I'm using the RESTful API to communicate to the ledger. I've added some protection to the API by using Passport.
Now I'd like to issue an identity to a specific participant in the network. The CLI command works just fine.
composer identity issue -n 'epd' -i admin -s adminpw -u "myid" -a "nl.epd.blockchain.Patient#myid"
But whenever I try to use the RESTful API call it keeps saying:
No enrollment ID or enrollment secret has been provided
The payload I am sending looks like the following
{
"participant": "nl.epd.blockchain.Patient#myid",
"userID": "myid",
"options": {
"enrollmentID" : "admin",
"enrollmentSecret" : "adminpw"
}
}
To startup the REST server I use the following code:
composer-rest-server -n epd -p defaultProfile -i admin -s adminpw -N never -P 3000 -S true
So I guess my payload is incorrect because it can't find the enrollmentid and secret. So what's the correct format for the payload?
You don't need to put the enrollmentID and enrollmentSecret as part of the payload. Those get passed in via the composer-rest-server.
Here are some instructions on enabling REST authentication for a business network. https://hyperledger.github.io/composer/integrating/enabling-rest-authentication.html
I think the step you are missing is Adding a Blockchain identity to the default wallet
Related
I'm trying to fetch a user from the TrueVault API using curl.
I've been using the following curl command (as per the documentation):
curl https://api.truevault.com/v2/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx7ce \
-X GET \
-u API_KEY:"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx461"
The credentials:
user_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx7ce
api key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx461
Every time I send the request I'm getting an error:
"error": {
"code": "AUTH.UNSUCCESSFUL",
"message": "Authentication Failure.",
"type": "invalid_request_error"
},
"result": "error",
"transaction_id": "xxxxxxxx-xxxx-xxxx-xxxx-3ba883e31f99"
So I wanted to check if maybe I'm doing wrong or might be something else.
This user has all permissions (Create, Read, Update, Delete).
It looks like your Auth Header is malformed. You can read more about how to build the Auth Header here: https://docs.truevault.com/overview#authentication.
For a simple curl you can use the -u option instead of building the base64 Basic Auth header. -u expects username:password, but TrueVault's API is token-based so they want you to do "$API_KEY:". Note the empty second component! That trailing : is critical.
Try this:
curl https://api.truevault.com/v2/users/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx7ce \
-X GET \
-u "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx461:"
I'm trying to create a github repo using the v3 api, but I always get a Not Found error. I want to do it only with curl and without oauth. This is what I'm trying:
curl -u myusername https://api.github.com/users/repos -d '{"name": "reponame"}'
What am I missing?
You can't do it without an Access Token.
Also, please feel free to look at my GitHub open source project Git-Captain.
I created a web-application with a Node.js back-end and HTML/JS front-end that you can setup to have an API do many of these calls for you. It has a step-by-step for a windows server and I'll be adding a Linux step-by-step soon.
It would only take a slight tweak to the project to add a new end-point to the source to do this for you.
To answer your question,
The GitHub API documentation explains exactly how to do what you are requesting on this link.
Giving this example:
as you requested in CURL and obviously replace the token "5199..." with your own:
curl -i -H "Authorization: token 5199831f4dd3b79e7c5b7e0ebe75d67aa66e79d4" \
-d '{ \
"name": "blog", \
"auto_init": true, \
"private": true, \
"gitignore_template": "nanoc" \
}' \
https://api.github.com/user/repos
OR
Not in CURL and according to this StackOverflow question you can do the following:
https://api.github.com/orgs/<organisation_name>/repos?access_token=<generated token>
or
https://api.github.com/users/<username>/repos?access_token=<generated token>
In body, pass this as a payload:
{
<br/>"name": "<Repo Name>",<br/>
"description": "<Whateveryour description is>",<br/>
"homepage": "https://github.com",<br/>
"private": false,<br/>
}
You can get a "personal access token in GitHub" by going to Settings->Developer Settings-> Personal Access Tokens->Generate new token
OR do all of the following
Write a script (let's call this script #1) that takes the username,password, and repoName as a parameter.
That script will call script #2, which is curl -u ' USER-NAME-HERE' https://api.github.com/user/repos -d '{"name": "REPO-NAME-HERE"}' which will prompt for your user password,
have your script #1 listen for script #2's response and then have it enter in the password which the user passed in as a parameter in script#1
Finally programmatically hit enter which fires off the curl to create your repo.
UPDATE*
So for some reason, the CURL won't work at all, but the Git-Hub API end point https://api.github.com/user/repos does indeed work. Using POSTMAN, I was able to create a new POST with the URL being https://api.github.com/user/repos and the BODY set to:
{
"name": "Hello-World",
"description": "This is your first repository",
"homepage": "https://github.com",
"private": false,
"has_issues": true,
"has_projects": true,
"has_wiki": true
}
Then I went to the 'Authorization' section of postman and under 'Type' I selected "Basic Auth" entered my username and password.
Clicked update request and then send and my repo was created!
I am trying to make a connection to MongoDB with a dynamically created username and password in node-vault.
