davidkel / fc Goto Github PK

• (RAISED) https://hyperledger.github.io/composer/latest/business-network/cloud-wallets
  • provides an unexpected way to deal with in memory card store and referenced apis are not in the api reference.

const connectionOptions = {
            wallet : {
                type: 'composer-wallet-inmemory'
            }
}
adminConnection.connect(connectionOptions);

• (RAISED) https://hyperledger.github.io/composer/latest/tutorials/queries

  • queries tutorial highlights incorrect function for removal.

• IMPROVEMENTS

• https://hyperledger.github.io/composer/latest/tutorials/google_oauth2_rest

  • need to discuss card store sharing with the rest server.
  • Need to emphasise that the composer tools downloaded is nothing more than a simple development server to play with.
  • how to use the docker rest server with a shared wallet backed card store ?
  • Our documentation should have a banner indicating the version

• GENERAL

  • (RAISED) customising card stores seems to be in the wrong place, it isn't about developing a business network, it's about operational aspects.
  • diagnosing doesn't list all the profiles, great so it supports profiles but what are they.
  • (RAISED) system namespace reference only talks about assets, participants, transactions but there are events, enum sections.

uses latest tag, needs to be pinned.

will work with single org
probably work with multi-org and no endorsement policy, but what would happen exactly ?

• install: No problem here
• start: Start will probably work as the default instantiation policy only requires single endorsement
• upgrade: Same as start
• transaction: peers don't endorse if they don't have the right chaincode and version
• query: not an issue as sent only to single peer.

In hlfconnection.js for the hlfv1 connector, in order to not lose useful information from errors that are caught from external libraries, error messages from these errors are embedded into new errors that describe that action that was being done at the time. We should extend this idea and have chained errors that record the error. The toString method can then provide information in a structured manner. This is similar in the way java does things.

• https://github.com/hyperledger/composer/issues/2562
• https://github.com/hyperledger/composer/issues/2414
• https://github.com/hyperledger/composer/issues/2365
• https://github.com/hyperledger/composer/issues/1716
• https://github.com/hyperledger/composer/issues/1217

• Model
  • better validation with filenames and line number reporting
• Script File
  • report file name and line number on error
• CLI/Operational API
  • start should use cards
  • bind should use cards
  • ability to bulk update cards and card files
• Serviceability
  • too much info get's logged
  • [Object object] output of no use
• Common Connection Profile
  • Extract TLS certs from profile using paths/allow CCPs to use filenames for certs but still be portable
  • Is the CA definition correct ?

As part of the introduction of the NetworkAdmin participant the samples were updated in the acl files as follows

/**

• Sample access control list.
  /
  rule Default {
  description: "Allow all participants access to all resources"
  participant: "ANY"
  operation: ALL
  resource: "net.biz.digitalPropertyNetwork."
  action: ALLOW
  }

rule SystemACL {
description: "System ACL to permit all access"
participant: "org.hyperledger.composer.system.Participant"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}

rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}

rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
note the addition of the NetworkAdminUser and NetworkAdminSystem. But these actually don't do anything useful as the first 2 rules allow everything to everyone anyway.

something like this allows networkadmin users to perform actions on the network but stops standard users

/**

• Sample access control list.
  */
  rule NetworkAdminUser {
  description: "Grant business network administrators full access to system resources"
  participant: "org.hyperledger.composer.system.NetworkAdmin"
  operation: ALL
  resource: "org.hyperledger.composer.system.**"
  action: ALLOW
  }

rule StandardUser {
description: "Allow standard users to be able to connect to the business network as this requires read access"
participant: "org.hyperledger.composer.system.Participant"
operation: READ
resource: "org.hyperledger.composer.system.Network"
action: ALLOW
}

rule Default {
description: "Allow all participants access to all resources of the business network"
participant: "ANY"
operation: ALL
resource: "net.biz.digitalPropertyNetwork.*"
action: ALLOW
}
(ACL may be a bit rubbish as making it up as I go along, for example this may not work as transaction submitters may need to be able to interact with system registries they aren't explicitly aware of).

@davidkel davidkel added the samples label on Oct 12, 2017
@jt-nti
Member
jt-nti commented on Oct 13, 2017
Similarly for the 'empty' business network...

rule NetworkAdminUser {
description: "Grant business network administrators full access to user resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "**"
action: ALLOW
}

rule NetworkAdminSystem {
description: "Grant business network administrators full access to system resources"
participant: "org.hyperledger.composer.system.NetworkAdmin"
operation: ALL
resource: "org.hyperledger.composer.system.**"
action: ALLOW
}
If the ** root glob does match everything which it should, including the org.hyperledger.composer.system namespace, it would make the NetworkAdminSystem rule redundant, and somewhat misleading.

