Merge pull request #1975 from ianco/author-demo

Author demo
openwallet-foundation · Oct 14, 2022 · 2dafaaa · 2dafaaa
2 parents 7cc40c9 + 29f4bb7
commit 2dafaaa
Show file tree

Hide file tree

Showing 4 changed files with 199 additions and 0 deletions.
diff --git a/demo/docker-agent/Dockerfile.acapy b/demo/docker-agent/Dockerfile.acapy
@@ -0,0 +1,14 @@
+FROM bcgovimages/aries-cloudagent:py36-1.16-1_1.0.0-rc0
+
+USER root
+
+ADD https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 ./jq
+RUN chmod +x ./jq
+COPY ngrok-wait.sh ngrok-wait.sh
+RUN chmod +x ./ngrok-wait.sh
+
+USER $user
+
+# temporary until this PR gets merged/released
+RUN pip uninstall -y aries-cloudagent
+RUN pip install aries-cloudagent[indy,bbs,askar]@git+https://github.com/ianco/aries-cloudagent-python@endorser-write-did
diff --git a/demo/docker-agent/README.md b/demo/docker-agent/README.md
@@ -0,0 +1,87 @@
+# Running an Author Agent and connecting to an Endorser
+
+This directory contains scripts to run an aca-py agent as an Author, that can conenct to an Endorser service.
+
+## Running the Author Agent
+
+The docker-compose script runs ngrok to expose the agent's port publicly, and stores wallet data in a postgres database.
+
+To run the Author agent in this repo, open a command shell in this directory and run:
+
+- to build the containers:
+
+```bash
+docker-compose build
+```
+
+- to run the author agent:
+
+```bash
+docker-compose up
+```
+
+You can connect to the [agent's api service here](http://localhost:8010).
+
+Note that all the configuration settings are hard-coded in the docker-compose file and ngrok-wait.sh script, so if you change any configs you need to rebuild the docker images.
+
+- to shut down the agent:
+
+```bash
+docker-compose stop
+docker-compose rm -f
+```
+
+This will leave the agent's wallet data, so if you restart the agent it will maintain any created data.
+
+- to remove the agent's wallet:
+
+```bash
+docker volume rm docker-agent_wallet-db-data
+```
+
+Note that the Author agent is not (yet) configured with revocations enabled or a tails server, so revocation is not supported.
+
+## Connecting to an Endorser Service
+
+For this example, we will connect to [this endorser service](https://github.com/bcgov/aries-endorser-service), which you can connect to locally at `http://localhost:5050/endorser/docs`.
+
+Make sure you start the endorser service on the same ledger as your author, and make sure the endorser has a public DID with ENDORSER role.
+
+For example start the endorser service as `LEDGER_URL=http://test.bcovrin.vonx.io TAILS_SERVER_URL=https://tails-test.vonx.io ./manage start --logs` and then make sure the Author agent is started with `--genesis_url http://test.bcovrin.vonx.io/genesis`.
+
+### Connecting the Author to the Endorser
+
+Endorser Service:  Use the `GET /v1/admin/config` endpoint to fetch the endorser's configuration, including the public DID (which the author will need to know).  Also confirm whether the `ENDORSER_AUTO_ACCEPT_CONNECTIONS` and `ENDORSER_AUTO_ENDORSE_REQUESTS` settings are `True` or `False` - for the following we will assume that both are `False` and the endorser must explicitely respond to all requests.
+
+Author Agent:  Use the `POST /didexchange/create-request` to request a connection with the endorser, using the endorser's public DID.  Set the `alias` to `Endorser` - this *MUST* match the `--endorser-alias 'Endorser'` setting (in the ngrok-wait.sh script).  Use the `GET /connections` endpoint to verify the connection is in `request` state.
+
+Endorser Service:  Use the `GET /v1/connections` endpoint to see the connection request (state `request`).  Using the `connection_id`, call the `POST /connections/{connection_id}/accept` endpoint to accept the request.  Verify that the connection state goes to `active`.
+
+Author Agent:  Verify the connection state goes to `active`.  Use the `POST /transactions/{conn_id}/set-endorser-role` to set the connection role to `TRANSACTION_AUTHOR`, and then use `POST /transactions/{conn_id}/set-endorser-info` to set the endorser's alias to `Endorser` and the public DID to the endorser's public DID.  Verify the settings using the `GET /connections/{conn_id}/meta-data` endpoint.
+
+The connection is now setup between the two agents!
+
+### Creating a Public Author DID
+
+Author Agent:  Use the `POST /wallet/did/create` (use an empty `{}` POST body) to create a local did.  Then use `POST /ledger/register-nym` to send the data to the ledger - this will create a transaction and send it to the endorser service.
+
