[FAB-9409] add ACL spec to configtx

muralisrini · muralisrini · commit 9c51f9f94ab3 · 2018-04-12T14:58:19.000-04:00
Add ACLs property to Application in configtx along with
defaults and allow configtxgen to read it.

Change-Id: Ib2cad64db3f272b4760743e3177c092c6b2a31b2
Signed-off-by: Srinivasan Muralidharan &lt;srinivasan.muralidharan99@gmail.com&gt;
diff --git a/common/tools/configtxgen/localconfig/config.go b/common/tools/configtxgen/localconfig/config.go
@@ -115,6 +115,7 @@ type Application struct {
 	Capabilities  map[string]bool    `yaml:"Capabilities"`
 	Resources     *Resources         `yaml:"Resources"`
 	Policies      map[string]*Policy `yaml:"Policies"`
+	ACLs          map[string]string  `yaml:"ACLs"`
 }
 
 // Resouces encodes the application-level resources configuration needed to seed the resource tree
diff --git a/sampleconfig/configtx.yaml b/sampleconfig/configtx.yaml
@@ -327,6 +327,34 @@ Orderer: &OrdererDefaults
 #
 ################################################################################
 Application: &ApplicationDefaults
+    ACLs:
+        ### TODO --- each of these mappings need to be documented
+        #Lifecycle System Chaincode resource to policy mapping for access control
+        LSCC.GETCCINFO: /Channel/Application/Readers
+        LSCC.GETDEPSPEC: /Channel/Application/Readers
+        LSCC.GETCCDATA: /Channel/Application/Readers
+
+        #Query System Chaincode resource to policy mapping for access control
+        QSCC.GetChainInfo: /Channel/Application/Readers
+        QSCC.GetBlockByNumber: /Channel/Application/Readers
+        QSCC.GetBlockByHash: /Channel/Application/Readers
+        QSCC.GetTransactionByID: /Channel/Application/Readers
+        QSCC.GetBlockByTxID: /Channel/Application/Readers
+
+        #Configuration System Chaincode resource to policy mapping for access control
+        CSCC.GetConfigBlock: /Channel/Application/Readers
+        CSCC.GetConfigTree: /Channel/Application/Readers
+        CSCC.SimulateConfigTreeUpdate: /Channel/Application/Writers
+
+        #Proposal resource to policy mapping default for access control
+        PROPOSAL: /Channel/Application/Writers
+
+        #Chaincode-to-Chaincode invocation resource to policy mapping for access control
+        CC2CC: /Channel/Application/Readers
+
+        #Events resource to policy mapping for access control
+        BLOCKEVENT: /Channel/Application/Readers
+        FILTEREDBLOCKEVENT: /Channel/Application/Readers
 
     # Organizations lists the orgs participating on the application side of the
     # network.

Original file line number	Diff line number	Diff line change
`@@ -115,6 +115,7 @@ type Application struct {`
`115`	`115`	Capabilities map[string]bool `yaml:"Capabilities"`
`116`	`116`	Resources *Resources `yaml:"Resources"`
`117`	`117`	Policies map[string]*Policy `yaml:"Policies"`
	`118`	+ ACLs map[string]string `yaml:"ACLs"`
`118`	`119`	`}`
`119`	`120`
`120`	`121`	`// Resouces encodes the application-level resources configuration needed to seed the resource tree`