Hyperledger Fabric CA:在管理员的从属关系更改后无法执行GetAllIdentities()

Question

我使用注册器管理(没有从属字段)注册用户(具有从属关系"org1.department1")。然后，我的管理员被阻止，因为输入了10次错误的密码。我试图获得用户身份使用另一个管理员(与从属关系字段)。现在我从这个代码块中得到了错误(dbaccessor.go，592)：

if util.ListContains(types, "*") { // If type is '*', allowed to get back of all types for requested affiliation
        query := "SELECT * FROM users WHERE ((affiliation = ?) OR (affiliation LIKE ?))"
        rows, err := d.db.Queryx("GetFilteredUsers", d.db.Rebind(query))
        if err != nil {
            return nil, errors.Wrapf(err, "Failed to execute query '%s' for affiliation '%s' and types '%s'", query, affiliation, types)
        }
        return rows, nil
    }

下面是我收到的错误消息：

172.19.0.1:59830 GET /identities?ca=ca.rzd.wheelsets.ru 500 49 "Failed to get users by affiliation and type: Failed to execute query 'SELECT * FROM users WHERE ((affiliation = ?) OR (affiliation LIKE ?))' for affiliation 'org1.department1' and types '*': Not enough args to execute query. Expected 2, got 0."

这是不是意味着我不能获得用户，注册管理员与另一个附属关系，对吗？

我需要：

(1)更改管理员密码或

(2)创建新的管理员

但在情况(1)我不能颁发modifyRequest，因为它需要从属关系(如果我改变它，我将失去读取注册身份的能力)，并且在情况(2)新颁发的管理员将有从属关系字段，将无法获得身份。

Answer 1

在尝试注册新的注册器用户后，我遇到了同样的问题：

使用管理员注册器CA的身份列表工作正常：

vagrant@vagrant:~/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate_client$ fabric-ca-client identity list  -u https://localhost:7154 --caname ca-org1-intermediate --tls.certfiles /home/vagrant/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate/ca-cert.pem
Name: admin, Type: client, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:1 ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:hf.Revoker Value:1 ECert:false} {Name:hf.IntermediateCA Value:1 ECert:false} {Name:hf.GenCRL Value:1 ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false}]
Name: davidfdr, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:app1Admin Value:true ECert:true} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.EnrollmentID Value:davidfdr ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true} {Name:hf.Revoker Value:true ECert:false}]
Name: davidfdr2, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:app1Admin Value:true ECert:true} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:hf.EnrollmentID Value:davidfdr2 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
Name: davidfdr3, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:true ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:app1Admin Value:true ECert:true} {Name:hf.Revoker Value:true ECert:false} {Name:hf.IntermediateCA Value:true ECert:false} {Name:hf.GenCRL Value:true ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.EnrollmentID Value:davidfdr3 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
Name: davidfdr4, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:true ECert:false} {Name:hf.IntermediateCA Value:true ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.Revoker Value:true ECert:false} {Name:hf.GenCRL Value:true ECert:false} {Name:app1Admin Value:true ECert:true} {Name:email Value:david@gmail.com ECert:false} {Name:hf.EnrollmentID Value:davidfdr4 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
Name: davidfdr5, Type: admin, Affiliation: org1, Max Enrollments: -1, Attributes: [{Name:hf.AffiliationMgr Value:true ECert:false} {Name:hf.IntermediateCA Value:true ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:email Value:david@gmail.com ECert:false} {Name:phone Value:5561991538000 ECert:false} {Name:hf.Revoker Value:true ECert:false} {Name:hf.GenCRL Value:true ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:app1Admin Value:true ECert:true} {Name:hf.EnrollmentID Value:davidfdr5 ECert:true} {Name:hf.Type Value:admin ECert:true} {Name:hf.Affiliation Value:org1 ECert:true}]
vagrant@vagrant:~/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate_client$

但在使用以下命令注册新用户后：

fabric-ca-client register --id.name davidfdr4 --id.secret davidfdrpw --id.type admin --id.affiliation org1 --id.attrs 'hf.AffiliationMgr=true,hf.Revoker=true,hf.IntermediateCA=true,hf.GenCRL=true,hf.Registrar.Attributes=*,hf.Registrar.Roles=*,hf.Registrar.DelegateRoles=*,app1Admin=true:ecert,email=david@gmail.com,phone=5561991538000'  --caname ca-org1-intermediate --tls.certfiles /home/vagrant/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate/ca-cert.pem

在为用户davidfdr4注册id并发出一个简单的：

fabric-ca-client identity list  -u https://localhost:7154 --caname ca-org1-intermediate --tls.certfiles /home/vagrant/fabric-samples/test-network/organizations/fabric-ca/org1_intermediate/ca-cert.pem

服务器返回相同的错误：

ca_org1_intermediate|2021/08/28 21:05:25 [INFO] 172.31.0.1:45884 GET /identities?ca=ca-org1-intermediate 500 49 "Failed to get users by affiliation and type: Failed to execute query 'SELECT * FROM users WHERE ((affiliation = ?) OR (affiliation LIKE ?))' for affiliation 'org1' and types '*': not enough args to execute query: want 2 got 0"

这是一个错误吗？？https://jira.hyperledger.org/browse/FABC-548