mirror of https://github.com/poanetwork/quorum.git
permissions: changed the permissions config struct to have address instead of string. Updated error handling.
This commit is contained in:
parent
29aeb8432e
commit
65a0216609
|
@ -391,10 +391,11 @@ func startQuorumPermissionService(ctx *cli.Context, stack *node.Node) {
|
||||||
log.Error("loading of permission-config.json failed", "error", err)
|
log.Error("loading of permission-config.json failed", "error", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
// permissions not enabled hence none of the services will be available.
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Info("AJ-perm-config loaded", "config", permissionConfig)
|
|
||||||
|
|
||||||
// start the permissions management service
|
// start the permissions management service
|
||||||
pc, err := permission.NewQuorumPermissionCtrl(stack, ctx.GlobalBool(utils.EnableNodePermissionFlag.Name), ctx.GlobalBool(utils.RaftModeFlag.Name), &permissionConfig)
|
pc, err := permission.NewQuorumPermissionCtrl(stack, ctx.GlobalBool(utils.EnableNodePermissionFlag.Name), ctx.GlobalBool(utils.RaftModeFlag.Name), &permissionConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -409,7 +410,7 @@ func startQuorumPermissionService(ctx *cli.Context, stack *node.Node) {
|
||||||
|
|
||||||
rpcClient, err := stack.Attach() /**/
|
rpcClient, err := stack.Attach() /**/
|
||||||
if err != nil {
|
if err != nil {
|
||||||
utils.Fatalf("Unable to connnect to the node: %v", err)
|
utils.Fatalf("Unable to connect to the node: %v", err)
|
||||||
}
|
}
|
||||||
stateReader := ethclient.NewClient(rpcClient)
|
stateReader := ethclient.NewClient(rpcClient)
|
||||||
|
|
||||||
|
|
|
@ -33,6 +33,23 @@ const (
|
||||||
NodeDelete
|
NodeDelete
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// permission config for bootstrapping
|
||||||
|
type PermissionLocalConfig struct {
|
||||||
|
UpgrdAddress string
|
||||||
|
InterfAddress string
|
||||||
|
ImplAddress string
|
||||||
|
NodeAddress string
|
||||||
|
AccountAddress string
|
||||||
|
RoleAddress string
|
||||||
|
VoterAddress string
|
||||||
|
OrgAddress string
|
||||||
|
NwAdminOrg string
|
||||||
|
NwAdminRole string
|
||||||
|
OrgAdminRole string
|
||||||
|
|
||||||
|
Accounts []string //initial list of account that need full access
|
||||||
|
}
|
||||||
|
|
||||||
type PermissionCtrl struct {
|
type PermissionCtrl struct {
|
||||||
node *node.Node
|
node *node.Node
|
||||||
ethClnt *ethclient.Client
|
ethClnt *ethclient.Client
|
||||||
|
@ -50,6 +67,31 @@ type PermissionCtrl struct {
|
||||||
permConfig *types.PermissionConfig
|
permConfig *types.PermissionConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This function takes the local config data where all the information is in string
|
||||||
|
// converts that to address and populates the global permissions config
|
||||||
|
func populateConfig(config PermissionLocalConfig) types.PermissionConfig {
|
||||||
|
var permConfig types.PermissionConfig
|
||||||
|
permConfig.UpgrdAddress = common.HexToAddress(config.UpgrdAddress)
|
||||||
|
permConfig.InterfAddress = common.HexToAddress(config.InterfAddress)
|
||||||
|
permConfig.ImplAddress = common.HexToAddress(config.ImplAddress)
|
||||||
|
permConfig.OrgAddress = common.HexToAddress(config.OrgAddress)
|
||||||
|
permConfig.RoleAddress = common.HexToAddress(config.RoleAddress)
|
||||||
|
permConfig.NodeAddress = common.HexToAddress(config.NodeAddress)
|
||||||
|
permConfig.AccountAddress = common.HexToAddress(config.AccountAddress)
|
||||||
|
permConfig.VoterAddress = common.HexToAddress(config.VoterAddress)
|
||||||
|
|
||||||
|
permConfig.NwAdminOrg = config.NwAdminOrg
|
||||||
|
permConfig.NwAdminRole = config.NwAdminOrg
|
||||||
|
permConfig.OrgAdminRole = config.OrgAdminRole
|
||||||
|
|
||||||
|
// populate the account list as passed in config
|
||||||
|
for _, val := range config.Accounts {
|
||||||
|
permConfig.Accounts = append(permConfig.Accounts, common.HexToAddress(val))
|
||||||
|
}
|
