[FAB-10568] remove client and CA from NetworkConfig

- Client & CertificateAuthoties shouldn't be exposed in network config, since they should be accessed through identity config - removed CertficateAuthorities references in endpoint config. - removed fab.NetworkConfig dependencies in identity config Change-Id: I9fa9365cf0812bd9e323e39f11324ca5bd85227e Signed-off-by: Sudesh Shetty <[email protected]>
hyperledger · Jun 7, 2018 · 49f88a3 · 49f88a3
1 parent 9cbdc1b
commit 49f88a3
Show file tree

Hide file tree

Showing 10 changed files with 202 additions and 215 deletions.
diff --git a/pkg/client/msp/client_test.go b/pkg/client/msp/client_test.go
@@ -19,7 +19,6 @@ import (
 
 	contextApi "github.com/hyperledger/fabric-sdk-go/pkg/common/providers/context"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
-	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/fab"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/msp"
 	mspctx "github.com/hyperledger/fabric-sdk-go/pkg/common/providers/msp"
 	"github.com/hyperledger/fabric-sdk-go/pkg/core/config"
@@ -38,6 +37,10 @@ const (
 
 var caServerURL string
 
+type nwConfig struct {
+	CertificateAuthorities map[string]msp.CAConfig
+}
+
 // TestMSP is a unit test for Client enrollment and re-enrollment scenarios
 func TestMSP(t *testing.T) {
 
@@ -413,7 +416,7 @@ func getCustomBackend(currentBackends ...core.ConfigBackend) []core.ConfigBacken
 	backendMap := make(map[string]interface{})
 
 	//Custom URLs for ca configs
-	networkConfig := fab.NetworkConfig{}
+	networkConfig := nwConfig{}
 	configLookup := lookup.New(currentBackends...)
 	configLookup.UnmarshalKey("certificateAuthorities", &networkConfig.CertificateAuthorities)
 

diff --git a/pkg/common/providers/fab/network.go b/pkg/common/providers/fab/network.go
@@ -8,23 +8,18 @@ package fab
 
 import (
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/errors/retry"
-	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/msp"
 	"github.com/hyperledger/fabric-sdk-go/pkg/core/config/endpoint"
 )
 
-// NetworkConfig provides a static definition of a Hyperledger Fabric network
+// NetworkConfig provides a static definition of endpoint configuration network
 type NetworkConfig struct {
-	Name        string
-	Description string
-	Version     string
-	//TODO to be removed, no apparent reason to expose it in network config
-	Client        msp.ClientConfig
+	Name          string
+	Description   string
+	Version       string
 	Channels      map[string]ChannelNetworkConfig
 	Organizations map[string]OrganizationConfig
 	Orderers      map[string]OrdererConfig
 	Peers         map[string]PeerConfig
-	//TODO to be removed, no apparent reason to expose it in network config
-	CertificateAuthorities map[string]msp.CAConfig
 }
 
 // ChannelNetworkConfig provides the definition of channels for the network

diff --git a/pkg/core/config/lookup/lookup_test.go b/pkg/core/config/lookup/lookup_test.go
@@ -19,6 +19,7 @@ import (
 
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/fab"
+	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/msp"
 	"github.com/hyperledger/fabric-sdk-go/pkg/core/mocks"
 	"github.com/mitchellh/mapstructure"
 	"github.com/spf13/viper"
@@ -35,6 +36,19 @@ type testEntityMatchers struct {
 	matchers map[string][]fab.MatchConfig
 }
 
+// networkConfig matches all network config elements
+type networkConfig struct {
+	Name                   string
+	Description            string
+	Version                string
+	Client                 msp.ClientConfig
+	Channels               map[string]fab.ChannelNetworkConfig
+	Organizations          map[string]fab.OrganizationConfig
+	Orderers               map[string]fab.OrdererConfig
+	Peers                  map[string]fab.PeerConfig
+	CertificateAuthorities map[string]msp.CAConfig
+}
+
 func TestMain(m *testing.M) {
 	backend = setupCustomBackend("key")
 	r := m.Run()
@@ -180,7 +194,7 @@ func TestUnmarshal(t *testing.T) {
 	testLookup := New(backend)
 
 	//output struct
-	networkConfig := fab.NetworkConfig{}
+	networkConfig := networkConfig{}
 	testLookup.UnmarshalKey("channels", &networkConfig.Channels)
 
 	assert.Equal(t, len(networkConfig.Channels), 3)
@@ -230,7 +244,7 @@ func TestUnmarshalWithMultipleBackend(t *testing.T) {
 	testLookup := New(backends...)
 
