mirror of https://github.com/poanetwork/quorum.git
Merge remote-tracking branch 'quoeng/feature/permissioning-1.8.18' into feature/permissioning-1.8.18
# Conflicts: # controls/permission/permission.go
This commit is contained in:
commit
bc61ff23f5
|
@ -391,10 +391,11 @@ func startQuorumPermissionService(ctx *cli.Context, stack *node.Node) {
|
|||
log.Error("loading of permission-config.json failed", "error", err)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
// permissions not enabled hence none of the services will be available.
|
||||
return
|
||||
}
|
||||
|
||||
log.Info("AJ-perm-config loaded", "config", permissionConfig)
|
||||
|
||||
// start the permissions management service
|
||||
pc, err := permission.NewQuorumPermissionCtrl(stack, ctx.GlobalBool(utils.EnableNodePermissionFlag.Name), ctx.GlobalBool(utils.RaftModeFlag.Name), &permissionConfig)
|
||||
if err != nil {
|
||||
|
@ -409,7 +410,7 @@ func startQuorumPermissionService(ctx *cli.Context, stack *node.Node) {
|
|||
|
||||
rpcClient, err := stack.Attach() /**/
|
||||
if err != nil {
|
||||
utils.Fatalf("Unable to connnect to the node: %v", err)
|
||||
utils.Fatalf("Unable to connect to the node: %v", err)
|
||||
}
|
||||
stateReader := ethclient.NewClient(rpcClient)
|
||||
|
||||
|
|
|
@ -13,7 +13,6 @@ import (
|
|||
"sync"
|
||||
|
||||
"github.com/ethereum/go-ethereum/accounts/abi/bind"
|
||||
"github.com/ethereum/go-ethereum/cmd/utils"
|
||||
"github.com/ethereum/go-ethereum/controls"
|
||||
pbind "github.com/ethereum/go-ethereum/controls/bind/permission"
|
||||
"github.com/ethereum/go-ethereum/core/types"
|
||||
|
@ -33,6 +32,23 @@ const (
|
|||
NodeDelete
|
||||
)
|
||||
|
||||
// permission config for bootstrapping
|
||||
type PermissionLocalConfig struct {
|
||||
UpgrdAddress string
|
||||
InterfAddress string
|
||||
ImplAddress string
|
||||
NodeAddress string
|
||||
AccountAddress string
|
||||
RoleAddress string
|
||||
VoterAddress string
|
||||
OrgAddress string
|
||||
NwAdminOrg string
|
||||
NwAdminRole string
|
||||
OrgAdminRole string
|
||||
|
||||
Accounts []string //initial list of account that need full access
|
||||
}
|
||||
|
||||
type PermissionCtrl struct {
|
||||
node *node.Node
|
||||
ethClnt *ethclient.Client
|
||||
|
@ -70,6 +86,33 @@ func (p *PermissionCtrl) Account() *pbind.AcctManager {
|
|||
return p.permAcct
|
||||
}
|
||||
|
||||
// This function takes the local config data where all the information is in string
|
||||
// converts that to address and populates the global permissions config
|
||||
func populateConfig(config PermissionLocalConfig) types.PermissionConfig {
|
||||
var permConfig types.PermissionConfig
|
||||
permConfig.UpgrdAddress = common.HexToAddress(config.UpgrdAddress)
|
||||
permConfig.InterfAddress = common.HexToAddress(config.InterfAddress)
|
||||
permConfig.ImplAddress = common.HexToAddress(config.ImplAddress)
|
||||
permConfig.OrgAddress = common.HexToAddress(config.OrgAddress)
|
||||
permConfig.RoleAddress = common.HexToAddress(config.RoleAddress)
|
||||
permConfig.NodeAddress = common.HexToAddress(config.NodeAddress)
|
||||
permConfig.AccountAddress = common.HexToAddress(config.AccountAddress)
|
||||
permConfig.VoterAddress = common.HexToAddress(config.VoterAddress)
|
||||
|
||||
permConfig.NwAdminOrg = config.NwAdminOrg
|
||||
permConfig.NwAdminRole = config.NwAdminOrg
|
||||
permConfig.OrgAdminRole = config.OrgAdminRole
|
||||
|
||||
// populate the account list as passed in config
|
||||
for _, val := range config.Accounts {
|
||||
permConfig.Accounts = append(permConfig.Accounts, common.HexToAddress(val))
|
||||
}
|
||||
|
||||
return permConfig
|
||||
}
|
||||
|
||||
// this function reads the permissions config file passed and populates the
|
||||
// config structure accrodingly
|
||||
func ParsePermissionConifg(dir string) (types.PermissionConfig, error) {
|
||||
fileName := "permission-config.json"
|
||||
fullPath := filepath.Join(dir, fileName)
|
||||
|
@ -84,12 +127,18 @@ func ParsePermissionConifg(dir string) (types.PermissionConfig, error) {
|
|||
log.Error("error reading permission-config.json file", err)
|
||||
return types.PermissionConfig{}, err
|
||||
}
|
||||
var permConfig types.PermissionConfig
|
||||
err = json.Unmarshal(blob, &permConfig)
|
||||
var permlocConfig PermissionLocalConfig
|
||||
err = json.Unmarshal(blob, &permlocConfig)
|
||||
if err != nil {
|
||||
log.Error("error unmarshalling permission-config.json file", err)
