FAB-10471 Cleanup configtx.yaml defaults

Jason Yellick · Jason Yellick · commit 2453c27d9cc7 · 2018-05-30T14:34:39.000-04:00
The suggested default policies don't really mesh with the default ACLs.
This CR cleans them up and updates the e2e_cli to use the suggested
defaults.

Change-Id: I294bfc59d543d7c6191237e1cd34957efdeb64dc
Signed-off-by: Jason Yellick &lt;jyellick@us.ibm.com&gt;
diff --git a/examples/e2e_cli/configtx.yaml b/examples/e2e_cli/configtx.yaml
@@ -57,7 +57,7 @@ Organizations:
         Policies:
             Readers:
                 Type: Signature
-                Rule: "OR('Org1MSP.admin', 'Org1MSP.peer')"
+                Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
             Writers:
                 Type: Signature
                 Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
@@ -88,7 +88,7 @@ Organizations:
         Policies:
             Readers:
                 Type: Signature
-                Rule: "OR('Org2MSP.admin', 'Org2MSP.peer')"
+                Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
             Writers:
                 Type: Signature
                 Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
@@ -115,6 +115,20 @@ Organizations:
 
         MSPDir: crypto-config/idemix/idemix-config
 
+        # Policies defines the set of policies at this level of the config tree
+        # For organization policies, their canonical path is usually
+        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
+        Policies:
+            Readers:
+                Type: Signature
+                Rule: "OR('Org3MSP.admin', 'Org3MSP.peer', 'Org3MSP.client')"
+            Writers:
+                Type: Signature
+                Rule: "OR('Org3MSP.admin', 'Org3MSP.client')"
+            Admins:
+                Type: Signature
+                Rule: "OR('Org3MSP.admin')"
+
         AnchorPeers:
             # AnchorPeers defines the location of peers which can be used
             # for cross org gossip communication.  Note, this value is only
diff --git a/sampleconfig/configtx.yaml b/sampleconfig/configtx.yaml
@@ -38,13 +38,13 @@ Organizations:
                 Rule: "OR('SampleOrg.member')"
                 # If your MSP is configured with the new NodeOUs, you might
                 # want to use a more specific rule like the following:
-                # Rule: "OR('SampleOrg.admin', 'SampleOrg.peer')"
+                # Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')"
             Writers:
                 Type: Signature
                 Rule: "OR('SampleOrg.member')"
                 # If your MSP is configured with the new NodeOUs, you might
                 # want to use a more specific rule like the following:
-                # Rule: "OR('SampleOrg.admin', 'SampleOrg.client'')"
+                # Rule: "OR('SampleOrg.admin', 'SampleOrg.client')"
             Admins:
                 Type: Signature
                 Rule: "OR('SampleOrg.admin')"
@@ -189,7 +189,7 @@ Application: &ApplicationDefaults
         cscc/GetConfigTree: /Channel/Application/Readers
 
         # ACL policy for cscc's "SimulateConfigTreeUpdate" function
-        cscc/SimulateConfigTreeUpdate: /Channel/Application/Writers
+        cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
 
         #---Miscellanesous peer function to policy mapping for access control---#
 
