Removing mock policies from MCS

This change-set modifies peer's implementation of the
gossip MessageCryptoService interface in the following way
1. removes the mocked policyManager from VerifyByChannel
2. MCS's implementation takes in input a PolicyManager whose
role is to give access to the PolicyManager of a specific channel.
This object is then used by VerifyByChannel to retrieve
the PolicyManager for a specific channel.

Change-Id: Ibeb37ccdb4233d146f50675ce227191d45faebb6
Signed-off-by: Angelo De Caro <[email protected]>

Author: adecaro

common/mocks/policies/policies.go

@@ -77,3 +77,21 @@ func (m *Manager) GetPolicy(id string) (policies.Policy, bool) {
 	}
 	return m.Policy, m.Policy != nil
 }
+
+type PolicyManagerMgmt struct{}
+
+func (m *PolicyManagerMgmt) GetPolicy(id string) (policies.Policy, bool) {
+	panic("implement me")
+}
+
+func (m *PolicyManagerMgmt) Manager(path []string) (policies.Manager, bool) {
+	return &Manager{Policy: &Policy{Err: nil}}, false
+}
+
+func (m *PolicyManagerMgmt) BasePath() string {
+	panic("implement me")
+}
+
+func (m *PolicyManagerMgmt) PolicyNames() []string {
+	panic("implement me")
+}

common/policies/policy.go

@@ -25,8 +25,8 @@ import (
 )
 
 const (
-	// ChannelReaders is the label for the channel's readers policy
-	ChannelReaders = "ChannelReaders"
+	// ChannelApplicationReaders is the label for the channel's application readers policy
+	ChannelApplicationReaders = "/channel/Application/Readers"
 )
 
 var logger = logging.MustGetLogger("common/policies")

core/peer/peer.go

@@ -25,6 +25,7 @@ import (
 	"github.com/hyperledger/fabric/common/configtx"
 	configtxapi "github.com/hyperledger/fabric/common/configtx/api"
 	configvaluesapi "github.com/hyperledger/fabric/common/configvalues"
+	"github.com/hyperledger/fabric/common/policies"
 	"github.com/hyperledger/fabric/core/comm"
 	"github.com/hyperledger/fabric/core/committer"
 	"github.com/hyperledger/fabric/core/committer/txvalidator"
@@ -247,6 +248,17 @@ func GetLedger(cid string) ledger.PeerLedger {
 	return nil
 }
 
+// GetPolicyManager returns the policy manager of the chain with chain ID. Note that this
+// call returns nil if chain cid has not been created.
+func GetPolicyManager(cid string) policies.Manager {
+	chains.RLock()
+	defer chains.RUnlock()
+	if c, ok := chains.list[cid]; ok {
+		return c.cs.PolicyManager()
+	}
+	return nil
+}
+
 // GetMSPMgr returns the MSP manager of the chain with chain ID.
 // Note that this call returns nil if chain cid has not been created.
 func GetMSPMgr(cid string) msp.MSPManager {
@@ -333,3 +345,41 @@ func NewPeerClientConnectionWithAddress(peerAddress string) (*grpc.ClientConn, e
 	}
 	return comm.NewClientConnectionWithAddress(peerAddress, true, false, nil)
 }
+
+// GetPolicyManagerMgmt returns a special PolicyManager whose
+// only function is to give access to the policy manager of
+// a given channel. If the channel does not exists then,
+// it returns nil.
+// The only method implemented is therefore 'Manager'.
+func GetPolicyManagerMgmt() policies.Manager {
+	return &policyManagerMgmt{}
+}
+
+type policyManagerMgmt struct{}
+
+func (c *policyManagerMgmt) GetPolicy(id string) (policies.Policy, bool) {
+	panic("implement me")
+}
+
+// Manager returns the policy manager associated to a channel
+// specified by a path of length 1 that has the name of the channel as the only
+// coordinate available.
+// If the path has length different from 1, then the method returns (nil, false).
+// If the channel does not exists, then the method returns (nil, false)
+// Nothing is created.
+func (c *policyManagerMgmt) Manager(path []string) (policies.Manager, bool) {
+	if len(path) != 1 {
+		return nil, false
+	}
+
+	policyManager := GetPolicyManager(path[0])
+	return policyManager, policyManager != nil
+}
+
+func (c *policyManagerMgmt) BasePath() string {
+	panic("implement me")
+}
+
+func (c *policyManagerMgmt) PolicyNames() []string {
+	panic("implement me")
+}

core/peer/peer_test.go

@@ -23,13 +23,15 @@ import (
 	"testing"
 
 	configtxtest "github.com/hyperledger/fabric/common/configtx/test"
+	mockpolicies "github.com/hyperledger/fabric/common/mocks/policies"
 	ccp "github.com/hyperledger/fabric/core/common/ccprovider"
 	"github.com/hyperledger/fabric/core/deliverservice"
 	"github.com/hyperledger/fabric/core/deliverservice/blocksprovider"
 	"github.com/hyperledger/fabric/core/mocks/ccprovider"
 	"github.com/hyperledger/fabric/gossip/service"
 	"github.com/hyperledger/fabric/msp/mgmt"
 	"github.com/hyperledger/fabric/msp/mgmt/testtools"
+	"github.com/hyperledger/fabric/peer/gossip/mcs"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/grpc"
@@ -86,7 +88,8 @@ func TestCreateChainFromBlock(t *testing.T) {
 	msptesttools.LoadMSPSetupForTesting("../../msp/sampleconfig")
 
 	identity, _ := mgmt.GetLocalSigningIdentityOrPanic().Serialize()
-	service.InitGossipServiceCustomDeliveryFactory(identity, "localhost:13611", grpcServer, &mockDeliveryClientFactory{})
+	messageCryptoService := mcs.New(&mockpolicies.PolicyManagerMgmt{})
+	service.InitGossipServiceCustomDeliveryFactory(identity, "localhost:13611", grpcServer, &mockDeliveryClientFactory{}, messageCryptoService)
 
 	err = CreateChainFromBlock(block)
 	if err != nil {

core/scc/cscc/configure_test.go

@@ -24,6 +24,7 @@ import (
 
 	"github.com/golang/protobuf/proto"
 	configtxtest "github.com/hyperledger/fabric/common/configtx/test"
+	mockpolicies "github.com/hyperledger/fabric/common/mocks/policies"
 	"github.com/hyperledger/fabric/core/chaincode"
 	"github.com/hyperledger/fabric/core/chaincode/shim"
 	"github.com/hyperledger/fabric/core/deliverservice"
@@ -33,6 +34,7 @@ import (
 	"github.com/hyperledger/fabric/gossip/service"
 	"github.com/hyperledger/fabric/msp/mgmt"
 	"github.com/hyperledger/fabric/msp/mgmt/testtools"
+	"github.com/hyperledger/fabric/peer/gossip/mcs"
 	"github.com/hyperledger/fabric/protos/common"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	"github.com/hyperledger/fabric/protos/utils"
@@ -145,8 +147,8 @@ func TestConfigerInvokeJoinChainCorrectParams(t *testing.T) {
 
 	msptesttools.LoadMSPSetupForTesting("../../../msp/sampleconfig")
 	identity, _ := mgmt.GetLocalSigningIdentityOrPanic().Serialize()
-
-	service.InitGossipServiceCustomDeliveryFactory(identity, "localhost:13611", grpcServer, &mockDeliveryClientFactory{})
+	messageCryptoService := mcs.New(&mockpolicies.PolicyManagerMgmt{})
+	service.InitGossipServiceCustomDeliveryFactory(identity, "localhost:13611", grpcServer, &mockDeliveryClientFactory{}, messageCryptoService)
 
 	// Successful path for JoinChain
 	blockBytes := mockConfigBlock()

gossip/service/gossip_service.go

@@ -29,7 +29,6 @@ import (
 	"github.com/hyperledger/fabric/gossip/integration"
 	"github.com/hyperledger/fabric/gossip/state"
 	"github.com/hyperledger/fabric/gossip/util"
-	"github.com/hyperledger/fabric/peer/gossip/mcs"
 	"github.com/hyperledger/fabric/peer/gossip/sa"
 	"github.com/hyperledger/fabric/protos/common"
 	proto "github.com/hyperledger/fabric/protos/gossip"
@@ -99,13 +98,13 @@ func (jcm *joinChannelMessage) AnchorPeers() []api.AnchorPeer {
 var logger = util.GetLogger(util.LoggingServiceModule, "")
 