||||||
|
|
||||||
|
return permConfig
|
||||||
|
}
|
||||||
|
|
||||||
func ParsePermissionConifg(dir string) (types.PermissionConfig, error) {
|
func ParsePermissionConifg(dir string) (types.PermissionConfig, error) {
|
||||||
fileName := "permission-config.json"
|
fileName := "permission-config.json"
|
||||||
fullPath := filepath.Join(dir, fileName)
|
fullPath := filepath.Join(dir, fileName)
|
||||||
|
@ -64,12 +106,15 @@ func ParsePermissionConifg(dir string) (types.PermissionConfig, error) {
|
||||||
log.Error("error reading permission-config.json file", err)
|
log.Error("error reading permission-config.json file", err)
|
||||||
return types.PermissionConfig{}, err
|
return types.PermissionConfig{}, err
|
||||||
}
|
}
|
||||||
var permConfig types.PermissionConfig
|
var permlocConfig PermissionLocalConfig
|
||||||
err = json.Unmarshal(blob, &permConfig)
|
err = json.Unmarshal(blob, &permlocConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("error unmarshalling permission-config.json file", err)
|
log.Error("error unmarshalling permission-config.json file", err)
|
||||||
return types.PermissionConfig{}, err
|
return types.PermissionConfig{}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
permConfig := populateConfig(permlocConfig)
|
||||||
|
|
||||||
return permConfig, nil
|
return permConfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -83,62 +128,66 @@ func NewQuorumPermissionCtrl(stack *node.Node, permissionedMode, isRaft bool, pc
|
||||||
}
|
}
|
||||||
|
|
||||||
if pconfig.IsEmpty() && permissionedMode {
|
if pconfig.IsEmpty() && permissionedMode {
|
||||||
utils.Fatalf("permission-config.json is missing contract address")
|
log.Error("permission-config.json is missing contract address")
|
||||||
|
return nil, errors.New("permission-config.json is missing contract address")
|
||||||
}
|
}
|
||||||
|
pu, err := pbind.NewPermUpgr(pconfig.UpgrdAddress, stateReader)
|
||||||
if !permissionedMode {
|
|
||||||
return &PermissionCtrl{stack, stateReader, e, isRaft, permissionedMode, stack.GetNodeKey(), stack.DataDir(), nil, nil, nil, nil, nil, nil, pconfig}, nil
|
|
||||||
}
|
|
||||||
pu, err := pbind.NewPermUpgr(common.HexToAddress(pconfig.UpgrdAddress), stateReader)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Permissions not enabled for the network", "err", err)
|
log.Error("Permissions not enabled for the network", "err", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
// check if permissioning contract is there at address. If not return from here
|
// check if permissioning contract is there at address. If not return from here
|
||||||
pm, err := pbind.NewPermInterface(common.HexToAddress(pconfig.InterfAddress), stateReader)
|
pm, err := pbind.NewPermInterface(pconfig.InterfAddress, stateReader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Permissions not enabled for the network", "err", err)
|
log.Error("Permissions not enabled for the network", "err", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
pmAcct, err := pbind.NewAcctManager(common.HexToAddress(pconfig.AccountAddress), stateReader)
|
pmAcct, err := pbind.NewAcctManager(pconfig.AccountAddress, stateReader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Permissions not enabled for the network", "err", err)
|
log.Error("Permissions not enabled for the network", "err", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
pmNode, err := pbind.NewNodeManager(common.HexToAddress(pconfig.NodeAddress), stateReader)
|
pmNode, err := pbind.NewNodeManager(pconfig.NodeAddress, stateReader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Permissions not enabled for the network", "err", err)
|
log.Error("Permissions not enabled for the network", "err", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
pmRole, err := pbind.NewRoleManager(common.HexToAddress(pconfig.RoleAddress), stateReader)
|
pmRole, err := pbind.NewRoleManager(pconfig.RoleAddress, stateReader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Permissions not enabled for the network", "err", err)
