-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Instructions in ABAC.md not working with regards to changing calling identity from CLI #71
Comments
@Hull4Progress, I will need to have a look at it. I don't believe this process was re-tested for 1.4. I'll aim to give you an update early next week. Thanks |
@Hull4Progress I have been able to re-test the ABAC instructions and now re-reading your post I understand. When starting the network in dev mode, it contains a single organisation: DevOrgMSP (With the CA ca.devorg.trade.com). You can see that in the Because the network only has the DevOrgMSP organisation, you need to ensure that the chaincode testMode is set to True. This will avoid the chaincode invocation from performing checks on the type of org (Importer, Exporter, etc...). The ABAC instructions will make you test the modified chaincode with two identities:
Looking at the On the final point, regarding the chaincode not remaining in dev mode, I took a look at the latest behaviour of 1.4. Upon doing a
This means that any changes to the source code on the file system are ignored because the dev chaincode is working on a copy. I suspect that is what is happening when you subsequently modify the chaincode code and do not see it reflected. Let me know if that makes sense and if you have any further questions. |
Luc - thank you very much for these comments. I have been able to make everything work. As a small point for other readers, with regards to transferring new code modules into the chaincode container, it is also important that the code be loaded from one's local machine into chaincode:/opt/gopath/src/chaincode_copy/..., rather than into chaincode:/opt/gopath/src/chaincode/... As another small point, I see in the createIdentity.sh there are lines at the bottom that copy the importer/signcerts into importer/admincerts. This enables a CLI command that switches context over to the importer user. I have found it convenient to also add lines that copy the admin/signcerts into a new directory admin/admincerts. This lets me to easily shift back and forth between the importer and admin users from the CLI using the "export CORE_PEER_MSPCONFIGPATH=/root/.fabric-ca-client/" command. (BTW, are you aware that in the README part of the page https://github.com/HyperledgerHandsOn/trade-finance-logistics/tree/release-1.4/network there are some typos, in particular, where release "1.2" is mentioned it should really be release "1.4".) Thanks very much again |
Thanks @Hull4Progress . Fixed the version typos on the page you've linked to above. |
I am working with release-1.4, and focused on ABAC, using the ABAC.md page, specifically https://github.com/HyperledgerHandsOn/trade-finance-logistics/blob/release-1.4/chaincode/abac.md
I am running in dev mode as per Chapter 4 in the book. I believe that I am faithfully following the instructions about running " /opt/trade/createIdentity.sh" in the cli container.
However, when I attempt to invoke a trade request from the cli, presumably with the identity of "admin", it turns out that the creatorOrg, creatorCertIssuer are 'DevOrgMSP' and 'ca.devorg.trade.com'.
If I execute "export CORE_PEER_MSPCONFIGPATH=/root/.fabric-ca-client/importer" in the CLI and again invoke a trade request, it turns out that again the creatorOrg, creatorCertIssuer are 'DevOrgMSP' and 'ca.devorg.trade.com'.
Do you have any ideas what I am doing wrong or missing?
BTW, another small question is: If I follow your instructions using trade_workflow_v1, and then on page 106 I perform the two invoke steps, it turns out they are executed in test mode. But if I make a slight edit (or no edit) to tradeworkflow.go in my local machine and upload into the chaincode container and re-build go and etc, and then I perform the invoke steps, they are NOT in test mode anymore. How are you magically having it start in test mode the first time, but not after re-loading tradeworkflow.go.
Thanks
The text was updated successfully, but these errors were encountered: