Hyperledger Fabric - How to limit Org2 to install/instantiate/upgrade the chaincode to the channel?

為{幸葍}努か 提交于 2021-01-28 18:46:43

问题


My fabric network's consortium(in configtx.yaml) has two organizations: ORG1 and ORG2. ORG1 has 4 main peers and ORG2 has only 1 peer. ORG2 peer's only purpose is to have the copy of the ledger(for the auditing purpose).

They all joined the same channel and let's say ORG1's admin already installed/instantiated the chaincode version 0.1

Now, ORG2's admin will be also able to 'peer chaincode upgrade" to version 0.2 with the same chaincode name and when the proposal reaches one of the ORG1 peers, it will say something like :

endorsement failure during invoke. response: status:500 message:"cannot retrieve package for chaincode [chaincode name]/0.2, error open /var/hyperledger/production/chaincodes/[chaincode name]/0.2: no such file or directory"

How we completely prevent ORG2 from upgrading the chaincode version? so that only ORG1's admin can perform the administrative operations?

I have searched the ACL, but it seems the administrative operations are not controlled by ACL settings.


回答1:


After the research, we figured out we can set this on the instantiate policy on chaincode package.

please see below fabric document:

https://hyperledger-fabric.readthedocs.io/en/release-1.4/commands/peerchaincode.html#peer-chaincode-package

with the flag -i, you can set the instantiate policy when packing the chaincode. Then only the Org(s) allowed on the policy will be able to instantiate or upgrade the chaincode on the channel



来源:https://stackoverflow.com/questions/55133710/hyperledger-fabric-how-to-limit-org2-to-install-instantiate-upgrade-the-chainc

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!