From fe3200e989065f517c5aa43ae7f0d607f64587f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Mon, 6 Feb 2023 10:30:34 -0800 Subject: [PATCH 01/16] Initial readme updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- README.md | 82 +++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 62 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 40dc552c..9b2bd07d 100644 --- a/README.md +++ b/README.md @@ -1,39 +1,81 @@ -# vc-authn-oidc +[![img](https://img.shields.io/badge/Lifecycle-Maturing-007EC6)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md) +[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE) -clone [traction](https://github.com/bcgov/traction) -connect those services to the network defined in by +# Verifiable Credential Authentication with OpenID Connect (VC-AuthN OIDC) -adding the following to `/scripts/docker-compose.yaml` +Verifiable Credential Identity Provider for OpenID Connect. -``` +See [here](/docs/README.md) for background into how this integration is defined. + +For configuration instructions, refer to the [configuration guide](/docs/ConfigurationGuide.md). + +Make sure to read the [best practices](/docs/BestPractices.md) to be used when protecting a web application using `vc-authn-oidc`. + +# Pre-requisites + +## Tooling + +- A bash-compatible shell such as [Git Bash](https://git-scm.com/downloads) +- [Docker](https://docs.docker.com/get-docker/) + +## Project Dependencies + +To run `vc-authn` locally, you will need an instance of [von-network](https://github.com/bcgov/von-network) running in Docker. A different ledger can be targeted by setting the `LEDGER_URL` environment variable before starting the project. + +It is possible to run the project targeting a multi-tenant ACA-Py instance managed by [traction](https://github.com/bcgov/traction). To use this option, prepare a `traction` instance by cloning the repository and performing these tasks: + +- add the following to `/scripts/docker-compose.yaml` + +```yaml networks: default: external: name: oidc_vc_auth ``` -`docker-compose up` from `/scripts` +- start `traction` by executing `docker-compose up` from `/scripts` -run `docker-compose up` from `demo/vue` of this project -run `./manage build` from `/docker` of this project to create and tag the image +# Running VC-AuthN -*inspect `./manage` file for environment variables, commenting/un-commenting configuration for an external multi-tenanted acapy, or using the single-tenant acapy defined in `../docker/docker-compose.yaml` +Once the pre-requisites are met, open a shell in the [docker](./docker/) folder and run the following commands: -run `./manage start-no-acapy` from `/docker` of this project +- `./manage build` to build the required service images +- `./manage start` to run the services -### Prepare Acapy wallet for use +Follow the script prompts to select the appropriate runtime options: they will be saved in an `env` for the next execution. -have python installed. TODO, replace with this with BASH script. -run `pip install requests` if needed. -run `python wallet_init.py` from `/docker` +To reset everything (including removing container data) execute `./manage rm`. -### Prepare controller for use +A list of all available commands is visible by executing `./manage -h`. -1. create default verification_configuration @`http://localhost:5201/docs#/ver_configs/create_ver_conf_ver_configs_post` execute that endpoint with default payload +## Configuring a proof-request -### Prepare example wallet +The project will start-up with a default proof-request configured and ready to be used: -You will need a digital wallet app with a credential that contains two attributes `first_name` and `last_name` +```json +{ + "id": "test-request-config", + "subject_identifier": "email", + "configuration": { + "name": "Basic Proof", + "version": "1.0", + "requested_attributes": [ + { + "name": "email", + "restrictions": [] + }, + { + "name": "first_name", + "restrictions": [] + }, + { + "name": "last_name", + "restrictions": [] + } + ], + "requested_predicates": [] + } +} +``` -# MongoDB -Use `Block Storage` as pvc type for mongo when deployed on openshift. \ No newline at end of file +To add more proof-request configurations, use the following controller endpoint `http://localhost:5201/docs#/ver_configs/create_ver_conf_ver_configs_post` or the helper script `./manage configure-proof `. From f7fe2ffda74e2b5d3d34ee561396b75d0debe2f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Mon, 6 Feb 2023 12:39:47 -0800 Subject: [PATCH 02/16] Initial manage clean-up and refactoring, upgrade postgres version. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/docker-compose.yaml | 23 ++-- docker/manage | 249 ++++++++++++------------------------- 2 files changed, 91 insertions(+), 181 deletions(-) diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 275b7a06..9d836c63 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -14,13 +14,13 @@ services: - DB_NAME=${MONGODB_NAME} - OIDC_CONTROLLER_DB_USER=${OIDC_CONTROLLER_DB_USER} - OIDC_CONTROLLER_DB_USER_PWD=${OIDC_CONTROLLER_DB_USER_PWD} - - ACAPY_ADMIN_URL=${ACAPY_ADMIN_URL} - - ACAPY_TENANCY=${ACAPY_TENANCY} + - ACAPY_ADMIN_URL=${AGENT_ADMIN_URL} + - ACAPY_TENANCY=${AGENT_TENANT_MODE} - MT_ACAPY_WALLET_ID=${MT_ACAPY_WALLET_ID} - MT_ACAPY_WALLET_KEY=${MT_ACAPY_WALLET_KEY} - - ST_ACAPY_ADMIN_API_KEY=${ST_ACAPY_ADMIN_API_KEY} + - ST_ACAPY_ADMIN_API_KEY=${AGENT_ADMIN_API_KEY} - ST_ACAPY_ADMIN_API_KEY_NAME=${ST_ACAPY_ADMIN_API_KEY_NAME} - - ACAPY_NGROK_TUNNEL_HOST=${ACAPY_NGROK_TUNNEL_HOST} + - ACAPY_NGROK_TUNNEL_HOST=${AGENT_NGROK_TUNNEL_HOST} - CONTROLLER_NGROK=${CONTROLLER_NGROK} ports: - ${CONTROLLER_SERVICE_PORT}:5000 @@ -98,7 +98,7 @@ services: - vc_auth aca-py: - image: bcgovimages/aries-cloudagent:py36-1.16-1_0.7.5 + image: bcgovimages/aries-cloudagent:py36-1.16-1_1.0.0-rc1 environment: - ACAPY_LABEL=${AGENT_NAME} - ACAPY_ENDPOINT=${AGENT_ENDPOINT} @@ -137,17 +137,18 @@ services: --wallet-storage-config '{\"url\":\"${POSTGRESQL_WALLET_HOST}:${POSTGRESQL_WALLET_PORT}\",\"max_connections\":5}' \ --wallet-storage-creds '{\"account\":\"${POSTGRESQL_WALLET_USER}\",\"password\":\"${POSTGRESQL_WALLET_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_WALLET_ADMIN_USER}\",\"admin_password\":\"${POSTGRESQL_WALLET_ADMIN_PASSWORD}\"}' \ --admin '0.0.0.0' ${AGENT_ADMIN_PORT} \ - --${ACAPY_ADMIN_MODE} + --${AGENT_ADMIN_MODE} " ] wallet-db: - image: registry.access.redhat.com/rhscl/postgresql-10-rhel7:latest + image: postgres:15.1-alpine environment: - - POSTGRESQL_USER=${POSTGRESQL_WALLET_USER} - - POSTGRESQL_PASSWORD=${POSTGRESQL_WALLET_PASSWORD} - - POSTGRESQL_DATABASE=${POSTGRESQL_WALLET_DATABASE} - - POSTGRESQL_ADMIN_PASSWORD=${POSTGRESQL_WALLET_ADMIN_PASSWORD} + - POSTGRES_USER=${POSTGRESQL_WALLET_USER} + - POSTGRES_PASSWORD=${POSTGRESQL_WALLET_PASSWORD} + - POSTGRES_DB=${POSTGRESQL_WALLET_DATABASE} + - POSTGRES_ADMIN_USER=${POSTGRESQL_WALLET_ADMIN_USER} + - POSTGRES_ADMIN_PASSWORD=${POSTGRESQL_WALLET_ADMIN_PASSWORD} networks: - vc_auth ports: diff --git a/docker/manage b/docker/manage index 11059ce2..521a45ca 100644 --- a/docker/manage +++ b/docker/manage @@ -19,55 +19,6 @@ function echoWarning (){ echo -e "${_yellow}${_msg}${_nc}" } -function isInstalled () { - rtnVal=$(type "$1" >/dev/null 2>&1) - rtnCd=$? - if [ ${rtnCd} -ne 0 ]; then - return 1 - else - return 0 - fi -} - -function isS2iInstalled () { - S2I_EXE=s2i - if ! isInstalled ${S2I_EXE}; then - echoError "The ${S2I_EXE} executable is needed and not on your path." - echoError "It can be downloaded from here: https://github.com/openshift/source-to-image/releases" - echoError "Make sure you extract the binary and place it in a directory on your path." - exit 1 - fi -} - -function isCurlInstalled () { - CURL_EXE=curl - if ! isInstalled ${CURL_EXE}; then - echoError "The ${CURL_EXE} executable is required and was not found on your path." - echoError "If your shell of choice doesn't come with curl preinstalled, try installing it using either [Homebrew](https://brew.sh/) (MAC) or [Chocolatey](https://chocolatey.org/) (Windows)." - exit 1 - fi -} - -function isJQInstalled () { - JQ_EXE=jq - if ! isInstalled ${JQ_EXE}; then - echoError "The ${JQ_EXE} executable is required and was not found on your path." - echoError "Installation instructions can be found here: https://stedolan.github.io/jq/download" - echoError "Alternatively, a package manager such as Chocolatey (Windows) or Brew (Mac) can be used to install this dependecy." - exit 1 - fi -} - -function isNgrokInstalled () { - NGROK_EXE=ngrok - if ! isInstalled ${NGROK_EXE}; then - echoError "The ${NGROK_EXE} executable is needed and not on your path." - echoError "It can be downloaded from here: https://ngrok.com/download" - echoError "Alternatively, a package manager such as Chocolatey (Windows) or Brew (Mac) can be used to install this dependecy." - exit 1 - fi -} - function generateKey(){ ( _length=${1:-48} @@ -116,8 +67,6 @@ usage() { start-dev - Starts in development mode, with hot-reloading enabled for the controller. - start-demo - Starts in demo mode. - logs - Display the logs from the docker compose run (ctrl-c to exit). stop - Stops the services. This is a non-destructive process. The volumes and containers @@ -129,17 +78,18 @@ usage() { EOF exit 1 } + # ----------------------------------------------------------------------------------------------------------------- # Default Settings: # ----------------------------------------------------------------------------------------------------------------- DEFAULT_CONTAINERS="keycloak controller-db" ACAPY_CONTAINERS="aca-py" PROD_CONTAINERS="controller" -DEV_CONTAINERS="controller-dev" +DEV_CONTAINERS="" + # ----------------------------------------------------------------------------------------------------------------- # Functions: # ----------------------------------------------------------------------------------------------------------------- - build-oidc-controller() { # # oidc-controller @@ -150,16 +100,6 @@ build-oidc-controller() { -f './oidc-controller/Dockerfile' '..' } -build-oidc-controller-dev() { - # - # oidc-controller - # - echo -e "\nBuilding oidc-controller development image..." - docker build \ - -t 'vc-authn-oidc-controller-dev' \ - -f './oidc-controller/Dockerfile.dev' '..' -} - buildImages() { build-oidc-controller } @@ -174,21 +114,29 @@ configureEnvironment() { done <.env fi - for arg in $@; do + for arg in "$@"; do + # Remove recognized arguments from the list after processing. + shift + + # echo "arg: ${arg}" + # echo "Remaining: ${@}" + case "$arg" in *=*) - export ${arg} + # echo "Exporting ..." + export "${arg}" + ;; + *) + # echo "Saving for later ..." + # If not recognized, save it for later procesing ... + set -- "$@" "$arg" ;; esac done - export COMPOSE_PROJECT_NAME="${COMPOSE_PROJECT_NAME:-oidc}" - - # export STI_SCRIPTS_PATH=${STI_SCRIPTS_PATH:-/usr/libexec/s2i} - - # re-map ngrok endpoints to internal environment variables - AGENT_ENDPOINT=${AGENT_ENDPOINT:-$NGROK_AGENT_URL} - IDENTITY_SERVER_URL=${IDENTITY_SERVER_URL:-$NGROK_CONTROLLER_URL} + ## global + export COMPOSE_PROJECT_NAME="${COMPOSE_PROJECT_NAME:-vc-authn}" + export GENESIS_URL="${GENESIS_URL:-http://$DOCKERHOST:9000/genesis}" # controller-db export MONGODB_HOST="controller-db" @@ -204,30 +152,24 @@ configureEnvironment() { export CONTROLLER_NGROK="http://controller-ngrok:4040" export CONTROLLER_WEB_HOOK_URL=${CONTROLLER_WEB_HOOK_URL:-${CONTROLLER_URL}/webhooks} if [ ! -z "${CONTROLLER_API_KEY}" ]; then - CONTROLLER_WEB_HOOK_URL="${CONTROLLER_WEB_HOOK_URL}/${CONTROLLER_API_KEY}" + CONTROLLER_WEB_HOOK_URL="${CONTROLLER_WEB_HOOK_URL}#${CONTROLLER_API_KEY}" fi + export ST_ACAPY_ADMIN_API_KEY_NAME="x-api-key" - # Multi-Tenant ACA-Py config - export ACAPY_HOST="http://tenant-proxy" - export ACAPY_TENANCY="multi" - export MT_ACAPY_WALLET_ID="ece83a72-81df-40b0-b770-9a55d92b254d" - export ACAPY_NGROK_TUNNEL_HOST="http://ngrok-traction-agent:4040" - export AGENT_ADMIN_PORT="8080" - - - # # # Single-Tenant ACA-Py config - # export ACAPY_HOST="http://aca-py" - # export ACAPY_TENANCY="single" - # export ST_ACAPY_ADMIN_API_KEY_NAME="x-api-key" - # export ST_ACAPY_ADMIN_API_KEY="change-me" - # export ACAPY_NGROK_TUNNEL_HOST="http://aca-py-ngrok:4040" - # export AGENT_ADMIN_PORT="8077" - - # ACA-py url constructions + # agent + export AGENT_TENANT_MODE="${AGENT_TENANT_MODE:-single}" + export AGENT_HOST=${AGENT_HOST:-http://aca-py} + export AGENT_NGROK_TUNNEL_HOST="${AGENT_HOST}:4040" + export AGENT_NAME="VC-AuthN Agent" export AGENT_HTTP_PORT="8030" - export ACAPY_ADMIN_URL="${ACAPY_HOST}:${AGENT_ADMIN_PORT}" - export AGENT_ENDPOINT=${AGENT_ENDPOINT:-http://$DOCKERHOST:$AGENT_HTTP_PORT} - export ACAPY_AGENT_URL="${AGENT_ENDPOINT:-${ACAPY_HOST}:$AGENT_HTTP_PORT}" + export AGENT_ADMIN_PORT=${AGENT_ADMIN_PORT:-"8077"} + export