 	//output struct
-	networkConfig := fab.NetworkConfig{}
+	networkConfig := networkConfig{}
 	entityMatchers := testEntityMatchers{}
 
 	assert.Nil(t, testLookup.UnmarshalKey("client", &networkConfig.Client), "unmarshalKey supposed to succeed")
@@ -291,9 +305,9 @@ func TestLookupUnmarshalAgainstViperUnmarshal(t *testing.T) {
 	//setup viper
 	sampleViper := newViper()
 	//viper network config
-	networkConfigViper := fab.NetworkConfig{}
+	networkConfigViper := networkConfig{}
 	//lookup network config
-	networkConfig := fab.NetworkConfig{}
+	networkConfig := networkConfig{}
 
 	/*
 		TEST NETWORK CONFIG CLIENT
@@ -454,7 +468,7 @@ func TestUnmarshalWithHookFunc(t *testing.T) {
 	testLookup := New(backend)
 	tamperPeerChannelConfig(backend)
 	//output struct
-	networkConfig := fab.NetworkConfig{}
+	networkConfig := networkConfig{}
 	testLookup.UnmarshalKey("channels", &networkConfig.Channels, WithUnmarshalHookFunction(setTrueDefaultForPeerChannelConfig()))
 
 	//Test if mandatory hook func is working as expected

diff --git a/pkg/fab/endpointconfig.go b/pkg/fab/endpointconfig.go
@@ -109,6 +109,11 @@ type entityMatchers struct {
 	matchers map[string][]fab.MatchConfig
 }
 
+//endpointConfigEntity contains endpoint config elements needed by endpointconfig
+type endpointConfigEntity struct {
+	Client msp.ClientConfig
+}
+
 // Timeout reads timeouts for the given timeout type, if type is not found in the config
 // then default is set as per the const value above for the corresponding type
 func (c *EndpointConfig) Timeout(tType fab.TimeoutType) time.Duration {
@@ -434,12 +439,12 @@ func (c *EndpointConfig) loadNetworkConfiguration() error {
 	networkConfig.Name = c.backend.GetString("name")
 	networkConfig.Description = c.backend.GetString("description")
 	networkConfig.Version = c.backend.GetString("version")
+	endpointConfigEntity := endpointConfigEntity{}
 
-	//TODO: to be removed from NetworkConfig, to be used only in identity Config
-	err := c.backend.UnmarshalKey("client", &networkConfig.Client)
-	logger.Debugf("Client is: %+v", networkConfig.Client)
+	err := c.backend.UnmarshalKey("client", &endpointConfigEntity.Client)
+	logger.Debugf("Client is: %+v", endpointConfigEntity.Client)
 	if err != nil {
-		return errors.WithMessage(err, "failed to parse 'client' config item to networkConfig.Client type")
+		return errors.WithMessage(err, "failed to parse 'client' config item to endpointConfigEntity.Client type")
 	}
 
 	err = c.backend.UnmarshalKey("channels", &networkConfig.Channels, lookup.WithUnmarshalHookFunction(peerChannelConfigHookFunc()))
@@ -466,15 +471,8 @@ func (c *EndpointConfig) loadNetworkConfiguration() error {
 		return errors.WithMessage(err, "failed to parse 'peers' config item to networkConfig.Peers type")
 	}
 
