-
Notifications
You must be signed in to change notification settings - Fork 8.9k
/
membersrvc.yaml
312 lines (286 loc) · 14.2 KB
/
membersrvc.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
# CA server parameters
#
server:
# limits the number of operating system threads used by the CA
# set to negative to use the system default setting
gomaxprocs: -1
# path to the OBC state directory and CA state subdirectory
rootpath: "/var/hyperledger/production"
cadir: ".membersrvc"
# port the CA services are listening on
port: ":7054"
# TLS certificate and key file paths
tls:
cert:
file:
key:
file:
security:
# Either 256 or 384 (note: must be the exact same value as specified in the core.yaml file)
level: 256
# Either SHA2 or SHA3 (note: must be the exact same value as specified in the core.yaml file)
hashAlgorithm: SHA3
serverhostoverride:
tls_enabled: false
client:
cert:
file:
# The server host CN (Common Name) to be used (needs to match the TLS Server Certificate)
serverhostoverride:
# Boolean (true/false) value indicating whether TLS should be used between the client and
# the various CA services (ECA, TCA, TLSCA, ACA)
tls_enabled: false
# A PEM-encoded (X509 v3, Base64) certificate to use for establishing the TLS connection
# between the client and the ACA service
client:
cert:
file:
# Enabling/disabling different logging levels of the CA.
#
logging:
# Please see fabric/docs/Setup/logging-control.md for more
# options.
server: warning
ca: warning
eca: warning
ecap: warning
ecaa: warning
aca: warning
acap: warning
tca: warning
tcap: warning
tcaa: warning
tlsca: warning
# Default users to be registered with the CA on first launch. The role is a binary OR
# of the different roles a user can have:
#
# - simple client such as a wallet: CLIENT
# - non-validating peer: PEER
# - validating client: VALIDATOR
# - auditing client: AUDITOR
#
eca:
# This hierarchy is used to create the Pre-key tree, affiliations is the top of this hierarchy, 'banks_and_institutions' is used to create the key associated to auditors of both banks and
# institutions, 'banks' is used to create a key associated to auditors of banks, 'bank_a' is used to create a key associated to auditors of bank_a, etc.
affiliations:
banks_and_institutions:
banks:
- bank_a
- bank_b
- bank_c
institutions:
- institution_a
users:
#
# The fields of each user are as follows:
# <EnrollmentID>: <system_role (1:client, 2: peer, 4: validator, 8: auditor)> <EnrollmentPWD> <Affiliation> <Affiliation_Role> <JSON_Metadata>
#
# The optional JSON_Metadata field is of the following format:
# { "registrar": { "roles": <array-of-role-names>, "delegateRoles": <array-of-role-names> } }
# The 'registrar' section is used to control access to registration of new users directly via the ECAA.RegisterUser GRPC call.
# (See the 'fabric/membersrvc/protos/ca.proto' file for the definition of ECAA.RegisterUser.)
# Note that this also controls who can register users via the client SDK.
#
# Only users with a 'registrar' section may be a registrar to register other users. In particular,
# 1) the "roles" field specifies which member roles may be registered by this user, and
# 2) the "delegateRoles" field specifies which member roles may become the "roles" field of registered users.
# The valid role names are "client", "peer", "validator", and "auditor".
#
# Example1:
# The 'admin' user below can register clients, peers, validators, or auditors; furthermore, the 'admin' user can register other
# users who can then register clients only.
#
# Example2:
# The 'WebAppAdmin' user below can register clients only, but none of the users registered by this user can register other users.
