I have implemented fabric sdk to install and instantiate the chaincode. Everything is working fine, but not able to figure out the correct to implement endorsement in fabric nodesdk
Here is the endorsement policy which i have used while using command:
peer chaincode ${CHAINCODE_ACTION} -o orderer.google.com:7050 \
--tls --cafile ${ORDERER_CA} -C $CHANNEL_NAME \
-n ${CHAINCODE_NAME} -l ${LANG} -v "$CHAINCODE_VERSION" \
-c '{"Args":[]}' \
-P "AND (OR('Org1MSP.peer', 'Org1MSP.client','Org1MSP.member','Org1MSP.admin'),
OR ('Org2MSP.peer', 'Org2MSP.client', 'Org2MSP.member', 'Org2MSP.admin'))"
If I want to implement the same in nodesdk, below is the reference I got it from balance transfer example:
const request = {
targets: [peer],
chaincodeId: 'cc1',
chaincodeType: 'java',
chaincodeVersion: '7.0',
txId: tx_id,
// Use this to demonstrate the following policy:
// The policy can be fulfilled when members from both orgs signed.
'endorsement-policy': {
identities: [
{role: {name: 'member', mspId: 'Org1MSP'}},
{role: {name: 'member', mspId: 'Org2MSP'}}
],
policy: {'2-of': [{'signed-by': 0}, {'signed-by': 1}]}
}
};
I understand that 2-of in nothing but AND condition between the orgs. signed by 0 and 1 are the indexes of identities. But how can we add OR condition with in Org member, client, admin, peer?
I dont find any documentation to dig more into this. Any help will be much appreciated.
Your understanding of the endorsement-policy in node-sdk is absolutely correct. A "signaturePolicy" has the following object structure.
type -- SIGNATURE
rule
Type -- n_out_of
n_out_of
N -- {int}
rules -- {array}
Type -- signed_by
signed_by -- {int}
identities -- {array}
principal_classification -- {int}
msp_identifier -- {string}
Role -- MEMBER | ADMIN
You can read more about it here. You can also refer to examples in the section ChaincodeInstantiateUpgradeRequest.
Now, coming onto the question that you asked which is, how can we add OR condition within Org member, client, admin, peer. Check the below example, which is originally from the node SDK documentation.
Endorsement policy: "Signed by admin of the ordererOrg and any member from one of the peer organizations"
{
identities: [
{ role: { name: "member", mspId: "peerOrg1" }},
{ role: { name: "member", mspId: "peerOrg2" }},
{ role: { name: "admin", mspId: "ordererOrg" }}
],
policy: {
"2-of": [
{ "signed-by": 2},
{ "1-of": [{ "signed-by": 0 }, { "signed-by": 1 }]}
]
}
}
As you can see the only identities can be either admin or member that you can specify in your endorsement-policies. A member here can be any member apart from the admin. It can be a peer, client, user. If you want it to be signed by an admin, you'll have to specify explicitly in role object with value admin for the property name.
For your case, I think the following structure will be apt.
{
identities: [
{ role: { name: "member", mspId: "peerOrg1" }},
{ role: { name: "admin", mspId: "peerOrg1" }},
{ role: { name: "member", mspId: "peerOrg2" }},
{ role: { name: "admin", mspId: "peerOrg2" }}
],
policy: {
"2-of": [
{ "1-of": [{ "signed-by": 0 }, { "signed-by": 1 }]}
{ "1-of": [{ "signed-by": 2 }, { "signed-by": 3 }]}
]
}
}
Sadly, I couldn't find more examples of endorsement-policies in node-sdk but I think above examples would do the job in explaining its working.
Also, I think this will help you in a better understanding of what members and admins are in an endorsement policy.