-	//TODO: to be removed from NetworkConfig, to be used only in identity Config
-	err = c.backend.UnmarshalKey("certificateAuthorities", &networkConfig.CertificateAuthorities)
-	logger.Debugf("certificateAuthorities are: %+v", networkConfig.CertificateAuthorities)
-	if err != nil {
-		return errors.WithMessage(err, "failed to parse 'certificateAuthorities' config item to networkConfig.CertificateAuthorities type")
-	}
-
 	//load all endpointconfig entities
-	err = c.loadEndpointConfigEntities(&networkConfig)
+	err = c.loadEndpointConfigEntities(&networkConfig, &endpointConfigEntity)
 	if err != nil {
 		return errors.WithMessage(err, "failed to load channel configs")
 	}
@@ -483,7 +481,7 @@ func (c *EndpointConfig) loadNetworkConfiguration() error {
 	return nil
 }
 
-func (c *EndpointConfig) loadEndpointConfigEntities(networkConfig *fab.NetworkConfig) error {
+func (c *EndpointConfig) loadEndpointConfigEntities(networkConfig *fab.NetworkConfig, configEntity *endpointConfigEntity) error {
 
 	//Compile the entityMatchers
 	matchError := c.compileMatchers()
@@ -492,7 +490,7 @@ func (c *EndpointConfig) loadEndpointConfigEntities(networkConfig *fab.NetworkCo
 	}
 
 	//load all TLS configs
-	err := c.loadAllTLSConfig(networkConfig)
+	err := c.loadAllTLSConfig(networkConfig, configEntity)
 	if err != nil {
 		return errors.WithMessage(err, "failed to load network TLSConfig")
 	}
@@ -525,28 +523,27 @@ func (c *EndpointConfig) loadEndpointConfigEntities(networkConfig *fab.NetworkCo
 }
 
 //loadAllTLSConfig pre-loads all network TLS Configs
-func (c *EndpointConfig) loadAllTLSConfig(networkConfig *fab.NetworkConfig) error {
-	err := c.loadClientTLSConfig(networkConfig)
+func (c *EndpointConfig) loadAllTLSConfig(networkConfig *fab.NetworkConfig, configEntity *endpointConfigEntity) error {
+	//resolve path and load bytes
+	err := c.loadClientTLSConfig(configEntity)
 	if err != nil {
 		return errors.WithMessage(err, "failed to load client TLSConfig ")
 	}
 
+	//resolve path and load bytes
 	err = c.loadOrgTLSConfig(networkConfig)
 	if err != nil {
 		return errors.WithMessage(err, "failed to load org TLSConfig ")
 	}
 
+	//resolve path and load bytes
 	err = c.loadOrdererPeerTLSConfig(networkConfig)
 	if err != nil {
 		return errors.WithMessage(err, "failed to load orderer/peer TLSConfig ")
 	}
 
-	err = c.loadCATLSConfig(networkConfig)
-	if err != nil {
-		return errors.WithMessage(err, "failed to load CA TLSConfig ")
-	}
-
-	err = c.loadTLSClientCerts(networkConfig)
+	//preload TLS client certs
+	err = c.loadTLSClientCerts(configEntity)
 	if err != nil {
 		return errors.WithMessage(err, "failed to load TLS client certs ")
 	}
@@ -555,21 +552,21 @@ func (c *EndpointConfig) loadAllTLSConfig(networkConfig *fab.NetworkConfig) erro
 }
 
 //loadClientTLSConfig pre-loads all TLSConfig bytes in client config
-func (c *EndpointConfig) loadClientTLSConfig(networkConfig *fab.NetworkConfig) error {
+func (c *EndpointConfig) loadClientTLSConfig(configEntity *endpointConfigEntity) error {
 	//Clients Config
 	//resolve paths and org name
-	networkConfig.Client.Organization = strings.ToLower(networkConfig.Client.Organization)
-	networkConfig.Client.TLSCerts.Path = pathvar.Subst(networkConfig.Client.TLSCerts.Path)
-	networkConfig.Client.TLSCerts.Client.Key.Path = pathvar.Subst(networkConfig.Client.TLSCerts.Client.Key.Path)
-	networkConfig.Client.TLSCerts.Client.Cert.Path = pathvar.Subst(networkConfig.Client.TLSCerts.Client.Cert.Path)
+	configEntity.Client.Organization = strings.ToLower(configEntity.Client.Organization)
+	configEntity.Client.TLSCerts.Path = pathvar.Subst(configEntity.Client.TLSCerts.Path)
+	configEntity.Client.TLSCerts.Client.Key.Path = pathvar.Subst(configEntity.Client.TLSCerts.Client.Key.Path)
+	configEntity.Client.TLSCerts.Client.Cert.Path = pathvar.Subst(configEntity.Client.TLSCerts.Client.Cert.Path)
 
