policies

package
v2.1.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 1, 2020 License: Apache-2.0 Imports: 11 Imported by: 7,669

Documentation

Index

Constants

View Source 
const (
	// Path separator is used to separate policy names in paths
	PathSeparator = "/"

	// ChannelPrefix is used in the path of standard channel policy managers
	ChannelPrefix = "Channel"

	// ApplicationPrefix is used in the path of standard application policy paths
	ApplicationPrefix = "Application"

	// OrdererPrefix is used in the path of standard orderer policy paths
	OrdererPrefix = "Orderer"

	// ChannelReaders is the label for the channel's readers policy (encompassing both orderer and application readers)
	ChannelReaders = PathSeparator + ChannelPrefix + PathSeparator + "Readers"

	// ChannelWriters is the label for the channel's writers policy (encompassing both orderer and application writers)
	ChannelWriters = PathSeparator + ChannelPrefix + PathSeparator + "Writers"

	// ChannelApplicationReaders is the label for the channel's application readers policy
	ChannelApplicationReaders = PathSeparator + ChannelPrefix + PathSeparator + ApplicationPrefix + PathSeparator + "Readers"

	// ChannelApplicationWriters is the label for the channel's application writers policy
	ChannelApplicationWriters = PathSeparator + ChannelPrefix + PathSeparator + ApplicationPrefix + PathSeparator + "Writers"

	// ChannelApplicationAdmins is the label for the channel's application admin policy
	ChannelApplicationAdmins = PathSeparator + ChannelPrefix + PathSeparator + ApplicationPrefix + PathSeparator + "Admins"

	// BlockValidation is the label for the policy which should validate the block signatures for the channel
	BlockValidation = PathSeparator + ChannelPrefix + PathSeparator + OrdererPrefix + PathSeparator + "BlockValidation"

	// ChannelOrdererAdmins is the label for the channel's orderer admin policy
	ChannelOrdererAdmins = PathSeparator + ChannelPrefix + PathSeparator + OrdererPrefix + PathSeparator + "Admins"

	// ChannelOrdererWriters is the label for the channel's orderer writers policy
	ChannelOrdererWriters = PathSeparator + ChannelPrefix + PathSeparator + OrdererPrefix + PathSeparator + "Writers"

	// ChannelOrdererReaders is the label for the channel's orderer readers policy
	ChannelOrdererReaders = PathSeparator + ChannelPrefix + PathSeparator + OrdererPrefix + PathSeparator + "Readers"
)

Variables

This section is empty.

Functions

func ImplicitMetaFromString added in v1.2.0 

func ImplicitMetaFromString(input string) (*cb.ImplicitMetaPolicy, error)

func ImplicitMetaPolicyWithSubPolicy 

func ImplicitMetaPolicyWithSubPolicy(subPolicyName string, rule cb.ImplicitMetaPolicy_Rule) *cb.ConfigPolicy

ImplicitMetaPolicyWithSubPolicy creates an implicitmeta policy

func SignatureSetToValidIdentities 

func SignatureSetToValidIdentities(signedData []*protoutil.SignedData, identityDeserializer mspi.IdentityDeserializer) []mspi.Identity

SignatureSetToValidIdentities takes a slice of pointers to signed data, checks the validity of the signature and of the signer and returns a slice of associated identities. The returned identities are deduplicated.

func TemplateImplicitMetaAllPolicy 

func TemplateImplicitMetaAllPolicy(path []string, policyName string) *cb.ConfigGroup

TempateImplicitMetaAnyPolicy returns TemplateImplicitMetaPolicy with cb.ImplicitMetaPolicy_ALL as the rule

func TemplateImplicitMetaAnyPolicy 

func TemplateImplicitMetaAnyPolicy(path []string, policyName string) *cb.ConfigGroup

TempateImplicitMetaAnyPolicy returns TemplateImplicitMetaPolicy with cb.ImplicitMetaPolicy_ANY as the rule

func TemplateImplicitMetaMajorityPolicy 

func TemplateImplicitMetaMajorityPolicy(path []string, policyName string) *cb.ConfigGroup

