[FAB-9739] Introduce ACLProvider interface

Pass the ACL provider to chaincode support instead of getting it from a
global out of the handler.

Change-Id: I4f58cea1b17db248d190a7f48cdd1f2da2030fce
Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>

Author: sykesm

core/chaincode/chaincode_support.go

@@ -52,6 +52,7 @@ func NewChaincodeSupport(
 	caCert []byte,
 	certGenerator CertGenerator,
 	packageProvider PackageProvider,
+	aclProvider ACLProvider,
 ) *ChaincodeSupport {
 	cs := &ChaincodeSupport{
 		caCert:           caCert,
@@ -63,6 +64,7 @@ func NewChaincodeSupport(
 		executetimeout:   config.ExecuteTimeout,
 		handlerRegistry:  NewHandlerRegistry(userrunsCC),
 		PackageProvider:  packageProvider,
+		ACLProvider:      aclProvider,
 	}
 
 	// Keep TestQueries working
@@ -100,6 +102,7 @@ type ChaincodeSupport struct {
 	userRunsCC       bool
 	ContainerRuntime Runtime
 	PackageProvider  PackageProvider
+	ACLProvider      ACLProvider
 	sccp             sysccprovider.SystemChaincodeProvider
 }
 

core/chaincode/chaincode_support_test.go

@@ -167,7 +167,16 @@ func initMockPeer(chainIDs ...string) (*ChaincodeSupport, error) {
 	ccprovider.SetChaincodesPath(ccprovider.GetCCsPath())
 	ca, _ := accesscontrol.NewCA()
 	certGenerator := accesscontrol.NewAuthenticator(ca)
-	chaincodeSupport := NewChaincodeSupport(GlobalConfig(), "0.0.0.0:7052", true, ccStartupTimeout, ca.CertBytes(), certGenerator, &ccprovider.CCInfoFSImpl{})
+	chaincodeSupport := NewChaincodeSupport(
+		GlobalConfig(),
+		"0.0.0.0:7052",
+		true,
+		ccStartupTimeout,
+		ca.CertBytes(),
+		certGenerator,
+		&ccprovider.CCInfoFSImpl{},
+		aclmgmt.GetACLProvider(),
+	)
 	SideEffectInitialize(chaincodeSupport)
 	chaincodeSupport.SetSysCCProvider(sccp)
 	chaincodeSupport.executetimeout = time.Duration(1) * time.Second

core/chaincode/exectransaction_test.go

@@ -116,7 +116,16 @@ func initPeer(chainIDs ...string) (net.Listener, *ChaincodeSupport, func(), erro
 	ccprovider.SetChaincodesPath(ccprovider.GetCCsPath())
 	ca, _ := accesscontrol.NewCA()
 	certGenerator := accesscontrol.NewAuthenticator(ca)
-	chaincodeSupport := NewChaincodeSupport(GlobalConfig(), peerAddress, false, ccStartupTimeout, ca.CertBytes(), certGenerator, &ccprovider.CCInfoFSImpl{})
+	chaincodeSupport := NewChaincodeSupport(
+		GlobalConfig(),
+		peerAddress,
+		false,
+		ccStartupTimeout,
+		ca.CertBytes(),
+		certGenerator,
+		&ccprovider.CCInfoFSImpl{},
+		aclmgmt.GetACLProvider(),
+	)
 	chaincodeSupport.SetSysCCProvider(sccp)
 	SideEffectInitialize(chaincodeSupport)
 	pb.RegisterChaincodeSupportServer(grpcServer, chaincodeSupport)

core/chaincode/handler.go

@@ -18,7 +18,6 @@ import (
 	commonledger "github.com/hyperledger/fabric/common/ledger"
 	"github.com/hyperledger/fabric/common/resourcesconfig"
 	"github.com/hyperledger/fabric/common/util"
-	"github.com/hyperledger/fabric/core/aclmgmt"
 	"github.com/hyperledger/fabric/core/aclmgmt/resources"
 	"github.com/hyperledger/fabric/core/common/ccprovider"
 	"github.com/hyperledger/fabric/core/common/sysccprovider"
@@ -42,6 +41,12 @@ var chaincodeLogger = flogging.MustGetLogger("chaincode")
 
 type stateHandlers map[pb.ChaincodeMessage_Type]func(*pb.ChaincodeMessage)
 