 // InitGossipService initialize gossip service
-func InitGossipService(peerIdentity []byte, endpoint string, s *grpc.Server, bootPeers ...string) {
-	InitGossipServiceCustomDeliveryFactory(peerIdentity, endpoint, s, &deliveryFactoryImpl{}, bootPeers...)
+func InitGossipService(peerIdentity []byte, endpoint string, s *grpc.Server, mcs api.MessageCryptoService, bootPeers ...string) {
+	InitGossipServiceCustomDeliveryFactory(peerIdentity, endpoint, s, &deliveryFactoryImpl{}, mcs, bootPeers...)
 }
 
 // InitGossipService initialize gossip service with customize delivery factory
 // implementation, might be useful for testing and mocking purposes
-func InitGossipServiceCustomDeliveryFactory(peerIdentity []byte, endpoint string, s *grpc.Server, factory DeliveryServiceFactory, bootPeers ...string) {
+func InitGossipServiceCustomDeliveryFactory(peerIdentity []byte, endpoint string, s *grpc.Server, factory DeliveryServiceFactory, mcs api.MessageCryptoService, bootPeers ...string) {
 	once.Do(func() {
 		logger.Info("Initialize gossip with endpoint", endpoint, "and bootstrap set", bootPeers)
 		dialOpts := []grpc.DialOption{}
@@ -115,7 +114,6 @@ func InitGossipServiceCustomDeliveryFactory(peerIdentity []byte, endpoint string
 			dialOpts = append(dialOpts, grpc.WithInsecure())
 		}
 
-		cryptSvc := mcs.NewMessageCryptoService()
 		secAdv := sa.NewSecurityAdvisor()
 
 		if overrideEndpoint := viper.GetString("peer.gossip.endpoint"); overrideEndpoint != "" {
@@ -124,14 +122,14 @@ func InitGossipServiceCustomDeliveryFactory(peerIdentity []byte, endpoint string
 
 		if viper.GetBool("peer.gossip.ignoreSecurity") {
 			sec := &secImpl{[]byte(endpoint)}
-			cryptSvc = sec
+			mcs = sec
 			secAdv = sec
 			peerIdentity = []byte(endpoint)
 		}
 
-		idMapper := identity.NewIdentityMapper(cryptSvc)
+		idMapper := identity.NewIdentityMapper(mcs)
 
-		gossip := integration.NewGossipComponent(peerIdentity, endpoint, s, secAdv, cryptSvc, idMapper, dialOpts, bootPeers...)
+		gossip := integration.NewGossipComponent(peerIdentity, endpoint, s, secAdv, mcs, idMapper, dialOpts, bootPeers...)
 		gossipServiceInstance = &gossipServiceImpl{
 			gossipSvc:       gossip,
 			chains:          make(map[string]state.GossipStateProvider),

gossip/service/gossip_service_test.go

@@ -24,9 +24,11 @@ import (
 
 	"time"
 
+	mockpolicies "github.com/hyperledger/fabric/common/mocks/policies"
 	"github.com/hyperledger/fabric/gossip/api"
 	"github.com/hyperledger/fabric/msp/mgmt"
 	"github.com/hyperledger/fabric/msp/mgmt/testtools"
+	"github.com/hyperledger/fabric/peer/gossip/mcs"
 	"github.com/stretchr/testify/assert"
 	"google.golang.org/grpc"
 )
@@ -47,7 +49,8 @@ func TestInitGossipService(t *testing.T) {
 	wg.Add(10)
 	for i := 0; i < 10; i++ {
 		go func() {
-			InitGossipService(identity, "localhost:5611", grpcServer)
+			InitGossipService(identity, "localhost:5611", grpcServer, mcs.New(&mockpolicies.PolicyManagerMgmt{}))
+
 			wg.Done()
 		}()
 	}

