Reputation: 1587
AccessException: composer network ping does not generate certificates
I am trying to issue a new identity to a participant, create a composer card and import it.
My base.cto file is
namespace com.algorythmix.base
participant Department identified by departmentId {
o String departmentId
}
My function to issue an identity
const initIdentities = () => {
return new Promise(async function(resolve, reject) {
try {
const businessNetworkConnection = new BusinessNetworkConnection();
await businessNetworkConnection.connect(adminCardName);
let departmentRegistry = await businessNetworkConnection.getParticipantRegistry(`${BASE_NS}.Department`);
let departmentOne = await departmentRegistry.get('departmentOne');
let deptOne = await businessNetworkConnection.issueIdentity(`${BASE_NS}.Department#${departmentOne.departmentId}`, 'departmentOne');
console.log(`userID = ${deptOne.userID}`);
console.log(`userSecret = ${deptOne.userSecret}`);
let departmentTwo = await departmentRegistry.get('departmentTwo');
let deptTwo = await businessNetworkConnection.issueIdentity(`${BASE_NS}.Department#${departmentTwo.departmentId}`, 'departmentTwo');
console.log(`userID = ${deptTwo.userID}`);
console.log(`userSecret = ${deptTwo.userSecret}`);
const adminConnection = new AdminConnection(); // { cardStore: $SOME_PATH_VARIABLE } to change def2ault card storage path
await adminConnection.connect(adminCardName); // Confirm this
console.log('connected');
const cardOne = new IdCard({
userName: 'departmentOne',
version: 1,
enrollmentSecret: deptOne.userSecret,
businessNetwork: 'chips'
}, connectionProfile);
const cardTwo = new IdCard({
userName: 'departmentTwo',
version: 1,
enrollmentSecret: deptTwo.userSecret,
businessNetwork: 'chips'
}, connectionProfile);
console.log('importing card one');
await adminConnection.importCard('departmentOne', cardOne);
await adminConnection.importCard('departmentTwo', cardTwo);
console.log('imported card two');
await businessNetworkConnection.disconnect();
await adminConnection.disconnect();
resolve();
} catch (e) {
reject(e);
};
});
};
Where adminCardName is the one generated when using composer network start command as per the basic tutorial provided here https://hyperledger.github.io/composer/latest/tutorials/deploy-to-fabric-single-org
And connectionProfile is taken from the above page as well. I have double checked the connection profile used by the admin@chips card and the one I have used is exactly the same.
Once I run the function, in composer card list, a card called departmentOne and departmentTwo is listed with the Business network shown as chips (as expected).
Now when I run composer network ping -c departmentOne, I get the error
Error: 2 UNKNOWN: error executing chaincode: transaction returned with failure: AccessException: Participant 'com.algorythmix.base.Department#departmentOne' does not have 'READ' access to resource 'org.hyperledger.composer.system.Network#[email protected]'
Command failed
I have
1) Deleted permissions.acl which as per the documentation results in everyone getting full access
2) used following permissions.acl file
rule Default {
description: "Allow all participants access to all resources"
participant: "com.algorythmix.base.Department"
operation: ALL
resource: "org.hyperledger.composer.system.Network"
action: ALLOW
}
rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}
rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
To specifically give the participant access to the network. I have also uploaded the .bna to composer-playground and it works over there as expected.
Can someone please guide me, as to what I am doing wrong? Info: Ubuntu - 16.0.4 Fabric - 1.1 Composer - 0.19.11 Node - 8.9.1
Upvotes: 0
Views: 304
Answers (2)
Reputation: 105
I solved the same issue by changing the version in package.json file.
Upvotes: 0
Reputation: 6740
the error 'org.hyperledger.composer.system.Network#[email protected]' suggests the underlying participant does not have the minimal READ access to the actual business network.
I would suggest a rule (rule 2) something like this:
rule ReadNetwork {
description: "Allow all participants to read network"
participant: "org.hyperledger.composer.system.Participant"
operation: READ
resource: "org.hyperledger.composer.system.Network"
action: ALLOW
}
Upvotes: 1
Related Questions
- Handshake failed with fatal error SSL_ERROR_SSL
- Hyperledger Composer: Error: Error trying to ping. Error: Error trying to query business network. Error: Connect Failed
- Hyperledger Composer v0.16.0 network start error
- Hyperledger Composer: command "composer network start" failing with "Error: REQUEST_TIMEOUT"
- Error: Error trying to ping. Error: 2 UNKNOWN
- Peer error when trying composer network start
- v0.19.0 composer network start failed
- Hyperledger Composer: Error: failed to request identity. Error trying to enroll user and return certificates
- hyperledger tls certificate not trusted
- Hyperledger composer admin certificate not being able to deploy network