[FAB-4418] Fix confusing policy naming

When traversing the JSON tree as generated by configtxlator, the
following list of elements is encountered:

policies -> <name> -> policy -> policy -> policy -> n_out_of -> policies

This is understandably very confusing for users, as so many different
elements claim to represent a policy.  This CR modifies the policy
definitions so that instead that same list of elements becomes:

policies -> <name> -> policy -> value -> rule -> n_out_of -> rules

This makes it much more clear that the third element is a named policy,
and that the policy has a value, consisting of a rule, which itself may
be composed of other rules.

The consumers of the existing name scheme are restricted to those users
of configtxlator or those who have manually attempted to build these
messages (I am unaware of any).  This is not an ABI breakage, although
because of the nature of the bug it is an API breakage.

Change-Id: Ia0d99f6e08ce43bc2563dc2caf9de9fd512af191
Signed-off-by: Jason Yellick <[email protected]>

Author: Jason Yellick

common/cauthdsl/cauthdsl.go

@@ -31,8 +31,8 @@ var cauthdslLogger = flogging.MustGetLogger("cauthdsl")
 func compile(policy *cb.SignaturePolicy, identities []*mb.MSPPrincipal, deserializer msp.IdentityDeserializer) (func([]*cb.SignedData, []bool) bool, error) {
 	switch t := policy.Type.(type) {
 	case *cb.SignaturePolicy_NOutOf_:
-		policies := make([]func([]*cb.SignedData, []bool) bool, len(t.NOutOf.Policies))
-		for i, policy := range t.NOutOf.Policies {
+		policies := make([]func([]*cb.SignedData, []bool) bool, len(t.NOutOf.Rules))
+		for i, policy := range t.NOutOf.Rules {
 			compiledPolicy, err := compile(policy, identities, deserializer)
 			if err != nil {
 				return nil, err

common/cauthdsl/cauthdsl_builder.go

@@ -63,7 +63,7 @@ func Envelope(policy *cb.SignaturePolicy, identities [][]byte) *cb.SignaturePoli
 
 	return &cb.SignaturePolicyEnvelope{
 		Version:    0,
-		Policy:     policy,
+		Rule:       policy,
 		Identities: ids,
 	}
 }
@@ -88,7 +88,7 @@ func SignedByMspMember(mspId string) *cb.SignaturePolicyEnvelope {
 	// create the policy: it requires exactly 1 signature from the first (and only) principal
 	p := &cb.SignaturePolicyEnvelope{
 		Version:    0,
-		Policy:     NOutOf(1, []*cb.SignaturePolicy{SignedBy(0)}),
+		Rule:       NOutOf(1, []*cb.SignaturePolicy{SignedBy(0)}),
 		Identities: []*msp.MSPPrincipal{principal},
 	}
 
@@ -106,7 +106,7 @@ func SignedByMspAdmin(mspId string) *cb.SignaturePolicyEnvelope {
 	// create the policy: it requires exactly 1 signature from the first (and only) principal
 	p := &cb.SignaturePolicyEnvelope{
 		Version:    0,
-		Policy:     NOutOf(1, []*cb.SignaturePolicy{SignedBy(0)}),
+		Rule:       NOutOf(1, []*cb.SignaturePolicy{SignedBy(0)}),
 		Identities: []*msp.MSPPrincipal{principal},
 	}
 
@@ -130,7 +130,7 @@ func signedByAnyOfGivenRole(role msp.MSPRole_MSPRoleType, ids []string) *cb.Sign
 	// create the policy: it requires exactly 1 signature from any of the principals
 	p := &cb.SignaturePolicyEnvelope{
 		Version:    0,
-		Policy:     NOutOf(1, sigspolicy),
+		Rule:       NOutOf(1, sigspolicy),
 		Identities: principals,
 	}
 
@@ -166,8 +166,8 @@ func NOutOf(n int32, policies []*cb.SignaturePolicy) *cb.SignaturePolicy {
 	return &cb.SignaturePolicy{
 		Type: &cb.SignaturePolicy_NOutOf_{
 			NOutOf: &cb.SignaturePolicy_NOutOf{
-				N:        n,
-				Policies: policies,
+				N:     n,
+				Rules: policies,
 			},
 		},
 	}

common/cauthdsl/cauthdsl_test.go

@@ -97,7 +97,7 @@ var moreMsgs = [][]byte{nil, nil, nil}
 func TestSimpleSignature(t *testing.T) {
 	policy := Envelope(SignedBy(0), signers)
 
