-
Notifications
You must be signed in to change notification settings - Fork 286
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(consortium-static): new consortium plugin
* New plugin consortium-static, based on consortium-manual * New feature: add CactusNode to consortium at runtime * Includes a new policy model (consider moving to cactus-core) Signed-off-by: eduv09 <[email protected]>
- Loading branch information
Showing
86 changed files
with
7,316 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| cactus-openapi-spec-plugin-consortium-manual.json | ||
| src/main/typescript/generated/openapi/typescript-axios/.npmignore |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| # `@hyperledger/cacti-plugin-consortium-static` | ||
|
|
||
| ## Cacti Consortium Static | ||
|
|
||
| This plugin is an improvement of the package /cactus-plugin-consortium-manual ,bringing some new features to the table while conserving the possibility to be used as the old one (not allowing runtime changes) | ||
|
|
||
| ### Add Nodes to Consortium | ||
|
|
||
| It is possible to add a new node to the consortium using the api of the plugin. | ||
|
|
||
| New nodes need to belong/be certified by one of the organizations that are part of the consortium. On creating the consortium, it is required to specify the public keys of the organizations that are part of the consortium. When a new node requests to join, the request carries a jwt token signed by the organization it is tied to, which serves as proof that the organization reccognises the new node identity. | ||
|
|
||
| When a new node submits a request to join, the receiving node verifies the request and broadcasts it (or not, depending on the verification) to the remaining nodes in the consortium. There is no consensus or reliable broadcast implemented. All the other nodes submit the request to the same verification process. If, for some reason, there are disparities in the consortiumDatabases of each node, either it is due to a network issue (broadcast did not reach destination) or due to malfunction of some node. | ||
|
|
||
|
|
||
| ### Consortium Repository | ||
|
|
||
| In addition to the default consortium repository (in cactus-core), the new repository includes data about the Node the repository belongs to: | ||
| ```typescript | ||
| //data about self | ||
| private readonly node: CactusNode; | ||
| private readonly ledgers: Ledger[]; | ||
| private readonly pluginInstances: PluginInstance[]; | ||
| private readonly memberId: string; | ||
| ``` | ||
| It also includes the root PolicyGroup of the consortium (explained in next section), and the common configurations of the packages deployed by nodes within the consortium. | ||
|
|
||
| We do not verify if the nodes actually apply these configurations and policies, the information so far is used just to check that nodes have knowledge of this settings. Compliance or not is at the responsibility of each node, and to be verified if necessary by other means. | ||
|
|
||
| To verify new nodes have the same policies and package configs as the others already in the consortium, we deterministically build two merkle trees (one with each info), concat both roots, and each node verifies the result against their own policies and package common configs. | ||
|
|
||
| As a result of this proccess, nodes with divergent policies and configs are not accepted in the consortium (we assume all nodes are correctly configured when the network is created). | ||
|
|
||
| ### Policy Model | ||
|
|
||
| We introduce in this package a proposal of a general-purpose policy model based in work done by the IETF: Core Policy Framework [RFC3060](https://www.rfc-editor.org/rfc/rfc3060). | ||
|
|
||
| The model (simplified version) can be viewed in the policy-model directory. | ||
|
|
||
| As a brief description, we group PolicyRules in PolicyGroups. PolicyGroups contain PolicyRules and possibly other PolicyGroups. A PolicyRule is composed by a PolicyCondition (constraint to be verified prior to applying the policy) and a PolicyAction (action to be applied). | ||
|
|
||
| The consortium information needs to hold only the root policyGroup (others are reached going down in the hierarchy). Each PolicyGroup has a Role. Roles identify the scope of the policy, so a PolicyRule has a set of Roles (role of the group it belongs to, and groups higher in the hierarchy). | ||
|
|
||
| The model is in an early stage, and serves only as a POC for now. The goal is to refine it, and possibly move it to cactus-core once if it is accepted by the community as a advantageous feature. It is possible to create consortium without any policy rule or group defined. | ||
