Re: User & Endorsement issues

Jason Yellick <jyellick@...>

Does your MSP configuration enable NodeOUs?  See for more details.

If your MSP definition does not enable node OUs, then the '.client' and '.peer' roles can never be satisfied, as the types cannot be distinguished and you must instead compose policies using the '.member' role.


----- Original message -----
From: "Antoni Massó Mola" <antonimassomola@...>
Sent by: fabric@...
To: fabric@...
Subject: [EXTERNAL] [Hyperledger Fabric] User & Endorsement issues
Date: Sat, Jun 13, 2020 2:17 PM

I'm having a hard time making the user type registered work with the org policies.

I register & enroll an admin user used by the peers at org1.
- &org1
    Name: org1
    ID: org1
    MSPDir: crypto-config/peerOrganizations/org1/msp
        Type: Signature
        Rule: "OR('org1.admin', 'org1.peer', 'org1.client')"

I get the following error from the peer0 log:

2020-06-13 18:11:12.290 UTC [] func5 -> WARN 022 Peer {"CN":"org1-peer1.default.svc.cluster.local","Issuer-CN":"fabric-ca-server","Issuer-L-ST-C":"[]-[]-[US]","Issuer-OU":["Fabric"],"L-ST-C":"[]-[]-[US]","MSP":"org1","OU":["admin","org1"]} isn't eligible for channel mainchannel : implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied

Peer1 from org1 seems to have issues with the policy set.

If I add org1.member to the Readers policy rule & recreate the HF network it works well.

Why does it fail if I don't specify the user type to member?


Join { to automatically receive all group messages.