From 1ae62f18c7313281ed40e52c8f8cc0708dead3c9 Mon Sep 17 00:00:00 2001 From: Jakub Dzikowski Date: Tue, 12 Mar 2024 20:35:50 +0100 Subject: [PATCH] Remove yq and custom fabric policies (#88) * Remove custom fabric policies * Remove yq --- .github/workflows/test-on-push.yml | 3 - .../.devcontainer/Dockerfile.devcontainer | 3 - chain-cli/docker/Dockerfile | 5 +- chain-cli/network/configtx-policies.yml | 230 ------------------ chain-cli/network/fablo-post-generate.sh | 37 --- chain-cli/src/commands/network-up/index.ts | 18 -- docker/Dockerfile | 5 +- docs/getting-started.md | 2 +- 8 files changed, 3 insertions(+), 300 deletions(-) delete mode 100644 chain-cli/network/configtx-policies.yml diff --git a/.github/workflows/test-on-push.yml b/.github/workflows/test-on-push.yml index 24654ab6f..4725ef628 100644 --- a/.github/workflows/test-on-push.yml +++ b/.github/workflows/test-on-push.yml @@ -64,13 +64,10 @@ jobs: run: | sudo apt-get update sudo apt-get install -y jq - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 - sudo chmod a+x /usr/local/bin/yq git --version node --version npm --version jq --version - yq --version bash --version docker version docker-compose version diff --git a/chain-cli/chaincode-template/.devcontainer/Dockerfile.devcontainer b/chain-cli/chaincode-template/.devcontainer/Dockerfile.devcontainer index 4e5fe87db..929d91249 100644 --- a/chain-cli/chaincode-template/.devcontainer/Dockerfile.devcontainer +++ b/chain-cli/chaincode-template/.devcontainer/Dockerfile.devcontainer @@ -4,9 +4,6 @@ FROM docker:dind # Install bash, Node.js, jq, and Perl RUN apk add --update nodejs npm bash jq perl -# Install yq -RUN wget https://github.com/mikefarah/yq/releases/download/v4.9.8/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq - # Install Gala Chain CLI globally RUN npm install -g @gala-chain/cli diff --git a/chain-cli/docker/Dockerfile b/chain-cli/docker/Dockerfile index 72a1c2edc..b37e86bed 100644 --- a/chain-cli/docker/Dockerfile +++ b/chain-cli/docker/Dockerfile @@ -1,12 +1,9 @@ # Start with the Docker in Docker image FROM docker:dind -# Install bash, Node.js, jq, yq, and Perl +# Install bash, Node.js, jq, and Perl RUN apk add --update nodejs npm bash jq perl -# Install yq -RUN wget https://github.com/mikefarah/yq/releases/download/v4.9.8/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq - # Install Gala Chain CLI globally RUN npm install -g @gala-chain/cli diff --git a/chain-cli/network/configtx-policies.yml b/chain-cli/network/configtx-policies.yml deleted file mode 100644 index 4c83ec916..000000000 --- a/chain-cli/network/configtx-policies.yml +++ /dev/null @@ -1,230 +0,0 @@ -Organizations: - - - &OrdererOrg - Name: OrdererOrg - ID: OrdererOrg - Policies: - Readers: - Type: Signature - Rule: "OR('OrdererOrg.member')" - Writers: - Type: Signature - Rule: "OR('OrdererOrg.member')" - Admins: - Type: Signature - Rule: "OR('OrdererOrg.admin')" - # No 'Endorsement' required, this org won't be a part of Channel/Application, - # it is just an ordering organization (Channel/Orderer) - - - &CuratorOrg - Name: CuratorOrg - ID: CuratorOrg - Policies: - Readers: - Type: Signature - Rule: "OR('CuratorOrg.member')" - Writers: - Type: Signature - Rule: "OR('CuratorOrg.member')" - Admins: - Type: Signature - Rule: "OR('CuratorOrg.admin')" - Endorsement: - Type: Signature - Rule: "OR('CuratorOrg.member')" - CuratorChannelLifecycle: - Type: Signature - Rule: "OR('CuratorOrg.member')" - PartnerChannelLifecycle: - Type: Signature - Rule: "OR('CuratorOrg.member')" - - - &PartnerOrg1 - Name: PartnerOrg1 - ID: PartnerOrg1 - Policies: - Readers: - Type: Signature - Rule: "OR('PartnerOrg1.member')" - Writers: - Type: Signature - Rule: "OR('PartnerOrg1.member')" - Admins: - Type: Signature - Rule: "OR('PartnerOrg1.admin')" - Endorsement: - Type: Signature - Rule: "OR('PartnerOrg1.member')" - CuratorChannelLifecycle: - Type: Signature - Rule: "OR('CuratorOrg.member')" # Does not take part in chaincode installation, but trusts the CuratorOrg - PartnerChannelLifecycle: - Type: Signature - Rule: "OR('PartnerOrg1.member')" - - - &UsersOrg1 - Name: UsersOrg1 - ID: UsersOrg1 - Policies: - Readers: - Type: Signature - Rule: "OR('UsersOrg1.member')" - Writers: - Type: Signature - Rule: "OR('UsersOrg1.member')" - Admins: - Type: Signature - Rule: "OR('UsersOrg1.admin')" - # No Endorsement - CuratorChannelLifecycle: - Type: Signature - Rule: "OR('CuratorOrg.member', 'PartnerOrg1.member')" # Does not take part in chaincode installation, but trusts other orgs - PartnerChannelLifecycle: - Type: Signature - Rule: "OR('CuratorOrg.member', 'PartnerOrg1.member')" # Does not take part in chaincode installation, but trusts other orgs - -Orderer: &Group1Defaults - Organizations: - - Policies: - Readers: - Type: ImplicitMeta - Rule: "ANY Readers" - Writers: - Type: ImplicitMeta - Rule: "ANY Writers" - Admins: - Type: ImplicitMeta - Rule: "MAJORITY Admins" - BlockValidation: - Type: ImplicitMeta - Rule: "ANY Writers" - -Application: &ApplicationDefaults - ACLs: &ACLsDefault - # Override default ACLs to specify custom policy for chaincode approval - _lifecycle/CheckCommitReadiness: /Channel/Application/LifecycleEndorsement - _lifecycle/CommitChaincodeDefinition: /Channel/Application/LifecycleEndorsement - _lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers - _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers - - lscc/ChaincodeExists: /Channel/Application/Readers - lscc/GetDeploymentSpec: /Channel/Application/Readers - lscc/GetChaincodeData: /Channel/Application/Readers - lscc/GetInstantiatedChaincodes: /Channel/Application/Readers - - qscc/GetChainInfo: /Channel/Application/Readers - qscc/GetBlockByNumber: /Channel/Application/Readers - qscc/GetBlockByHash: /Channel/Application/Readers - qscc/GetTransactionByID: /Channel/Application/Readers - qscc/GetBlockByTxID: /Channel/Application/Readers - - cscc/GetConfigBlock: /Channel/Application/Readers - cscc/GetChannelConfig: /Channel/Application/Readers - - peer/Propose: /Channel/Application/Writers - peer/ChaincodeToChaincode: /Channel/Application/Writers - - event/Block: /Channel/Application/Readers - event/FilteredBlock: /Channel/Application/Readers - - Organizations: - - Policies: &ApplicationDefaultPolicies - LifecycleEndorsement: - Type: ImplicitMeta - Rule: "MAJORITY Endorsement" - Endorsement: - Type: ImplicitMeta - Rule: "MAJORITY Endorsement" - Readers: - Type: ImplicitMeta - Rule: "ANY Readers" - Writers: - Type: ImplicitMeta - Rule: "ANY Writers" - Admins: - Type: ImplicitMeta - Rule: "MAJORITY Admins" - -Channel: &ChannelDefaults - Policies: - # Who may invoke the 'Deliver' API - Readers: - Type: ImplicitMeta - Rule: "ANY Readers" - # Who may invoke the 'Broadcast' API - Writers: - Type: ImplicitMeta - Rule: "ANY Writers" - # By default, who may modify elements