[FAb-2680] Set default ModPolicy in configtxgen

Jason Yellick · Jason Yellick · commit fb31d924bfd9 · 2017-03-07T15:02:00.000-05:00
https://jira.hyperledger.org/browse/FAB-2680 The ModPolicy field of the configuration elements is currently set to the empty string. This causes all configuration updates to be denied by default (As there is no policy with name empty string). This CR enhances configtxgen to set the default modification policy of "Admins" for all items. This is a sane default, and there is currently no mechanism to change it. This is a very low risk change from a regression standpoint, because it only affect configuration updates (which are currently exercised nowhere in the system). Change-Id: Ica16c0a56f8cd42e5f02c770f0f10c59328b63d7 Signed-off-by: Jason Yellick <jyellick@us.ibm.com>
diff --git a/common/configtx/template.go b/common/configtx/template.go
@@ -144,6 +144,57 @@ func (ct *compositeTemplate) Envelope(chainID string) (*cb.ConfigUpdateEnvelope,
 	return &cb.ConfigUpdateEnvelope{ConfigUpdate: marshaledConfig}, nil
 }
 
+type modPolicySettingTemplate struct {
+	modPolicy string
+	template  Template
+}
+
+// NewModPolicySettingTemplate wraps another template and sets the ModPolicy of
+// every ConfigGroup/ConfigValue/ConfigPolicy to modPolicy
+func NewModPolicySettingTemplate(modPolicy string, template Template) Template {
+	return &modPolicySettingTemplate{
+		modPolicy: modPolicy,
+		template:  template,
+	}
+}
+
+func setGroupModPolicies(modPolicy string, group *cb.ConfigGroup) {
+	group.ModPolicy = modPolicy
+
+	for _, value := range group.Values {
+		value.ModPolicy = modPolicy
+	}
+
+	for _, policy := range group.Policies {
+		policy.ModPolicy = modPolicy
+	}
+
+	for _, nextGroup := range group.Groups {
+		setGroupModPolicies(modPolicy, nextGroup)
+	}
+}
+
+func (mpst *modPolicySettingTemplate) Envelope(channelID string) (*cb.ConfigUpdateEnvelope, error) {
+	configUpdateEnv, err := mpst.template.Envelope(channelID)
+	if err != nil {
+		return nil, err
+	}
+
+	config, err := UnmarshalConfigUpdate(configUpdateEnv.ConfigUpdate)
+	if err != nil {
+		return nil, err
+	}
+
+	setGroupModPolicies(mpst.modPolicy, config.WriteSet)
+	configUpdateEnv.ConfigUpdate = utils.MarshalOrPanic(config)
+	return configUpdateEnv, nil
+}
+
+type channelCreationTemplate struct {
+	consortiumName string
+	orgs           []string
+}
+
 // NewChainCreationTemplate takes a CreationPolicy and a Template to produce a
 // Template which outputs an appropriately constructed list of ConfigUpdateEnvelopes.
 func NewChainCreationTemplate(creationPolicy string, template Template) Template {
@@ -154,7 +205,6 @@ func NewChainCreationTemplate(creationPolicy string, template Template) Template
 			Policy: creationPolicy,
 		}),
 	}
-
 	return NewCompositeTemplate(NewSimpleTemplate(result), template)
 }
 
diff --git a/common/configtx/template_test.go b/common/configtx/template_test.go
@@ -77,6 +77,33 @@ func TestCompositeTemplate(t *testing.T) {
 	verifyItemsResult(t, composite, 3)
 }
 
+func TestModPolicySettingTemplate(t *testing.T) {
+	subGroup := "group"
+	input := cb.NewConfigGroup()
+	input.Groups[subGroup] = cb.NewConfigGroup()
+
+	policyName := "policy"
+	valueName := "value"
+	for _, group := range []*cb.ConfigGroup{input, input.Groups[subGroup]} {
+		group.Values[valueName] = &cb.ConfigValue{}
+		group.Policies[policyName] = &cb.ConfigPolicy{}
+	}
+
+	modPolicyName := "foo"
+	mpst := NewModPolicySettingTemplate(modPolicyName, NewSimpleTemplate(input))
+	output, err := mpst.Envelope("bar")
+	assert.NoError(t, err, "Creating envelope")
+
+	configUpdate := UnmarshalConfigUpdateOrPanic(output.ConfigUpdate)
+
+	assert.Equal(t, modPolicyName, configUpdate.WriteSet.ModPolicy)
+	assert.Equal(t, modPolicyName, configUpdate.WriteSet.Values[valueName].ModPolicy)
+	assert.Equal(t, modPolicyName, configUpdate.WriteSet.Policies[policyName].ModPolicy)
+	assert.Equal(t, modPolicyName, configUpdate.WriteSet.Groups[subGroup].ModPolicy)
+	assert.Equal(t, modPolicyName, configUpdate.WriteSet.Groups[subGroup].Values[valueName].ModPolicy)
+	assert.Equal(t, modPolicyName, configUpdate.WriteSet.Groups[subGroup].Policies[policyName].ModPolicy)
+}
+
 func TestNewChainTemplate(t *testing.T) {
 	simple := NewSimpleTemplate(
 		simpleGroup(0),
diff --git a/common/configtx/tool/provisional/provisional.go b/common/configtx/tool/provisional/provisional.go
@@ -169,19 +169,25 @@ func New(conf *genesisconfig.Profile) Generator {
 }
 
 func (bs *bootstrapper) ChannelTemplate() configtx.Template {
-	return configtx.NewCompositeTemplate(
-		configtx.NewSimpleTemplate(bs.channelGroups...),
-		configtx.NewSimpleTemplate(bs.ordererGroups...),
-		configtx.NewSimpleTemplate(bs.applicationGroups...),
+	return configtx.NewModPolicySettingTemplate(
+		configvaluesmsp.AdminsPolicyKey,
+		configtx.NewCompositeTemplate(
+			configtx.NewSimpleTemplate(bs.channelGroups...),
+			configtx.NewSimpleTemplate(bs.ordererGroups...),
+			configtx.NewSimpleTemplate(bs.applicationGroups...),
+		),
 	)
 }
 
 // XXX deprecate and remove
 func (bs *bootstrapper) GenesisBlock() *cb.Block {
 	block, err := genesis.NewFactoryImpl(
-		configtx.NewCompositeTemplate(
-			configtx.NewSimpleTemplate(bs.ordererSystemChannelGroups...),
-			bs.ChannelTemplate(),
+		configtx.NewModPolicySettingTemplate(
+			configvaluesmsp.AdminsPolicyKey,
+			configtx.NewCompositeTemplate(
+				configtx.NewSimpleTemplate(bs.ordererSystemChannelGroups...),
+				bs.ChannelTemplate(),
+			),
 		),
 	).Block(TestChainID)
 
@@ -193,9 +199,12 @@ func (bs *bootstrapper) GenesisBlock() *cb.Block {
 
 func (bs *bootstrapper) GenesisBlockForChannel(channelID string) *cb.Block {
 	block, err := genesis.NewFactoryImpl(
-		configtx.NewCompositeTemplate(
-			configtx.NewSimpleTemplate(bs.ordererSystemChannelGroups...),
-			bs.ChannelTemplate(),
+		configtx.NewModPolicySettingTemplate(
+			configvaluesmsp.AdminsPolicyKey,
+			configtx.NewCompositeTemplate(
+				configtx.NewSimpleTemplate(bs.ordererSystemChannelGroups...),
+				bs.ChannelTemplate(),
+			),
 		),
 	).Block(channelID)
 