#
admin: 1 Xurw3yU9zI0l institution_a '{"registrar":{"roles":["client","peer","validator","auditor"],"delegateRoles":["client"]}}'
WebAppAdmin: 1 DJY27pEnl16d institution_a '{"registrar":{"roles":["client"]}}'
lukas: 1 NPKYL39uKbkj bank_a
system_chaincode_invoker: 1 DRJ20pEql15a institution_a
diego: 1 DRJ23pEQl16a institution_a
jim: 1 6avZQLwcUe9b bank_a
binhn: 1 7avZQLwcUe9q institution_a
# Users for asset transfer with roles test located at
# sdk/node/test/unit/asset-mgmt-with-roles.js
alice: 1 CMS10pEQlB16 bank_a
bob: 1 NOE63pEQbL25 bank_a
assigner: 1 Tc43PeqBl11 bank_a
vp: 4 f3489fy98ghf
test_vp0: 4 MwYpmSRjupbT
test_vp1: 4 5wgHK9qqYaPy
test_vp2: 4 vQelbRvja7cJ
test_vp3: 4 9LKqKH5peurL
test_vp4: 4 Pqh90CEW5juZ
test_vp5: 4 FfdvDkAdY81P
test_vp6: 4 QiXJgHyV4t7A
test_vp7: 4 twoKZouEyLyB
test_vp8: 4 BxP7QNh778gI
test_vp9: 4 wu3F1EwJWHvQ
test_vp10: 4 hNeS24SKJtMD
test_vp11: 4 ezTbMAUccdLy
test_vp12: 4 MSDr2juOIooZ
test_vp13: 4 DfPHFoFKj2jl
test_vp14: 4 NyxEfwjy7vPL
test_vp15: 4 sTHJYI3ndQH+
test_vp16: 4 EePE5sgyIhos
test_vp17: 4 2uram7e1EgF+
test_vp18: 4 75457cHKhNM7
test_vp19: 4 eO6qRKBUMgSo
test_vp20: 4 ZZ4W81TbZo25
test_vp21: 4 XHnsQcDUPHF9
test_vp22: 4 8wCLDcVaK4ex
test_vp23: 4 qfXNCFie3kIY
test_vp24: 4 72eCtIbLP7c5
test_vp25: 4 YR+3M+QhFfpd
test_vp26: 4 kTkEcWd+gBnb
test_vp27: 4 cPnZ0SeS2BiU
test_vp28: 4 kgP6gkToiaGt
test_vp29: 4 YASbynfsO/d3
test_vp30: 4 Ph7O/rtDBKgn
test_vp31: 4 g+i7k8Ao1fQ6
test_vp32: 4 WABL1OUtNAqG
test_vp33: 4 3vi4Op98jVYu
test_vp34: 4 Ydg0ubVwgovo
test_vp35: 4 yr6HKOqpgqrt
test_vp36: 4 +qdOftmDA2w9
test_vp37: 4 Bti7oSazbQ8s
test_vp38: 4 Iyh5lx187+2D
test_vp39: 4 g8IdJk/AQztF
test_vp40: 4 +cqPDR3V5AQP
test_vp41: 4 w1Z0ZlkPn3fl
test_vp42: 4 mUx6HpXrmE6C
test_vp43: 4 nvk3eK/1A9+y
test_vp44: 4 68gIcAPFDlLt
test_vp45: 4 TgD7Sh7F5WGV
test_vp46: 4 cwjhpt50nxMT
test_vp47: 4 QIjtCM3k9Ump
test_vp48: 4 kMHYx4KOFus2
test_vp49: 4 lKP5s+P+lbv+
test_vp50: 4 +aaOfbbDA2w9
test_vp51: 4 bTi8oSazbQ8s
test_vp52: 4 iyh6lx177+2D
test_vp53: 4 g9Idjk/aQztF
test_vp54: 4 +CqPdk3V5AQP
test_vp55: 4 w1Z3Zllon3fl
test_vp56: 4 mUx5HpNrmEHC
test_vp57: 4 nNk3e2/119+y
test_vp58: 4 BN8gIcAgFDlL
test_vp59: 4 JgD7Sh5F5WhN
test_vp60: 4 Fwjhpt60nxMT
test_vp61: 4 QJjtCM4k9Ump
test_vp62: 4 kKHYx4KOFus2
test_vp63: 4 lREP5s+P+lbN
# Uncomment this section to activate devnet setup as specficied in
# devnet-setup.md
#
# vp0: 4 vp0_secret
# vp1: 4 vp1_secret
test_user0: 1 MS9qrN8hFjlE bank_a
test_user1: 1 jGlNl6ImkuDo institution_a
test_user2: 1 zMflqOKezFiA bank_c
test_user3: 1 vWdLCE00vJy0 bank_a
test_user4: 1 4nXSrfoYGFCP institution_a
test_user5: 1 yg5DVhm0er1z bank_b
test_user6: 1 b7pmSxzKNFiw bank_a
test_user7: 1 YsWZD4qQmYxo institution_a
test_user8: 1 W8G0usrU7jRk bank_a
test_user9: 1 H80SiB5ODKKQ institution_a
test_user10: 1 n21Dq435t9S1 bank_b
test_user11: 1 6S0UjokSRHYh institution_a
test_user12: 1 dpodq6r2+NPu institution_a
test_user13: 1 9XZFoBjXJ5zM institution_a
test_user14: 1 6lOOiQXW5uXM institution_a
test_user15: 1 PTyW9AVbBSjk institution_a
test_user16: 1 wcaTkxDKsPCM institution_a
test_user17: 1 rbHqY17olLAD institution_a
test_user18: 1 3SYhAns5s729 institution_a
test_user19: 1 1lYX9NoOwgvN institution_a
test_user20: 1 gyDP7aahpqph institution_a
test_user21: 1 PUnCn/RYZdyX institution_a
test_user22: 1 /R9wyC84ioD/ institution_a
test_user23: 1 FQ84KofAsqJY institution_a
test_user24: 1 CbW/9KxEudXk institution_a
test_user25: 1 ZHTavGPdxP4A institution_a
test_user26: 1 XrLtn3pIMhLQ institution_a
test_user27: 1 3kLhEQFA0nyJ institution_a
test_user28: 1 iWnIDbiD728Q institution_a
test_user29: 1 LD6C5gyfXdLU institution_a
test_user30: 1 +GdkSA8cS7tL institution_a
test_user31: 1 +3mp7d2htUKf institution_a
test_user32: 1 78l1M9/ozzys institution_a
test_user33: 1 BeYdR44AdXfz institution_a
test_user34: 1 X58G9QguAS4L institution_a
test_user35: 1 s0Dfy5CHwZBr institution_a
test_user36: 1 LqHPms9dSdE/ institution_a
test_user37: 1 JcEhRJ6Dtj51 institution_a
test_user38: 1 T4VnFcoHgPSi institution_a
test_user39: 1 x3A4yUmHHAKA institution_a
test_user40: 1 5UvWmI8Ouz1K institution_a
test_user41: 1 oZkB+Gs7et1e institution_a
test_user42: 1 TOvOJ4DjZhCA institution_a
test_user43: 1 c28mez0rmYlB institution_a
test_user44: 1 EOthJFMIaZhm institution_a
test_user45: 1 QOcqpN8tl5c+ institution_a
test_user46: 1 alEvm5ZVTwzz institution_a
test_user47: 1 Qxj0YInOv1VZ institution_a
test_user48: 1 VBxJcw0NM/1w institution_a
test_user49: 1 W8OxOUfqgYbO institution_a
test_user50: 1 HcRhRJ7Dtj51 institution_a
test_user51: 1 4SVnfcoHgPSi institution_a
test_user52: 1 x3B4yUmHHAKA institution_a
test_user53: 1 5UvWmI7Uuz1K institution_a
test_user54: 1 oZkB+Gsn6t1e institution_a
test_user55: 1 TOhOJD1jZhCA institution_a
test_user56: 1 c45mez1rmYlB institution_a
test_user57: 1 EOthJMJIaZhm institution_a
test_user58: 1 QOcqpt9tl5c+ institution_a
test_user59: 1 aHEvm5ZVTwzz institution_a
test_user60: 1 nHj0YInOv1VZ institution_a
test_user61: 1 xJcw0NM+1wZD institution_a
test_user62: 1 PO+OUfqgYHdO institution_a
test_user63: 1 KiH09Pdq+ieO institution_a
test_nvp0: 2 iywrPBDEPl0K bank_a
test_nvp1: 2 DcYXuRSocuqd institution_a
test_nvp2: 2 flpChShlY7xt bank_c
test_nvp3: 2 jeruawMomclo bank_a
test_nvp4: 2 RMYVxSZCk370 institution_a
test_nvp5: 2 XHYVCIJGZGK7 bank_b
test_nvp6: 2 4cIn63j8ahYp bank_a
test_nvp7: 2 E7FAJUtWVn2h institution_a
test_nvp8: 2 LJu8DkUilBEH bank_a
test_nvp9: 2 VlEsBsiyXSjw institution_a
tca:
# Enabling/disabling attributes encryption, currently false is unique possible value due attributes encryption is not yet implemented.
attribute-encryption:
enabled: false
aca:
# Attributes is a list of the valid attributes to each user, attribute certificate authority is emulated temporarily using this file entries.
# In the future an external attribute certificate authority will be invoked. The format to each entry is:
#
# attribute-entry-#:{userid};{affiliation};{attributeName};{attributeValue};{valid from};{valid to}
#
# If valid to is empty the attribute never expire, if the valid from is empty the attribute is valid from the time zero.
attributes:
attribute-entry-0: diego;institution_a;company;ACompany;2015-01-01T00:00:00-03:00;;
attribute-entry-1: diego;institution_a;position;Software Staff;2015-01-01T00:00:00-03:00;2015-07-12T23:59:59-03:00;
attribute-entry-2: diego;institution_a;position;Software Engineer;2015-07-13T00:00:00-03:00;;
attribute-entry-3: jim,;institution_a;company;ACompany;2001-02-02T00:00:00-03:00;;
attribute-entry-4: jim;institution_a;position;Project Manager;2001-02-02T00:00:00-03:00;;
attribute-entry-5: binhn,;institution_a;company;ACompany;2015-01-01T00:00:00-03:00;;
attribute-entry-6: binhn;institution_a;position;Technical Leader;2015-01-01T00:00:00-03:00;;
# User attributes for asset transfer with roles test located at
#sdk/node/test/unit/asset-mgmt-with-roles.js
attribute-entry-7: alice;bank_a;role;client;2016-01-01T00:00:00-03:00;;
attribute-entry-8: alice;bank_a;account;12345-56789;2016-01-01T00:00:00-03:00;;
attribute-entry-9: bob;bank_a;role;client;2015-02-02T00:00:00-03:00;;
attribute-entry-10: bob;bank_a;account;23456-67890;2015-02-02T00:00:00-03:00;;
attribute-entry-11: assigner;bank_a;role;assigner;2015-01-01T00:00:00-03:00;;
address: localhost:7054
server-name: acap
# Enabling/disabling Attribute Certificate Authority, if ACA is enabled attributes will be added into the TCert.
enabled: false
pki:
ca:
subject:
organization: Hyperledger
country: US