at this config level - Admins: - Type: ImplicitMeta - Rule: "MAJORITY Admins" - -Profiles: - CuratorChannel: &CuratorChannelDefaults - <<: *ChannelDefaults - Orderer: - <<: *Group1Defaults - Organizations: - - *OrdererOrg - Application: - <<: *ApplicationDefaults - Policies: - <<: *ApplicationDefaultPolicies - LifecycleEndorsement: - Type: ImplicitMeta - Rule: "MAJORITY CuratorChannelLifecycle" # specific policy for curator channel - Endorsement: - Type: Signature - Rule: "AND('CuratorOrg.member', 'PartnerOrg1.member')" # Signature policy here, UsersOrg skipped - Admins: - Type: Signature - Rule: "AND('CuratorOrg.member', 'PartnerOrg1.member')" # Signature policy here, UsersOrg skipped - Organizations: - - <<: *CuratorOrg - - <<: *PartnerOrg1 - - <<: *UsersOrg1 - - # Consortium(s) is a legacy required by Fablo, can be skipped for flow without system channel - Consortium: SampleConsortium - Consortiums: - SampleConsortium: - Organizations: - - <<: *CuratorOrg - - <<: *PartnerOrg1 - - <<: *UsersOrg1 - - PartnerChannel: &PartnerChannelDefaults - <<: *ChannelDefaults - Orderer: - <<: *Group1Defaults - Organizations: - - *OrdererOrg - Application: - <<: *ApplicationDefaults - Policies: - <<: *ApplicationDefaultPolicies - LifecycleEndorsement: - Type: ImplicitMeta - Rule: "MAJORITY PartnerChannelLifecycle" # specific policy for partner channel - Endorsement: - Type: Signature - Rule: "AND('CuratorOrg.member', 'PartnerOrg1.member')" # Signature policy here, UsersOrg skipped - Admins: - Type: Signature - Rule: "AND('CuratorOrg.member', 'PartnerOrg1.member')" # Signature policy here, UsersOrg skipped - Organizations: - - <<: *CuratorOrg - - <<: *PartnerOrg1 - - <<: *UsersOrg1 - - # Consortium(s) is a legacy required by Fablo, can be skipped for flow without system channel - Consortium: SampleConsortium - Consortiums: - SampleConsortium: - Organizations: - - <<: *CuratorOrg - - <<: *PartnerOrg1 - - <<: *UsersOrg1 diff --git a/chain-cli/network/fablo-post-generate.sh b/chain-cli/network/fablo-post-generate.sh index b5ceca953..245e6a0b1 100755 --- a/chain-cli/network/fablo-post-generate.sh +++ b/chain-cli/network/fablo-post-generate.sh @@ -41,43 +41,6 @@ perl -i -pe 's/_CA_VERSION=1.5.0/_CA_VERSION=1.5.5/g' "$target_env" # skip chaincode installation for UsersOrg1 (note the approval for UsersOrg1 is not skipped) perl -i -pe 's/chaincodeInstall "cli.users1.local"/echo "Skipping..." # chaincodeInstall "cli.users1.local"/g' "./fablo-target/fabric-docker/commands-generated.sh" -# -# overwrite default policies -# -setFromPoliciesConfigtx() { - yaml_path="$1" - configtx_policies="./configtx-policies.yml" - echo " - $yaml_path" - yq eval-all --inplace "select(fileIndex == 0)$yaml_path = select(fileIndex == 1)$yaml_path | select(fileIndex == 0)" "$target_configtx" "$configtx_policies" -} - -executeInConfigtx() { - expression="$1" - echo " - $expression" - yq eval --inplace "$expression" "$target_configtx" -} - -echo "Overriding policies:" -setFromPoliciesConfigtx ".Organizations[0].Policies" -setFromPoliciesConfigtx ".Organizations[1].Policies" -setFromPoliciesConfigtx ".Organizations[2].Policies" -setFromPoliciesConfigtx ".Organizations[3].Policies" -setFromPoliciesConfigtx ".Application.ACLs" -setFromPoliciesConfigtx ".Application.Policies" -executeInConfigtx '.Application.Policies anchor = "ApplicationDefaultPolicies"' -setFromPoliciesConfigtx ".Orderer.Policies" -setFromPoliciesConfigtx ".Channel.Policies" -setFromPoliciesConfigtx '.Profiles.CuratorChannel' -executeInConfigtx '.Profiles.CuratorChannel anchor = "CuratorChannelDefaults"' -setFromPoliciesConfigtx '.Profiles.PartnerChannel' -executeInConfigtx '.Profiles.PartnerChannel anchor = "PartnerChannelDefaults"' - -for channel_name in $(cat "$fablo_config" | jq -r '.channels[] | .name'); do - channel_name_pascal_case="$(perl -pe 's/(^|-)(\w)/\U$2/g' <<<"$channel_name")" - executeInConfigtx "del(.Profiles.