Merge pull request #281 from hyperledger/permissions

Set group permissions in volumes

internal/blockchain/ethereum/connector/ethconnect/config.go

@@ -86,8 +86,8 @@ func (e *Ethconnect) GenerateConfig(stack *types.Stack, member *types.Organizati
 				RPC:           &RPC{URL: fmt.Sprintf("http://%s:8545", blockchainServiceName)},
 				OpenAPI: &OpenAPI{
 					EventPollingIntervalSec: 1,
-					StoragePath:             "./abis",
-					EventsDB:                "./events",
+					StoragePath:             "./data/abis",
+					EventsDB:                "./data/events",
 				},
 				HTTP: &HTTP{
 					Port: 8080,

internal/blockchain/ethereum/connector/ethconnect/docker.go

@@ -40,15 +40,13 @@ func (e *Ethconnect) GetServiceDefinitions(s *types.Stack, dependentServices map
 				Ports:         []string{fmt.Sprintf("%d:8080", member.ExposedConnectorPort)},
 				Volumes: []string{
 					fmt.Sprintf("ethconnect_config_%s:/ethconnect/config", member.ID),
-					fmt.Sprintf("ethconnect_abis_%s:/ethconnect/abis", member.ID),
-					fmt.Sprintf("ethconnect_events_%s:/ethconnect/events", member.ID),
+					fmt.Sprintf("ethconnect_data_%s:/ethconnect/data", member.ID),
 				},
 				Logging: docker.StandardLogOptions,
 			},
 			VolumeNames: []string{
 				fmt.Sprintf("ethconnect_config_%v", member.ID),
-				fmt.Sprintf("ethconnect_abis_%v", member.ID),
-				fmt.Sprintf("ethconnect_events_%v", member.ID),
+				fmt.Sprintf("ethconnect_data_%v", member.ID),
 			},
 		}
 	}

internal/blockchain/ethereum/connector/evmconnect/config.go

@@ -129,7 +129,7 @@ func (e *Evmconnect) GenerateConfig(stack *types.Stack, org *types.Organization,
 		},
 		Persistence: &PersistenceConfig{
 			LevelDB: &LevelDBConfig{
-				Path: "/evmconnect/leveldb",
+				Path: "/evmconnect/data/leveldb",
 			},
 		},
 		FFCore: &FFCoreConfig{

internal/blockchain/ethereum/connector/evmconnect/docker.go

@@ -35,18 +35,17 @@ func (e *Evmconnect) GetServiceDefinitions(s *types.Stack, dependentServices map
 			Service: &docker.Service{
 				Image:         s.VersionManifest.Evmconnect.GetDockerImageString(),
 				ContainerName: fmt.Sprintf("%s_evmconnect_%v", s.Name, i),
-				Command:       "-f /evmconnect/config/config.yaml",
+				Command:       "-f /evmconnect/config.yaml",
 				DependsOn:     dependsOn,
 				Ports:         []string{fmt.Sprintf("%d:%v", member.ExposedConnectorPort, e.Port())},
 				Volumes: []string{
-					fmt.Sprintf("evmconnect_config_%s:/evmconnect/config", member.ID),
-					fmt.Sprintf("evmconnect_leveldb_%s:/evmconnect/leveldb", member.ID),
+					fmt.Sprintf("%s/config/evmconnect_%s.yaml:/evmconnect/config.yaml", s.RuntimeDir, member.ID),
+					fmt.Sprintf("evmconnect_data_%s:/evmconnect/data", member.ID),
 				},
 				Logging: docker.StandardLogOptions,
 			},
 			VolumeNames: []string{
-				fmt.Sprintf("evmconnect_config_%s", member.ID),
-				fmt.Sprintf("evmconnect_leveldb_%s", member.ID),
+				fmt.Sprintf("evmconnect_data_%s", member.ID),
 			},
 		}
 	}

internal/blockchain/ethereum/connector/evmconnect/docker_test.go

@@ -83,7 +83,7 @@ func TestGetServiceDefinition(t *testing.T) {
 			serviceDefinitions := e.GetServiceDefinitions(tc.Members, tc.DependentServices)
 			assert.NotNil(t, serviceDefinitions)
 