|
||||
return types.PermissionConfig{}, err
|
||||
}
|
||||
|
||||
permConfig := populateConfig(permlocConfig)
|
||||
if len(permConfig.Accounts) == 0 {
|
||||
return types.PermissionConfig{}, errors.New("no accounts given in permission-config.json. Network cannot boot up")
|
||||
}
|
||||
|
||||
return permConfig, nil
|
||||
}
|
||||
|
||||
|
@ -103,62 +152,66 @@ func NewQuorumPermissionCtrl(stack *node.Node, permissionedMode, isRaft bool, pc
|
|||
}
|
||||
|
||||
if pconfig.IsEmpty() && permissionedMode {
|
||||
utils.Fatalf("permission-config.json is missing contract address")
|
||||
log.Error("permission-config.json is missing contract address")
|
||||
return nil, errors.New("permission-config.json is missing contract address")
|
||||
}
|
||||
|
||||
if !permissionedMode {
|
||||
return &PermissionCtrl{stack, stateReader, e, isRaft, permissionedMode, stack.GetNodeKey(), stack.DataDir(), nil, nil, nil, nil, nil, nil, pconfig}, nil
|
||||
}
|
||||
pu, err := pbind.NewPermUpgr(common.HexToAddress(pconfig.UpgrdAddress), stateReader)
|
||||
pu, err := pbind.NewPermUpgr(pconfig.UpgrdAddress, stateReader)
|
||||
if err != nil {
|
||||
log.Error("Permissions not enabled for the network", "err", err)
|
||||
return nil, err
|
||||
}
|
||||
// check if permissioning contract is there at address. If not return from here
|
||||
pm, err := pbind.NewPermInterface(common.HexToAddress(pconfig.InterfAddress), stateReader)
|
||||
pm, err := pbind.NewPermInterface(pconfig.InterfAddress, stateReader)
|
||||
if err != nil {
|
||||
log.Error("Permissions not enabled for the network", "err", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pmAcct, err := pbind.NewAcctManager(common.HexToAddress(pconfig.AccountAddress), stateReader)
|
||||
pmAcct, err := pbind.NewAcctManager(pconfig.AccountAddress, stateReader)
|
||||
if err != nil {
|
||||
log.Error("Permissions not enabled for the network", "err", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pmNode, err := pbind.NewNodeManager(common.HexToAddress(pconfig.NodeAddress), stateReader)
|
||||
pmNode, err := pbind.NewNodeManager(pconfig.NodeAddress, stateReader)
|
||||
if err != nil {
|
||||
log.Error("Permissions not enabled for the network", "err", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pmRole, err := pbind.NewRoleManager(common.HexToAddress(pconfig.RoleAddress), stateReader)
|
||||
pmRole, err := pbind.NewRoleManager(pconfig.RoleAddress, stateReader)
|
||||
if err != nil {
|
||||
log.Error("Permissions not enabled for the network", "err", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pmOrg, err := pbind.NewOrgManager(common.HexToAddress(pconfig.OrgAddress), stateReader)
|
||||
pmOrg, err := pbind.NewOrgManager(pconfig.OrgAddress, stateReader)
|
||||
if err != nil {
|
||||
log.Error("Permissions not enabled for the network", "err", err)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
log.Info("AJ-permission contracts initialized")
|
||||
return &PermissionCtrl{stack, stateReader, e, isRaft, permissionedMode, stack.GetNodeKey(), stack.DataDir(), pu, pm, pmNode, pmAcct, pmRole, pmOrg, pconfig}, nil
|
||||
}
|
||||
|
||||
// Starts the node permissioning and account access control monitoring
|
||||
// Starts the node permissioning and event monitoring for permissions
|
||||
// smart contracts
|
||||
func (p *PermissionCtrl) Start() error {
|
||||
// Permissions initialization
|
||||
if err := p.init(); err != nil {
|
||||
log.Error("Permissions init failed", "err", err)
|
||||
return err
|
||||
}
|
||||
p.manageOrgPermissions()
|
||||
|
||||
// monitor org management related events
|
||||
go p.manageOrgPermissions()
|
||||
|
||||
// monitor org level node management events
|
||||
p.manageNodePermissions()
|
||||
|
||||
// monitor org level role management events
|
||||
p.manageRolePermissions()
|
||||
|
||||
// monitor org level account management events
|
||||
p.manageAccountPermissions()
|
||||
|
||||
return nil
|
||||
|
@ -166,9 +219,6 @@ func (p *PermissionCtrl) Start() error {
|
|||
|
||||
// Sets the initial values for the network
|
||||
func (p *PermissionCtrl) init() error {
|
||||
if !p.permissionedMode {
|
||||
return nil
|
||||
}
|
||||
// populate the initial list of permissioned nodes and account accesses
|
||||
if err := p.populateInitPermissions(); err != nil {
|
||||
return err
|
||||
|
@ -180,20 +230,63 @@ func (p *PermissionCtrl) init() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// Manages org addition, decavtivation and activation from network