$channel_name_pascal_case)" - setFromPoliciesConfigtx ".Profiles.$channel_name_pascal_case" -done - # # Some sample commands that might be useful in experiments # diff --git a/chain-cli/src/commands/network-up/index.ts b/chain-cli/src/commands/network-up/index.ts index 966b42dc8..0370c7161 100644 --- a/chain-cli/src/commands/network-up/index.ts +++ b/chain-cli/src/commands/network-up/index.ts @@ -15,7 +15,6 @@ import { Flags } from "@oclif/core"; import { Fablo, FabloConfig } from "fablo"; -import * as fs from "fs"; import { readFileSync, writeFileSync } from "fs"; import path from "path"; @@ -111,7 +110,6 @@ export default class NetworkUp extends BaseCommand { await Fablo.directory(fabloRoot) .then(() => saveConnectionProfiles(fabloRoot, flags.watch, flags.channel ?? [], localhostName)) .config(fabloConfig, (cfg) => updatedFabloConfig(cfg, fabloRoot, singleArgs)) - .then(() => updateConfigTxWithChannelProfile(fabloRoot, singleArgs)) .then(() => copyEnvFile( fabloRoot, @@ -157,22 +155,6 @@ function copyEnvFile(fabloRoot: string, envConfigPath: string | undefined, chain }); } -function updateConfigTxWithChannelProfile(fabloRoot: string, args: SingleArg[]) { - const update = createConfigtxProfiles(args); - const configtxFilePath = path.resolve(fabloRoot, "configtx-policies.yml"); - fs.appendFileSync(configtxFilePath, update); -} - -export function createConfigtxProfiles(args: SingleArg[]): string { - const profiles = args.map(({ channel, channelType }) => { - const configtxProfileName = channel.replace(/(^\w|-\w)/g, (t) => t.replace(/-/, "").toUpperCase()); - const configtxProfileDefaults = - channelType === "curator" ? "CuratorChannelDefaults" : "PartnerChannelDefaults"; - return ` ${configtxProfileName}:\n <<: *${configtxProfileDefaults}`; - }); - return `\n${profiles.join("\n")}`; -} - export function updatedFabloConfig( initialCfg: FabloConfig, fabloRoot: string, diff --git a/docker/Dockerfile b/docker/Dockerfile index 0d9d4e1a2..c3e822b24 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,12 +1,9 @@ # Start with the Docker in Docker image FROM docker:dind -# Install bash, Node.js, jq, yq, and Perl +# Install bash, Node.js, jq, and Perl RUN apk add --update nodejs npm bash jq perl -# Install yq -RUN wget https://github.com/mikefarah/yq/releases/download/v4.9.8/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq - # Install Gala Chain CLI globally RUN npm install -g @gala-chain/cli diff --git a/docs/getting-started.md b/docs/getting-started.md index 7d98c71b9..959f914d8 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -9,7 +9,7 @@ If you are using Windows with WSL don't forget to enable integration with WSL on You need to have the following tools installed on your machine: - Node.js 16+ - Docker and Docker Compose -- [jq](https://jqlang.github.io/jq/) and [yq](https://github.com/mikefarah/yq) +- [jq](https://jqlang.github.io/jq/) ### 1. Install our CLI