-			expectedCommand := "-f /evmconnect/config/config.yaml"
+			expectedCommand := "-f /evmconnect/config.yaml"
 			if serviceDefinitions[0].Service.Command != expectedCommand {
 				t.Errorf("Expected Command %q, got %q", expectedCommand, serviceDefinitions[0].Service.Command)
 			}

internal/blockchain/fabric/fabconnect/client.go

@@ -42,7 +42,7 @@ type EnrollIdentityRequest struct {
 
 type EnrollIdentityResponse struct {
 	Name    string
-	Success string
+	Success bool
 }
 
 func CreateIdentity(fabconnectURL string, signer string) (*CreateIdentityResponse, error) {

internal/blockchain/fabric/fabconnect/client_test.go

@@ -110,11 +110,11 @@ func TestEnrollIdentity(t *testing.T) {
 			ApiResponse: `
 			{
 				"Name": "fabric_user-1",
-				"Success": "success"
+				"Success": true
 			}`,
 			ExpectedResponse: &EnrollIdentityResponse{
 				Name:    "fabric_user-1",
-				Success: "success",
+				Success: true,
 			},
 		},
 		{
@@ -126,11 +126,11 @@ func TestEnrollIdentity(t *testing.T) {
 			ApiResponse: `
 			{
 				"Name": "fabric_user-2",
-				"Success": "success"
+				"Success": true
 			}`,
 			ExpectedResponse: &EnrollIdentityResponse{
 				Name:    "fabric_user-2",
-				Success: "success",
+				Success: true,
 			},
 		},
 		{
@@ -142,11 +142,11 @@ func TestEnrollIdentity(t *testing.T) {
 			ApiResponse: `
 			{
 				"Name": "fabric_user-3",
-				"Success": "success"
+				"Success": true
 			}`,
 			ExpectedResponse: &EnrollIdentityResponse{
 				Name:    "fabric_user-3",
-				Success: "success",
+				Success: true,
 			},
 		},
 		{
@@ -157,12 +157,12 @@ func TestEnrollIdentity(t *testing.T) {
 			ApiResponse: `
 			{
 			   "Name": "fabric_user-4",
-			   "Success": "success"
+			   "Success": true
 			}   
 			`,
 			ExpectedResponse: &EnrollIdentityResponse{
 				Name:    "fabric_user-4",
-				Success: "success",
+				Success: true,
 			},
 		},
 	}

internal/core/config.go

@@ -162,7 +162,7 @@ func getPostgresURL(member *types.Organization) string {
 
 func getSQLitePath(member *types.Organization, runtimeDir string) string {
 	if !member.External {
-		return "/etc/firefly/db/sqlite.db?_busy_timeout=5000"
+		return "/etc/firefly/data/db/sqlite.db?_busy_timeout=5000"
 	} else {
 		return path.Join(runtimeDir, member.ID+".db")
 	}

internal/docker/docker.go

@@ -48,11 +48,17 @@ func CreateVolume(ctx context.Context, volumeName string) error {
 
 func CopyFileToVolume(ctx context.Context, volumeName string, sourcePath string, destPath string) error {
 	fileName := path.Base(sourcePath)
-	return RunDockerCommand(ctx, ".", "run", "--rm", "-v", fmt.Sprintf("%s:/source/%s", sourcePath, fileName), "-v", fmt.Sprintf("%s:/dest", volumeName), "alpine", "cp", "-R", path.Join("/", "source", fileName), path.Join("/", "dest", destPath))
+	source := path.Join("/", "source", fileName)
+	dest := path.Join("/", "dest", destPath)
+	// command := fmt.Sprintf("run --rm -v %s:%s -v %s:%s alpine /bin/sh -c 'cp -R %s %s '", sourcePath, source, volumeName, dest, source, dest, dest, dest)
+	command := fmt.Sprintf("cp -R %s %s && chgrp -R 0 %s && chmod -R g+rwX %s", source, dest, dest, dest)
+	return RunDockerCommand(ctx, ".", "run", "--rm", "-v", fmt.Sprintf("%s:%s", sourcePath, source), "-v", fmt.Sprintf("%s:/dest", volumeName), "alpine", "/bin/sh", "-c", command)
 }
 
 func MkdirInVolume(ctx context.Context, volumeName string, directory string) error {
-	return RunDockerCommand(ctx, ".", "run", "--rm", "-v", fmt.Sprintf("%s:/dest", volumeName), "alpine", "mkdir", "-p", path.Join("/", "dest", directory))
+	dest := path.Join("/", "dest", directory)
+	command := fmt.Sprintf("mkdir -p %s && chgrp -R 0 %s && chmod -R g+rwX %s", dest, dest, dest)
+	return RunDockerCommand(ctx, ".", "run", "--rm", "-v", fmt.Sprintf("%s:/dest", volumeName), "alpine", "/bin/sh", "-c", command)
 }
 