|
log.Error("Permissions not enabled for the network", "err", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
pmOrg, err := pbind.NewOrgManager(common.HexToAddress(pconfig.OrgAddress), stateReader)
|
pmOrg, err := pbind.NewOrgManager(pconfig.OrgAddress, stateReader)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error("Permissions not enabled for the network", "err", err)
|
log.Error("Permissions not enabled for the network", "err", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Info("AJ-permission contracts initialized")
|
|
||||||
return &PermissionCtrl{stack, stateReader, e, isRaft, permissionedMode, stack.GetNodeKey(), stack.DataDir(), pu, pm, pmNode, pmAcct, pmRole, pmOrg, pconfig}, nil
|
return &PermissionCtrl{stack, stateReader, e, isRaft, permissionedMode, stack.GetNodeKey(), stack.DataDir(), pu, pm, pmNode, pmAcct, pmRole, pmOrg, pconfig}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Starts the node permissioning and account access control monitoring
|
// Starts the node permissioning and event monitoring for permissions
|
||||||
|
// smart contracts
|
||||||
func (p *PermissionCtrl) Start() error {
|
func (p *PermissionCtrl) Start() error {
|
||||||
// Permissions initialization
|
// Permissions initialization
|
||||||
if err := p.init(); err != nil {
|
if err := p.init(); err != nil {
|
||||||
log.Error("Permissions init failed", "err", err)
|
log.Error("Permissions init failed", "err", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// monitor org management related events
|
||||||
p.manageOrgPermissions()
|
p.manageOrgPermissions()
|
||||||
|
|
||||||
|
// monitor org level node management events
|
||||||
p.manageNodePermissions()
|
p.manageNodePermissions()
|
||||||
|
|
||||||
|
// monitor org level role management events
|
||||||
p.manageRolePermissions()
|
p.manageRolePermissions()
|
||||||
|
|
||||||
|
// monitor org level account management events
|
||||||
p.manageAccountPermissions()
|
p.manageAccountPermissions()
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
@ -146,9 +195,6 @@ func (p *PermissionCtrl) Start() error {
|
||||||
|
|
||||||
// Sets the initial values for the network
|
// Sets the initial values for the network
|
||||||
func (p *PermissionCtrl) init() error {
|
func (p *PermissionCtrl) init() error {
|
||||||
if !p.permissionedMode {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
// populate the initial list of permissioned nodes and account accesses
|
// populate the initial list of permissioned nodes and account accesses
|
||||||
if err := p.populateInitPermissions(); err != nil {
|
if err := p.populateInitPermissions(); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -544,10 +590,8 @@ func (p *PermissionCtrl) formatEnodeId(enodeId, ipAddrPort, discPort, raftPort s
|
||||||
return newEnodeId
|
return newEnodeId
|
||||||
}
|
}
|
||||||
|
|
||||||
// Thus function checks if the its the initial network boot up and if yes
|
// Thus function checks if the its the initial network boot up status and if no
|
||||||
// populates the initial network enode details from static-nodes.json into
|
// populates permissioning model with details from permission-config.json
|
||||||
// smart contracts. Sets the accounts access to full access for the initial
|
|
||||||
// initial list of accounts as given in genesis.json file
|
|
||||||
func (p *PermissionCtrl) populateInitPermissions() error {
|
func (p *PermissionCtrl) populateInitPermissions() error {
|
||||||
auth := bind.NewKeyedTransactor(p.key)
|
auth := bind.NewKeyedTransactor(p.key)
|
||||||
permInterfSession := &pbind.PermInterfaceSession{
|
permInterfSession := &pbind.PermInterfaceSession{
|
||||||
|
@ -566,33 +610,16 @@ func (p *PermissionCtrl) populateInitPermissions() error {
|
||||||
networkInitialized, err := permInterfSession.GetNetworkBootStatus()
|
networkInitialized, err := permInterfSession.GetNetworkBootStatus()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
// handle the scenario of no contract code.
