Enable TLS for committer all-in-one container in fabric-x integration tests

Rozerxshashank · Rozerxshashank · commit 633cb16673bf · 2026-04-24T20:27:30.000+05:30
Signed-off-by: Shashank &lt;yshashank959@gmail.com&gt;
diff --git a/integration/nwo/fabricx/extensions/scv2/container.go b/integration/nwo/fabricx/extensions/scv2/container.go
@@ -10,6 +10,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"path/filepath"
 	"runtime"
 	"time"
 
@@ -34,7 +35,7 @@ var (
 	scalableCommitterImages = map[string]string{
 		v3.CommitterVersion: v3.ScalableCommitterImage,
 	}
-	envVars = map[string]func(peerMSPDir, scMSPID, channelName, ordererEndpoint string) []string{
+	envVars = map[string]func(peerMSPDir, peerTLSDir, scMSPID, channelName, ordererEndpoint string, tlsEnabled bool, ordererTLSCACert string) []string{
 		v3.CommitterVersion: v3.ContainerEnvVars,
 	}
 	containerCmds = map[string][]string{
@@ -96,7 +97,10 @@ func (e *Extension) launchContainer() {
 		extraHosts = append(extraHosts, "host.docker.internal:host-gateway")
 	}
 
-	containerEnvOverride := envVars[committerVersion](peerMSPDir, scMSPID, e.channel.Name, ordererEndpoint)
+	peerTLSDir := peerDockerTLSDir(e.network, scPeer)
+	ordererTLSCACert := filepath.Join("/", "root", "artifacts", "crypto", "ordererOrganizations", e.network.OrdererOrgs()[0].Domain, "orderers", fmt.Sprintf("%s.%s", e.network.Orderers[0].Name, e.network.OrdererOrgs()[0].Domain), "tls", "ca.crt")
+
+	containerEnvOverride := envVars[committerVersion](peerMSPDir, peerTLSDir, scMSPID, e.channel.Name, ordererEndpoint, e.network.TLSEnabled, ordererTLSCACert)
 	containerCmd := containerCmds[committerVersion]
 	containerSidecarPort := sidecarDefaultPort[committerVersion]
 	containerQueryServicePort := queryServiceDefaultPort[committerVersion]
diff --git a/integration/nwo/fabricx/extensions/scv2/utils.go b/integration/nwo/fabricx/extensions/scv2/utils.go
@@ -30,6 +30,22 @@ func peerDockerMSPDir(n *network.Network, p *topology.Peer) string {
 	)
 }
 
+func peerDockerTLSDir(n *network.Network, p *topology.Peer) string {
+	org := n.Organization(p.Organization)
+
+	return filepath.Join(
+		"/",
+		"root",
+		"artifacts",
+		"crypto",
+		"peerOrganizations",
+		org.Domain,
+		"peers",
+		fmt.Sprintf("%s.%s", p.Name, org.Domain),
+		"tls",
+	)
+}
+
 func rootCrypto(n *network.Network) string {
 	return filepath.Join(
 		n.RootDir,
diff --git a/integration/nwo/fabricx/extensions/v3/test_utils.go b/integration/nwo/fabricx/extensions/v3/test_utils.go
@@ -6,21 +6,24 @@ SPDX-License-Identifier: Apache-2.0
 
 package v3
 
+import (
+	"path"
+)
+
 const (
 	CommitterVersion        = "v3"
 	ScalableCommitterImage  = "hyperledger/fabric-x-committer-test-node:0.1.9"
 	SidecarDefaultPort      = "4001/tcp"
 	QueryServiceDefaultPort = "7001/tcp"
 )
 
-var ContainerCmd = []string{"run", "db", "orderer", "committer", "--insecure"}
+var ContainerCmd = []string{"run", "db", "orderer", "committer"}
 
-func ContainerEnvVars(peerMSPDir, scMSPID, channelName, ordererEndpoint string) []string {
-	return []string{
+func ContainerEnvVars(peerMSPDir, peerTLSDir, scMSPID, channelName, ordererEndpoint string, tlsEnabled bool, ordererTLSCACert string) []string {
+	env := []string{
 		"SC_SIDECAR_LOGGING_LOGSPEC=debug",
 		"SC_SIDECAR_ORDERER_CHANNEL_ID=" + channelName,
 		"SC_SIDECAR_ORDERER_SIGNED_ENVELOPES=true",
-		"SC_SIDECAR_ORDERER_TLS_MODE=none",
 		"SC_SIDECAR_ORDERER_IDENTITY_MSP_ID=" + scMSPID,
 		"SC_SIDECAR_ORDERER_IDENTITY_MSP_DIR=" + peerMSPDir,
 		"SC_QUERY_SERVICE_SERVER_ENDPOINT=:7001",
@@ -32,4 +35,15 @@ func ContainerEnvVars(peerMSPDir, scMSPID, channelName, ordererEndpoint string)
 		"SC_VERIFIER_LOGGING_LOGSPEC=INFO",
 		"SC_SIDECAR_SERVER_MAX_CONCURRENT_STREAMS=0",
 	}
+	if tlsEnabled {
+		env = append(env,
+			"SC_SIDECAR_ORDERER_TLS_MODE=tls",
+			"SC_SIDECAR_ORDERER_TLS_CERT_FILE="+path.Join(peerTLSDir, "server.crt"),
+			"SC_SIDECAR_ORDERER_TLS_KEY_FILE="+path.Join(peerTLSDir, "server.key"),
+			"SC_SIDECAR_ORDERER_TLS_ROOT_CERT_FILE="+ordererTLSCACert,
+		)
+	} else {
+		env = append(env, "SC_SIDECAR_ORDERER_TLS_MODE=none")
+	}
+	return env
 }
diff --git a/integration/nwo/fabricx/network/network.go b/integration/nwo/fabricx/network/network.go
@@ -207,7 +207,7 @@ func (n *Network) DeployNamespace(chaincode *topology.ChannelChaincode) {
 			OrdererConfig: fxconfig.OrdererConfig{
 				Address: n.OrdererAddress(n.Orderers[0], fabric_network.ListenPort),
 				TLSConfig: fxconfig.TLSConfig{
-					Enabled:   false,
+					Enabled:   n.TLSEnabled,
 					RootCerts: []string{n.OrgOrdererTLSCACertificatePath(n.Organizations[0])},
 				},
 			},
@@ -234,8 +234,11 @@ func (n *Network) UpdateNamespace(chaincodeID, version, path, packageFile string
 // gomega.Eventually for retrying.
 func (n *Network) tryListInstalledNames() ([]Namespace, error) {
 	cmd := &fxconfig.ListNamespaces{QueryConfig: fxconfig.QueryConfig{
-		Address:   "127.0.0.1:7001",
-		TLSConfig: fxconfig.TLSConfig{},
+		Address: "127.0.0.1:7001",
+		TLSConfig: fxconfig.TLSConfig{
+			Enabled:   n.TLSEnabled,
+			RootCerts: []string{n.OrgOrdererTLSCACertificatePath(n.Organizations[0])},
+		},
 	}}
 	sess, err := n.StartSession(common.NewCommand(fxconfig.CMDPath(), cmd), cmd.SessionName())
 	if err != nil {