For eg. in https://www.vaultproject.io/docs/secrets/databases/mongodb.html
Vault docs, there we create dynamic username and password to log in like:
$ vault read database/creds/my-role
Key Value
--- -----
lease_id database/creds/my-role/2f6a614c-4aa2-7b19-24b9ad944a8d4de6
lease_duration 1h
lease_renewable true
password 8cab931c-d62e-a73d-60d3-5ee85139cd66
username v-root-e2978cd0-
How can I have this behaviour using node-vault so that I can access MongoDB?
I did this using their go http client. Since node-vault is also http client using node.js. So i think procedure will be same.
First enable database(if it not enabled).
$ vault secrets enable database.
api for this: https://www.vaultproject.io/api/system/mounts.html#enable-secrets-engine.
Write mongodb config
$ vault write database/config/my-mongodb-database \
plugin_name=mongodb-database-plugin \
allowed_roles="my-role" \
connection_url="mongodb://{{username}}:{{password}}#mongodb.acme.com:27017/admin?ssl=true" \
username="admin" \
password="Password!"
api for this: https://www.vaultproject.io/api/secret/databases/mongodb.html#configure-connection
Configure a role to create the database credential
$ vault write database/roles/my-role \
db_name=my-mongodb-database \
creation_statements='{ "db": "admin", "roles": [{ "role": "readWrite" }, {"role": "read", "db": "foo"}] }' \
default_ttl="1h" \
max_ttl="24h"
api for this: https://www.vaultproject.io/api/secret/databases/index.html#create-role
Generate a new credential by reading from the /creds endpoint
$ vault read database/creds/my-role
api for this: https://www.vaultproject.io/api/secret/databases/index.html#generate-credentials
Here https://github.com/kr1sp1n/node-vault/blob/master/example/mount_postgresql.js they do quite similar thing for postgreSQL in node-vault github repo.
I tried two different tutorials:
This one to deploy docker images locally:
https://github.com/hyperledger/fabric-samples
I tried the fabcar sample. Everything works fine. I'm able to enroll the admin, register a user and invoke transactions using this user identity. Nice.
The second one to deploy a fabric composer playground on bluemix:
https://ibm-blockchain.github.io/setup/
I was able to get into the composer playground and deploy business network examples. I'm also able to upload and deploy my own business networks I designed locally with composer-cli. I exposed the network over a Rest Server with admin rights in order to test the transactions. All works fine.
Now it comes to my problem. I want to combine both examples (just for fun, learning by doing:)). I want to deploy the fabcar samples network to the kubernetes environment on bluemix and interact with the network using the fabric node sdk like in example 1. So I made following changes in the scripts/yaml files of example 2:
adapt the chaincode installation procedure
in the create_all.sh. line 41 (for peer 1) and line 45 (for peer 2). I changed the values of the env variables CHAINCODE_NAME and CHAINCODE_VERSION
echo "=> CREATE_ALL: Running Install Chaincode on Org1 Peer1" CHAINCODE_NAME="fabcar" CHAINCODE_VERSION="1.0" MSP_CONFIGPATH="/shared/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp" PEER_MSPID="Org1MSP" PEER_ADDRESS="blockchain-org1peer1:30110" create/chaincode_install.sh
in the chaincode_install.yaml.base line 16, I changed the path of the chaincode. I forked the https://github.com/hyperledger/fabric and added the fabcar.go chaincode from example 1 to the new repository https://github.com/bigbelette/fabric
command: ["sh", "-c", "git clone https://github.com/bigbelette/fabric $GOPATH/src/github.com/bigbelette/fabric/ && peer chaincode install -n ${CHAINCODE_NAME} -v ${CHAINCODE_VERSION} -p github.com/bigbelette/fabric/examples/chaincode/go/fabcar/"]
adapt the chaincode instantiation procedure:
in the create_all.sh. line 49. I changed the values of the env variables CHAINCODE_NAME and CHAINCODE_VERSION:
CHANNEL_NAME="channel1" CHAINCODE_NAME="fabcar" CHAINCODE_VERSION="1.0" MSP_CONFIGPATH="/shared/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp" PEER_MSPID="Org1MSP" PEER_ADDRESS="blockchain-org1peer1:30110" create/chaincode_instantiate.sh
In the chaincode_instantiate.yaml.base, I made the parameter list empty:
command: ["sh", "-c", "peer chaincode instantiate -o blockchain-orderer:31010 -C ${CHANNEL_NAME} -n ${CHAINCODE_NAME} -v ${CHAINCODE_VERSION} -c '{\"Args\":[\"\"]}'"]
The deployment on the cluster works without an error. In the fabcar examples node js file enrollAdmin, regiserUser, query and invoke, I changed the channel name (from mychannel to channel1) and the IPs and ports to match to the online kubernetes services:
enrollAdmin.js and registerUser.js work fine so I can get the certificates and store it in the key store. But when I try to invoke a transaction, i get the following error:
It seems the CA which gave me the certificates is not recognized by the peers. But there is only one CA in my network!? Or is it a problem in the MSP definition (something I still dont understand well).