-	spe, err := compile(policy.Policy, policy.Identities, &mockDeserializer{})
+	spe, err := compile(policy.Rule, policy.Identities, &mockDeserializer{})
 	if err != nil {
 		t.Fatalf("Could not create a new SignaturePolicyEvaluator using the given policy, crypto-helper: %s", err)
 	}
@@ -116,7 +116,7 @@ func TestSimpleSignature(t *testing.T) {
 func TestMultipleSignature(t *testing.T) {
 	policy := Envelope(And(SignedBy(0), SignedBy(1)), signers)
 
-	spe, err := compile(policy.Policy, policy.Identities, &mockDeserializer{})
+	spe, err := compile(policy.Rule, policy.Identities, &mockDeserializer{})
 	if err != nil {
 		t.Fatalf("Could not create a new SignaturePolicyEvaluator using the given policy, crypto-helper: %s", err)
 	}
@@ -135,7 +135,7 @@ func TestMultipleSignature(t *testing.T) {
 func TestComplexNestedSignature(t *testing.T) {
 	policy := Envelope(And(Or(And(SignedBy(0), SignedBy(1)), And(SignedBy(0), SignedBy(0))), SignedBy(0)), signers)
 
-	spe, err := compile(policy.Policy, policy.Identities, &mockDeserializer{})
+	spe, err := compile(policy.Rule, policy.Identities, &mockDeserializer{})
 	if err != nil {
 		t.Fatalf("Could not create a new SignaturePolicyEvaluator using the given policy, crypto-helper: %s", err)
 	}
@@ -159,11 +159,11 @@ func TestComplexNestedSignature(t *testing.T) {
 
 func TestNegatively(t *testing.T) {
 	rpolicy := Envelope(And(SignedBy(0), SignedBy(1)), signers)
-	rpolicy.Policy.Type = nil
+	rpolicy.Rule.Type = nil
 	b, _ := proto.Marshal(rpolicy)
 	policy := &cb.SignaturePolicyEnvelope{}
 	_ = proto.Unmarshal(b, policy)
-	_, err := compile(policy.Policy, policy.Identities, &mockDeserializer{})
+	_, err := compile(policy.Rule, policy.Identities, &mockDeserializer{})
 	if err == nil {
 		t.Fatal("Should have errored compiling because the Type field was nil")
 	}

common/cauthdsl/policy.go

@@ -49,7 +49,7 @@ func (pr *provider) NewPolicy(data []byte) (policies.Policy, proto.Message, erro
 		return nil, nil, fmt.Errorf("This evaluator only understands messages of version 0, but version was %d", sigPolicy.Version)
 	}
 
-	compiled, err := compile(sigPolicy.Policy, sigPolicy.Identities, pr.deserializer)
+	compiled, err := compile(sigPolicy.Rule, sigPolicy.Identities, pr.deserializer)
 	if err != nil {
 		return nil, nil, err
 	}

common/cauthdsl/policy_test.go

@@ -51,8 +51,8 @@ func makePolicySource(policyResult bool) *cb.Policy {
 		policyData = RejectAllPolicy
 	}
 	return &cb.Policy{
-		Type:   int32(cb.Policy_SIGNATURE),
-		Policy: marshalOrPanic(policyData),
+		Type:  int32(cb.Policy_SIGNATURE),
+		Value: marshalOrPanic(policyData),
 	}
 }
 

common/cauthdsl/policy_util.go

@@ -26,8 +26,8 @@ func TemplatePolicy(key string, sigPolicyEnv *cb.SignaturePolicyEnvelope) *cb.Co
 	configGroup := cb.NewConfigGroup()
 	configGroup.Policies[key] = &cb.ConfigPolicy{
 		Policy: &cb.Policy{
-			Type:   int32(cb.Policy_SIGNATURE),
-			Policy: utils.MarshalOrPanic(sigPolicyEnv),
+			Type:  int32(cb.Policy_SIGNATURE),
+			Value: utils.MarshalOrPanic(sigPolicyEnv),
 		},
 	}
 	return configGroup

