I would like to retrieve all transactions from the Hyperledger fabric netwrok for assurance. Please guide me to how retrieve transactions from all the peers to validate and completness of the transactions ?
Thanks in advance.
I think it depends on your business requirement. For audit purpose, it's more likely you want to know transactions about a specific asset(key/value). You can query history of a specific key using the GetHistoryForKey() shim API. A transactionId is contained in the response. Then you can query the detail by the transactionId.
In addition, there are some query apis provided from the Fabric SDKS. For instance, the NodeSDK. In the Channel class, there are a bunch of apis like queryInfo, queryBlockByID, queryBlock, and queryTransaction etc. The fabcar sample provides some NodeJS code you can follow up to create your own queries.
Finally, you can also inspect the ledgers (file based) directly from peer node. By default the path is /var/hyperledger/production/ledgersData/chains, within which there are ledger files per channel. To inspect the files, you may need to investigate the FileLedger impl. With some initialization work, you can inspect every block, the hash, the transactions and the Read/Write sets in detail. Hope this is helpful to you.
Related
I've been testing out interacting with the XRP Ledger, coding in Python. I started coding some basic queries regarding the status of the XRP Ledger from scratch based on the XRPL documentation (available here) but then discovered XRPL-PY (I've reviewed the GitHub repo here and the documentation here) and have since been predominately using XRPL-PY to interact with the XRP Ledger given its general ease of use. I've been able to accomplish most of the basic types of interactions with the XRP Ledger one might want to do, including creating a wallet and submitting an offer to exchange one currency for another on the XRP Ledger (what I'll call an "Offer"). However, one point that I have been unable to figure out, whether by using XRPL-PY or interacting with the XRP Ledger directly, is how to determine when/whether a previously submitted Offer has been fully consumed (i.e., another transaction, or transactions, were submitted to the XRP Ledger that accepted my Offer such that it is no longer outstanding and the offered currencies were exchanged at the offered rate). This seems like a basic query that most people interacting with the XRP Ledger would want to be able to establish, but I haven't seen anything in the XRPL or XRPL-PY documentation explaining how to do it. My preference would be to be able to subscribe to updates from the XRPL Ledger such that it lets me know once my Offer has been partially or fully consumed, but if that's not possible I would like to at least be able to repeatedly query the status of my Offer from the XRP Ledger and know what will change in the response once my Offer has been partially or fully consumed. Any suggestions would be greatly appreciated.
It looks like you had your question answered on another channel so I will include this here just in case people will find this useful later. Cheers!
You have 3 options:
POLLING account_offers. You can use the sequence number to identify the offer
POLLING book_offer. You can use the "Account" and "Sequence" fields to identify the offer.
WS subscribing to "accounts" using the account you want to track. This is the most "complex" because you need to parse all the metadata for all validated transactions that involve the particular account but it's the best because it's asynchronous and via websocket.
In the Hyperledger Fabric Docs, while reading about private data collections I came accross this sentence regarding memberReadOnly:
Utilize a value of false if you would like to encode more granular access control within individual chaincode functions.
If I understand this correctly, this allows me to code into the smart contract specifications that will allow me to limit control to eg. specific clients of one organization instead of all peers of member organizations.
If that is so, I am curious as to how this can be done in the contract. Is there a specific way to handle access control or is it at my own discretion to write code that will enforce it? If you can provide me with any examples it would be very helpful.
To clarify what I mean, I come from Ethereum and what I am essentially asking is whether there is something like the require method in solidity, or would I just use a simple if.
Thanks for any help. If you close question for wrong site, please point me to the right place as I have not been able to find somewhere more relevant.
You didn't understand correctly.
Setting this value (memberOnlyRead) to true means that if a client sends a proposal to a peer, and the client is not in the collection, then if the peer is in the collection and has access to the data - it will refuse with an error automatically no matter the smart contract says.
If it's false, then the peer won't enforce such a thing, and then you have more freedom to code any access control logic you want for the clients.
I see fabric-shim-crypto library for performing encyption & signing chaincode. This suggests to pass key through transient data.
I think about another approach in which we can add it as an custom attribute in the certificate during certicate generation. This way whenever user interact with the chaincode, key can be retrieved by accessing the certificate and perfrom related crypto operation.
Which approach will be better and what are the pros and cons of both.
Second approach looks good , you can use attribute based access control lib in chaincode to achieve this
I'm working with Hyperledger Fabric, and developing Chaincode in Golang. I have the following use case and am not sure how to implement this in Fabric.
Suppose i have Bank1, Bank2, and Bank3 peer organizations. I want to design a system where they each store Client information (where client is a bank account holder). Typically, I wouldn't want Bank2 to have acess to Bank1's clients -- but if the client invokes a certain function call somehow, bank2 should be able to fetch that client's information over from bank1 (given all banks share a channel)
How can I achieve something like this in chaincode?
I've looked at ABAC, im not sure how i can update the attribute of an org to allow access to a specific client based on them having taken an action
Thank You
One solution could be to have private information outside of blockchain, and enable each bank to query it's private information by an API, directly from your chaincode, and have a shared channel among all the banks that share information through chaincode calls. Of course all APIs must be secured to be only queryble by it's own bank.
Another solution without having to implement things out of your blockchain would be to use private data collections, which is an improvement made to Fabric in version 1.2. More information here: https://hyperledger-fabric.readthedocs.io/en/release-1.2/private-data/private-data.html
Update:
Is it safe to call external apis from the chaincode? How would I maintain secret keys/tokens?
Yep, it's safe as far as you secure your communications and your endpoints. An easy solution would be to have your node and your private data store inside the same network, inside a firewall. In that way you wouldn't have to worry about security inside your applications.
To implement this using Private Data, is it possible to maybe have an array of strings which are identifiers for the banks in the Client struct, and the client can invoke functions to allow more banks, and when banks try to query a Client the code checks that array if the bank's identifier is included there or not?
It seems to me that you are in the right direction, but I would implement it as a JSON file, more than an array with access rules, stating that for BankA, BankB has access to this and that functions and so on, and also you can set levels of visibility in the information, and then implement the logic that reads and uses that config in your chaincode. In production, each node will have to have its own config file, but for development you can have a single config file with all the rules.
Update 2:
Is it possible for someone from an organization to 'query' the ledger or read it's state directly and NOT through the chaincode?
Short answer: yes, it is possible. Whatever gets written in the blockchain, would be readable by administrators of peers, and anybody who has control over private keys. BUT here is where architecture comes into play: if you don't need something written in the blockchain, just don't write it. It depends on what you want the blockchain for. If it's just to attest that an information has been shared, just save the necessary information: 'bankA shared info about userB with bankC'. The actual info doesn't have to be saved in the blockchain. If you need to have the info in the blockchain and you want to keep it private, I think the best solution is using private data collections, and be awared that in fact private data is not subject to consensus, because private data gets saved in a side DB only in the peers/organizations involved in the private transaction, not in every peer.
I'm looking at knowing, In order to update a asset,
When should I need to write Transaction in lib/script.js
vs.
when should I be using composer-client code using bizNetworkConnection.getAssetRegistry?
I see that I cant use the feature of event emission in later case, Is there any other reason why I should be using it?
Please help me know.
The important thing about writing a Transaction is that it becomes part of the Agreed Smart Contract. So the creation of one or more assets or participants in the same transaction with the associated logic is agreed. This Transaction is a class and can have a specific ACL rule associated with it (also in the smart contract), whereas if you use composer-client you would add individual assets or participants using a generic system transaction AddAsset or AddParticipant.
So writing your code in a Transaction provides a 'better' Blockchain app with a stronger Smart Contract and improved security.