Hyperledger Fabric: how can I invoke a chaincode with the role of a user?

Question

I've set up a sample network with three organizations:

• Org0 with two orderers;
• Org1 with one peer and one admin identity;
• Org2 with one peer, one admin identity and two user identities.

I've also set two CA, the second one gives certificates for TLS.

In the docker-compose.yaml, I've created two cli containers for Org1 and Org2 where I can act as admin joining a channel and installing the chaincode. In this way, I am able to deploy the chaincode without any problem. If I invoke the chaincode from the cli container of Org1 or Org2, it is always invoked with the role of admin of the organization (the certificate of the requestor is always the one of the admin of the org).

How can I invoke a smart contract with the role of a user that I've already registered on my CA (with the user certificate of one of the users of Org2) without implementing an application? This is useful for me only for testing purposes.

Currently I run this command:

peer chaincode invoke -C mychannel -n basic -c '{"Args":\["InsertData", "asset1","1300"\]}' -o orderer1.org0.com:7050 --tls true --cafile Org0/tls/cacerts/localhost-8054.pem --peerAddresses peer1.org1.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org1/peer1/tls/cacerts/localhost-8054.pem --peerAddresses peer1.org2.com:7056 --tlsRootCertFiles /chaincode/certs/Org2/tls/cacerts/localhost-8054.pem --clientauth --certfile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org1/peer1/tls/signcerts/cert.pem --keyfile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org1/peer1/tls/keystore/server.key

from this container (this is the corresponding service in the docker-compose.yaml file):

cli_org2:
container_name: cli_org2
image: hyperledger/fabric-tools:2.3
#1.4.2
tty: true
stdin_open: true

environment:
  - GOPATH=/opt/gopath
  - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
  - FABRIC_LOGGING_SPEC=INFO
  - CORE_PEER_ID=cli_org2 
  - CORE_PEER_LOCALMSPID=org2
  
  - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org2/peer1/msp/user/admin
  - CORE_PEER_ADDRESS=peer1.org2.com:7056

  ##TLS
  - CORE_PEER_TLS_ENABLED=true
  - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org2/peer1/tls/cacerts/localhost-8054.pem
  - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org2/peer1/tls/signcerts/cert.pem    #/tlsca/server.crt
  - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org2/peer1/tls/keystore/server.key
  - CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
  - CORE_PEER_TLS_CLIENTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org2/peer1/tls/signcerts/cert.pem
  - CORE_PEER_TLS_CLIENTKEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org2/peer1/tls/keystore/server.key

working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
    - ./tlsca:/tlsca
    - /var/run/:/host/var/run/
    - ./peerOrgs:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto
    - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
    - ./chaincode:/chaincode
networks:
  fabric:

Answer 1

You can simply enroll your new user cryptographic material (MSP and TLS) from your CA and deploy a client container analog to the admin one, but pointing to the new material (with different volumes and env variables CORE_PEER_ID, CORE_PEER_MSPCONFIGPATH, etc.).

Anyone, at any point you are going to need to develop a client application with the SDK to implement more complex operations and execution flows.

You can also look for some higher level tool. IBM Blockchain Platform extension for VSCode is a good one.