-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support app-defined ACLs via user-data table and whoAmI RPC #590
Conversation
@@ -172,8 +172,8 @@ def start_and_join(self, args): | |||
cmd = ["rm", "-f"] + glob("member*.pem") | |||
infra.proc.ccall(*cmd) | |||
|
|||
self.consortium = infra.consortium.Consortium([1, 2, 3]) | |||
self.initial_users = [1, 2, 3] | |||
self.consortium = infra.consortium.Consortium([0, 1, 2]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Previously we created a member1_cert.pem
and member1_privk.pem
, and these were associated with the member with ID 0
inside CCF. This changes the default member (and user) names used locally to match their eventual CCF IDs. This results in all of the -1
changes in memberclient.py
. In general we should probably try to break the assumption that these IDs are in-sync to avoid domino bugs - maybe the default users should be alice
, bob
, and charlie
?
Codecov Report
@@ Coverage Diff @@
## master #590 +/- ##
==========================================
+ Coverage 78.2% 78.24% +0.04%
==========================================
Files 143 143
Lines 10897 10964 +67
==========================================
+ Hits 8521 8578 +57
- Misses 2376 2386 +10
|
Should this new feature be briefly documented in https://microsoft.github.io/CCF/developers/index.html? |
I've added this to the member docs - a section on "Adding users" under "Common governance operations". I don't think there's a clean spot to put it in the developers documentation at the moment. If it proves generally useful, we can add a few example uses in time. |
There's already a "Adding Users" section described when the network is opened (https://microsoft.github.io/CCF/members/open_network.html#adding-users). Should this two be merged somehow? |
Good spot! I've moved the new info under that existing section. |
…t#590) * Add whoAmI and whoIs RPCs * Name cert files [user|member]0-2, not 1-3 * Remove manual offsetting from txregulatorclient * Separate local name from CCF-retrieved ID * Remove manual offset from demo script too * Auto stringify * Add user_data field in UserInfo, settable by members * USERS table should be whitelisted * Trying to log most types from lua is an error * Add privilege model to txregulator app - WIP * Semantic indentation * Format * Add permissions for demo script * who_is should return a WhoIs::Out * Schema for new RPCs * Fix IDs in memberclient * Address PR comments * Document adding users + user-data * Move new info to existing Adding Users section
This is primarily completing #431 with some minor additions. To get there, I also needed the caller lookup RPCs mentioned in #575, and to demonstrate this functionality I updated the
txregulator
sample app.So 3 things:
user_data
field in theUserInfo
object, writable by members via consensus. This can store arbitrary json objects, so its up to the app instance to determine how permissions are encoded.whoAmI
andwhoIs
RPCs, so that an external user can find out their CCF User or Member ID.txregulator
sample app to checkuser_data
permissions for registering regulators and banks. Most of the changes in the client are about drawing a clear distinction between the local name for a user (used as theX
inuserX_privk.pem
for our Python infrastructure) and their CCF ID.