|
||||
// monitors org management related events happening via
|
||||
// smart contracts
|
||||
func (p *PermissionCtrl) manageOrgPermissions() {
|
||||
|
||||
if p.permissionedMode {
|
||||
log.Info("AJ-org permission start")
|
||||
go p.monitorNewOrgPendingApproval()
|
||||
//monitor for new nodes addition via smart contract
|
||||
go p.monitorNewOrgAdd()
|
||||
chPendingApproval := make(chan *pbind.OrgManagerOrgPendingApproval, 1)
|
||||
chOrgApproved := make(chan *pbind.OrgManagerOrgApproved, 1)
|
||||
chOrgSuspended := make(chan *pbind.OrgManagerOrgSuspended, 1)
|
||||
chOrgReactivated := make(chan *pbind.OrgManagerOrgSuspensionRevoked, 1)
|
||||
|
||||
//monitor for nodes deletion via smart contract
|
||||
go p.monitorOrgDeactivation()
|
||||
var evtPendingApproval *pbind.OrgManagerOrgPendingApproval
|
||||
var evtOrgApproved *pbind.OrgManagerOrgApproved
|
||||
var evtOrgSuspended *pbind.OrgManagerOrgSuspended
|
||||
var evtOrgReactivated *pbind.OrgManagerOrgSuspensionRevoked
|
||||
|
||||
//monitor for nodes activation from deactivation status
|
||||
go p.monitorOrgActivation()
|
||||
opts := &bind.WatchOpts{}
|
||||
var blockNumber uint64 = 1
|
||||
opts.Start = &blockNumber
|
||||
|
||||
if _, err := p.permOrg.OrgManagerFilterer.WatchOrgPendingApproval(opts, chPendingApproval); err != nil {
|
||||
log.Info("Failed WatchNodePendingApproval: %v", err)
|
||||
}
|
||||
|
||||
if _, err := p.permOrg.OrgManagerFilterer.WatchOrgApproved(opts, chOrgApproved); err != nil {
|
||||
log.Info("Failed WatchNodePendingApproval: %v", err)
|
||||
}
|
||||
|
||||
if _, err := p.permOrg.OrgManagerFilterer.WatchOrgSuspended(opts, chOrgSuspended); err != nil {
|
||||
log.Info("Failed WatchNodePendingApproval: %v", err)
|
||||
}
|
||||
|
||||
if _, err := p.permOrg.OrgManagerFilterer.WatchOrgSuspensionRevoked(opts, chOrgReactivated); err != nil {
|
||||
log.Info("Failed WatchNodePendingApproval: %v", err)
|
||||
}
|
||||
|
||||
for {
|
||||
log.Info("AJ-new org pending approval waiting for events...")
|
||||
select {
|
||||
case evtPendingApproval = <-chPendingApproval:
|
||||
log.Info("AJ-newOrgPendingApproval", "node", evtPendingApproval.OrgId)
|
||||
types.OrgInfoMap.UpsertOrg(evtPendingApproval.OrgId, types.OrgStatus(evtPendingApproval.Type.Uint64()))
|
||||
log.Info("AJ-newOrgPendingApproval cached updated for ", "orgid", evtPendingApproval.OrgId)
|
||||
|
||||
case evtOrgApproved = <-chOrgApproved:
|
||||
log.Info("AJ-newOrgPendingApproval", "node", evtOrgApproved.OrgId)
|
||||
types.OrgInfoMap.UpsertOrg(evtOrgApproved.OrgId, types.OrgApproved)
|
||||
log.Info("AJ-newOrgPendingApproval cached updated for ", "orgid", evtOrgApproved.OrgId)
|
||||
|
||||
case evtOrgSuspended = <-chOrgSuspended:
|
||||
log.Info("AJ-newOrgPendingApproval", "node", evtOrgSuspended.OrgId)
|
||||
types.OrgInfoMap.UpsertOrg(evtOrgSuspended.OrgId, types.OrgSuspended)
|
||||
log.Info("AJ-newOrgPendingApproval cached updated for ", "orgid", evtOrgSuspended.OrgId)
|
||||
|
||||
case evtOrgReactivated = <-chOrgReactivated:
|
||||
log.Info("AJ-newOrgPendingApproval", "node", evtOrgReactivated.OrgId)
|
||||
types.OrgInfoMap.UpsertOrg(evtOrgReactivated.OrgId, types.OrgApproved)
|
||||
log.Info("AJ-newOrgPendingApproval cached updated for ", "orgid", evtOrgReactivated.OrgId)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -564,10 +657,8 @@ func (p *PermissionCtrl) formatEnodeId(enodeId, ipAddrPort, discPort, raftPort s
|
|||
return newEnodeId
|
||||
}
|
||||
|
||||
// Thus function checks if the its the initial network boot up and if yes
|
||||
// populates the initial network enode details from static-nodes.json into
|
||||
// smart contracts. Sets the accounts access to full access for the initial
|
||||
// initial list of accounts as given in genesis.json file
|
||||
// Thus function checks if the its the initial network boot up status and if no
|
||||
// populates permissioning model with details from permission-config.json
|
||||
func (p *PermissionCtrl) populateInitPermissions() error {
|
||||
auth := bind.NewKeyedTransactor(p.key)
|
||||
permInterfSession := &pbind.PermInterfaceSession{
|
||||
|
@ -586,33 +677,16 @@ func (p *PermissionCtrl) populateInitPermissions() error {
|
|||
networkInitialized, err := permInterfSession.GetNetworkBootStatus()
|
||||
if err != nil {
|
||||
// handle the scenario of no contract code.