1. WSL
2. Git Bash
3. MinGW
4. Native
   Native will be a problem, too much coded to the bash shell and unix file system paths.
5. cygwin

Playground documentation has fallen behind and could benefit from restructuring the following is a list of issues I perceive

• There should be a distinction between Web Browser and connecting to a real fabric as playground behaves differently
  • Deploy requires an extra step to define the id and secret or cert to connect with
  • Upgrade requires the user to interact with a different modal dialog
• The videos are probably out of date

But we should add tests that test native module compilation to ensure that still works across all platforms.

If I wanted to use a passport strategy, how would I go about debugging problems with it ? what facilities does composer provide to help me do this ?
It's probably a document requirement with a simple example to show what kind of things to look for, but could require more servicability needs to make it more practical.

And it still looks rubbish.

I'm stuck trying to use composer-playground 0.19.0.

It seems to install. Then, I run composer-playground, and the browser launches. But, I get this error,
Error: Object with ID 'undefined' in collection with ID 'chaincodes' does not exist.

The diagnostics page is out of date and doesn't explain things well
https://hyperledger.github.io/composer/problems/diagnostics.html

For example

references to some config module and what looks like an old getting started definition but there is no explanation on what the config module is, where the file should go and how all of this works or good examples of how or why you would do this.
Chaincode container diagnostics is limited and only refers to v0.6. We should include information pertinent to v1.0
Ideally we should provide information about how to get diagnostic information for all components

User Applications
Business Networks
CLI
Rest Server
Playground
Composer Runtime
Fabric

Think this may be fixed.

Write a problem that creates a card and stores it in the in memory wallet that has credentials and it looks like it still tries to enroll the user.

Also consider a long running connection where this is easy to a multi connection from the same client or a very transient connection which would be harder.

1. so that the npm install in fabric doesn't have to do anything
2. would it try to connect to the internet ? probably how to get fabric to not do that ?
3. don't like the fact that chaincode node is not shrinkwrapped, it should be, could we fix that as a chaincode developer ?

1. node-sdk to make pkcs11 module an optional dependency
2. could do the same for the report module

The problem is how to generate it as it has to include composer-runtime-hlfv1 ?

• Deploy is greyed out until you fill on the user/secret dialog, but you can't see it so you wonder why deploy is greyed out
• upgrade presents you with a choice of cards to use for install/upgrade but you don't get the same for deploy
• Impossible to work with a multi-org fabric

Basically it's not practical and doesn't provide good advice.

• you get indexes whether you want them or not
• the indexes may not be suitable to your needs
• you cannot turn this off
• you cannot package your own prebuilt indexes

We may need a guide or tutorial on how to use HSM within composer, especially due to the limitations imposed by

• composer network start
• composer identity issue
  on how they transfer the connection profile of the card used to invoke the command to the new card created and that there is currently no CLI to allow you to modify cards or card files.

Currently I believe that if there are 2 BNs on the same channel, then a business network connection will get events from both business networks.

eg

{
    "name": "addasset-network",
    "author": "author",
    "description": "Start from scratch with a blank business network",
    "version": "0.0.2-deploy.5",
    "devDependencies": {
        "browserfs": "^1.2.0",
        "chai": "^3.5.0",
        "composer-admin": "latest",
        "composer-cli": "latest",
        "composer-client": "latest",
        "composer-connector-embedded": "latest",
        "eslint": "^3.6.1",
        "istanbul": "^0.4.5",
        "jsdoc": "^3.4.1",
        "mkdirp": "^0.5.1",
        "mocha": "^3.2.0",
        "moment": "^2.19.3"
    },
    "keywords": [],
    "license": "Apache 2.0",
    "repository": {
        "type": "e.g. git",
        "url": "URL"
    },
    "scripts": {
        "deploy": "./scripts/deploy.sh",
        "doc": "jsdoc --pedantic --recurse -c jsdoc.conf",
        "lint": "eslint .",
        "postlicchk": "npm run doc",
        "postlint": "npm run licchk",
        "prepublish": "mkdirp ./dist && composer archive create  --sourceType dir --sourceName . -a ./dist/unnamed-network.bna",
        "pretest": "npm run lint",
        "test": "mocha --recursive",
        "start": "start-network"
    },
    "dependencies": {
        "composer-common": "0.19.0",
        "composer-runtime-hlfv1": "0.19.0"
    }
}

Models with cyclic references can't be serialised.

1. Need to be able to start and specify a card as identity to initially bind
2. Need guidance on using peer commands to do install/start
3. Need to be able to specify files for certs and still make card portable
4. Need to be able to update cards and card files
5. need to be able to script the listing of cards and card update
6. need to ensure all the above has equivalent APIs
7. need to be able to bind using a card that has credentials

We should support the ability to not have to define a Certificate authority.

