I'm trying to setup a user to be able to register and revoke other users. I use the fabric-ca-client command to register a user and enroll like so:
fabric-ca-client register \
--id.name user8 \
--id.affiliation org1 \
--id.type user \
--id.attrs 'hf.Registrar.Roles=user,hf.GenCRL=true, admin=true:ecert, hf.Revoker=true' \
--id.secret user2pw \
-u http://localhost:7054
fabric-ca-client enroll -u http://user8:user2pw@localhost:7054
Then I use it to register another user:
fabric-ca-client register \
--id.name user2b \
--id.affiliation org1 \
--id.type user \
--id.secret user3pw \
-u http://localhost:7054
So far, so good. But if try to revoke the newly created user, i get:
fabric-ca-client revoke -e user2b -r 'keycompromise' -u http://localhost:7054
2022/11/04 11:57:03 [INFO] Configuration file location: /Users/salimbene/.fabric-ca-client/fabric-ca-client-config.yaml
Error: Response from server: Error Code: 71 - Authorization failure
And in the fabric CA server I see:
2022/11/04 11:57:03 [INFO] [::1]:57012 POST /revoke 403 7 "Caller does not have authority to revoke"
I cannot figure out why I cannot revoke with my registrar user when its clearly stated in the attr property that hf.Revoker=true.
Any tips?
The problem was the spaces in this line:
--id.attrs 'hf.Registrar.Roles=user,hf.GenCRL=true, admin=true:ecert, hf.Revoker=true' \
There should be NO spaces in the string provided to --id.attrs:
--id.attrs 'hf.Registrar.Roles=user,hf.GenCRL=true,admin=true:ecert,hf.Revoker=true' \