common/cauthdsl/policyparser.go

@@ -272,7 +272,7 @@ func FromString(policy string) (*common.SignaturePolicyEnvelope, error) {
 	p := &common.SignaturePolicyEnvelope{
 		Identities: ctx.principals,
 		Version:    0,
-		Policy:     res.(*common.SignaturePolicy),
+		Rule:       res.(*common.SignaturePolicy),
 	}
 
 	return p, nil

common/cauthdsl/policyparser_test.go

@@ -42,7 +42,7 @@ func TestAnd(t *testing.T) {
 
 	p2 := &common.SignaturePolicyEnvelope{
 		Version:    0,
-		Policy:     And(SignedBy(0), SignedBy(1)),
+		Rule:       And(SignedBy(0), SignedBy(1)),
 		Identities: principals,
 	}
 
@@ -65,7 +65,7 @@ func TestOr(t *testing.T) {
 
 	p2 := &common.SignaturePolicyEnvelope{
 		Version:    0,
-		Policy:     Or(SignedBy(0), SignedBy(1)),
+		Rule:       Or(SignedBy(0), SignedBy(1)),
 		Identities: principals,
 	}
 
@@ -92,7 +92,7 @@ func TestComplex1(t *testing.T) {
 
 	p2 := &common.SignaturePolicyEnvelope{
 		Version:    0,
-		Policy:     Or(SignedBy(2), And(SignedBy(0), SignedBy(1))),
+		Rule:       Or(SignedBy(2), And(SignedBy(0), SignedBy(1))),
 		Identities: principals,
 	}
 
@@ -123,7 +123,7 @@ func TestComplex2(t *testing.T) {
 
 	p2 := &common.SignaturePolicyEnvelope{
 		Version:    0,
-		Policy:     Or(And(SignedBy(0), SignedBy(1)), Or(SignedBy(2), SignedBy(3))),
+		Rule:       Or(And(SignedBy(0), SignedBy(1)), Or(SignedBy(2), SignedBy(3))),
 		Identities: principals,
 	}
 

common/config/msp/config_test.go

@@ -95,7 +95,7 @@ func TestTemplates(t *testing.T) {
 
 	configGroup = TemplateGroupMSPWithAdminRolePrincipal([]string{"TestPath"}, mspConf, false)
 	expectedPolicyValue := utils.MarshalOrPanic(cauthdsl.SignedByMspMember("DEFAULT"))
-	actualPolicyValue := configGroup.Groups["TestPath"].Policies[AdminsPolicyKey].Policy.Policy
+	actualPolicyValue := configGroup.Groups["TestPath"].Policies[AdminsPolicyKey].Policy.Value
 	assert.Equal(t, expectedPolicyValue, actualPolicyValue, "Expected SignedByMspMemberPolicy")
 
 	mspConf = &mspprotos.MSPConfig{}

common/config/msp/config_util.go

@@ -67,8 +67,8 @@ func TemplateGroupMSPWithAdminRolePrincipal(configPath []string, mspConfig *mspp
 
 	memberPolicy := &cb.ConfigPolicy{
 		Policy: &cb.Policy{
-			Type:   int32(cb.Policy_SIGNATURE),
-			Policy: utils.MarshalOrPanic(cauthdsl.SignedByMspMember(mspID)),
+			Type:  int32(cb.Policy_SIGNATURE),
+			Value: utils.MarshalOrPanic(cauthdsl.SignedByMspMember(mspID)),
 		},
 	}
 
@@ -81,8 +81,8 @@ func TemplateGroupMSPWithAdminRolePrincipal(configPath []string, mspConfig *mspp
 
 	adminPolicy := &cb.ConfigPolicy{
 		Policy: &cb.Policy{
-			Type:   int32(cb.Policy_SIGNATURE),
-			Policy: adminSigPolicy,
+			Type:  int32(cb.Policy_SIGNATURE),
+			Value: adminSigPolicy,
 		},
 	}
 

common/configtx/compare.go

@@ -98,7 +98,7 @@ func equalConfigPolicies(lhs, rhs *cb.ConfigPolicy) bool {
 	}
 
 	return lhs.Policy.Type == rhs.Policy.Type &&
-		bytes.Equal(lhs.Policy.Policy, rhs.Policy.Policy)
+		bytes.Equal(lhs.Policy.Value, rhs.Policy.Value)
 }
 