|
|
||
|
|
||
|
|
||
| ## Notes | ||
|
|
||
| Please reffer to package "@hyperledger/cactus-plugin-consortium-manual" as the documentation there applies to this one, namely information about the Prometheus Exporter. | ||
|
|
||
| For usage, check the tests in the /integration folder |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| { | ||
| "$schema": "node_modules/@openapitools/openapi-generator-cli/config.schema.json", | ||
| "spaces": 2, | ||
| "generator-cli": { | ||
| "version": "6.6.0" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
| { | ||
| "name": "@hyperledger/cacti-plugin-consortium-static", | ||
| "version": "2.0.0-rc.3", | ||
| "description": "A web service plugin that provides management capabilities on a Cactus consortium as a whole for administrative purposes.", | ||
| "keywords": [ | ||
| "Hyperledger", | ||
| "Cactus", | ||
| "Integration", | ||
| "Blockchain", | ||
| "Distributed Ledger Technology" | ||
| ], | ||
| "homepage": "https://github.com/hyperledger/cacti#readme", | ||
| "bugs": { | ||
| "url": "https://github.com/hyperledger/cacti/issues" | ||
| }, | ||
| "repository": { | ||
| "type": "git", | ||
| "url": "git+https://github.com/hyperledger/cacti.git" | ||
| }, | ||
| "license": "Apache-2.0", | ||
| "author": { | ||
| "name": "Hyperledger Cactus Contributors", | ||
| "email": "[email protected]", | ||
| "url": "https://www.hyperledger.org/use/cacti" | ||
| }, | ||
| "contributors": [ | ||
| { | ||
| "name": "Eduardo Vasques", | ||
| "email": "[email protected]", | ||
| "url": "https://example.com" | ||
| }, | ||
| { | ||
| "name": "Peter Somogyvari", | ||
| "email": "[email protected]", | ||
| "url": "https://accenture.com" | ||
| } | ||
| ], | ||
| "main": "dist/lib/main/typescript/index.js", | ||
| "module": "dist/lib/main/typescript/index.js", | ||
| "browser": "dist/cacti-plugin-consortium-static.web.umd.js", | ||
| "types": "dist/lib/main/typescript/index.d.ts", | ||
| "files": [ | ||
| "dist/*" | ||
| ], | ||
| "scripts": { | ||
| "codegen": "run-p 'codegen:*'", | ||
| "codegen:openapi": "npm run generate-sdk", | ||
| "generate-sdk": "run-p 'generate-sdk:*'", | ||
| "generate-sdk:kotlin": "openapi-generator-cli generate -i ./src/main/json/openapi.json -g kotlin -o ./src/main/kotlin/generated/openapi/kotlin-client/ --reserved-words-mappings protected=protected --ignore-file-override ../../openapi-generator-ignore", | ||
| "generate-sdk:typescript-axios": "openapi-generator-cli generate -i ./src/main/json/openapi.json -g typescript-axios -o ./src/main/typescript/generated/openapi/typescript-axios/ --reserved-words-mappings protected=protected --ignore-file-override ../../openapi-generator-ignore", | ||
| "watch": "npm-watch", | ||
| "webpack": "npm-run-all webpack:dev", | ||
| "webpack:dev": "npm-run-all webpack:dev:node webpack:dev:web", | ||
| "webpack:dev:node": "webpack --env=dev --target=node --config ../../webpack.config.js", | ||
| "webpack:dev:web": "webpack --env=dev --target=web --config ../../webpack.config.js" | ||
| }, | ||
| "dependencies": { | ||
| "@hyperledger/cactus-common": "2.0.0-rc.3", | ||
| "@hyperledger/cactus-core": "2.0.0-rc.3", | ||
| "@hyperledger/cactus-core-api": "2.0.0-rc.3", | ||
| "axios": "1.6.0", | ||
| "body-parser": "1.20.2", | ||
| "express": "4.19.2", | ||
| "http-errors-enhanced-cjs": "2.0.1", | ||
| "jose": "4.15.5", | ||
| "merkletreejs": "0.4.0", | ||
| "prom-client": "15.1.3", | ||
| "safe-stable-stringify": "2.4.3", | ||
| "typescript-optional": "2.0.1", | ||
| "uuid": "10.0.0" | ||
| }, | ||
| "devDependencies": { | ||
| "@hyperledger/cactus-api-client": "2.0.0-rc.3", | ||
| "@hyperledger/cactus-cmd-api-server": "2.0.0-rc.3", | ||
| "@hyperledger/cactus-plugin-ledger-connector-besu": "2.0.0-rc.3", | ||
| "@hyperledger/cactus-test-tooling": "2.0.0-rc.3", | ||
| "@types/express": "4.17.21", | ||
| "@types/json-stable-stringify": "1.0.33", | ||
| "@types/uuid": "10.0.0", | ||
| "web3": "1.6.1" | ||
| }, | ||
| "engines": { | ||
| "node": ">=18", | ||
| "npm": ">=8" | ||
| }, | ||
| "publishConfig": { | ||
| "access": "public" | ||
| }, | ||
| "browserMinified": "dist/cacti-plugin-consortium-static.web.umd.min.js", | ||
| "mainMinified": "dist/cactus-plugin-consortium-new.node.umd.min.js", | ||
| "watch": { | ||
| "codegen:openapi": { | ||
| "patterns": [ | ||
| "./src/main/json/openapi.json" | ||
| ] | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.