Support app-defined ACLs via user-data table and whoAmI RPC #590
Conversation
|
|
| @@ -172,8 +172,8 @@ def start_and_join(self, args): | |||
| cmd = ["rm", "-f"] + glob("member*.pem") | |||
| infra.proc.ccall(*cmd) | |||
|
|
|||
| self.consortium = infra.consortium.Consortium([1, 2, 3]) | |||
| self.initial_users = [1, 2, 3] | |||
| self.consortium = infra.consortium.Consortium([0, 1, 2]) | |||
There was a problem hiding this comment.
Previously we created a member1_cert.pem and member1_privk.pem, and these were associated with the member with ID 0 inside CCF. This changes the default member (and user) names used locally to match their eventual CCF IDs. This results in all of the -1 changes in memberclient.py. In general we should probably try to break the assumption that these IDs are in-sync to avoid domino bugs - maybe the default users should be alice, bob, and charlie?
|
|
Codecov Report
@@ Coverage Diff @@
## master #590 +/- ##
==========================================
+ Coverage 78.2% 78.24% +0.04%
==========================================
Files 143 143
Lines 10897 10964 +67
==========================================
+ Hits 8521 8578 +57
- Misses 2376 2386 +10
|
|
Should this new feature be briefly documented in https://microsoft.github.io/CCF/developers/index.html? |
|
|
I've added this to the member docs - a section on "Adding users" under "Common governance operations". I don't think there's a clean spot to put it in the developers documentation at the moment. If it proves generally useful, we can add a few example uses in time. |
|
|
There's already a "Adding Users" section described when the network is opened (https://microsoft.github.io/CCF/members/open_network.html#adding-users). Should this two be merged somehow? |
Good spot! I've moved the new info under that existing section. |
|
|
…t#590) * Add whoAmI and whoIs RPCs * Name cert files [user|member]0-2, not 1-3 * Remove manual offsetting from txregulatorclient * Separate local name from CCF-retrieved ID * Remove manual offset from demo script too * Auto stringify * Add user_data field in UserInfo, settable by members * USERS table should be whitelisted * Trying to log most types from lua is an error * Add privilege model to txregulator app - WIP * Semantic indentation * Format * Add permissions for demo script * who_is should return a WhoIs::Out * Schema for new RPCs * Fix IDs in memberclient * Address PR comments * Document adding users + user-data * Move new info to existing Adding Users section
This is primarily completing #431 with some minor additions. To get there, I also needed the caller lookup RPCs mentioned in #575, and to demonstrate this functionality I updated the
txregulatorsample app.So 3 things:
user_datafield in theUserInfoobject, writable by members via consensus. This can store arbitrary json objects, so its up to the app instance to determine how permissions are encoded.whoAmIandwhoIsRPCs, so that an external user can find out their CCF User or Member ID.txregulatorsample app to checkuser_datapermissions for registering regulators and banks. Most of the changes in the client are about drawing a clear distinction between the local name for a user (used as theXinuserX_privk.pemfor our Python infrastructure) and their CCF ID.