 // The subset functions check if inner is a subset of outer

common/configtx/compare_test.go

@@ -94,16 +94,16 @@ func TestCompareConfigPolicy(t *testing.T) {
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}.equals(comparable{
 		ConfigPolicy: &cb.ConfigPolicy{
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}), "Should have found identical config policies to be identical")
 
@@ -113,16 +113,16 @@ func TestCompareConfigPolicy(t *testing.T) {
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}.equals(comparable{
 		ConfigPolicy: &cb.ConfigPolicy{
 			Version:   0,
 			ModPolicy: "bar",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}), "Should have detected different mod policy")
 
@@ -132,16 +132,16 @@ func TestCompareConfigPolicy(t *testing.T) {
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}.equals(comparable{
 		ConfigPolicy: &cb.ConfigPolicy{
 			Version:   1,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}), "Should have detected different version")
 
@@ -151,16 +151,16 @@ func TestCompareConfigPolicy(t *testing.T) {
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}.equals(comparable{
 		ConfigPolicy: &cb.ConfigPolicy{
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   2,
-				Policy: []byte("foo"),
+				Type:  2,
+				Value: []byte("foo"),
 			},
 		}}), "Should have detected different policy type")
 
@@ -170,16 +170,16 @@ func TestCompareConfigPolicy(t *testing.T) {
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}.equals(comparable{
 		ConfigPolicy: &cb.ConfigPolicy{
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("bar"),
+				Type:  1,
+				Value: []byte("bar"),
 			},
 		}}), "Should have detected different policy value")
 
@@ -189,8 +189,8 @@ func TestCompareConfigPolicy(t *testing.T) {
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}.equals(comparable{}), "Should have detected one nil value")
 
@@ -200,8 +200,8 @@ func TestCompareConfigPolicy(t *testing.T) {
 			Version:   0,
 			ModPolicy: "foo",
 			Policy: &cb.Policy{
-				Type:   1,
-				Policy: []byte("foo"),
+				Type:  1,
+				Value: []byte("foo"),
 			},
 		}}.equals(comparable{
 		ConfigPolicy: &cb.ConfigPolicy{

common/configtx/tool/provisional/provisional.go

@@ -191,8 +191,8 @@ func New(conf *genesisconfig.Profile) Generator {
 		// is not AcceptAll
 		tcg.Groups[config.ConsortiumsGroupKey].Policies[configvaluesmsp.AdminsPolicyKey] = &cb.ConfigPolicy{
 			Policy: &cb.Policy{
-				Type:   int32(cb.Policy_SIGNATURE),
-				Policy: utils.MarshalOrPanic(cauthdsl.AcceptAllPolicy),
+				Type:  int32(cb.Policy_SIGNATURE),
+				Value: utils.MarshalOrPanic(cauthdsl.AcceptAllPolicy),
 			},
 		}
 

common/policies/implicitmeta_util.go

@@ -26,7 +26,7 @@ func ImplicitMetaPolicyWithSubPolicy(subPolicyName string, rule cb.ImplicitMetaP
 	return &cb.ConfigPolicy{
 		Policy: &cb.Policy{
 			Type: int32(cb.Policy_IMPLICIT_META),
-			Policy: utils.MarshalOrPanic(&cb.ImplicitMetaPolicy{
+			Value: utils.MarshalOrPanic(&cb.ImplicitMetaPolicy{
 				Rule:      rule,
 				SubPolicy: subPolicyName,
 			}),

common/policies/policy.go

@@ -345,7 +345,7 @@ func (pm *ManagerImpl) ProposePolicy(tx interface{}, key string, configPolicy *c
 	var deserialized proto.Message
 
 	if policy.Type == int32(cb.Policy_IMPLICIT_META) {
-		imp, err := newImplicitMetaPolicy(policy.Policy)
+		imp, err := newImplicitMetaPolicy(policy.Value)
 		if err != nil {
 			return nil, err
 		}
@@ -359,7 +359,7 @@ func (pm *ManagerImpl) ProposePolicy(tx interface{}, key string, configPolicy *c
 		}
 
 		var err error
-		cPolicy, deserialized, err = provider.NewPolicy(policy.Policy)
+		cPolicy, deserialized, err = provider.NewPolicy(policy.Value)
 		if err != nil {
 			return nil, err
 		}