|
||||
if err.Error() == "no contract code at given address" {
|
||||
return err
|
||||
}
|
||||
log.Warn("Failed to retrieve network boot status ", "err", err)
|
||||
return err
|
||||
}
|
||||
|
||||
if networkInitialized && !p.permissionedMode {
|
||||
// Network is initialized with permissions and node is joining in a non-permissioned
|
||||
// option. stop the node from coming up
|
||||
utils.Fatalf("Joining a permissioned network in non-permissioned mode is not permitted. Bring up geth with --permissioned.")
|
||||
}
|
||||
|
||||
if !p.permissionedMode {
|
||||
log.Info("Node started in non-permissioned mode")
|
||||
return errors.New("Node started in non-permissioned mode")
|
||||
}
|
||||
|
||||
if !networkInitialized {
|
||||
if err := p.bootupNetwork(permInterfSession); err != nil {
|
||||
return err
|
||||
}
|
||||
log.Info("AJ-network boot completed")
|
||||
} else {
|
||||
log.Info("AJ-network already booted")
|
||||
//populate orgs, nodes, roles and accounts from contract
|
||||
|
||||
p.populateOrgsFromContract(auth)
|
||||
|
||||
p.populateNodesFromContract(auth)
|
||||
|
@ -620,73 +694,43 @@ func (p *PermissionCtrl) populateInitPermissions() error {
|
|||
p.populateRolesFromContract(auth)
|
||||
|
||||
p.populateAccountsFromContract(auth)
|
||||
log.Info("AJ-all data loaded from contract")
|
||||
}
|
||||
|
||||
ShowCacheData()
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// initialize the permissions model and populate initial values
|
||||
func (p *PermissionCtrl) bootupNetwork(permInterfSession *pbind.PermInterfaceSession) error {
|
||||
// Ensure that there is at least one account given as a part of genesis.json
|
||||
// which will have full access. If not throw a fatal error
|
||||
// Do not want a network with no access
|
||||
log.Info("AJ-network not initialized")
|
||||
|
||||
permInterfSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permInterfSession.TransactOpts.From))
|
||||
if _, err := permInterfSession.SetPolicy(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, p.permConfig.OrgAdminRole); err != nil {
|
||||
log.Error("AJ-permIntr.setPolicy failed", "err", err)
|
||||
log.Error("bootupNetwork SetPolicy failed", "err", err)
|
||||
return err
|
||||
}
|
||||
log.Info("AJ-permInter setPolicy done")
|
||||
permInterfSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permInterfSession.TransactOpts.From))
|
||||
if _, err := permInterfSession.Init(common.HexToAddress(p.permConfig.OrgAddress), common.HexToAddress(p.permConfig.RoleAddress), common.HexToAddress(p.permConfig.AccountAddress), common.HexToAddress(p.permConfig.VoterAddress), common.HexToAddress(p.permConfig.NodeAddress)); err != nil {
|
||||
log.Error("AJ-permIntr.init failed", "err", err)
|
||||
if _, err := permInterfSession.Init(p.permConfig.OrgAddress, p.permConfig.RoleAddress, p.permConfig.AccountAddress, p.permConfig.VoterAddress, p.permConfig.NodeAddress); err != nil {
|
||||
log.Error("bootupNetwork init failed", "err", err)
|
||||
return err
|
||||
}
|
||||
log.Info("AJ-permInter init done")
|
||||
|
||||
types.OrgInfoMap.UpsertOrg(p.permConfig.NwAdminOrg, 2)
|
||||
types.RoleInfoMap.UpsertRole(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, true, 3, true)
|
||||
types.RoleInfoMap.UpsertRole(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, true, types.FullAccess, true)
|
||||
// populate the initial node list from static-nodes.json
|
||||
err := p.populateStaticNodesToContract(permInterfSession)
|
||||
if err != nil {
|
||||
if err := p.populateStaticNodesToContract(permInterfSession); err != nil {
|
||||
return err
|
||||
}
|
||||
log.Info("AJ-permInter init node population done")
|
||||
// populate initial account access to full access
|
||||
err = p.populateInitAccountAccess(permInterfSession)
|
||||
if err != nil {
|
||||
if err := p.populateInitAccountAccess(permInterfSession); err != nil {
|
||||
return err
|
||||
}
|
||||
log.Info("AJ-permInter init account population done")
|
||||
if err == nil && len(p.permConfig.Accounts) == 0 {
|
||||
|
||||
//utils.Fatalf("Permissioned network being brought up with zero accounts having full access. Add permissioned full access accounts in genesis.json and bring up the network")
|
||||
}
|
||||
|
||||
// update network status to boot completed
|
||||
err = p.updateNetworkStatus(permInterfSession)
|
||||
if err != nil {
|
||||
log.Info("AJ-failed to updated network boot status")
|
||||