|
// handle the scenario of no contract code.
|
||||||
if err.Error() == "no contract code at given address" {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
log.Warn("Failed to retrieve network boot status ", "err", err)
|
log.Warn("Failed to retrieve network boot status ", "err", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if networkInitialized && !p.permissionedMode {
|
|
||||||
// Network is initialized with permissions and node is joining in a non-permissioned
|
|
||||||
// option. stop the node from coming up
|
|
||||||
utils.Fatalf("Joining a permissioned network in non-permissioned mode is not permitted. Bring up geth with --permissioned.")
|
|
||||||
}
|
|
||||||
|
|
||||||
if !p.permissionedMode {
|
|
||||||
log.Info("Node started in non-permissioned mode")
|
|
||||||
return errors.New("Node started in non-permissioned mode")
|
|
||||||
}
|
|
||||||
|
|
||||||
if !networkInitialized {
|
if !networkInitialized {
|
||||||
if err := p.bootupNetwork(permInterfSession); err != nil {
|
if err := p.bootupNetwork(permInterfSession); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
log.Info("AJ-network boot completed")
|
|
||||||
} else {
|
} else {
|
||||||
log.Info("AJ-network already booted")
|
|
||||||
//populate orgs, nodes, roles and accounts from contract
|
//populate orgs, nodes, roles and accounts from contract
|
||||||
|
|
||||||
p.populateOrgsFromContract(auth)
|
p.populateOrgsFromContract(auth)
|
||||||
|
|
||||||
p.populateNodesFromContract(auth)
|
p.populateNodesFromContract(auth)
|
||||||
|
@ -600,7 +627,6 @@ func (p *PermissionCtrl) populateInitPermissions() error {
|
||||||
p.populateRolesFromContract(auth)
|
p.populateRolesFromContract(auth)
|
||||||
|
|
||||||
p.populateAccountsFromContract(auth)
|
p.populateAccountsFromContract(auth)
|
||||||
log.Info("AJ-all data loaded from contract")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ShowCacheData()
|
ShowCacheData()
|
||||||
|
@ -608,21 +634,17 @@ func (p *PermissionCtrl) populateInitPermissions() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// initialize the permissions model and populate initial values
|
||||||
func (p *PermissionCtrl) bootupNetwork(permInterfSession *pbind.PermInterfaceSession) error {
|
func (p *PermissionCtrl) bootupNetwork(permInterfSession *pbind.PermInterfaceSession) error {
|
||||||
// Ensure that there is at least one account given as a part of genesis.json
|
|
||||||
// which will have full access. If not throw a fatal error
|
|
||||||
// Do not want a network with no access
|
|
||||||
log.Info("AJ-network not initialized")
|
|
||||||
|
|
||||||
permInterfSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permInterfSession.TransactOpts.From))
|
permInterfSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permInterfSession.TransactOpts.From))
|
||||||
if _, err := permInterfSession.SetPolicy(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, p.permConfig.OrgAdminRole); err != nil {
|
if _, err := permInterfSession.SetPolicy(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, p.permConfig.OrgAdminRole); err != nil {
|
||||||
log.Error("AJ-permIntr.setPolicy failed", "err", err)
|
log.Error("bootupNetwork SetPolicy failed", "err", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
log.Info("AJ-permInter setPolicy done")
|
log.Info("AJ-permInter setPolicy done")
|
||||||
permInterfSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permInterfSession.TransactOpts.From))
|
permInterfSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permInterfSession.TransactOpts.From))
|
||||||
