values": {},
},
"Orderer": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
...
},
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "ALL",
"sub_policy": "Admins"
}
},
},
"BlockValidation": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Admins"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
}
},
"values": {
"BatchSize": {
"value": {
"absolute_max_bytes": 10485760,
"max_message_count": 500,
"preferred_max_bytes": 2097152
},
},
"BatchTimeout": {
"value": {
"timeout": "2s"
},
},
"Capabilities": {
"value": {
"capabilities": {
"V1_4_2": {}
}
},
},
"ChannelRestrictions": {
"value": null,
},
"ConsensusType": {
...
}
},
}
},
"policies": {
...
},
"values": {
...
}
}
}
}
}
}
]
}
}
按预期,我可以看到我自定义策略系统(该系统用于控制按编号获取资源的访问列表)已包含在我定义的所有级别上。
您要注意的是,它是在“应用程序”组的MyOrg.policy下定义的。
因此,我准备部署我的系统通道并运行提交先前从我的configtx.yml生成的创建通道事务。
到目前为止一切顺利!
我现在正在为application-channel获取配置的最新版本,以下省略了不相关的部分:
{
"data": {
"data": [
{
"payload": {
"data": {
"config": {
"channel_group": {
"groups": {
"Application": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< HERE! HERE! IT IS MISSING HERE! >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
},
"values": {
...
},
"version": "1"
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Admins"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "System"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Writers"
}
},
}
},
"values": {
"ACLs": {
...
},
"version": "1"
},
"Orderer": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Readers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"System": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
},
"Writers": {
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "MyOrg",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
}
},
"values": {
....
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "ALL",
"sub_policy": "Admins"
}
},
},
"BlockValidation": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"System": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Admins"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
}
},
"values": {
...
},
}
},
"policies": {
"Admins": {
"policy": {
"type": 3,
"value": {
"rule": "ALL",
"sub_policy": "Admins"
}
},
},
"Readers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
},
"Writers": {
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
}
},
"values": {
...
},
},
"sequence": "2"
},
"last_update": {
"payload": {
"data": {
"config_update": {
"channel_id": "application-channel",
"isolated_data": {},
"read_set": {
"groups": {
"Application": {
"groups": {
"MyOrg": {
"groups": {},
"mod_policy": "",
"policies": {
"Admins": {
"mod_policy": "",
"policy": null,
},
"Readers": {
"mod_policy": "",
"policy": null,
},
"Writers": {
"mod_policy": "",
"policy": null,
}
},
"values": {
"MSP": {
"mod_policy": "",
"value": null,
}
},
}
},
"policies": {},
"values": {},
"version": "1"
}
},
"mod_policy": "",
"policies": {},
"values": {},
},
"write_set": {
"groups": {
"Application": {
"groups": {
"MyOrg": {
"groups": {},
"policies": {
"Admins": {
"mod_policy": "",
"policy": null,
},
"Readers": {
"mod_policy": "",
"policy": null,
},
"Writers": {
"mod_policy": "",
"policy": null,
}
},
"values": {
...
}
},
"policies": {},
"values": {},
"version": "1"
}
},
"mod_policy": "",
"policies": {},
"values": {},
}
},
"signatures": [
...
]
},
"header": {
...
}
},
}
},
"header": {
...
}
},
}
]
},
"header": {
...
},
"metadata": {
....
}
}
这对我来说没有意义。。Yuo可以注意到在Application.group.MyOrg.policy上我的自定义策略未定义。但是,它是在confitx.yml文件的通道定义中包括MyOrg的所有其他级别中定义的。
类型签名策略未在Application级别定义的事实产生了无法认可GetBlockByNumber的事实,因为它首先被评估为无法在签名策略中解决的隐式元策略。
我在应用程序渠道定义中做错了吗?
感谢阅读。
答案 0 :(得分:0)
这里的所有内容似乎都应该正常工作,如果我不得不猜测的话,我想说订购系统通道是用configtx.yaml的较早版本进行引导的。定义了除Readers / Writers / Admin之外的其他策略,并已在频道创建中继承这些策略已经过测试(事实上,默认情况下,您会看到一些新的策略与v2.0中的新生命周期相关)。让我提供更多背景信息,以帮助您跟踪情况。
当您使用创世块引导订购者时,该块是订购者系统通道的开始。订购系统通道用于协调订购者之间的渠道创建事件。
当接收到频道创建事务时(实际上这只是一种特殊的配置更新事务),订购者将基于订购者系统通道的当前内容生成临时配置。 它需要顶层,渠道组,订购者组以及联盟定义中定义的组织来创建某种模板配置。此模板配置包括订购者系统渠道联盟定义中定义的组织定义。
同时,当您使用configtxgen生成通道配置事务时,默认情况下,仅遵守“应用程序”部分中的策略,ACL和功能。其他部分,包括通道级别的项目(例如功能和策略),订购者级别的项目(例如策略,订购组织,共识配置)以及所有应用程序组织内容都将被忽略。唯一的例外是要包括在渠道中的组织名称。因此,当您检查渠道创建交易时,您会注意到输出中不包含您的组织信息,例如CA和策略。
因此,即使您的configtx.yaml引用了在其中定义了自定义策略的组织,configtxgen仍假定这些策略已存在于订购者系统通道中,并且不执行任何操作。注意:此行为是“功能”,而不是错误,因为创建具有许多组织的渠道时,创建者需要组织所有者定义的最新CA,CRL,策略等,而不必收集所有这些人工制品。
根据您上面提供的信息,在我看来,您的自定义策略定义应该位于订购者系统通道上的联盟定义中,并且应该在新通道的模板配置中继承它们。但是,由于这没有发生,所以我的唯一结论是订购者系统渠道联盟定义中的组织实际上没有这些补充政策。您可以通过peer channel fetch config拉出订购者系统通道的最新配置块并进行解码来确认这一点。