Thanks for your help.
I finally found the error.
My network has 1 CA (the root CA, named ca) and 2 "sub" CAs (ca1 und ca2). I was enrolling admin and user directly by the root CA because I didnt mention the name of the ca in the parameters of the Fabric_CA_Client class:
fabric_ca_client = new Fabric_CA_Client('http://184.173.5.108:30054', tlsOption, crypto_suite)
Without the name, the used CA will be the default CA (Root CA in my case). But the signature of user certificates by the root CA wont be recognized by the peers. Only the signatures from the last hierarchical CA levels will be accepted. So the solution was to refer the name of the CA:
fabric_ca_client = new Fabric_CA_Client('http://184.173.5.108:30054', tlsOptions , 'CA1', crypto_suite)
It works. Now the user can invoke transactions.
I built a Fabric network with multiple orgs and tls enabled. Crypto material was built with cryptogen. I do not intend to use fabric-ca in my example.
I installed and instantiated fabcar through CLI. Invoke and Query with CLI commands work as charm.
Now, for the purpose of using nodejs scripts query.js and invoke.js I concatenated a private and public key in order to create PeerAdmin credential for Fabcar. I also altered a configuration in .js files to aim at peers and orderers with grpcs.
Whenever I execute any .js script, I am constantly getting the following error:
Create a client and set the wallet location
Set wallet path, and associate user PeerAdmin with application
Check user is enrolled, and set a query URL in the network
Caught Error Error: PEM encoded certificate is required.
at new Endpoint (/home/hl/fabcar/node_modules/fabric-client/lib/Remote.js:146:11)
at new Remote (/home/hl/fabcar/node_modules/fabric-client/lib/Remote.js:95:20)
at new Peer (/home/hl/fabcar/node_modules/fabric-client/lib/Peer.js:53:3)
at Client.newPeer (/home/hl/fabcar/node_modules/fabric-client/lib/Client.js:173:14)
at Promise.resolve.then.then.then (/home/hl/fabcar/query.js:39:28)
at <anonymous>
When I try to query the chaincode without grpcs I receive the following error:
Create a client and set the wallet location
Set wallet path, and associate user PeerAdmin with application
Check user is enrolled, and set a query URL in the network
Make query
Assigning transaction_id: 9cbf355cda03db2b1971fe10af27d66686ea9b913eda80f667cac48bada015bf
error: [client-utils.js]: sendPeersProposal - Promise is rejected: Error: Endpoint read failed
at /home/hl/fabcar/node_modules/grpc/src/client.js:554:15
returned from query
Query result count = 1
error from query = { Error: Endpoint read failed
at /home/hl/fabcar/node_modules/grpc/src/client.js:554:15 code: 14, metadata: Metadata { _internal_repr: {} } }
Response is Error: Endpoint read failed
PeerAdmin content:
{"name":"PeerAdmin","mspid":"PeerOrgMSP","roles":null,"affiliation":"","enrollmentSecret":"","enrollment":{"signingIdentity":"[...]","identity":{"certificate":"-----BEGIN CERTIFICATE-----\n[...]-----END CERTIFICATE-----\n"}}}
Any help in pointing me to a right procedure or troubleshooting with the above would be greatly appreciated.
I understand that you are going to do a fabcar without a Fabric CA.
If so, you can't use the Node.js application because it is using user context and you didn't enroll user context.
But you want to use fabcar without CA, you can invoke or query transaction as cli.
connect to cli container, if you use fabcar, cli-container-name is 'cli' so
docker exec -it cli bash
In cli container, you can invoke or query transaction. as the example below
peer chaincode query -C mychannel -n fabcar -c '{"Args":["queryAllCars",""]}'
peer chaincode query -C mychannel -n fabcar -c '{"Args":["queryCar","CAR4"]}'
invoking transaction is same
When you enable gRPCs you must pass the pem as a parameter in the instantiation of the various Hyperledger element objects (e.g. peer, orderer). In the case of the fabcar example (invoke.js):
// This is a new line
var options = {
tls_cert: {
pem: fs.readFileSync(path.join(__dirname, './network/tls') + '/peer.cert').toString(),
}
};
...
// Replace the original instantiation by adding the pem option
var peer = fabric_client.newPeer('grpcs://fft-zbc03a.4.secure.blockchain.ibm.com:26268', {
pem: options.tls_cert.pem
});
channel.addPeer(peer);
// Replace the original instantiation by adding the pem option
var order = fabric_client.newOrderer('grpcs://fft-zbc03b.4.secure.blockchain.ibm.com:20161', {
pem: options.tls_cert.pem
})
...
// Replace the original instantiation by adding the pem option
event_hub.setPeerAddr('grpcs://fft-zbc03a.4.secure.blockchain.ibm.com:23972', {
pem: options.tls_cert.pem
});
The code above assumes that you downloaded the right certificates to network/tls/. These certificates can be downloaded by sending requests to the CA. For a full example refer to the Bluemix documentation here.