[FAB-4560] Config updates with no effect validate

The config update logic validates that a config update is not empty, and
that any modifications made are validly signed.

However, it is possible that if the config update is not empty, but it
has no effect on the configuration (ie, the read and write sets are
equal), then the configuration will still apply, without any signatures,
because there are no modifications made to be validated.

This CR adds an explicit check which disallows update sets which do not
modify at least on configuration element.

Change-Id: If2be92aaf3a917ac7dbd617226594331d619e09d
Signed-off-by: Jason Yellick <[email protected]>

Author: Jason Yellick

common/configtx/update.go

@@ -55,6 +55,10 @@ func ComputeDeltaSet(readSet, writeSet map[string]comparable) map[string]compara
 }
 
 func (cm *configManager) verifyDeltaSet(deltaSet map[string]comparable, signedData []*cb.SignedData) error {
+	if len(deltaSet) == 0 {
+		return fmt.Errorf("Delta set was empty.  Update would have no effect.")
+	}
+
 	for key, value := range deltaSet {
 		existing, ok := cm.current.configMap[key]
 		if !ok {

common/configtx/update_test.go

@@ -118,6 +118,12 @@ func TestVerifyDeltaSet(t *testing.T) {
 
 		assert.Error(t, cm.verifyDeltaSet(deltaSet, nil), "Policy evaluation should have failed")
 	})
+
+	t.Run("Empty delta set", func(t *testing.T) {
+		err := (&configManager{}).verifyDeltaSet(map[string]comparable{}, nil)
+		assert.Error(t, err, "Empty delta set should be rejected")
+		assert.Contains(t, err.Error(), "Delta set was empty.  Update would have no effect.")
+	})
 }
 
 func TestPolicyForItem(t *testing.T) {