if err := p.updateNetworkStatus(permInterfSession); err != nil {
|
||||
log.Error("failed to updated network boot status", "error", err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ShowCacheData() {
|
||||
log.Info("AJ-======org info ======")
|
||||
types.OrgInfoMap.Show()
|
||||
log.Info("AJ-======Node info======")
|
||||
types.NodeInfoMap.Show()
|
||||
log.Info("AJ-======role info======")
|
||||
types.RoleInfoMap.Show()
|
||||
log.Info("AJ-======act info======")
|
||||
types.AcctInfoMap.Show()
|
||||
log.Info("AJ-============")
|
||||
}
|
||||
|
||||
func (p *PermissionCtrl) populateAccountsFromContract(auth *bind.TransactOpts) {
|
||||
//populate accounts
|
||||
permAcctSession := &pbind.AcctManagerSession{
|
||||
|
@ -694,24 +738,11 @@ func (p *PermissionCtrl) populateAccountsFromContract(auth *bind.TransactOpts) {
|
|||
CallOpts: bind.CallOpts{
|
||||
Pending: true,
|
||||
},
|
||||
TransactOpts: bind.TransactOpts{
|
||||
From: auth.From,
|
||||
Signer: auth.Signer,
|
||||
GasLimit: 47000000,
|
||||
GasPrice: big.NewInt(0),
|
||||
},
|
||||
}
|
||||
permAcctSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permAcctSession.TransactOpts.From))
|
||||
if numberOfRoles, err := permAcctSession.GetNumberOfAccounts(); err != nil {
|
||||
log.Error("AJ-reading acct num failed")
|
||||
} else {
|
||||
log.Info("AJ-acct num ", "num", numberOfRoles.Int64())
|
||||
if numberOfRoles, err := permAcctSession.GetNumberOfAccounts(); err == nil {
|
||||
iOrgNum := numberOfRoles.Uint64()
|
||||
for k := uint64(0); k < iOrgNum; k++ {
|
||||
permAcctSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permAcctSession.TransactOpts.From))
|
||||
if addr, org, role, status, orgAdmin, err := permAcctSession.GetAccountDetailsFromIndex(big.NewInt(int64(k))); err != nil {
|
||||
log.Error("AJ-Org reading org info failed")
|
||||
} else {
|
||||
if addr, org, role, status, orgAdmin, err := permAcctSession.GetAccountDetailsFromIndex(big.NewInt(int64(k))); err == nil {
|
||||
types.AcctInfoMap.UpsertAccount(org, role, addr, orgAdmin, types.AcctStatus(int(status.Int64())))
|
||||
}
|
||||
}
|
||||
|
@ -726,24 +757,11 @@ func (p *PermissionCtrl) populateRolesFromContract(auth *bind.TransactOpts) {
|
|||
CallOpts: bind.CallOpts{
|
||||
Pending: true,
|
||||
},
|
||||
TransactOpts: bind.TransactOpts{
|
||||
From: auth.From,
|
||||
Signer: auth.Signer,
|
||||
GasLimit: 47000000,
|
||||
GasPrice: big.NewInt(0),
|
||||
},
|
||||
}
|
||||
permRoleSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permRoleSession.TransactOpts.From))
|
||||
if numberOfRoles, err := permRoleSession.GetNumberOfRoles(); err != nil {
|
||||
log.Error("AJ-reading role num failed")
|
||||
} else {
|
||||
log.Info("AJ-role num ", "num", numberOfRoles.Int64())
|
||||
if numberOfRoles, err := permRoleSession.GetNumberOfRoles(); err == nil {
|
||||
iOrgNum := numberOfRoles.Uint64()
|
||||
for k := uint64(0); k < iOrgNum; k++ {
|
||||
permRoleSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permRoleSession.TransactOpts.From))
|
||||
if roleStruct, err := permRoleSession.GetRoleDetailsFromIndex(big.NewInt(int64(k))); err != nil {
|
||||
log.Error("AJ-role reading org info failed")
|
||||
} else {
|
||||
if roleStruct, err := permRoleSession.GetRoleDetailsFromIndex(big.NewInt(int64(k))); err == nil {
|
||||
types.RoleInfoMap.UpsertRole(roleStruct.OrgId, roleStruct.RoleId, roleStruct.Voter, types.AccessType(int(roleStruct.AccessType.Int64())), roleStruct.Active)
|
||||
}
|
||||
}
|
||||
|
@ -758,24 +776,12 @@ func (p *PermissionCtrl) populateNodesFromContract(auth *bind.TransactOpts) {
|
|||
CallOpts: bind.CallOpts{
|
||||
Pending: true,
|
||||
},
|
||||
TransactOpts: bind.TransactOpts{
|
||||
From: auth.From,
|
||||
Signer: auth.Signer,
|
||||
GasLimit: 47000000,
|
||||
GasPrice: big.NewInt(0),
|
||||
},
|
||||
}
|
||||
permNodeSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permNodeSession.TransactOpts.From))
|
||||
if numberOfNodes, err := permNodeSession.GetNumberOfNodes(); err != nil {
|
||||
log.Error("AJ-reading node num failed")
|
||||
} else {
|
||||
log.Info("AJ-node num ", "num", numberOfNodes.Int64())
|
||||
if numberOfNodes, err := permNodeSession.GetNumberOfNodes(); err == nil {
|
||||
iOrgNum := numberOfNodes.Uint64()
|
||||
for k := uint64(0); k < iOrgNum; k++ {
|
||||
permNodeSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permNodeSession.TransactOpts.From))
|
||||
