Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Author demo #1975

Merged
merged 4 commits into from
Oct 14, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions demo/docker-agent/Dockerfile.acapy
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
FROM bcgovimages/aries-cloudagent:py36-1.16-1_1.0.0-rc0

USER root

ADD https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 ./jq
RUN chmod +x ./jq
COPY ngrok-wait.sh ngrok-wait.sh
RUN chmod +x ./ngrok-wait.sh

USER $user

# temporary until this PR gets merged/released
RUN pip uninstall -y aries-cloudagent
RUN pip install aries-cloudagent[indy,bbs,askar]@git+https://github.com/ianco/aries-cloudagent-python@endorser-write-did
87 changes: 87 additions & 0 deletions demo/docker-agent/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
# Running an Author Agent and connecting to an Endorser

This directory contains scripts to run an aca-py agent as an Author, that can conenct to an Endorser service.

## Running the Author Agent

The docker-compose script runs ngrok to expose the agent's port publicly, and stores wallet data in a postgres database.

To run the Author agent in this repo, open a command shell in this directory and run:

- to build the containers:

```bash
docker-compose build
```

- to run the author agent:

```bash
docker-compose up
```

You can connect to the [agent's api service here](http://localhost:8010).

Note that all the configuration settings are hard-coded in the docker-compose file and ngrok-wait.sh script, so if you change any configs you need to rebuild the docker images.

- to shut down the agent:

```bash
docker-compose stop
docker-compose rm -f
```

This will leave the agent's wallet data, so if you restart the agent it will maintain any created data.

- to remove the agent's wallet:

```bash
docker volume rm docker-agent_wallet-db-data
```

Note that the Author agent is not (yet) configured with revocations enabled or a tails server, so revocation is not supported.

## Connecting to an Endorser Service

For this example, we will connect to [this endorser service](https://github.com/bcgov/aries-endorser-service), which you can connect to locally at `http://localhost:5050/endorser/docs`.

Make sure you start the endorser service on the same ledger as your author, and make sure the endorser has a public DID with ENDORSER role.

For example start the endorser service as `LEDGER_URL=http://test.bcovrin.vonx.io TAILS_SERVER_URL=https://tails-test.vonx.io ./manage start --logs` and then make sure the Author agent is started with `--genesis_url http://test.bcovrin.vonx.io/genesis`.

### Connecting the Author to the Endorser

Endorser Service: Use the `GET /v1/admin/config` endpoint to fetch the endorser's configuration, including the public DID (which the author will need to know). Also confirm whether the `ENDORSER_AUTO_ACCEPT_CONNECTIONS` and `ENDORSER_AUTO_ENDORSE_REQUESTS` settings are `True` or `False` - for the following we will assume that both are `False` and the endorser must explicitely respond to all requests.

Author Agent: Use the `POST /didexchange/create-request` to request a connection with the endorser, using the endorser's public DID. Set the `alias` to `Endorser` - this *MUST* match the `--endorser-alias 'Endorser'` setting (in the ngrok-wait.sh script). Use the `GET /connections` endpoint to verify the connection is in `request` state.

Endorser Service: Use the `GET /v1/connections` endpoint to see the connection request (state `request`). Using the `connection_id`, call the `POST /connections/{connection_id}/accept` endpoint to accept the request. Verify that the connection state goes to `active`.

Author Agent: Verify the connection state goes to `active`. Use the `POST /transactions/{conn_id}/set-endorser-role` to set the connection role to `TRANSACTION_AUTHOR`, and then use `POST /transactions/{conn_id}/set-endorser-info` to set the endorser's alias to `Endorser` and the public DID to the endorser's public DID. Verify the settings using the `GET /connections/{conn_id}/meta-data` endpoint.

The connection is now setup between the two agents!

### Creating a Public Author DID

Author Agent: Use the `POST /wallet/did/create` (use an empty `{}` POST body) to create a local did. Then use `POST /ledger/register-nym` to send the data to the ledger - this will create a transaction and send it to the endorser service.

Endorser Service: Use the `GET /v1/endorse/transactions` endpoint to see the endorse request - it should be in state `request_received`. Using the `POST /v1/endorse/transactions/{transaction_id}/endorse` endpoint and the `transaction_id`, approve the request. The state should now (eventually) go to `transaction_acked`.