if _, err := permInterfSession.Init(common.HexToAddress(p.permConfig.OrgAddress), common.HexToAddress(p.permConfig.RoleAddress), common.HexToAddress(p.permConfig.AccountAddress), common.HexToAddress(p.permConfig.VoterAddress), common.HexToAddress(p.permConfig.NodeAddress)); err != nil {
|
if _, err := permInterfSession.Init(p.permConfig.OrgAddress, p.permConfig.RoleAddress, p.permConfig.AccountAddress, p.permConfig.VoterAddress, p.permConfig.NodeAddress); err != nil {
|
||||||
log.Error("AJ-permIntr.init failed", "err", err)
|
log.Error("bootupNetwork init failed", "err", err)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
log.Info("AJ-permInter init done")
|
log.Info("AJ-permInter init done")
|
||||||
|
@ -828,11 +850,11 @@ func (p *PermissionCtrl) populateInitAccountAccess(permissionsSession *pbind.Per
|
||||||
log.Info("AJ-adding account ", "A", a)
|
log.Info("AJ-adding account ", "A", a)
|
||||||
nonce := p.eth.TxPool().Nonce(permissionsSession.TransactOpts.From)
|
nonce := p.eth.TxPool().Nonce(permissionsSession.TransactOpts.From)
|
||||||
permissionsSession.TransactOpts.Nonce = new(big.Int).SetUint64(nonce)
|
permissionsSession.TransactOpts.Nonce = new(big.Int).SetUint64(nonce)
|
||||||
_, er := permissionsSession.AddAdminAccounts(common.HexToAddress(a))
|
_, er := permissionsSession.AddAdminAccounts(a)
|
||||||
if er != nil {
|
if er != nil {
|
||||||
utils.Fatalf("error adding permission initial account list account: %s, error:%v", a, er)
|
utils.Fatalf("error adding permission initial account list account: %s, error:%v", a, er)
|
||||||
}
|
}
|
||||||
types.AcctInfoMap.UpsertAccount(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, common.HexToAddress(a), true, 2)
|
types.AcctInfoMap.UpsertAccount(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, a, true, 2)
|
||||||
}
|
}
|
||||||
log.Info("AJ-add initial account list ...done")
|
log.Info("AJ-add initial account list ...done")
|
||||||
}
|
}
|
||||||
|
|
|
@ -78,19 +78,19 @@ type OrgStruct struct {
|
||||||
|
|
||||||
// permission config for bootstrapping
|
// permission config for bootstrapping
|
||||||
type PermissionConfig struct {
|
type PermissionConfig struct {
|
||||||
UpgrdAddress string
|
UpgrdAddress common.Address
|
||||||
InterfAddress string
|
InterfAddress common.Address
|
||||||
ImplAddress string
|
ImplAddress common.Address
|
||||||
NodeAddress string
|
NodeAddress common.Address
|
||||||
AccountAddress string
|
AccountAddress common.Address
|
||||||
RoleAddress string
|
RoleAddress common.Address
|
||||||
VoterAddress string
|
VoterAddress common.Address
|
||||||
OrgAddress string
|
OrgAddress common.Address
|
||||||
NwAdminOrg string
|
NwAdminOrg string
|
||||||
NwAdminRole string
|
NwAdminRole string
|
||||||
OrgAdminRole string
|
OrgAdminRole string
|
||||||
|
|
||||||
Accounts []string //initial list of account that need full access
|
Accounts []common.Address //initial list of account that need full access
|
||||||
}
|
}
|
||||||
|
|
||||||
type OrgKey struct {
|
type OrgKey struct {
|
||||||
|
@ -169,7 +169,7 @@ var AcctInfoMap = NewAcctCache()
|
||||||
var orgKeyLock sync.Mutex
|
var orgKeyLock sync.Mutex
|
||||||
|
|
||||||
func (pc *PermissionConfig) IsEmpty() bool {
|
func (pc *PermissionConfig) IsEmpty() bool {
|
||||||
return pc.InterfAddress == "" || pc.NodeAddress == "" || pc.AccountAddress == ""
|
return pc.InterfAddress == common.HexToAddress("0x0") || pc.NodeAddress == common.HexToAddress("0x0") || pc.AccountAddress == common.HexToAddress("0x0")
|
||||||
}
|
}
|
||||||
|
|
||||||
// sets default access to ReadOnly
|
// sets default access to ReadOnly
|
||||||
|
|
Loading…
Reference in New Issue