+Endorser Service:  Use the `GET /v1/endorse/transactions` endpoint to see the endorse request - it should be in state `request_received`.  Using the `POST /v1/endorse/transactions/{transaction_id}/endorse` endpoint and the `transaction_id`, approve the request.  The state should now (eventually) go to `transaction_acked`.
+
+Author Service:  Use the `GET /transactions` endpoint to verify the transaction is in `transaction_acked` state.  Then use the `POST /wallet/did/public` to set the new DID to be the Author's public DID.  This will generate another endorser transaction to set the DID's endpoint (ATTRIB transaction) on the ledger.
+
+Endorser Service:  Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.
+
+### Endorsing Author Requests
+
+Author requests to create schema, create credential definition and create revocation registries will all now generate endorse requests to the endorser.
+
+Author Agent:  To create a schema use the `POST /schemas` endpoint.  This will create an endorse request.
+
+Endorser Service:  Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.
+
+Author Agent:  To create a cred def use the `POST /credential-definitions` endpoint.  This will create an endorse request.
+
+Endorser Service:  Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.
+
+
+
diff --git a/demo/docker-agent/docker-compose.yml b/demo/docker-agent/docker-compose.yml
@@ -0,0 +1,47 @@
+# Sample docker-compose to start a local aca-py author agent
+# To start aca-py and the postgres database, just run `docker-compose up`
+# To shut down the services run `docker-compose rm` - this will retain the postgres database, so you can change aca-py startup parameters
+# and restart the docker containers without losing your wallet data
+# If you want to delete your wallet data just run `docker volume ls -q | xargs docker volume rm`
+version: "3"
+services:
+  ngrok-agent:
+    image: wernight/ngrok
+    ports:
+      - 4067:4040
+    command: ngrok http author-agent:8001 --log stdout
+
+  author-agent:
+    build:
+      context: .
+      dockerfile: Dockerfile.acapy
+    environment:
+      - NGROK_NAME=ngrok-agent
+    ports:
+      - 8010:8010
+      - 8001:8001
+    depends_on:
+      - wallet-db
+    entrypoint: /bin/bash
+    command: [
+        "-c",
+        "sleep 5; \
+        ./ngrok-wait.sh"
+      ]
+    volumes:
+      - ./ngrok-wait.sh:/home/indy/ngrok-wait.sh
+
+  wallet-db:
+    image: vcr-postgresql
+    environment:
+      - POSTGRESQL_USER=DB_USER
+      - POSTGRESQL_PASSWORD=DB_PASSWORD
+      - POSTGRESQL_DATABASE=DB_USER
+      - POSTGRESQL_ADMIN_PASSWORD=mysecretpassword
+    ports:
+      - 5433:5432
+    volumes:
+      - wallet-db-data:/var/lib/pgsql/data
+
+volumes:
+  wallet-db-data:
diff --git a/demo/docker-agent/ngrok-wait.sh b/demo/docker-agent/ngrok-wait.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# based on code developed by Sovrin:  https://github.com/hyperledger/aries-acapy-plugin-toolbox
+
+echo "using ngrok end point [$NGROK_NAME]"
+
+NGROK_ENDPOINT=null
+while [ -z "$NGROK_ENDPOINT" ] || [ "$NGROK_ENDPOINT" = "null" ]
+do
+    echo "Fetching end point from ngrok service"
+    NGROK_ENDPOINT=$(curl --silent $NGROK_NAME:4040/api/tunnels | ./jq -r '.tunnels[] | select(.proto=="https") | .public_url')
+
+    if [ -z "$NGROK_ENDPOINT" ] || [ "$NGROK_ENDPOINT" = "null" ]; then
+        echo "ngrok not ready, sleeping 5 seconds...."
+        sleep 5
+    fi
+done
+
+export ACAPY_ENDPOINT=$NGROK_ENDPOINT
+
+echo "Starting aca-py agent with endpoint [$ACAPY_ENDPOINT]"
+
+# ... if you want to echo the aca-py startup command ...
+set -x
+
+exec aca-py start \
+    --auto-provision \
+    --inbound-transport http '0.0.0.0' 8001 \
+    --outbound-transport http \
+    --genesis-url "http://test.bcovrin.vonx.io/genesis" \
+    --endpoint "${ACAPY_ENDPOINT}" \
+    --auto-ping-connection \
+    --monitor-ping \
+    --public-invites \
+    --wallet-type "indy" \
+    --wallet-name "test_author" \
+    --wallet-key "secret_key" \
+    --wallet-storage-type "postgres_storage" \
+    --wallet-storage-config "{\"url\":\"wallet-db:5432\",\"max_connections\":5}" \
+    --wallet-storage-creds "{\"account\":\"DB_USER\",\"password\":\"DB_PASSWORD\",\"admin_account\":\"postgres\",\"admin_password\":\"mysecretpassword\"}" \
+    --admin '0.0.0.0' 8010 \
+    --label "test_author" \
+    --admin-insecure-mode \
+    --endorser-protocol-role author \
+    --endorser-alias 'Endorser' \
+    --auto-request-endorsement \
+    --auto-write-transactions \
+    --auto-create-revocation-transactions \
+    --log-level "error" 
+
+#    --genesis-url "https://raw.githubusercontent.com/ICCS-ISAC/dtrust-reconu/main/CANdy/dev/pool_transactions_genesis" \