Author Service: Use the `GET /transactions` endpoint to verify the transaction is in `transaction_acked` state. Then use the `POST /wallet/did/public` to set the new DID to be the Author's public DID. This will generate another endorser transaction to set the DID's endpoint (ATTRIB transaction) on the ledger.

Endorser Service: Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.

### Endorsing Author Requests

Author requests to create schema, create credential definition and create revocation registries will all now generate endorse requests to the endorser.

Author Agent: To create a schema use the `POST /schemas` endpoint. This will create an endorse request.

Endorser Service: Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.

Author Agent: To create a cred def use the `POST /credential-definitions` endpoint. This will create an endorse request.

Endorser Service: Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.



47 changes: 47 additions & 0 deletions demo/docker-agent/docker-compose.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Sample docker-compose to start a local aca-py author agent
# To start aca-py and the postgres database, just run `docker-compose up`
# To shut down the services run `docker-compose rm` - this will retain the postgres database, so you can change aca-py startup parameters
# and restart the docker containers without losing your wallet data
# If you want to delete your wallet data just run `docker volume ls -q | xargs docker volume rm`
version: "3"
services:
ngrok-agent:
image: wernight/ngrok
ports:
- 4067:4040
command: ngrok http author-agent:8001 --log stdout

author-agent:
build:
context: .
dockerfile: Dockerfile.acapy
environment:
- NGROK_NAME=ngrok-agent
ports:
- 8010:8010
- 8001:8001
depends_on:
- wallet-db
entrypoint: /bin/bash
command: [
"-c",
"sleep 5; \
./ngrok-wait.sh"
]
volumes:
- ./ngrok-wait.sh:/home/indy/ngrok-wait.sh

wallet-db:
image: vcr-postgresql
environment:
- POSTGRESQL_USER=DB_USER
- POSTGRESQL_PASSWORD=DB_PASSWORD
- POSTGRESQL_DATABASE=DB_USER
- POSTGRESQL_ADMIN_PASSWORD=mysecretpassword
ports:
- 5433:5432
volumes:
- wallet-db-data:/var/lib/pgsql/data

volumes:
wallet-db-data:
51 changes: 51 additions & 0 deletions demo/docker-agent/ngrok-wait.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/bin/bash

# based on code developed by Sovrin: https://github.com/hyperledger/aries-acapy-plugin-toolbox

echo "using ngrok end point [$NGROK_NAME]"

NGROK_ENDPOINT=null
while [ -z "$NGROK_ENDPOINT" ] || [ "$NGROK_ENDPOINT" = "null" ]
do
echo "Fetching end point from ngrok service"
NGROK_ENDPOINT=$(curl --silent $NGROK_NAME:4040/api/tunnels | ./jq -r '.tunnels[] | select(.proto=="https") | .public_url')

if [ -z "$NGROK_ENDPOINT" ] || [ "$NGROK_ENDPOINT" = "null" ]; then
echo "ngrok not ready, sleeping 5 seconds...."
sleep 5
fi
done

export ACAPY_ENDPOINT=$NGROK_ENDPOINT

echo "Starting aca-py agent with endpoint [$ACAPY_ENDPOINT]"

# ... if you want to echo the aca-py startup command ...
set -x

exec aca-py start \
--auto-provision \
--inbound-transport http '0.0.0.0' 8001 \
--outbound-transport http \
--genesis-url "http://test.bcovrin.vonx.io/genesis" \
--endpoint "${ACAPY_ENDPOINT}" \
--auto-ping-connection \
--monitor-ping \
--public-invites \
--wallet-type "indy" \
--wallet-name "test_author" \
--wallet-key "secret_key" \
--wallet-storage-type "postgres_storage" \
--wallet-storage-config "{\"url\":\"wallet-db:5432\",\"max_connections\":5}" \
--wallet-storage-creds "{\"account\":\"DB_USER\",\"password\":\"DB_PASSWORD\",\"admin_account\":\"postgres\",\"admin_password\":\"mysecretpassword\"}" \
--admin '0.0.0.0' 8010 \
--label "test_author" \
--admin-insecure-mode \
--endorser-protocol-role author \
--endorser-alias 'Endorser' \
--auto-request-endorsement \
--auto-write-transactions \
--auto-create-revocation-transactions \
--log-level "error"

# --genesis-url "https://raw.githubusercontent.com/ICCS-ISAC/dtrust-reconu/main/CANdy/dev/pool_transactions_genesis" \