时间戳

首页 > 解决方案 > Hyperledger Fabric CA:管理员的隶属关系更改后无法执行 GetAllIdentities()

hyperledger-fabric - Hyperledger Fabric CA:管理员的隶属关系更改后无法执行 GetAllIdentities()

问题描述

我使用 registrar Admin(没有从属关系字段)注册了用户(从属关系“org1.department1”)。然后我的管理员被阻止了,因为输入了 10 次错误的密码。我正在尝试使用另一个管理员(带有隶属关系字段)来获取用户身份。现在我从这个代码块(dbaccessor.go,592)中得到错误:

if util.ListContains(types, "*") { // If type is '*', allowed to get back of all types for requested affiliation
        query := "SELECT * FROM users WHERE ((affiliation = ?) OR (affiliation LIKE ?))"
        rows, err := d.db.Queryx("GetFilteredUsers", d.db.Rebind(query))
        if err != nil {
            return nil, errors.Wrapf(err, "Failed to execute query '%s' for affiliation '%s' and types '%s'", query, affiliation, types)
        }
        return rows, nil
    }

这是我收到的错误消息:

172.19.0.1:59830 GET /identities?ca=ca.rzd.wheelsets.ru 500 49 "Failed to get users by affiliation and type: Failed to execute query 'SELECT * FROM users WHERE ((affiliation = ?) OR (affiliation LIKE ?))' for affiliation 'org1.department1' and types '*': Not enough args to execute query. Expected 2, got 0."

这是否意味着我无法获得用户,该注册管理员与另一个从属关系,对吗?

我需要:

(1) 更改管理员密码或

(2) 新建管理员

但是如果(1)我不能发出 modifyRequest,因为它需要从属关系(如果我改变它,我将失去读取注册身份的能力)并且如果(2)新发布的管理员将有从属关系字段并且将无法获得身份。

标签: hyperledger-fabrichyperledger-fabric-ca

解决方案

尝试注册新的 Registrar 用户后,我遇到了同样的问题:

管理员注册商 CA 的身份列表可以正常工作:

vagrant@vagrant:~/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate_client$ fabric-ca-client identity list  -u https://localhost:7154 --caname ca-org1-intermediate --tls.certfiles /home/vagrant/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate/ca-cert.pem
Name: admin, Type: client, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:1 ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:hf.Revoker Value:1 ECert:false} {Name:hf.IntermediateCA Value:1 ECert:false} {Name:hf.GenCRL Value:1 ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false}]
Name: davidfdr, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:app1Admin Value:true ECert:true} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.EnrollmentID Value:davidfdr ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true} {Name:hf.Revoker Value:true ECert:false}]
Name: davidfdr2, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:app1Admin Value:true ECert:true} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:hf.EnrollmentID Value:davidfdr2 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
Name: davidfdr3, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:true ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:app1Admin Value:true ECert:true} {Name:hf.Revoker Value:true ECert:false} {Name:hf.IntermediateCA Value:true ECert:false} {Name:hf.GenCRL Value:true ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.EnrollmentID Value:davidfdr3 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
Name: davidfdr4, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:true ECert:false} {Name:hf.IntermediateCA Value:true ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.Revoker Value:true ECert:false} {Name:hf.GenCRL Value:true ECert:false} {Name:app1Admin Value:true ECert:true} {Name:email Value:david@gmail.com ECert:false} {Name:hf.EnrollmentID Value:davidfdr4 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
Name: davidfdr5, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:true ECert:false} {Name:hf.IntermediateCA Value:true ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.Revoker Value:true ECert:false} {Name:hf.GenCRL Value:true ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:app1Admin Value:true ECert:true} {Name:hf.EnrollmentID Value:davidfdr5 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
vagrant@vagrant:~/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate_client$

但是在使用以下命令注册新用户后:

fabric-ca-client register --id.name davidfdr4 --id.secret davidfdrpw --id.type admin --id.affiliation org1 --id.attrs 'hf.AffiliationMgr=true,hf.Revoker=true,hf.IntermediateCA=true,hf.GenCRL=true,hf.Registrar.Attributes=*,hf.Registrar.Roles=*,hf.Registrar.DelegateRoles=*,app1Admin=true:ecert,email=david@gmail.com,phone=5561991538000'  --caname ca-org1-intermediate --tls.certfiles /home/vagrant/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate/ca-cert.pem

在为用户 davidfdr4 注册 id 并发出简单的命令后:

fabric-ca-client identity list  -u https://localhost:7154 --caname ca-org1-intermediate --tls.certfiles /home/vagrant/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate/ca-cert.pem

服务器返回相同的错误:

ca_org1_intermediate|2021/08/28 21:05:25 [INFO] 172.31.0.1:45884 GET /identities?ca=ca-org1-intermediate 500 49 "Failed to get users by affiliation and type: Failed to execute query 'SELECT * FROM users WHERE ((affiliation = ?) OR (affiliation LIKE ?))' for affiliation 'org1' and types '*': not enough args to execute query: want 2 got 0"

是BUG吗?? https://jira.hyperledger.org/browse/FABC-548

推荐阅读