peer/gossip/mcs/mcs.go

@@ -22,7 +22,6 @@ import (
 
 	"github.com/hyperledger/fabric/bccsp"
 	"github.com/hyperledger/fabric/bccsp/factory"
-	mockpolicy "github.com/hyperledger/fabric/common/mocks/policies"
 	"github.com/hyperledger/fabric/common/policies"
 	"github.com/hyperledger/fabric/gossip/api"
 	"github.com/hyperledger/fabric/gossip/common"
@@ -43,16 +42,18 @@ var logger = logging.MustGetLogger("peer/gossip/mcs")
 //
 // A similar mechanism needs to be in place to update the local MSP, as well.
 // This implementation assumes that these mechanisms are all in place and working.
-//
-// TODO: The code currently does not validate an identity against the channel
-// read policy for the channel related gossip message.
 type mspMessageCryptoService struct {
+	manager policies.Manager
 }
 
-// NewMessageCryptoService creates a new instance of mspMessageCryptoService
-// that implements MessageCryptoService
-func NewMessageCryptoService() api.MessageCryptoService {
-	return &mspMessageCryptoService{}
+// New creates a new instance of mspMessageCryptoService
+// that implements MessageCryptoService.
+// The method takes in input a policy manager that gives
+// access to the policy manager of a given channel via the Manager method.
+// See fabric/core/peer/peer.go#NewPolicyManagerMgmt and
+// fabric/common/mocks/policies/policies.go#PolicyManagerMgmt
+func New(manager policies.Manager) api.MessageCryptoService {
+	return &mspMessageCryptoService{manager: manager}
 }
 
 // ValidateIdentity validates the identity of a remote peer.
@@ -146,12 +147,11 @@ func (s *mspMessageCryptoService) VerifyByChannel(chainID common.ChainID, peerId
 	}
 
 	// Get the policy manager for channel chainID
-	// TODO: replace this mock with the proper lookup once in place
-	// For now, we accept all
-	policyManager := mockpolicy.Manager{Policy: &mockpolicy.Policy{Err: nil}}
+	cpm, flag := s.manager.Manager([]string{string(chainID)})
+	logger.Debugf("Got policy manager for channel [%s] with flag [%s]", string(chainID), flag)
 
 	// Get channel reader policy
-	policy, flag := policyManager.GetPolicy(policies.ChannelReaders)
+	policy, flag := cpm.GetPolicy(policies.ChannelApplicationReaders)
 	logger.Debugf("Got reader policy for channel [%s] with flag [%s]", string(chainID), flag)
 
 	return policy.Evaluate(

peer/gossip/mcs/mcs_test.go

@@ -24,6 +24,7 @@ import (
 
 	"github.com/hyperledger/fabric/bccsp"
 	"github.com/hyperledger/fabric/bccsp/factory"
+	mockpolicies "github.com/hyperledger/fabric/common/mocks/policies"
 	"github.com/hyperledger/fabric/gossip/api"
 	"github.com/hyperledger/fabric/msp/mgmt"
 	"github.com/hyperledger/fabric/msp/mgmt/testtools"
@@ -47,7 +48,7 @@ func TestMain(m *testing.M) {
 	}
 
 	// Init the MSP-based MessageCryptoService
-	msgCryptoService = NewMessageCryptoService()
+	msgCryptoService = New(&mockpolicies.PolicyManagerMgmt{})
 
 	os.Exit(m.Run())
 }

peer/node/start.go

@@ -41,6 +41,7 @@ import (
 	"github.com/hyperledger/fabric/gossip/service"
 	"github.com/hyperledger/fabric/msp/mgmt"
 	"github.com/hyperledger/fabric/peer/common"
+	"github.com/hyperledger/fabric/peer/gossip/mcs"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -149,7 +150,8 @@ func serve(args []string) error {
 		panic(fmt.Sprintf("Failed serializing self identity: %v", err))
 	}
 
-	service.InitGossipService(serializedIdentity, peerEndpoint.Address, grpcServer.Server(), bootstrap...)
+	messageCryptoService := mcs.New(peer.GetPolicyManagerMgmt())
+	service.InitGossipService(serializedIdentity, peerEndpoint.Address, grpcServer.Server(), messageCryptoService, bootstrap...)
 	defer service.GetGossipService().Stop()
 
 	//initialize system chaincodes