1. schema check should not make the certificate authority mandatory
2. hlfconnectionmanager will need to catch an error thrown by the node sdk when doing getCertificateAuthority (raise a Jira)
3. hlfconnection will need to not check for a caClient being passed and also throw an error if no caClient is defined on calls that require it.

Also 16.x had a tutorial, that tutorial has gone.

$ composer network deploy -a decentralized-energy-network.bna -c admin -A admin -S adminpw
Deploying business network from archive: decentralized-energy-network.bna
Business network definition:
Identifier: [email protected]
Description: Decentralized Energy application with Hyperledger Composer

Error: Error trying to ping. Error: Error trying to query business network. Error: make sure the chaincode decentralized-energy-network has been successfully instantiated and try again: could not find chaincode with name 'decentralized-energy-network'
Command failed
This comes down to adminconnection.connect that can accept a business network as part of the parameter. If it has one then it performs 1 extra task over adminconnection.connect which is to attempt to ping the business network.

Question is, is the card valid ? Well it's valid in the sense of a card but isn't valid as you should be using a card that isn't associated with a business network, but then why should that be a problem.

Here are some of the possible solutions to this.

cards should only connect to a business network when it's appropriate for the action but that means the connect method just taking a card would have to change
Should adminconnection.connect still accept a business network ? it is documented as only needed for an update action so could we just change update (note the hlfv1 connector listens for events when connect is given a business network but that is not required for update).
Should we document that cards built for install/start/deploy/upgrade should not contain a business network.
@davidkel davidkel added cli business network cards P2 labels on Nov 10, 2017
@davidkel
Member
davidkel commented on Nov 11, 2017
As a thought, does the card created by playground work ok ?

Also if it fails to connect trying to register a chaincode listener, the event hub is not reconnected until a request is made but in the scenario where a business network connection is used purely as a listener that means it never will reconnect a failing event hub.

We should just provide a profile, followed by the steps to create a PeerAdmin card

This is a suggestion for an edge case useability enhancement for consideration.
Also for consideration will be how to ensure that any changes are notified back to the user. Just updating the fields will not be accessible, unless for example the screen reader explicitly informs of this taking place or some high contrast notification is made.

Context
I attempted to create a new Participant in the digitalproperty network. I entered data into fields but decided I needed random info and saw the generate random data was still available, however on clicking it nothing happened and there is no hint as to why.

Expected Behavior
I know that it only updates fields that have no data in them, but I think as a useability improvement maybe a dialog to ask if you want to overwrite fields already filled in, that way you know that clicking on the generate random data is at least being acknowledged.

User was running a Peer outside of the docker environment and got this problem

"Error: Error trying to start business network. Error: No valid responses from any peers.
Response from attempted peer comms was an error: Error: 2 UNKNOWN: error starting container: Failed to generate platform-specific docker build: Error returned from build: 1 "npm WARN deprecated [email protected]: Use mz or fs-extra^3.0 with Promise Support
npm WARN deprecated [email protected]: All versions below 4.0.1 of Nodemailer are deprecated. See https://nodemailer.com/status/
npm WARN deprecated [email protected]: This project is unmaintained
npm WARN deprecated [email protected]: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0
npm WARN deprecated [email protected]: Use uuid module instead
npm WARN deprecated [email protected]: This project is unmaintained
npm WARN deprecated [email protected]: If using 2.x branch, please upgrade to at least 2.1.6 to avoid a serious bug with socket data flow and an import issue introduced in 2.1.0
> [email protected] install /chaincode/output/node_modules/x509
> node-gyp rebuild
gyp ERR! clean error
gyp ERR! stack Error: EACCES: permission denied, rmdir 'build'
gyp ERR! System Linux 4.13.0-38-generic
gyp ERR! command "/usr/local/bin/node" "/usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /chaincode/output/node_modules/x509
gyp ERR! node -v v8.9.4
gyp ERR! node-gyp -v v3.6.2
gyp ERR! not ok
npm WARN [email protected] No repository field.
npm WARN The package composer-common is included as both a dev and production dependency.
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules/fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"})

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2018-04-05T12_06_13_615Z-debug.log
"
Command failed
"

x-type possible values are incorrect

No debug tools and cannot install debug tools
c library is old so people who copy binary files over could have problems.
Recommend to be used as standalone or modified only with node modules

Historian doesn't do it.

gives examples of queries but the explanation is not good, for example they don't give an example of the model that the query is targetting.
Also the query has an example of sorts in opposite directions which I don't believe is possible.