 	//pre load client key and cert bytes
-	err := networkConfig.Client.TLSCerts.Client.Key.LoadBytes()
+	err := configEntity.Client.TLSCerts.Client.Key.LoadBytes()
 	if err != nil {
 		return errors.WithMessage(err, "failed to load client key")
 	}
 
-	err = networkConfig.Client.TLSCerts.Client.Cert.LoadBytes()
+	err = configEntity.Client.TLSCerts.Client.Cert.LoadBytes()
 	if err != nil {
 		return errors.WithMessage(err, "failed to load client cert")
 	}
@@ -634,30 +631,6 @@ func (c *EndpointConfig) loadOrdererPeerTLSConfig(networkConfig *fab.NetworkConf
 	return nil
 }
 
-//loadCATLSConfig pre-loads all TLSConfig bytes in certificate authorities
-func (c *EndpointConfig) loadCATLSConfig(networkConfig *fab.NetworkConfig) error {
-	//CA Config
-	for ca, caConfig := range networkConfig.CertificateAuthorities {
-		//resolve paths
-		caConfig.TLSCACerts.Path = pathvar.Subst(caConfig.TLSCACerts.Path)
-		caConfig.TLSCACerts.Client.Key.Path = pathvar.Subst(caConfig.TLSCACerts.Client.Key.Path)
-		caConfig.TLSCACerts.Client.Cert.Path = pathvar.Subst(caConfig.TLSCACerts.Client.Cert.Path)
-		//pre load key and cert bytes
-		err := caConfig.TLSCACerts.Client.Key.LoadBytes()
-		if err != nil {
-			return errors.WithMessage(err, "failed to load ca key")
-		}
-
-		err = caConfig.TLSCACerts.Client.Cert.LoadBytes()
-		if err != nil {
-			return errors.WithMessage(err, "failed to load ca cert")
-		}
-		networkConfig.CertificateAuthorities[ca] = caConfig
-	}
-
-	return nil
-}
-
 func (c *EndpointConfig) loadPeerConfigsByOrg(networkConfig *fab.NetworkConfig) {
 
 	c.peerConfigsByOrg = make(map[string][]fab.PeerConfig)
@@ -799,10 +772,10 @@ func (c *EndpointConfig) loadChannelOrderers(networkConfig *fab.NetworkConfig) e
 
 // loadTLSClientCerts loads the client's certs for mutual TLS
 // It checks the config for embedded pem files before looking for cert files
-func (c *EndpointConfig) loadTLSClientCerts(networkConfig *fab.NetworkConfig) error {
+func (c *EndpointConfig) loadTLSClientCerts(configEntity *endpointConfigEntity) error {
 
 	var clientCerts tls.Certificate
-	cb := networkConfig.Client.TLSCerts.Client.Cert.Bytes()
+	cb := configEntity.Client.TLSCerts.Client.Cert.Bytes()
 	if len(cb) == 0 {
 		// if no cert found in the config, empty cert chain should be used
 		c.tlsClientCerts = []tls.Certificate{clientCerts}
@@ -816,7 +789,7 @@ func (c *EndpointConfig) loadTLSClientCerts(networkConfig *fab.NetworkConfig) er
 	// If CryptoSuite fails to load private key from cert then load private key from config
 	if err != nil || pk == nil {
 		logger.Debugf("Reading pk from config, unable to retrieve from cert: %s", err)
-		tlsClientCerts, err := c.loadPrivateKeyFromConfig(&networkConfig.Client, clientCerts, cb)
+		tlsClientCerts, err := c.loadPrivateKeyFromConfig(&configEntity.Client, clientCerts, cb)
 		if err != nil {
 			return errors.WithMessage(err, "failed to load TLS client certs")
 		}