if nodeStruct, err := permNodeSession.GetNodeDetailsFromIndex(big.NewInt(int64(k))); err != nil {
|
||||
log.Error("AJ-node reading org info failed")
|
||||
} else {
|
||||
if nodeStruct, err := permNodeSession.GetNodeDetailsFromIndex(big.NewInt(int64(k))); err == nil {
|
||||
types.NodeInfoMap.UpsertNode(nodeStruct.OrgId, nodeStruct.EnodeId, types.NodeStatus(int(nodeStruct.NodeStatus.Int64())))
|
||||
}
|
||||
}
|
||||
|
@ -790,24 +796,11 @@ func (p *PermissionCtrl) populateOrgsFromContract(auth *bind.TransactOpts) {
|
|||
CallOpts: bind.CallOpts{
|
||||
Pending: true,
|
||||
},
|
||||
TransactOpts: bind.TransactOpts{
|
||||
From: auth.From,
|
||||
Signer: auth.Signer,
|
||||
GasLimit: 47000000,
|
||||
GasPrice: big.NewInt(0),
|
||||
},
|
||||
}
|
||||
permOrgSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permOrgSession.TransactOpts.From))
|
||||
if numberOfOrgs, err := permOrgSession.GetNumberOfOrgs(); err != nil {
|
||||
log.Error("AJ-reading org num failed")
|
||||
} else {
|
||||
log.Info("AJ-org num ", "num", numberOfOrgs.Int64())
|
||||
if numberOfOrgs, err := permOrgSession.GetNumberOfOrgs(); err == nil {
|
||||
iOrgNum := numberOfOrgs.Uint64()
|
||||
for k := uint64(0); k < iOrgNum; k++ {
|
||||
permOrgSession.TransactOpts.Nonce = new(big.Int).SetUint64(p.eth.TxPool().Nonce(permOrgSession.TransactOpts.From))
|
||||
if o, s, err := permOrgSession.GetOrgInfo(big.NewInt(int64(k))); err != nil {
|
||||
log.Error("AJ-Org reading org info failed")
|
||||
} else {
|
||||
if o, s, err := permOrgSession.GetOrgInfo(big.NewInt(int64(k))); err == nil {
|
||||
types.OrgInfoMap.UpsertOrg(o, types.OrgStatus(int(s.Int64())))
|
||||
}
|
||||
}
|
||||
|
@ -821,19 +814,15 @@ func (p *PermissionCtrl) populateStaticNodesToContract(permissionsSession *pbind
|
|||
for _, node := range nodes {
|
||||
|
||||
enodeID := node.EnodeID()
|
||||
|
||||
log.Info("AJ-Adding node to permissions contract", "enodeID", enodeID)
|
||||
|
||||
nonce := p.eth.TxPool().Nonce(permissionsSession.TransactOpts.From)
|
||||
permissionsSession.TransactOpts.Nonce = new(big.Int).SetUint64(nonce)
|
||||
|
||||
tx, err := permissionsSession.AddAdminNodes(node.String())
|
||||
_, err := permissionsSession.AddAdminNodes(node.String())
|
||||
if err != nil {
|
||||
log.Warn("Failed to propose node", "err", err)
|
||||
log.Warn("Failed to propose node", "err", err, "enode", enodeID)
|
||||
return err
|
||||
}
|
||||
types.NodeInfoMap.UpsertNode(p.permConfig.NwAdminOrg, node.String(), 2)
|
||||
log.Debug("Transaction pending", "tx hash", tx.Hash())
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -841,20 +830,15 @@ func (p *PermissionCtrl) populateStaticNodesToContract(permissionsSession *pbind
|
|||
// Invokes the initAccounts function of smart contract to set the initial
|
||||
// set of accounts access to full access
|
||||
func (p *PermissionCtrl) populateInitAccountAccess(permissionsSession *pbind.PermInterfaceSession) error {
|
||||
|
||||
if !p.permConfig.IsEmpty() {
|
||||
log.Info("AJ-add initial account list ...")
|
||||
for _, a := range p.permConfig.Accounts {
|
||||
log.Info("AJ-adding account ", "A", a)
|
||||
nonce := p.eth.TxPool().Nonce(permissionsSession.TransactOpts.From)
|
||||
permissionsSession.TransactOpts.Nonce = new(big.Int).SetUint64(nonce)
|
||||
_, er := permissionsSession.AddAdminAccounts(common.HexToAddress(a))
|
||||
if er != nil {
|
||||
utils.Fatalf("error adding permission initial account list account: %s, error:%v", a, er)
|
||||
}
|
||||
types.AcctInfoMap.UpsertAccount(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, common.HexToAddress(a), true, 2)
|
||||
for _, a := range p.permConfig.Accounts {
|
||||
nonce := p.eth.TxPool().Nonce(permissionsSession.TransactOpts.From)
|
||||
permissionsSession.TransactOpts.Nonce = new(big.Int).SetUint64(nonce)
|
||||
_, er := permissionsSession.AddAdminAccounts(a)
|
||||
if er != nil {
|
||||
log.Warn("Error adding permission initial account list", "err", er, "account", a)
|
||||
return er
|
||||
}
|
||||
log.Info("AJ-add initial account list ...done")
|
||||
types.AcctInfoMap.UpsertAccount(p.permConfig.NwAdminOrg, p.permConfig.NwAdminRole, a, true, 2)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -871,102 +855,6 @@ func (p *PermissionCtrl) updateNetworkStatus(permissionsSession *pbind.PermInter
|
|||
return nil
|
||||
}
|
||||
|
||||
func (p *PermissionCtrl) monitorOrgActivation() {
|
||||
log.Info("AJ-new org activated event monitor started...")