TempateImplicitMetaAnyPolicy returns TemplateImplicitMetaPolicy with cb.ImplicitMetaPolicy_MAJORITY as the rule

func TemplateImplicitMetaPolicy 

func TemplateImplicitMetaPolicy(path []string, policyName string, rule cb.ImplicitMetaPolicy_Rule) *cb.ConfigGroup

TemplateImplicitMetaPolicy creates a policy at the specified path with the given policyName It utilizes the policyName for the subPolicyName as well, as this is the standard usage pattern

func TemplateImplicitMetaPolicyWithSubPolicy 

func TemplateImplicitMetaPolicyWithSubPolicy(path []string, policyName string, subPolicyName string, rule cb.ImplicitMetaPolicy_Rule) *cb.ConfigGroup

TemplateImplicitMetaPolicy creates a policy at the specified path with the given policyName and subPolicyName

Types

type ChannelPolicyManagerGetter 

type ChannelPolicyManagerGetter interface {
	// Returns the policy manager associated with the specified channel.
	Manager(channelID string) Manager
}

ChannelPolicyManagerGetter is a support interface to get access to the policy manager of a given channel

type ConfigPolicy added in v1.1.0 

type ConfigPolicy interface {
	// Key is the key this value should be stored in the *cb.ConfigGroup.Policies map.
	Key() string

	// Value is the backing policy implementation for this ConfigPolicy
	Value() *cb.Policy
}

ConfigPolicy defines a common representation for different *cb.ConfigPolicy values.

type Converter 

type Converter interface {
	Convert() (*cb.SignaturePolicyEnvelope, error)
}

Converter represents a policy which may be translated into a SignaturePolicyEnvelope

type ImplicitMetaPolicy 

type ImplicitMetaPolicy struct {
	Threshold   int
	SubPolicies []Policy

	SubPolicyName string
	// contains filtered or unexported fields
}

func NewImplicitMetaPolicy 

func NewImplicitMetaPolicy(data []byte, managers map[string]*ManagerImpl) (*ImplicitMetaPolicy, error)

NewPolicy creates a new policy based on the policy bytes

func (*ImplicitMetaPolicy) Convert 

func (p *ImplicitMetaPolicy) Convert() (*cb.SignaturePolicyEnvelope, error)

Convert implements the policies.Converter function to convert an implicit meta policy into a signature policy envelope.

func (*ImplicitMetaPolicy) EvaluateIdentities 

func (imp *ImplicitMetaPolicy) EvaluateIdentities(identities []msp.Identity) error

EvaluateIdentities takes an array of identities and evaluates whether they satisfy the policy

func (*ImplicitMetaPolicy) EvaluateSignedData 

func (imp *ImplicitMetaPolicy) EvaluateSignedData(signatureSet []*protoutil.SignedData) error

EvaluateSignedData takes a set of SignedData and evaluates whether this set of signatures satisfies the policy

type InquireablePolicy added in v1.2.0 

type InquireablePolicy interface {
	// SatisfiedBy returns a slice of PrincipalSets that each of them
	// satisfies the policy.
	SatisfiedBy() []PrincipalSet
}

InquireablePolicy is a Policy that one can inquire

type Manager 

type Manager interface {
	// GetPolicy returns a policy and true if it was the policy requested, or false if it is the default policy
	GetPolicy(id string) (Policy, bool)

	// Manager returns the sub-policy manager for a given path and whether it exists
	Manager(path []string) (Manager, bool)
}

Manager is a read only subset of the policy ManagerImpl

type ManagerImpl 

type ManagerImpl struct {
	Policies map[string]Policy
	// contains filtered or unexported fields
}

ManagerImpl is an implementation of Manager and configtx.ConfigHandler In general, it should only be referenced as an Impl for the configtx.ConfigManager

func NewManagerImpl 

func NewManagerImpl(path string, providers map[int32]Provider, root *cb.ConfigGroup) (*ManagerImpl, error)

NewManagerImpl creates a new ManagerImpl with the given CryptoHelper

func (*ManagerImpl) GetPolicy 

func (pm *ManagerImpl) GetPolicy(id string) (Policy, bool)

GetPolicy returns a policy and true if it was the policy requested, or false if it is the default reject policy

func (*ManagerImpl) Manager 

func (pm *ManagerImpl) Manager(path []string) (Manager, bool)

Manager returns the sub-policy manager for a given path and whether it exists

type Policy 

type Policy interface {
	// EvaluateSignedData takes a set of SignedData and evaluates whether
	// 1) the signatures are valid over the related message
	// 2) the signing identities satisfy the policy
	EvaluateSignedData(signatureSet []*protoutil.SignedData) error

	// EvaluateIdentities takes an array of identities and evaluates whether
	// they satisfy the policy
	EvaluateIdentities(identities []mspi.Identity) error
}

Policy is used to determine if a signature is valid

type PolicyLogger 

type PolicyLogger struct {
	Policy Policy
	// contains filtered or unexported fields
}

func (*PolicyLogger) Convert 

func (pl *PolicyLogger) Convert() (*cb.SignaturePolicyEnvelope, error)

func (*PolicyLogger) EvaluateIdentities 

func (pl *PolicyLogger) EvaluateIdentities(identities []mspi.Identity) error

func (*PolicyLogger) EvaluateSignedData 

func (pl *PolicyLogger) EvaluateSignedData(signatureSet []*protoutil.SignedData) error

type PolicyManagerGetterFunc 

type PolicyManagerGetterFunc func(channelID string) Manager

PolicyManagerGetterFunc is a function adapater for ChannelPolicyManagerGetter.

func (PolicyManagerGetterFunc) Manager 

func (p PolicyManagerGetterFunc) Manager(channelID string) Manager

type PrincipalSet added in v1.2.0 

type PrincipalSet []*msp.MSPPrincipal

PrincipalSet is a collection of MSPPrincipals

func (PrincipalSet) ContainingOnly added in v1.2.0 

func (ps PrincipalSet) ContainingOnly(f func(*msp.MSPPrincipal) bool) bool

ContainingOnly returns whether the given PrincipalSet contains only Principals that satisfy the given predicate

func (PrincipalSet) UniqueSet added in v1.2.0 

func (ps PrincipalSet) UniqueSet() map[*msp.MSPPrincipal]int

UniqueSet returns a histogram that is induced by the PrincipalSet

type PrincipalSets added in v1.2.0 

type PrincipalSets []PrincipalSet

PrincipalSets aggregates PrincipalSets

func (PrincipalSets) ContainingOnly added in v1.2.0 

func (psSets PrincipalSets) ContainingOnly(f func(*msp.MSPPrincipal) bool) PrincipalSets

ContainingOnly returns PrincipalSets that contain only principals of the given predicate

type Provider 

type Provider interface {
	// NewPolicy creates a new policy based on the policy bytes
	NewPolicy(data []byte) (Policy, proto.Message, error)
}

Provider provides the backing implementation of a policy

type StandardConfigPolicy added in v1.1.0 

type StandardConfigPolicy struct {
	// contains filtered or unexported fields
}

StandardConfigValue implements the ConfigValue interface.

func ImplicitMetaAllPolicy added in v1.1.0 

func ImplicitMetaAllPolicy(policyName string) *StandardConfigPolicy

ImplicitMetaAllPolicy defines an implicit meta policy whose sub_policy and key is policyname with rule ALL.

func ImplicitMetaAnyPolicy added in v1.1.0 

func ImplicitMetaAnyPolicy(policyName string) *StandardConfigPolicy

ImplicitMetaAnyPolicy defines an implicit meta policy whose sub_policy and key is policyname with rule ANY.

func ImplicitMetaMajorityPolicy added in v1.1.0 

func ImplicitMetaMajorityPolicy(policyName string) *StandardConfigPolicy

ImplicitMetaMajorityPolicy defines an implicit meta policy whose sub_policy and key is policyname with rule MAJORITY.

func SignaturePolicy added in v1.1.0 

func SignaturePolicy(policyName string, sigPolicy *cb.SignaturePolicyEnvelope) *StandardConfigPolicy

SignaturePolicy defines a policy with key policyName and the given signature policy.

func (*StandardConfigPolicy) Key added in v1.1.0 

func (scv *StandardConfigPolicy) Key() string

Key is the key this value should be stored in the *cb.ConfigGroup.Values map.

func (*StandardConfigPolicy) Value added in v1.1.0 

func (scv *StandardConfigPolicy) Value() *cb.Policy

Value is the *cb.Policy which should be stored as the *cb.ConfigPolicy.Policy.

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.