search

hyperledger-bevel / bevel-operator-fabric

Hyperledger Fabric Kubernetes operator - Hyperledger Fabric operator for Kubernetes (v2.3, v2.4 and v2.5, soon 3.0)
https://hyperledger-bevel.github.io/bevel-operator-fabric/
Apache License 2.0
278 stars 93 forks source link

Command for revoking an identity missing #204

Open koh-osug opened 11 months ago

koh-osug commented 11 months ago

What happened?

I use:

kubectl hlf ca register
kubectl hlf ca enroll

to create a new client. The client can interact with the chaincode. Now I have to revoke this created identity. The command is missing.

What did you expect to happen?

That I can run something like:

kubectl hlf ca revoke

How can we reproduce it (as minimally and precisely as possible)?

kubectl hlf ca register ... kubectl hlf ca enroll ...

Anything else we need to know?

kubectl hlf identity delete does not seem to do what I want and cannot find data.

Logging into the CA container and trying to run gives:

fabric-ca-client identity list 2023/12/12 21:55:04 [ERROR] Enrollment check failed: either because 'x509 enrollment information does not exist - certFile: /var/hyperledger/fabric-ca/msp/signcerts/cert.pem keyFile: /var/hyperledger/fabric-ca/msp/keystore/key.pem' or 'Idemix enrollment information does not exist'

Kubernetes version

v1.27.5-gke.200

adityajoshi12 commented 6 months ago

Even after revoking from CA, you need to add it crl in channel to stop accepting txns signed from that identity.