|
||||
ch := make(chan *pbind.OrgManagerOrgSuspensionRevoked, 1)
|
||||
|
||||
opts := &bind.WatchOpts{}
|
||||
var blockNumber uint64 = 1
|
||||
opts.Start = &blockNumber
|
||||
var evt *pbind.OrgManagerOrgSuspensionRevoked
|
||||
|
||||
_, err := p.permOrg.OrgManagerFilterer.WatchOrgSuspensionRevoked(opts, ch)
|
||||
if err != nil {
|
||||
log.Info("Failed watchOrgActivated: %v", err)
|
||||
}
|
||||
for {
|
||||
log.Info("AJ-new org activated waiting for events...")
|
||||
select {
|
||||
case evt = <-ch:
|
||||
log.Info("AJ-OrgActivated", "node", evt.OrgId)
|
||||
types.OrgInfoMap.UpsertOrg(evt.OrgId, types.OrgRevokeSuspension)
|
||||
log.Info("AJ-newOrgActivated cached updated for ", "orgid", evt.OrgId)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (p *PermissionCtrl) monitorNewOrgPendingApproval() {
|
||||
log.Info("AJ-new org pending approval event monitor started...")
|
||||
ch := make(chan *pbind.OrgManagerOrgPendingApproval, 1)
|
||||
|
||||
opts := &bind.WatchOpts{}
|
||||
var blockNumber uint64 = 1
|
||||
opts.Start = &blockNumber
|
||||
var evt *pbind.OrgManagerOrgPendingApproval
|
||||
|
||||
_, err := p.permOrg.OrgManagerFilterer.WatchOrgPendingApproval(opts, ch)
|
||||
if err != nil {
|
||||
log.Info("Failed WatchNodePendingApproval: %v", err)
|
||||
}
|
||||
for {
|
||||
log.Info("AJ-new org pending approval waiting for events...")
|
||||
select {
|
||||
case evt = <-ch:
|
||||
log.Info("AJ-newOrgPendingApproval", "node", evt.OrgId)
|
||||
types.OrgInfoMap.UpsertOrg(evt.OrgId, types.OrgPendingApproval)
|
||||
log.Info("AJ-newOrgPendingApproval cached updated for ", "orgid", evt.OrgId)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (p *PermissionCtrl) monitorNewOrgAdd() {
|
||||
log.Info("AJ-new org added event monitor started...")
|
||||
ch := make(chan *pbind.OrgManagerOrgApproved, 1)
|
||||
|
||||
opts := &bind.WatchOpts{}
|
||||
var blockNumber uint64 = 1
|
||||
opts.Start = &blockNumber
|
||||
var evt *pbind.OrgManagerOrgApproved
|
||||
|
||||
_, err := p.permOrg.OrgManagerFilterer.WatchOrgApproved(opts, ch)
|
||||
if err != nil {
|
||||
log.Info("Failed WatchNodeApproved: %v", err)
|
||||
}
|
||||
for {
|
||||
log.Info("AJ-new org approved waiting for events...")
|
||||
select {
|
||||
case evt = <-ch:
|
||||
log.Info("AJ-newOrgApproved", "node", evt.OrgId)
|
||||
types.OrgInfoMap.UpsertOrg(evt.OrgId, types.OrgApproved)
|
||||
log.Info("AJ-newOrgApproved cached updated for ", "orgid", evt.OrgId)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (p *PermissionCtrl) monitorOrgDeactivation() {
|
||||
log.Info("AJ-new org suspended event monitor started...")
|
||||
ch := make(chan *pbind.OrgManagerOrgSuspended, 1)
|
||||
|
||||
opts := &bind.WatchOpts{}
|
||||
var blockNumber uint64 = 1
|
||||
opts.Start = &blockNumber
|
||||
var evt *pbind.OrgManagerOrgSuspended
|
||||
|
||||
_, err := p.permOrg.OrgManagerFilterer.WatchOrgSuspended(opts, ch)
|
||||
if err != nil {
|
||||
log.Info("Failed WatchOrgSuspened: %v", err)
|
||||
}
|
||||
for {
|
||||
log.Info("AJ-new org suspended waiting for events...")