AGENT_ADMIN_URL=${AGENT_ADMIN_URL:-http://$AGENT_HOST:$AGENT_ADMIN_PORT} + export AGENT_ENDPOINT=${AGENT_ENDPOINT:-http://$AGENT_HOST:$AGENT_HTTP_PORT} + export AGENT_ADMIN_API_KEY=${AGENT_ADMIN_API_KEY} + export AGENT_ADMIN_MODE="admin-insecure-mode" + if [ ! -z "${AGENT_ADMIN_API_KEY}" ]; then + AGENT_ADMIN_MODE="admin-api-key ${AGENT_ADMIN_API_KEY}" + fi # keycloak-db export KEYCLOAK_DB_NAME="keycloak" @@ -243,7 +185,6 @@ configureEnvironment() { export KEYCLOAK_LOGLEVEL="WARN" export KEYCLOAK_ROOT_LOGLEVEL="WARN" - # wallet-db export WALLET_TYPE="postgres_storage" export WALLET_ENCRYPTION_KEY="key" @@ -254,26 +195,8 @@ configureEnvironment() { export POSTGRESQL_WALLET_PASSWORD="walletpassword" export POSTGRESQL_WALLET_ADMIN_USER="postgres" export POSTGRESQL_WALLET_ADMIN_PASSWORD="mysecretpassword" - - # ACA-py Dev - export AGENT_NAME="vc-oidc-controller-agent" - export GENESIS_URL="${GENESIS_URL:-http://test.bcovrin.vonx.io/genesis}" - - if [[ ! -f ".env" ]]; then - AGENT_WALLET_SEED=$(generateSeed vc-authn-oidc) - echo "Generated AGENT_WALLET_SEED=${AGENT_WALLET_SEED}" - echo "AGENT_WALLET_SEED=${AGENT_WALLET_SEED}" > .env - fi - export ACAPY_ADMIN_URL_API_KEY=${ACAPY_ADMIN_URL_API_KEY} - export ACAPY_ADMIN_MODE="admin-insecure-mode" - if [ ! -z "${ACAPY_ADMIN_URL_API_KEY}" ]; then - ACAPY_ADMIN_MODE="admin-api-key ${ACAPY_ADMIN_URL_API_KEY}" - fi - } - - getStartupParams() { CONTAINERS="" ARGS="--force-recreate" @@ -319,6 +242,39 @@ deleteVolumes() { toLower() { echo $(echo ${@} | tr '[:upper:]' '[:lower:]') } + +initializeUserPrompts() { + PS3="Is your agent single or multi tenant? " + + select opt in "Single-Tenant" "Multi-Tenant/Traction" "Quit"; do + + case $REPLY in + 1) + echo "AGENT_TENANT_MODE=single" > .env + echo AGENT_WALLET_SEED=$(generateSeed vc-authn-oidc) >> .env + echo "ACAPY_HOST=http://aca-py" >> .env + echo + break + ;; + 2) + read -p "Please provide your tenant's Wallet ID:" MT_ACAPY_WALLET_ID + read -p "Please provide your tenant's Wallet Key:" MT_ACAPY_WALLET_KEY + echo "AGENT_TENANT_MODE=multi" > .env + echo "MT_ACAPY_WALLET_ID=${MT_ACAPY_WALLET_ID}" >> .env + echo "MT_ACAPY_WALLET_KEY=${MT_ACAPY_WALLET_KEY}" >> .env + echo "ACAPY_HOST=http://ngrok-traction-agent" >> .env + echo "AGENT_ADMIN_PORT=8080" >> .env + break + ;; + 3) + exit 0 + ;; + *) + echo "Invalid option $REPLY" + ;; + esac + done +} # ================================================================================================================= pushd ${SCRIPT_HOME} >/dev/null @@ -327,69 +283,17 @@ shift || COMMAND=usage case "${COMMAND}" in start|up) - unset NGROK_AGENT_URL - unset NGROK_CONTROLLER_URL - unset GENESIS_URL - _startupParams=$(getStartupParams $@) - configureEnvironment $@ - docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${ACAPY_CONTAINERS} ${PROD_CONTAINERS} - docker-compose logs -f - ;; - -start-no-acapy) - unset NGROK_AGENT_URL - unset NGROK_CONTROLLER_URL - unset GENESIS_URL + + if [[ ! -f ".env" ]]; then + # first/clean run, prompt user selections + initializeUserPrompts + fi - _startupParams=$(getStartupParams $@) configureEnvironment $@ - docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${PROD_CONTAINERS} + docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${ACAPY_CONTAINERS} ${PROD_CONTAINERS} docker-compose logs -f ;; -start-dev) - echo "start-dev command is not configured yet" - # unset NGROK_AGENT_URL - # unset NGROK_CONTROLLER_URL - # unset GENESIS_URL - - # # build development image - # build-oidc-controller-dev - - # _startupParams=$(getStartupParams $@) - # configureEnvironment $@ - # docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${DEV_CONTAINERS} - # docker-compose logs -f - ;; -start-demo) - echo "start-demo command is not configured yet" - - # isJQInstalled - - # # Set environment variables - # if [ -z "$NGROK_AGENT_URL" ]; then - # isCurlInstalled - # isNgrokInstalled - # export NGROK_AGENT_URL=$(${CURL_EXE} ${ACAPY_NGROK_TUNNEL_HOST}/api/tunnels | ${JQ_EXE} --raw-output '.tunnels | map(select(.name | contains("vc-authn-agent"))) | .[0] | .public_url') - # fi - # if [ -z "$NGROK_CONTROLLER_URL" ]; then - # isCurlInstalled - # isNgrokInstalled - # export NGROK_CONTROLLER_URL=$(${CURL_EXE} http://controller-ngrok:4040/api/tunnels | ${JQ_EXE} --raw-output '.tunnels | map(select(.name | contains("vc-authn-controller"))) | .[0] | .public_url') - # fi - # export GENESIS_URL="https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_sandbox_genesis" - - # if [ -z "$NGROK_AGENT_URL" ] || [ -z "$NGROK_CONTROLLER_URL" ]; then - # echoError "The NGROK_AGENT_URL or NGROK_CONTROLLER_URL have not been set." - # exit 1 - # fi - - # echo "Running in demo mode, will use ${GENESIS_URL} to fetch the genesis transaction, ${NGROK_AGENT_URL} for the agent and ${NGROK_CONTROLLER_URL} for the controller." - - # _startupParams=$(getStartupParams $@) - # configureEnvironment $@ - # docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${PROD_CONTAINERS} - ;; logs) configureEnvironment $@ docker-compose logs -f @@ -399,6 +303,11 @@ stop) docker-compose stop ;; rm|down) + # delete previously saved settings + if [ -f ".env" ] ; then + rm ".env" + fi + configureEnvironment deleteVolumes ;; From af8567a15775b065c729805c8a91103807aca44e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Mon, 6 Feb 2023 13:40:32 -0800 Subject: [PATCH 03/16] Use askar wallet, ensure agent and keycloak start-up successfully MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/docker-compose.yaml | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 9d836c63..ccfab95f 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -67,11 +67,11 @@ services: - vc_auth keycloak-db: - image: registry.access.redhat.com/rhscl/postgresql-10-rhel7:latest + image: postgres:15.1-alpine environment: - POSTGRESQL_USER: ${KEYCLOAK_DB_USER} - POSTGRESQL_PASSWORD: ${KEYCLOAK_DB_PASSWORD} - POSTGRESQL_DATABASE: ${KEYCLOAK_DB_NAME} + - POSTGRES_USER=${KEYCLOAK_DB_USER} + - POSTGRES_PASSWORD=${KEYCLOAK_DB_PASSWORD} + - POSTGRES_DB=${KEYCLOAK_DB_NAME} volumes: - keycloak-db-data:/var/lib/pgsql/data networks: @@ -104,7 +104,7 @@ services: - ACAPY_ENDPOINT=${AGENT_ENDPOINT} - ACAPY_GENESIS_URL=${GENESIS_URL} - ACAPY_WALLET_NAME=oidc_agent_wallet - - ACAPY_WALLET_TYPE=indy + - ACAPY_WALLET_TYPE=askar - ACAPY_WALLET_KEY=${WALLET_ENCRYPTION_KEY} - ACAPY_WALLET_SEED=${AGENT_WALLET_SEED} - ACAPY_AUTO_VERIFY_PRESENTATION=true @@ -115,10 +115,8 @@ services: - ACAPY_AUTO_PROVISION=true - POSTGRESQL_WALLET_HOST=${POSTGRESQL_WALLET_HOST} - POSTGRESQL_WALLET_PORT=${POSTGRESQL_WALLET_PORT} - - POSTGRESQL_WALLET_USER=${POSTGRESQL_USER} - - POSTGRESQL_WALLET_PASSWORD=${POSTGRESQL_PASSWORD} - - POSTGRESQL_WALLET_ADMIN_PASSWORD=${POSTGRESQL_WALLET_ADMIN_USER} - - POSTGRESQL_WALLET_ADMIN_USER=${POSTGRESQL_WALLET_ADMIN_USER} + - POSTGRESQL_WALLET_USER=${POSTGRESQL_WALLET_USER} + - POSTGRESQL_WALLET_PASSWORD=${POSTGRESQL_WALLET_PASSWORD} ports: - ${AGENT_ADMIN_PORT}:${AGENT_ADMIN_PORT} - ${AGENT_HTTP_PORT}:${AGENT_HTTP_PORT} @@ -130,12 +128,12 @@ services: entrypoint: /bin/bash command: [ "-c", - "sleep 14; + "sleep 15; aca-py start \ --inbound-transport http '0.0.0.0' ${AGENT_HTTP_PORT} \ --outbound-transport http \ --wallet-storage-config '{\"url\":\"${POSTGRESQL_WALLET_HOST}:${POSTGRESQL_WALLET_PORT}\",\"max_connections\":5}' \ - --wallet-storage-creds '{\"account\":\"${POSTGRESQL_WALLET_USER}\",\"password\":\"${POSTGRESQL_WALLET_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_WALLET_ADMIN_USER}\",\"admin_password\":\"${POSTGRESQL_WALLET_ADMIN_PASSWORD}\"}' \ + --wallet-storage-creds '{\"account\":\"${POSTGRESQL_WALLET_USER}\",\"password\":\"${POSTGRESQL_WALLET_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_WALLET_USER}\",\"admin_password\":\"${POSTGRESQL_WALLET_PASSWORD}\"}' \ --admin '0.0.0.0' ${AGENT_ADMIN_PORT} \ --${AGENT_ADMIN_MODE} " @@ -147,8 +145,6 @@ services: - POSTGRES_USER=${POSTGRESQL_WALLET_USER} - POSTGRES_PASSWORD=${POSTGRESQL_WALLET_PASSWORD} - POSTGRES_DB=${POSTGRESQL_WALLET_DATABASE} - - POSTGRES_ADMIN_USER=${POSTGRESQL_WALLET_ADMIN_USER} - - POSTGRES_ADMIN_PASSWORD=${POSTGRESQL_WALLET_ADMIN_PASSWORD} networks: - vc_auth ports: From 2aebe50d696ce45a00df8cbb1750ab0d8c18531d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Mon, 6 Feb 2023 15:56:32 -0800 Subject: [PATCH 04/16] All services up and running MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/docker-compose.yaml | 6 +++--- docker/manage | 42 ++++++++++++++++++++++++++------------ 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index ccfab95f..9d30b501 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -14,14 +14,14 @@ services: - DB_NAME=${MONGODB_NAME} - OIDC_CONTROLLER_DB_USER=${OIDC_CONTROLLER_DB_USER} - OIDC_CONTROLLER_DB_USER_PWD=${OIDC_CONTROLLER_DB_USER_PWD} - - ACAPY_ADMIN_URL=${AGENT_ADMIN_URL} + - CONTROLLER_URL=${CONTROLLER_URL} - ACAPY_TENANCY=${AGENT_TENANT_MODE} + - ACAPY_AGENT_URL=${AGENT_ENDPOINT} + - ACAPY_ADMIN_URL=${AGENT_ADMIN_URL} - MT_ACAPY_WALLET_ID=${MT_ACAPY_WALLET_ID} - MT_ACAPY_WALLET_KEY=${MT_ACAPY_WALLET_KEY} - ST_ACAPY_ADMIN_API_KEY=${AGENT_ADMIN_API_KEY} - ST_ACAPY_ADMIN_API_KEY_NAME=${ST_ACAPY_ADMIN_API_KEY_NAME} - - ACAPY_NGROK_TUNNEL_HOST=${AGENT_NGROK_TUNNEL_HOST} - - CONTROLLER_NGROK=${CONTROLLER_NGROK} ports: - ${CONTROLLER_SERVICE_PORT}:5000 volumes: diff --git a/docker/manage b/docker/manage index 521a45ca..9a758ab4 100644 --- a/docker/manage +++ b/docker/manage @@ -82,10 +82,9 @@ EOF # ----------------------------------------------------------------------------------------------------------------- # Default Settings: # ----------------------------------------------------------------------------------------------------------------- -DEFAULT_CONTAINERS="keycloak controller-db" -ACAPY_CONTAINERS="aca-py" -PROD_CONTAINERS="controller" -DEV_CONTAINERS="" +DEFAULT_CONTAINERS="keycloak keycloak-db controller-db" +ACAPY_CONTAINERS="aca-py wallet-db aca-py-ngrok" +PROD_CONTAINERS="controller controller-ngrok" # ----------------------------------------------------------------------------------------------------------------- # Functions: @@ -158,8 +157,8 @@ configureEnvironment() { # agent export AGENT_TENANT_MODE="${AGENT_TENANT_MODE:-single}" - export AGENT_HOST=${AGENT_HOST:-http://aca-py} - export AGENT_NGROK_TUNNEL_HOST="${AGENT_HOST}:4040" + export AGENT_HOST="http://aca-py" + export AGENT_NGROK_TUNNEL="http://aca-py-ngrok:4040" export AGENT_NAME="VC-AuthN Agent" export AGENT_HTTP_PORT="8030" export AGENT_ADMIN_PORT=${AGENT_ADMIN_PORT:-"8077"} @@ -170,6 +169,9 @@ configureEnvironment() { if [ ! -z "${AGENT_ADMIN_API_KEY}" ]; then AGENT_ADMIN_MODE="admin-api-key ${AGENT_ADMIN_API_KEY}" fi + export AGENT_WALLET_SEED=${AGENT_WALLET_SEED} + export MT_ACAPY_WALLET_ID=${MT_ACAPY_WALLET_ID} + export MT_ACAPY_WALLET_KEY=${MT_ACAPY_WALLET_KEY} # keycloak-db export KEYCLOAK_DB_NAME="keycloak" @@ -193,8 +195,6 @@ configureEnvironment() { export POSTGRESQL_WALLET_DATABASE="wallet_db" export POSTGRESQL_WALLET_USER="walletuser" export POSTGRESQL_WALLET_PASSWORD="walletpassword" - export POSTGRESQL_WALLET_ADMIN_USER="postgres" - export POSTGRESQL_WALLET_ADMIN_PASSWORD="mysecretpassword" } getStartupParams() { @@ -244,16 +244,13 @@ toLower() { } initializeUserPrompts() { - PS3="Is your agent single or multi tenant? " - + PS3="Is your agent single-tenant or multi-tenant? " select opt in "Single-Tenant" "Multi-Tenant/Traction" "Quit"; do - case $REPLY in 1) echo "AGENT_TENANT_MODE=single" > .env - echo AGENT_WALLET_SEED=$(generateSeed vc-authn-oidc) >> .env + echo "AGENT_WALLET_SEED=$(generateSeed vc-authn-oidc)" >> .env echo "ACAPY_HOST=http://aca-py" >> .env - echo break ;; 2) @@ -275,6 +272,11 @@ initializeUserPrompts() { esac done } + +setDefaultProofConfig() { + # post default proof-request configuration to controller + docker run --network=vc-authn_vc_auth --rm curlimages/curl:latest -X POST "http://controller:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}" +} # ================================================================================================================= pushd ${SCRIPT_HOME} >/dev/null @@ -288,10 +290,24 @@ start|up) if [[ ! -f ".env" ]]; then # first/clean run, prompt user selections initializeUserPrompts + echoWarning "User preferences were saved in docker/.env for future use" fi configureEnvironment $@ + + # if [[ "$AGENT_TENANT_MODE" != "single" ]]; then + # # do not start agent services when using external multi-tenant instance + # unset ACAPY_CONTAINERS + # fi + docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${ACAPY_CONTAINERS} ${PROD_CONTAINERS} + + # if [[ ! -f ".env" ]]; then + # # first/clean run, set default proof-configuration + # sleep 10 + # setDefaultProofConfig + # fi + docker-compose logs -f ;; logs) From ed0dffbd644a0b0ae52e1bee294416bf2e416484 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Mon, 6 Feb 2023 17:31:16 -0800 Subject: [PATCH 05/16] Automate ngrok url mapping for controller, agent services MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- .gitignore | 1 + docker/docker-compose-ngrok.yaml | 25 ++++++++++++++++ docker/docker-compose.yaml | 23 -------------- docker/manage | 48 +++++++++++++++++++++++++++--- oidc-controller/api/core/config.py | 25 +++------------- 5 files changed, 74 insertions(+), 48 deletions(-) create mode 100644 docker/docker-compose-ngrok.yaml diff --git a/.gitignore b/.gitignore index bd0e904d..eb5fb2f6 100644 --- a/.gitignore +++ b/.gitignore @@ -128,6 +128,7 @@ proxy-data/ # General .env +*ngrok.json # Visual Studio Code .vscode diff --git a/docker/docker-compose-ngrok.yaml b/docker/docker-compose-ngrok.yaml new file mode 100644 index 00000000..f448ca94 --- /dev/null +++ b/docker/docker-compose-ngrok.yaml @@ -0,0 +1,25 @@ +version: "3" +services: + controller-ngrok: + image: wernight/ngrok + environment: + - CONTROLLER_SERVICE_PORT=5000 + ports: + - 4056:4040 + command: ngrok http controller:5000 --log stdout + networks: + - vc_auth + + aca-py-ngrok: + image: wernight/ngrok + environment: + - AGENT_HTTP_PORT=${AGENT_HTTP_PORT} + ports: + - 4059:4040 + command: ngrok http aca-py:${AGENT_HTTP_PORT} --log stdout + networks: + - vc_auth + +networks: + vc_auth: + driver: bridge diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 9d30b501..1f3454a0 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -6,8 +6,6 @@ services: depends_on: controller-db: condition: service_started - controller-ngrok: - condition: service_started environment: - DB_HOST=${MONGODB_HOST} - DB_PORT=${MONGODB_PORT} @@ -77,26 +75,6 @@ services: networks: - vc_auth - controller-ngrok: - image: wernight/ngrok - environment: - - CONTROLLER_SERVICE_PORT=5000 - ports: - - 4056:4040 - command: ngrok http controller:5000 --log stdout - networks: - - vc_auth - - aca-py-ngrok: - image: wernight/ngrok - environment: - - AGENT_HTTP_PORT=${AGENT_HTTP_PORT} - ports: - - 4059:4040 - command: ngrok http aca-py:${AGENT_HTTP_PORT} --log stdout - networks: - - vc_auth - aca-py: image: bcgovimages/aries-cloudagent:py36-1.16-1_1.0.0-rc1 environment: @@ -124,7 +102,6 @@ services: - vc_auth depends_on: - wallet-db - - aca-py-ngrok entrypoint: /bin/bash command: [ "-c", diff --git a/docker/manage b/docker/manage index 9a758ab4..74e6fd92 100644 --- a/docker/manage +++ b/docker/manage @@ -19,6 +19,20 @@ function echoWarning (){ echo -e "${_yellow}${_msg}${_nc}" } +function echoSuccess (){ + _msg=${1} + _green='\e[32m' + _nc='\e[0m' # No Color + echo -e "${_green}${_msg}${_nc}" +} + +function echoInfo (){ + _msg=${1} + _gray='\e[36m' + _nc='\e[0m' # No Color + echo -e "${_gray}${_msg}${_nc}" +} + function generateKey(){ ( _length=${1:-48} @@ -83,8 +97,8 @@ EOF # Default Settings: # ----------------------------------------------------------------------------------------------------------------- DEFAULT_CONTAINERS="keycloak keycloak-db controller-db" -ACAPY_CONTAINERS="aca-py wallet-db aca-py-ngrok" -PROD_CONTAINERS="controller controller-ngrok" +ACAPY_CONTAINERS="aca-py wallet-db" +PROD_CONTAINERS="controller" # ----------------------------------------------------------------------------------------------------------------- # Functions: @@ -160,7 +174,7 @@ configureEnvironment() { export AGENT_HOST="http://aca-py" export AGENT_NGROK_TUNNEL="http://aca-py-ngrok:4040" export AGENT_NAME="VC-AuthN Agent" - export AGENT_HTTP_PORT="8030" + export AGENT_HTTP_PORT=${AGENT_HTTP_PORT:-8030} export AGENT_ADMIN_PORT=${AGENT_ADMIN_PORT:-"8077"} export AGENT_ADMIN_URL=${AGENT_ADMIN_URL:-http://$AGENT_HOST:$AGENT_ADMIN_PORT} export AGENT_ENDPOINT=${AGENT_ENDPOINT:-http://$AGENT_HOST:$AGENT_HTTP_PORT} @@ -271,11 +285,34 @@ initializeUserPrompts() { ;; esac done + + read -p "Do you want to use ngrok for your agent and controller [y/n]? " -n 1 -r + echo # (optional) move to a new line + if [[ $REPLY =~ ^[Yy]$ ]] + then + echo "AGENT_HTTP_PORT=8030" >> .env + # start ngrok containers first so we can grab the URLs + COMPOSE_PROJECT_NAME="${COMPOSE_PROJECT_NAME:-vc-authn}" docker compose -f docker-compose-ngrok.yaml up -d --force-recreate + + echoInfo "Determining ngrok url for controller service..." + docker run --rm curlimages/curl -L -s http://host.docker.internal:4056/api/tunnels > controller-ngrok.json + NGROK_CONTROLLER_URL=$(docker run --rm -i stedolan/jq < controller-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') + echo "CONTROLLER_URL=${NGROK_CONTROLLER_URL}" >> .env + echoSuccess "The controller url is: ${NGROK_CONTROLLER_URL}" + + echoInfo "Determining ngrok url for agent service..." + docker run --rm curlimages/curl -L -s http://host.docker.internal:4059/api/tunnels > agent-ngrok.json + NGROK_AGENT_URL=$(docker run --rm -i stedolan/jq < agent-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') + echo "AGENT_ENDPOINT=${NGROK_AGENT_URL}" >> .env + echoSuccess "The agent url is: ${NGROK_AGENT_URL}" + + rm *-ngrok.json + fi } setDefaultProofConfig() { # post default proof-request configuration to controller - docker run --network=vc-authn_vc_auth --rm curlimages/curl:latest -X POST "http://controller:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}" + docker run --network=vc-authn_vc_auth --rm curlimages/curl -X POST "http://controller:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}" } # ================================================================================================================= @@ -319,6 +356,9 @@ stop) docker-compose stop ;; rm|down) + # stop ngrok services, if running + docker compose -f docker-compose-ngrok.yaml down + # delete previously saved settings if [ -f ".env" ] ; then rm ".env" diff --git a/oidc-controller/api/core/config.py b/oidc-controller/api/core/config.py index 6b7defea..ef49d3f9 100644 --- a/oidc-controller/api/core/config.py +++ b/oidc-controller/api/core/config.py @@ -39,31 +39,14 @@ class GlobalConfig(BaseSettings): MONGODB_URL: str = f"mongodb://{DB_USER}:{DB_PASS}@{DB_HOST}:{DB_PORT}/{DB_NAME}?retryWrites=true&w=majority" CONTROLLER_URL: str = os.environ.get("CONTROLLER_URL") - # # Get CONTROLLER_URL from env or NGROK. - CONTROLLER_NGROK: str = os.environ.get("CONTROLLER_NGROK") - if not CONTROLLER_URL and CONTROLLER_NGROK: - raw_resp = requests.get(CONTROLLER_NGROK + "/api/tunnels") - resp = json.loads(raw_resp.content) - CONTROLLER_URL = resp["tunnels"][0]["public_url"] - print("loaded CONTROLLER_URL from