 func RemoveVolume(ctx context.Context, volumeName string) error {
@@ -85,6 +91,18 @@ func RunDockerCommand(ctx context.Context, workingDir string, command ...string)
 	//nolint:gosec
 	dockerCmd := exec.Command("docker", command...)
 	dockerCmd.Dir = workingDir
+	output, err := runCommand(ctx, dockerCmd)
+	if err != nil && output != "" {
+		return fmt.Errorf(output)
+	}
+	return err
+}
+
+func RunDockerCommandLine(ctx context.Context, workingDir string, command string) error {
+	parsedCommand := strings.Split(command, " ")
+	fmt.Println(parsedCommand)
+	dockerCmd := exec.Command("docker", parsedCommand...)
+	dockerCmd.Dir = workingDir
 	_, err := runCommand(ctx, dockerCmd)
 	return err
 }

internal/docker/docker_config.go

@@ -97,12 +97,12 @@ func CreateDockerCompose(s *types.Stack) *DockerComposeConfig {
 				},
 				Volumes: []string{
 					fmt.Sprintf("%s:/etc/firefly/firefly.core.yml:ro", configFile),
-					fmt.Sprintf("%s_db_%s:/etc/firefly/db", fireflyCore, member.ID),
+					fmt.Sprintf("%s_data_%s:/etc/firefly/data", fireflyCore, member.ID),
 				},
 				DependsOn: map[string]map[string]string{},
 				Logging:   StandardLogOptions,
 			}
-			compose.Volumes[fmt.Sprintf("%s_db_%s", fireflyCore, member.ID)] = struct{}{}
+			compose.Volumes[fmt.Sprintf("%s_data_%s", fireflyCore, member.ID)] = struct{}{}
 			compose.Services[fireflyCore+"_"+member.ID].DependsOn["dataexchange_"+member.ID] = map[string]string{"condition": "service_started"}
 			compose.Services[fireflyCore+"_"+member.ID].DependsOn["ipfs_"+member.ID] = map[string]string{"condition": "service_healthy"}
 		}

internal/stacks/stack_manager.go

@@ -520,6 +520,12 @@ func (s *StackManager) copyDataExchangeConfigToVolumes() error {
 		// Copy files into docker volumes
 		memberDXDir := path.Join(configDir, "dataexchange_"+member.ID)
 		volumeName := fmt.Sprintf("%s_dataexchange_%s", s.Stack.Name, member.ID)
+		if err := docker.MkdirInVolume(s.ctx, volumeName, "destinations"); err != nil {
+			return err
+		}
+		if err := docker.MkdirInVolume(s.ctx, volumeName, "peers"); err != nil {
+			return err
+		}
 		if err := docker.MkdirInVolume(s.ctx, volumeName, "peer-certs"); err != nil {
 			return err
 		}
@@ -695,7 +701,9 @@ func (s *StackManager) removeVolumes() error {
 	}
 	for _, volumeName := range volumes {
 		if err := docker.RunDockerCommand(s.ctx, "", "volume", "remove", fmt.Sprintf("%s_%s", s.Stack.Name, volumeName)); err != nil {
-			return err
+			if !strings.Contains(err.Error(), "no such volume") {
+				return err
+			}
 		}
 	}
 	return nil
@@ -952,9 +960,20 @@ func (s *StackManager) runFirstTimeSetup(options *types.StartOptions) (messages
 				},
 			}
 		}
+
 		if err := s.patchFireFlyCoreConfigs(configDir, member, newConfig); err != nil {
 			return messages, err
 		}
+
+		// Create data directory with correct permissions inside volume
+		dataVolumeName := fmt.Sprintf("%s_firefly_core_data_%s", s.Stack.Name, member.ID)
+		if err := docker.CreateVolume(s.ctx, dataVolumeName); err != nil {
+			return messages, err
+		}
+		if err := docker.MkdirInVolume(s.ctx, dataVolumeName, "db"); err != nil {
+			return messages, err
+		}
+
 	}
 
 	// Re-write the docker-compose config again, in case new values have been added