|
||||
select {
|
||||
case evt = <-ch:
|
||||
log.Info("AJ-newOrgSuspended", "node", evt.OrgId)
|
||||
types.OrgInfoMap.UpsertOrg(evt.OrgId, types.OrgRevokeSuspension)
|
||||
log.Info("AJ-newOrgSuspended cached updated for ", "orgid", evt.OrgId)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (p *PermissionCtrl) manageRolePermissions() {
|
||||
if p.permissionedMode {
|
||||
log.Info("AJ-manage role start")
|
||||
|
|
|
@ -78,19 +78,19 @@ type OrgStruct struct {
|
|||
|
||||
// permission config for bootstrapping
|
||||
type PermissionConfig struct {
|
||||
UpgrdAddress string
|
||||
InterfAddress string
|
||||
ImplAddress string
|
||||
NodeAddress string
|
||||
AccountAddress string
|
||||
RoleAddress string
|
||||
VoterAddress string
|
||||
OrgAddress string
|
||||
UpgrdAddress common.Address
|
||||
InterfAddress common.Address
|
||||
ImplAddress common.Address
|
||||
NodeAddress common.Address
|
||||
AccountAddress common.Address
|
||||
RoleAddress common.Address
|
||||
VoterAddress common.Address
|
||||
OrgAddress common.Address
|
||||
NwAdminOrg string
|
||||
NwAdminRole string
|
||||
OrgAdminRole string
|
||||
|
||||
Accounts []string //initial list of account that need full access
|
||||
Accounts []common.Address //initial list of account that need full access
|
||||
}
|
||||
|
||||
type OrgKey struct {
|
||||
|
@ -169,7 +169,7 @@ var AcctInfoMap = NewAcctCache()
|
|||
var orgKeyLock sync.Mutex
|
||||
|
||||
func (pc *PermissionConfig) IsEmpty() bool {
|
||||
return pc.InterfAddress == "" || pc.NodeAddress == "" || pc.AccountAddress == ""
|
||||
return pc.InterfAddress == common.HexToAddress("0x0") || pc.NodeAddress == common.HexToAddress("0x0") || pc.AccountAddress == common.HexToAddress("0x0")
|
||||
}
|
||||
|
||||
// sets default access to ReadOnly
|
||||
|
@ -181,13 +181,7 @@ func (o *OrgCache) UpsertOrg(orgId string, status OrgStatus) {
|
|||
defer o.mux.Unlock()
|
||||
o.mux.Lock()
|
||||
key := OrgKey{OrgId: orgId}
|
||||
if _, ok := o.c.Get(key); ok {
|
||||
log.Info("AJ-OrgId already exists. update it", "orgId", orgId)
|
||||
o.c.Add(key, &OrgInfo{orgId, status})
|
||||
} else {
|
||||
log.Info("AJ-OrgId does not exist. add it", "orgId", orgId)
|
||||
o.c.Add(key, &OrgInfo{orgId, status})
|
||||
}
|
||||
o.c.Add(key, &OrgInfo{orgId, status})
|
||||
}
|
||||
|
||||
func (o *OrgCache) GetOrg(orgId string) *OrgInfo {
|
||||
|
@ -221,13 +215,7 @@ func (n *NodeCache) UpsertNode(orgId string, url string, status NodeStatus) {
|
|||
defer n.mux.Unlock()
|
||||
n.mux.Lock()
|
||||
key := NodeKey{OrgId: orgId, Url: url}
|
||||
if _, ok := n.c.Get(key); ok {
|
||||
log.Info("AJ-Node already exists. update it", "orgId", orgId, "url", url)
|
||||
n.c.Add(key, &NodeInfo{orgId, url, status})
|
||||
} else {
|
||||
log.Info("AJ-Node does not exist. add it", "orgId", orgId, "url", url)
|
||||
n.c.Add(key, &NodeInfo{orgId, url, status})
|
||||
}
|
||||
n.c.Add(key, &NodeInfo{orgId, url, status})
|
||||
}
|
||||
|
||||
func (n *NodeCache) GetNodeByUrl(url string) *NodeInfo {
|
||||
|
@ -273,13 +261,7 @@ func (a *AcctCache) UpsertAccount(orgId string, role string, acct common.Address
|
|||
defer a.mux.Unlock()
|
||||
a.mux.Lock()
|
||||
key := AccountKey{orgId, role, acct}
|
||||
if _, ok := a.c.Get(key); ok {
|
||||
log.Info("AJ-account already exists. update it", "orgId", orgId, "role", role, "acct", acct)
|
||||
a.c.Add(key, &AccountInfo{orgId, role, acct, orgAdmin, status})
|
||||
} else {
|
||||
log.Info("AJ-account does not exist. add it", "orgId", orgId, "role", role, "acct", acct)
|
||||
a.c.Add(key, &AccountInfo{orgId, role, acct, orgAdmin, status})
|
||||
}
|
||||
a.c.Add(key, &AccountInfo{orgId, role, acct, orgAdmin, status})
|
||||
}
|
||||
|
||||
func (a *AcctCache) GetAccountByAccount(acct common.Address) *AccountInfo {
|
||||
|
@ -325,13 +307,8 @@ func (r *RoleCache) UpsertRole(orgId string, role string, voter bool, access Acc
|
|||
defer r.mux.Unlock()
|
||||
r.mux.Lock()
|
||||
key := RoleKey{orgId, role}
|
||||
if _, ok := r.c.Get(key); ok {
|
||||
log.Info("AJ-role already exists. update it", "orgId", orgId, "role", role, "access", access, "voter", voter, "active", active)
|
||||
r.c.Add(key, &RoleInfo{orgId, role, voter, access, active})
|
||||
} else {
|
||||
log.Info("AJ-role does not exist. add it", "orgId", orgId, "role", role, "access", access, "voter", voter, "active", active)
|
||||
r.c.Add(key, &RoleInfo{orgId, role, voter, access, active})
|
||||
}
|
||||
r.c.Add(key, &RoleInfo{orgId, role, voter, access, active})
|
||||
|
||||
}
|
||||
|
||||
func (r *RoleCache) GetRole(orgId string, roleId string) *RoleInfo {
|
||||
|
|
|
@ -1804,14 +1804,11 @@ func (s *PublicBlockChainAPI) GetQuorumPayload(digestHex string) (string, error)
|
|||
//End-Quorum
|
||||
|
||||
func resolvePrivateFor(privateFor []string) []string {
|
||||
|
||||
var newPrivateFor []string
|
||||
|
||||
for _, value := range privateFor {
|
||||
keys := types.ResolvePrivateForKeys(value)
|
||||
newPrivateFor = append(newPrivateFor, keys...)
|
||||
}
|
||||
|
||||
return newPrivateFor
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue