fabric@lists.hyperledger.org | Cross chaincode invoke, ACL policy problem (MSP not defined in called channel, but in caller)

Home Messages Hashtags Subgroups

Date Date 1 - 3 of 3

Cross chaincode invoke, ACL policy problem (MSP not defined in called channel, but in caller)
#fabric-chaincode

Sergio C #10128 Hi, Is it possible to cross-invoke a chaincode in other channel (channel-1) (using an identity that isn't part of the channel) from a chaincode in the channel-2 (identity is declared here)? Example: Org3 and Org4 are part of channel-2. Org1, Org2 and Org3 are part of channel-1. Org3 has chaincodeA (instantiated in channel-1) and chaincodeB (instantiated in channel-2) installed. Org4.member invokes (query) chaincodeB (in Org3Peer) in channel-2 (ok, because Org4 is in channel-2), then chaincodeB internally invokes (query) chaincodeA (fails, because Org4Member MSP isn't defined in channel-1). Is it possible to bypass this problem? Any help appreciated.
More All Messages By This Member
satheesh #10154 From what I understand, only "query" (read only) transactions work cross-invoking in different channels. If state is modified by chaincode, then channel has to be same as callers chaincode. In the example, if chaincodeB is invoking chaincodeA, can chaincodeA be deployed in channel-2 ? Regards, -Satheesh toggle quoted messageShow quoted text On Tuesday, June 22, 2021, 04:34:16 PM GMT+5:30, Sergio C <schica@...> wrote: Hi, Is it possible to cross-invoke a chaincode in other channel (channel-1) (using an identity that isn't part of the channel) from a chaincode in the channel-2 (identity is declared here)? Example: Org3 and Org4 are part of channel-2. Org1, Org2 and Org3 are part of channel-1. Org3 has chaincodeA (instantiated in channel-1) and chaincodeB (instantiated in channel-2) installed. Org4.member invokes (query) chaincodeB (in Org3Peer) in channel-2 (ok, because Org4 is in channel-2), then chaincodeB internally invokes (query) chaincodeA (fails, because Org4Member MSP isn't defined in channel-1). Is it possible to bypass this problem? Any help appreciated.
More All Messages By This Member
Sergio C #10160 Hi, Thank you very much for your response. ChaincodeA only makes use of GetState calls, so I'm not modified the ledger. I can't install chaincodeA in channel-2, I need to keep it isolated in another channel (channel-1). I'm getting this warning when I call chaincodeB from channel-2 (logs from Org3Peer): 2021-06-28 08:52:56.258 UTC [policies] SignatureSetToValidIdentities -> WARN 0d7 invalid identity: certificate subject=CN=Admin@...,OU=admin,L=New York,ST=New York,C=US serialnumber=249376481855686298878436353699729151421 error="MSP Org4MSP is not defined on channel" And the policy error: Failed to handle INVOKE_CHAINCODE. error: failed evaluating policy on signed data during check policy [/Channel/Application/Readers]: [implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied] And the Application policy: Application: &ApplicationDefaults ACLs: &ACLsDefault ... # ACL policy for chaincode to chaincode invocation peer/ChaincodeToChaincode: /Channel/Application/Readers ... Policies: Readers: Type: ImplicitMeta Rule: "ANY Readers"
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms