hyperledger-fabric - Hyperledger Fabric CA:管理员的隶属关系更改后无法执行 GetAllIdentities()
问题描述
我使用 registrar Admin(没有从属关系字段)注册了用户(从属关系“org1.department1”)。然后我的管理员被阻止了,因为输入了 10 次错误的密码。我正在尝试使用另一个管理员(带有隶属关系字段)来获取用户身份。现在我从这个代码块(dbaccessor.go,592)中得到错误:
if util.ListContains(types, "*") { // If type is '*', allowed to get back of all types for requested affiliation
query := "SELECT * FROM users WHERE ((affiliation = ?) OR (affiliation LIKE ?))"
rows, err := d.db.Queryx("GetFilteredUsers", d.db.Rebind(query))
if err != nil {
return nil, errors.Wrapf(err, "Failed to execute query '%s' for affiliation '%s' and types '%s'", query, affiliation, types)
}
return rows, nil
}
这是我收到的错误消息:
172.19.0.1:59830 GET /identities?ca=ca.rzd.wheelsets.ru 500 49 "Failed to get users by affiliation and type: Failed to execute query 'SELECT * FROM users WHERE ((affiliation = ?) OR (affiliation LIKE ?))' for affiliation 'org1.department1' and types '*': Not enough args to execute query. Expected 2, got 0."
这是否意味着我无法获得用户,该注册管理员与另一个从属关系,对吗?
我需要:
(1) 更改管理员密码或
(2) 新建管理员
但是如果(1)我不能发出 modifyRequest,因为它需要从属关系(如果我改变它,我将失去读取注册身份的能力)并且如果(2)新发布的管理员将有从属关系字段并且将无法获得身份。
解决方案
尝试注册新的 Registrar 用户后,我遇到了同样的问题:
管理员注册商 CA 的身份列表可以正常工作:
vagrant@vagrant:~/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate_client$ fabric-ca-client identity list -u https://localhost:7154 --caname ca-org1-intermediate --tls.certfiles /home/vagrant/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate/ca-cert.pem
Name: admin, Type: client, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:1 ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:hf.Revoker Value:1 ECert:false} {Name:hf.IntermediateCA Value:1 ECert:false} {Name:hf.GenCRL Value:1 ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false}]
Name: davidfdr, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:app1Admin Value:true ECert:true} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.EnrollmentID Value:davidfdr ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true} {Name:hf.Revoker Value:true ECert:false}]
Name: davidfdr2, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:app1Admin Value:true ECert:true} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:hf.EnrollmentID Value:davidfdr2 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
Name: davidfdr3, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:true ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:app1Admin Value:true ECert:true} {Name:hf.Revoker Value:true ECert:false} {Name:hf.IntermediateCA Value:true ECert:false} {Name:hf.GenCRL Value:true ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.EnrollmentID Value:davidfdr3 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
Name: davidfdr4, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:true ECert:false} {Name:hf.IntermediateCA Value:true ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.Revoker Value:true ECert:false} {Name:hf.GenCRL Value:true ECert:false} {Name:app1Admin Value:true ECert:true} {Name:email Value:david@gmail.com ECert:false} {Name:hf.EnrollmentID Value:davidfdr4 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
Name: davidfdr5, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:true ECert:false} {Name:hf.IntermediateCA Value:true ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.Revoker Value:true ECert:false} {Name:hf.GenCRL Value:true ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:app1Admin Value:true ECert:true} {Name:hf.EnrollmentID Value:davidfdr5 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
vagrant@vagrant:~/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate_client$
但是在使用以下命令注册新用户后:
fabric-ca-client register --id.name davidfdr4 --id.secret davidfdrpw --id.type admin --id.affiliation org1 --id.attrs 'hf.AffiliationMgr=true,hf.Revoker=true,hf.IntermediateCA=true,hf.GenCRL=true,hf.Registrar.Attributes=*,hf.Registrar.Roles=*,hf.Registrar.DelegateRoles=*,app1Admin=true:ecert,email=david@gmail.com,phone=5561991538000' --caname ca-org1-intermediate --tls.certfiles /home/vagrant/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate/ca-cert.pem
在为用户 davidfdr4 注册 id 并发出简单的命令后:
fabric-ca-client identity list -u https://localhost:7154 --caname ca-org1-intermediate --tls.certfiles /home/vagrant/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate/ca-cert.pem
服务器返回相同的错误:
ca_org1_intermediate|2021/08/28 21:05:25 [INFO] 172.31.0.1:45884 GET /identities?ca=ca-org1-intermediate 500 49 "Failed to get users by affiliation and type: Failed to execute query 'SELECT * FROM users WHERE ((affiliation = ?) OR (affiliation LIKE ?))' for affiliation 'org1' and types '*': not enough args to execute query: want 2 got 0"
推荐阅读
- tfs - TFS On Premise:使用 Postman 创建待办事项的 API
- javascript - 如何以新键添加到键的相同嵌套格式提取嵌套对象的键
- angular - Angular 6 'mat-button-toggle' 不是已知元素
- c# - 将列表框的项目保存到文本文件中
- restsharp - 从 RestSharp RestRequest 中删除标头
- angular - 仅具有相对路径的主路由器出口内的路由器出口
- javascript - 简单的博主机器人
- spring - 使用 JPA 和 Spring 查找具有对象列表的不同行
- c# - 用 Linq 表达式树对“Single&”进行算术运算?
- python - 图像未显示在 python 3.6.5 的 pygame 中