+// ACLProvider is responsible for performing access control checks when invoking
+// chaincode.
+type ACLProvider interface {
+	CheckACL(resName string, channelID string, idinfo interface{}) error
+}
+
 // internal interface to scope dependencies on ChaincodeSupport
 type handlerSupport interface {
 	deregisterHandler(*Handler) error
@@ -83,6 +88,8 @@ type Handler struct {
 
 	keepalive  time.Duration
 	userRunsCC bool
+
+	aclProvider ACLProvider
 }
 
 func shorttxid(txid string) string {
@@ -206,7 +213,7 @@ func (h *Handler) checkACL(signedProp *pb.SignedProposal, proposal *pb.Proposal,
 		return errors.Errorf("signed proposal must not be nil from caller [%s]", ccIns.String())
 	}
 
-	return aclmgmt.GetACLProvider().CheckACL(resources.Peer_ChaincodeToChaincode, ccIns.ChainID, signedProp)
+	return h.aclProvider.CheckACL(resources.Peer_ChaincodeToChaincode, ccIns.ChainID, signedProp)
 }
 
 func (h *Handler) deregister() {
@@ -325,6 +332,7 @@ func newChaincodeSupportHandler(chaincodeSupport *ChaincodeSupport, peerChatStre
 		activeTransactions: NewActiveTransactions(),
 		keepalive:          chaincodeSupport.keepalive,
 		userRunsCC:         chaincodeSupport.userRunsCC,
+		aclProvider:        chaincodeSupport.ACLProvider,
 		sccp:               sccp,
 	}
 

core/chaincode/systemchaincode_test.go

@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/hyperledger/fabric/common/util"
+	"github.com/hyperledger/fabric/core/aclmgmt"
 	"github.com/hyperledger/fabric/core/chaincode/accesscontrol"
 	"github.com/hyperledger/fabric/core/chaincode/shim"
 	"github.com/hyperledger/fabric/core/common/ccprovider"
@@ -121,7 +122,16 @@ func initSysCCTests() (*oldSysCCInfo, net.Listener, *ChaincodeSupport, error) {
 	ccStartupTimeout := time.Duration(5000) * time.Millisecond
 	ca, _ := accesscontrol.NewCA()
 	certGenerator := accesscontrol.NewAuthenticator(ca)
-	chaincodeSupport := NewChaincodeSupport(GlobalConfig(), peerAddress, false, ccStartupTimeout, ca.CertBytes(), certGenerator, &ccprovider.CCInfoFSImpl{})
+	chaincodeSupport := NewChaincodeSupport(
+		GlobalConfig(),
+		peerAddress,
+		false,
+		ccStartupTimeout,
+		ca.CertBytes(),
+		certGenerator,
+		&ccprovider.CCInfoFSImpl{},
+		aclmgmt.GetACLProvider(),
+	)
 	pb.RegisterChaincodeSupportServer(grpcServer, chaincodeSupport)
 
 	go grpcServer.Serve(lis)

core/scc/cscc/configure_test.go

@@ -195,7 +195,16 @@ func TestConfigerInvokeJoinChainCorrectParams(t *testing.T) {
 	ccStartupTimeout := time.Duration(30000) * time.Millisecond
 	ca, _ := accesscontrol.NewCA()
 	certGenerator := accesscontrol.NewAuthenticator(ca)
-	chaincode.NewChaincodeSupport(chaincode.GlobalConfig(), peerEndpoint, false, ccStartupTimeout, ca.CertBytes(), certGenerator, &ccprovider.CCInfoFSImpl{})
+	chaincode.NewChaincodeSupport(
+		chaincode.GlobalConfig(),
+		peerEndpoint,
+		false,
+		ccStartupTimeout,
+		ca.CertBytes(),
+		certGenerator,
+		&ccprovider.CCInfoFSImpl{},
+		aclmgmt.GetACLProvider(),
+	)
 
 	// Init the policy checker
 	policyManagerGetter := &policymocks.MockChannelPolicyManagerGetter{

peer/node/start.go

@@ -596,6 +596,7 @@ func registerChaincodeSupport(grpcServer *comm.GRPCServer, ccEndpoint string, ca
 		ca.CertBytes(),
 		authenticator,
 		&ccprovider.CCInfoFSImpl{},
+		aclmgmt.GetACLProvider(),
 	)
 	chaincode.SideEffectInitialize(chaincodeSupport)