feat: #7

cdklabs · Aug 21, 2022 · 26ad7a6 · 26ad7a6
1 parent 3117c07
commit 26ad7a6
Show file tree

Hide file tree

Showing 3 changed files with 100 additions and 8 deletions.
diff --git a/API.md b/API.md
diff --git a/src/network.ts b/src/network.ts
@@ -124,8 +124,15 @@ export interface HyperledgerFabricNetworkProps {
    */
   readonly client?: client.HyperledgerFabricClientProps;
 
+  /**
+   * Configuration to enable/disable enrollment of admin user
+   * @default - true
+   */
+  readonly enrollAdmin?: boolean;
+
   /**
    * List of users to register with Fabric CA
+   * Note: enrollAdmin property has to be enabled for registering users
    */
   readonly users?: Array<user.HyperledgerFabricUserProps>;
 
@@ -238,6 +245,11 @@ export class HyperledgerFabricNetwork extends constructs.Construct {
    */
   public readonly client: client.HyperledgerFabricClient;
 
+  /**
+   * Configuration to enable/disable admin user enrollment
+   */
+  public readonly enrollAdmin: boolean;
+
   /**
    * List of users registered with CA
    */
@@ -264,6 +276,7 @@ export class HyperledgerFabricNetwork extends constructs.Construct {
     this.thresholdPercentage = props.thresholdPercentage ?? 50;
     this.thresholdComparator = props.thresholdComparator ?? ThresholdComparator.GREATER_THAN;
     this.enableCaLogging = props.enableCaLogging ?? true;
+    this.enrollAdmin = props.enrollAdmin ?? true;
     this.users = [];
 
     // Ensure the parameters captured above are valid, so we don't
@@ -288,6 +301,12 @@ export class HyperledgerFabricNetwork extends constructs.Construct {
       throw new Error('Voting policy threshold percentage must be between 0 and 100.');
     }
 
+    // Ensure the users property is not defined,
+    // if the enrollAdmin property is disabled
+    if (!this.enrollAdmin && props.users) {
+      throw new Error('Enroll admin property has to be enabled for registering users');
+    }
+
     // Ensure the user affiliation includes the member name,
     // if the user list for registration is provided
     if (props.users) {
@@ -427,14 +446,18 @@ export class HyperledgerFabricNetwork extends constructs.Construct {
     // Build out the client VPC construct
     this.client = new client.HyperledgerFabricClient(this, 'NetworkClient', props.client);
 
-    // Build out all the custom resources to register and enroll identities to CA
-    const identityResources = new identity.HyperledgerFabricIdentity(this, 'Identity');
+    // Enroll admin and users, if enabled
+    if (this.enrollAdmin) {
+      // Build out all the custom resources to register and enroll identities to CA
+      const identityResources = new identity.HyperledgerFabricIdentity(this, 'Identity');
 
-    // Enroll the administrator and store its credentials on Secrets Manager
-    new cdk.CustomResource(this, 'AdminCustomResource', { serviceToken: identityResources.adminProvider.serviceToken });
+      // Enroll the administrator and store its credentials on Secrets Manager
+      new cdk.CustomResource(this, 'AdminCustomResource', { serviceToken: identityResources.adminProvider.serviceToken });
+
+      // Register and enroll users, if provided
+      if (props.users) this.users = Array.from(props.users.entries()).map(e => new user.HyperledgerFabricUser(this, `User${e[0]}`, e[1]));
+    }
 
-    // Register and enroll users, if provided
-    if (props.users) this.users = Array.from(props.users.entries()).map(e => new user.HyperledgerFabricUser(this, `User${e[0]}`, e[1]));
   }
 
 }
diff --git a/test/network.test.ts b/test/network.test.ts
@@ -229,6 +229,32 @@ describe('HyperledgerFabricNetwork', () => {
     expect(network.enableCaLogging).toBe(true);
   });
 
+  test('Create network without admin enrollment', () => {
+    const app = new cdk.App({ context });
+    const stack = new cdk.Stack(app, 'TestStack', DEFAULT_ENV);
+    const network = new hyperledger.HyperledgerFabricNetwork(stack, 'TestHyperledgerFabricNetwork', {
+      networkName: 'TestNetwork',
+      memberName: 'TestMember',
+      enrollAdmin: false,
+    });
+
+    expect(network.enrollAdmin).toBe(false);
+
+    const template = assertions.Template.fromStack(stack);
+    const enrollLambda = template.findResources('AWS::Lambda::Function', {
+      Properties: {
+        Environment: {
+          Variables: {
+            TLS_CERT_BUCKET: 'us-east-1.managedblockchain',
+            TLS_CERT_KEY: 'etc/managedblockchain-tls-chain.pem',
+          },
+        },
+        Handler: 'enroll-admin.handler',
+      },
+    });
+    expect(Object.keys(enrollLambda).length).toBe(0);
+  });
+
   test('Fail to create a network in an unsupported region', () => {
     expect(hyperledger.SUPPORTED_REGIONS).not.toContain('us-west-1');
     const unsupportedRegion = () => {
@@ -403,6 +429,22 @@ describe('HyperledgerFabricNetwork', () => {
     expect(thresholdNotInteger).toThrow(Error);
   });
 
+  test('Fail to create a network with users to register and disabled admin enrollment ', () => {
+    const adminNotEnrolled = () => {
+      const app = new cdk.App({ context });
+      const stack = new cdk.Stack(app, 'TestStack', DEFAULT_ENV);
+      new hyperledger.HyperledgerFabricNetwork(stack, 'TestHyperledgerFabricNetwork', {
+        networkName: 'TestNetwork',
+        memberName: 'TestMember',
+        enrollAdmin: false,
+        users: [
+          { userId: 'TestUser', affilitation: 'department1' },
+        ],
+      });
+    };
+    expect(adminNotEnrolled).toThrow(Error);
+  });
+
   test('Fail to create a network with invalid user affiliation', () => {
     const invalidAffiliation = () => {
       const app = new cdk.App({ context });