Cross chaincode invoke, ACL policy problem (MSP not defined in called channel, but in caller) #fabric-chaincode


Sergio C
 

Hi,
Is it possible to cross-invoke a chaincode in other channel (channel-1) (using an identity that isn't part of the channel) from a chaincode in the channel-2 (identity is declared here)?

Example:
Org3 and Org4 are part of channel-2.
Org1, Org2 and Org3 are part of channel-1.
Org3 has chaincodeA (instantiated in channel-1) and chaincodeB (instantiated in channel-2) installed.

Org4.member invokes (query) chaincodeB (in Org3Peer) in channel-2 (ok, because Org4 is in channel-2), then chaincodeB internally invokes (query) chaincodeA (fails, because Org4Member MSP isn't defined in channel-1).

Is it possible to bypass this problem?
Any help appreciated.


satheesh
 

From what I understand, only "query" (read only) transactions work cross-invoking in different channels.
If state is modified by chaincode, then channel has to be same as callers chaincode.

In the example, if chaincodeB is invoking chaincodeA, can chaincodeA be deployed in channel-2 ?

Regards,
-Satheesh

On Tuesday, June 22, 2021, 04:34:16 PM GMT+5:30, Sergio C <schica@...> wrote:


Hi,
Is it possible to cross-invoke a chaincode in other channel (channel-1) (using an identity that isn't part of the channel) from a chaincode in the channel-2 (identity is declared here)?

Example:
Org3 and Org4 are part of channel-2.
Org1, Org2 and Org3 are part of channel-1.
Org3 has chaincodeA (instantiated in channel-1) and chaincodeB (instantiated in channel-2) installed.

Org4.member invokes (query) chaincodeB (in Org3Peer) in channel-2 (ok, because Org4 is in channel-2), then chaincodeB internally invokes (query) chaincodeA (fails, because Org4Member MSP isn't defined in channel-1).

Is it possible to bypass this problem?
Any help appreciated.


Sergio C
 

Hi,
Thank you very much for your response.

ChaincodeA only makes use of GetState calls, so I'm not modified the ledger.
I can't install chaincodeA in channel-2, I need to keep it isolated in another channel (channel-1).

I'm getting this warning when I call chaincodeB from channel-2 (logs from Org3Peer):
2021-06-28 08:52:56.258 UTC [policies] SignatureSetToValidIdentities -> WARN 0d7 invalid identity: certificate subject=CN=Admin@...,OU=admin,L=New York,ST=New York,C=US serialnumber=249376481855686298878436353699729151421 error="MSP Org4MSP is not defined on channel"
And the policy error:
 Failed to handle INVOKE_CHAINCODE. error: failed evaluating policy on signed data during check policy [/Channel/Application/Readers]: [implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied]
And the Application policy:

Application: &ApplicationDefaults

    ACLs: &ACLsDefault

    ...

    # ACL policy for chaincode to chaincode invocation

    peer/ChaincodeToChaincode: /Channel/Application/Readers

    ...   

Policies:       
    Readers:           
        Type: ImplicitMeta          
        Rule: "ANY Readers"