NGROK_TUNNEL_HOST") - print("CONTROLLER_URL: " + CONTROLLER_URL) - - # + ACAPY_AGENT_URL: str = os.environ.get("ACAPY_AGENT_URL") - ACAPY_NGROK_TUNNEL_HOST: str = os.environ.get("ACAPY_NGROK_TUNNEL_HOST") - if not ACAPY_AGENT_URL and not ACAPY_NGROK_TUNNEL_HOST: + # ACAPY_NGROK_TUNNEL_HOST: str = os.environ.get("ACAPY_NGROK_TUNNEL_HOST") + if not ACAPY_AGENT_URL: print( - "WARNING: neither ACAPY_AGENT_URL or ACAPY_NGROK_TUNNEL_HOST provided, agent will not be accessible" + "WARNING: ACAPY_AGENT_URL was not provided, agent will not be accessible" ) - if not ACAPY_AGENT_URL and ACAPY_NGROK_TUNNEL_HOST: - raw_resp = requests.get(ACAPY_NGROK_TUNNEL_HOST + "/api/tunnels") - resp = json.loads(raw_resp.content) - https_tunnels = [t for t in resp["tunnels"] if t["proto"] == "https"] - ACAPY_AGENT_URL = https_tunnels[0]["public_url"] - print("loaded ACAPY_AGENT_URL from ACAPY_NGROK_TUNNEL_HOST") - print("ACAPY_AGENT_URL: " + str(ACAPY_AGENT_URL)) - ACAPY_TENANCY: str = os.environ.get( "ACAPY_TENANCY", "single" ) # other option is "multi" From 2099ff1e6eb921912b6787c1c2dc43d2db9e9e02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Mon, 6 Feb 2023 17:44:09 -0800 Subject: [PATCH 06/16] Add .tgitconfig MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- .tgitconfig | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .tgitconfig diff --git a/.tgitconfig b/.tgitconfig new file mode 100644 index 00000000..e50c1176 --- /dev/null +++ b/.tgitconfig @@ -0,0 +1,2 @@ +[tgit] + warnnosignedoffby = true \ No newline at end of file From adf713ae7c10f10c1d7af11e95d89775d333e60a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Mon, 6 Feb 2023 17:57:17 -0800 Subject: [PATCH 07/16] Add utility to submit proof-configurations, avoid starting-up agent in multi-tenant mode. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/manage | 37 ++++++++++++++++++++++++------------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/docker/manage b/docker/manage index 74e6fd92..5e0d1cd9 100644 --- a/docker/manage +++ b/docker/manage @@ -79,7 +79,8 @@ usage() { start - Same as up. - start-dev - Starts in development mode, with hot-reloading enabled for the controller. + set-proof-config - Submits a proof-configuration to the controller. + 'default' uses a pre-defined proof-configuration. logs - Display the logs from the docker compose run (ctrl-c to exit). @@ -310,9 +311,14 @@ initializeUserPrompts() { fi } +setProofConfig() { + # post proof-request configuration to controller + docker run --network=vc-authn_vc_auth --rm curlimages/curl -X POST "http://controller:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d @1 +} + setDefaultProofConfig() { # post default proof-request configuration to controller - docker run --network=vc-authn_vc_auth --rm curlimages/curl -X POST "http://controller:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}" + setProofConfig "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}" } # ================================================================================================================= @@ -332,19 +338,13 @@ start|up) configureEnvironment $@ - # if [[ "$AGENT_TENANT_MODE" != "single" ]]; then - # # do not start agent services when using external multi-tenant instance - # unset ACAPY_CONTAINERS - # fi + if [[ "$AGENT_TENANT_MODE" != "single" ]]; then + # do not start agent services when using external multi-tenant instance + unset ACAPY_CONTAINERS + fi docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${ACAPY_CONTAINERS} ${PROD_CONTAINERS} - # if [[ ! -f ".env" ]]; then - # # first/clean run, set default proof-configuration - # sleep 10 - # setDefaultProofConfig - # fi - docker-compose logs -f ;; logs) @@ -357,7 +357,7 @@ stop) ;; rm|down) # stop ngrok services, if running - docker compose -f docker-compose-ngrok.yaml down + COMPOSE_PROJECT_NAME="${COMPOSE_PROJECT_NAME:-vc-authn}" docker compose -f docker-compose-ngrok.yaml down # delete previously saved settings if [ -f ".env" ] ; then @@ -372,6 +372,17 @@ build) configureEnvironment $@ buildImages ;; +set-proof-config) + if [ -z $1 ] ; then + echoError "Please provide a proof configuration payload" + exit 1 + fi + if [ $1 == "default" ] ; then + setDefaultProofConfig + else + setProofConfig $1 + fi + ;; *) usage ;; From 8852115adeffa7dc9c9612bdf14c3f3549d6ccd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Mon, 6 Feb 2023 18:28:43 -0800 Subject: [PATCH 08/16] Update readme, manage command name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- README.md | 3 ++- docker/manage | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 9b2bd07d..bdaad9e4 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,8 @@ A list of all available commands is visible by executing `./manage -h`. ## Configuring a proof-request -The project will start-up with a default proof-request configured and ready to be used: +To configure the default pre-built proof request, once the controller service is running execute `./manage configure-proof default` in a shell. +This will create the following configuration: ```json { diff --git a/docker/manage b/docker/manage index 5e0d1cd9..97e58f61 100644 --- a/docker/manage +++ b/docker/manage @@ -79,7 +79,7 @@ usage() { start - Same as up. - set-proof-config - Submits a proof-configuration to the controller. + configure-proof - Submits a proof-configuration to the controller. 'default' uses a pre-defined proof-configuration. logs - Display the logs from the docker compose run (ctrl-c to exit). @@ -372,7 +372,7 @@ build) configureEnvironment $@ buildImages ;; -set-proof-config) +configure-proof) if [ -z $1 ] ; then echoError "Please provide a proof configuration payload" exit 1 From e0e74c492a8af702359e909b3c59392f2a11d57b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Tue, 7 Feb 2023 09:41:03 -0800 Subject: [PATCH 09/16] tweaks to manage script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/manage | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/docker/manage b/docker/manage index 97e58f61..ef827b70 100644 --- a/docker/manage +++ b/docker/manage @@ -163,7 +163,6 @@ configureEnvironment() { # controller export CONTROLLER_SERVICE_PORT=5201 export CONTROLLER_URL="${CONTROLLER_URL:-http://controller:5000}" - export CONTROLLER_NGROK="http://controller-ngrok:4040" export CONTROLLER_WEB_HOOK_URL=${CONTROLLER_WEB_HOOK_URL:-${CONTROLLER_URL}/webhooks} if [ ! -z "${CONTROLLER_API_KEY}" ]; then CONTROLLER_WEB_HOOK_URL="${CONTROLLER_WEB_HOOK_URL}#${CONTROLLER_API_KEY}" @@ -173,7 +172,6 @@ configureEnvironment() { # agent export AGENT_TENANT_MODE="${AGENT_TENANT_MODE:-single}" export AGENT_HOST="http://aca-py" - export AGENT_NGROK_TUNNEL="http://aca-py-ngrok:4040" export AGENT_NAME="VC-AuthN Agent" export AGENT_HTTP_PORT=${AGENT_HTTP_PORT:-8030} export AGENT_ADMIN_PORT=${AGENT_ADMIN_PORT:-"8077"} @@ -238,10 +236,10 @@ getStartupParams() { } deleteVolumes() { - _projectName=${COMPOSE_PROJECT_NAME:-docker} + _projectName=${COMPOSE_PROJECT_NAME:-vc-authn} echo "Stopping and removing any running containers ..." - docker-compose down -v + docker-compose -f docker-compose.yaml -f docker-compose-ngrok.yaml down -v _pattern="^${_projectName}_\|^docker_" _volumes=$(docker volume ls -q | grep ${_pattern}) @@ -355,10 +353,7 @@ stop) configureEnvironment docker-compose stop ;; -rm|down) - # stop ngrok services, if running - COMPOSE_PROJECT_NAME="${COMPOSE_PROJECT_NAME:-vc-authn}" docker compose -f docker-compose-ngrok.yaml down - +rm|down) # delete previously saved settings if [ -f ".env" ] ; then rm ".env" From 6b0bafe677e9b95cfa1b5155b6c127cb8800699e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Tue, 7 Feb 2023 11:19:03 -0800 Subject: [PATCH 10/16] Move command to prevent starting aca-py to a better spot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/manage | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docker/manage b/docker/manage index ef827b70..c5eb704e 100644 --- a/docker/manage +++ b/docker/manage @@ -274,6 +274,10 @@ initializeUserPrompts() { echo "MT_ACAPY_WALLET_KEY=${MT_ACAPY_WALLET_KEY}" >> .env echo "ACAPY_HOST=http://ngrok-traction-agent" >> .env echo "AGENT_ADMIN_PORT=8080" >> .env + + # do not start agent services when using external multi-tenant instance + unset ACAPY_CONTAINERS + break ;; 3) @@ -336,11 +340,6 @@ start|up) configureEnvironment $@ - if [[ "$AGENT_TENANT_MODE" != "single" ]]; then - # do not start agent services when using external multi-tenant instance - unset ACAPY_CONTAINERS - fi - docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${ACAPY_CONTAINERS} ${PROD_CONTAINERS} docker-compose logs -f From ef7762ff6b120cc17ea458fb142b4e89950ed07f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Tue, 7 Feb 2023 12:36:27 -0800 Subject: [PATCH 11/16] Fix multi-tenant startup values MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/manage | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docker/manage b/docker/manage index c5eb704e..bb2495ac 100644 --- a/docker/manage +++ b/docker/manage @@ -171,7 +171,7 @@ configureEnvironment() { # agent export AGENT_TENANT_MODE="${AGENT_TENANT_MODE:-single}" - export AGENT_HOST="http://aca-py" + export AGENT_HOST=${AGENT_HOST:-aca-py} export AGENT_NAME="VC-AuthN Agent" export AGENT_HTTP_PORT=${AGENT_HTTP_PORT:-8030} export AGENT_ADMIN_PORT=${AGENT_ADMIN_PORT:-"8077"} @@ -263,7 +263,6 @@ initializeUserPrompts() { 1) echo "AGENT_TENANT_MODE=single" > .env echo "AGENT_WALLET_SEED=$(generateSeed vc-authn-oidc)" >> .env - echo "ACAPY_HOST=http://aca-py" >> .env break ;; 2) @@ -272,12 +271,13 @@ initializeUserPrompts() { echo "AGENT_TENANT_MODE=multi" > .env echo "MT_ACAPY_WALLET_ID=${MT_ACAPY_WALLET_ID}" >> .env echo "MT_ACAPY_WALLET_KEY=${MT_ACAPY_WALLET_KEY}" >> .env - echo "ACAPY_HOST=http://ngrok-traction-agent" >> .env - echo "AGENT_ADMIN_PORT=8080" >> .env + echo "AGENT_HOST=host.docker.internal" >> .env + echo "AGENT_HTTP_PORT=8030" >> .env + echo "AGENT_ADMIN_PORT=8031" >> .env # do not start agent services when using external multi-tenant instance unset ACAPY_CONTAINERS - + break ;; 3) From ecf978fdc9db1065161afeaa3359cb53e383cc94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Tue, 7 Feb 2023 12:38:59 -0800 Subject: [PATCH 12/16] Use docker host IP rather than host.docker.internal for Linux compatibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/manage | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/manage b/docker/manage index bb2495ac..0cc02642 100644 --- a/docker/manage +++ b/docker/manage @@ -271,7 +271,7 @@ initializeUserPrompts() { echo "AGENT_TENANT_MODE=multi" > .env echo "MT_ACAPY_WALLET_ID=${MT_ACAPY_WALLET_ID}" >> .env echo "MT_ACAPY_WALLET_KEY=${MT_ACAPY_WALLET_KEY}" >> .env - echo "AGENT_HOST=host.docker.internal" >> .env + echo "AGENT_HOST=${DOCKERHOST}" >> .env echo "AGENT_HTTP_PORT=8030" >> .env echo "AGENT_ADMIN_PORT=8031" >> .env @@ -298,13 +298,13 @@ initializeUserPrompts() { COMPOSE_PROJECT_NAME="${COMPOSE_PROJECT_NAME:-vc-authn}" docker compose -f docker-compose-ngrok.yaml up -d --force-recreate echoInfo "Determining ngrok url for controller service..." - docker run --rm curlimages/curl -L -s http://host.docker.internal:4056/api/tunnels > controller-ngrok.json + docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:4056/api/tunnels > controller-ngrok.json NGROK_CONTROLLER_URL=$(docker run --rm -i stedolan/jq < controller-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') echo "CONTROLLER_URL=${NGROK_CONTROLLER_URL}" >> .env echoSuccess "The controller url is: ${NGROK_CONTROLLER_URL}" echoInfo "Determining ngrok url for agent service..." - docker run --rm curlimages/curl -L -s http://host.docker.internal:4059/api/tunnels > agent-ngrok.json + docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:4059/api/tunnels > agent-ngrok.json NGROK_AGENT_URL=$(docker run --rm -i stedolan/jq < agent-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') echo "AGENT_ENDPOINT=${NGROK_AGENT_URL}" >> .env echoSuccess "The agent url is: ${NGROK_AGENT_URL}" From c590f4789a844069456eb250c935ff28b03350c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Wed, 8 Feb 2023 11:10:31 -0800 Subject: [PATCH 13/16] Tweak startup to refresh ngrok containers without prompting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/manage | 72 +++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 56 insertions(+), 16 deletions(-) diff --git a/docker/manage b/docker/manage index 0cc02642..2e756365 100644 --- a/docker/manage +++ b/docker/manage @@ -262,6 +262,7 @@ initializeUserPrompts() { case $REPLY in 1) echo "AGENT_TENANT_MODE=single" > .env + export AGENT_TENANT_MODE=single echo "AGENT_WALLET_SEED=$(generateSeed vc-authn-oidc)" >> .env break ;; @@ -269,6 +270,7 @@ initializeUserPrompts() { read -p "Please provide your tenant's Wallet ID:" MT_ACAPY_WALLET_ID read -p "Please provide your tenant's Wallet Key:" MT_ACAPY_WALLET_KEY echo "AGENT_TENANT_MODE=multi" > .env + export AGENT_TENANT_MODE=multi echo "MT_ACAPY_WALLET_ID=${MT_ACAPY_WALLET_ID}" >> .env echo "MT_ACAPY_WALLET_KEY=${MT_ACAPY_WALLET_KEY}" >> .env echo "AGENT_HOST=${DOCKERHOST}" >> .env @@ -277,7 +279,6 @@ initializeUserPrompts() { # do not start agent services when using external multi-tenant instance unset ACAPY_CONTAINERS - break ;; 3) @@ -293,24 +294,52 @@ initializeUserPrompts() { echo # (optional) move to a new line if [[ $REPLY =~ ^[Yy]$ ]] then + echo "USE_NGROK=true" >> .env echo "AGENT_HTTP_PORT=8030" >> .env - # start ngrok containers first so we can grab the URLs - COMPOSE_PROJECT_NAME="${COMPOSE_PROJECT_NAME:-vc-authn}" docker compose -f docker-compose-ngrok.yaml up -d --force-recreate - echoInfo "Determining ngrok url for controller service..." - docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:4056/api/tunnels > controller-ngrok.json - NGROK_CONTROLLER_URL=$(docker run --rm -i stedolan/jq < controller-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') - echo "CONTROLLER_URL=${NGROK_CONTROLLER_URL}" >> .env - echoSuccess "The controller url is: ${NGROK_CONTROLLER_URL}" - - echoInfo "Determining ngrok url for agent service..." - docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:4059/api/tunnels > agent-ngrok.json - NGROK_AGENT_URL=$(docker run --rm -i stedolan/jq < agent-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') - echo "AGENT_ENDPOINT=${NGROK_AGENT_URL}" >> .env - echoSuccess "The agent url is: ${NGROK_AGENT_URL}" - - rm *-ngrok.json + startNgrokContainers $AGENT_TENANT_MODE + + setNgrokEndpoints + fi +} + +# starts ngrok proxies for controller and, when in single-tenant mode, for the agent +function startNgrokContainers() { + CONTROLLER_NGROK_CONTAINER=controller-ngrok + AGENT_NGROK_CONTAINER=aca-py-ngrok + + if [[ $AGENT_TENANT_MODE == "multi" ]] + then + # will be using traction's ngrok proxy for the agent + unset AGENT_NGROK_CONTAINER fi + + # start ngrok containers first so we can grab the URLs + COMPOSE_PROJECT_NAME="${COMPOSE_PROJECT_NAME:-vc-authn}" docker compose -f docker-compose-ngrok.yaml up -d --force-recreate ${CONTROLLER_NGROK_CONTAINER} ${AGENT_NGROK_CONTAINER} +} + +# fetches and sets the ngrok endpoints for controlelr and agent for the current session +function setNgrokEndpoints() { + if [[ $AGENT_TENANT_MODE == "multi" ]]; then + # use traction agent ngrok + NGROK_AGENT_PORT=4052 + else + NGROK_AGENT_PORT=4059 + fi + + echoInfo "Determining ngrok url for controller service..." + docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:4056/api/tunnels > controller-ngrok.json + NGROK_CONTROLLER_URL=$(docker run --rm -i stedolan/jq < controller-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') + export CONTROLLER_URL=${NGROK_CONTROLLER_URL} + echoSuccess "The controller url is: ${NGROK_CONTROLLER_URL}" + + echoInfo "Determining ngrok url for agent service..." + docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:${AGENT_PORT}/api/tunnels > agent-ngrok.json + NGROK_AGENT_URL=$(docker run --rm -i stedolan/jq < agent-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') + export AGENT_ENDPOINT=${NGROK_AGENT_URL} + echoSuccess "The agent url is: ${NGROK_AGENT_URL}" + + rm *-ngrok.json } setProofConfig() { @@ -338,6 +367,17 @@ start|up) echoWarning "User preferences were saved in docker/.env for future use" fi + export USE_NGROK=$(grep USE_NGROK ./.env | cut -d'=' -f 2-) + export AGENT_TENANT_MODE=$(grep AGENT_TENANT_MODE ./.env | cut -d'=' -f 2-) + if [[ $USE_NGROK == "true" ]]; then + # ngrok was already chosen, refresh containers/endpoints + echoInfo "Refreshing ngrok containers..." + startNgrokContainers $AGENT_TENANT_MODE + setNgrokEndpoints + fi + + exit 1 + configureEnvironment $@ docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${ACAPY_CONTAINERS} ${PROD_CONTAINERS} From b383d715e2c31ecf883443f69908e42a48c425d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Wed, 8 Feb 2023 13:08:47 -0800 Subject: [PATCH 14/16] Ensure https ngrok tunnel is used MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/manage | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker/manage b/docker/manage index 2e756365..25ef170e 100644 --- a/docker/manage +++ b/docker/manage @@ -329,13 +329,13 @@ function setNgrokEndpoints() { echoInfo "Determining ngrok url for controller service..." docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:4056/api/tunnels > controller-ngrok.json - NGROK_CONTROLLER_URL=$(docker run --rm -i stedolan/jq < controller-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') + NGROK_CONTROLLER_URL=$(docker run --rm -i stedolan/jq < controller-ngrok.json --raw-output '.tunnels | map(select(.name=="command_line")) | .[0] | .public_url') export CONTROLLER_URL=${NGROK_CONTROLLER_URL} echoSuccess "The controller url is: ${NGROK_CONTROLLER_URL}" echoInfo "Determining ngrok url for agent service..." - docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:${AGENT_PORT}/api/tunnels > agent-ngrok.json - NGROK_AGENT_URL=$(docker run --rm -i stedolan/jq < agent-ngrok.json --raw-output '.tunnels | map(select(.name | contains("command_line"))) | .[0] | .public_url') + docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:${NGROK_AGENT_PORT}/api/tunnels > agent-ngrok.json + NGROK_AGENT_URL=$(docker run --rm -i stedolan/jq < agent-ngrok.json --raw-output '.tunnels | map(select(.name=="command_line")) | .[0] | .public_url') export AGENT_ENDPOINT=${NGROK_AGENT_URL} echoSuccess "The agent url is: ${NGROK_AGENT_URL}" From 2b5f6e09b1e6834557bb9edfdfed4bab7bfea91f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Wed, 8 Feb 2023 13:20:02 -0800 Subject: [PATCH 15/16] Remove breakpoint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- docker/manage | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/docker/manage b/docker/manage index 25ef170e..94ffc721 100644 --- a/docker/manage +++ b/docker/manage @@ -365,19 +365,17 @@ start|up) # first/clean run, prompt user selections initializeUserPrompts echoWarning "User preferences were saved in docker/.env for future use" + else + export USE_NGROK=$(grep USE_NGROK ./.env | cut -d'=' -f 2-) + export AGENT_TENANT_MODE=$(grep AGENT_TENANT_MODE ./.env | cut -d'=' -f 2-) + if [[ $USE_NGROK == "true" ]]; then + # ngrok was already chosen, refresh containers/endpoints + echoInfo "Refreshing ngrok containers..." + startNgrokContainers $AGENT_TENANT_MODE + setNgrokEndpoints + fi fi - export USE_NGROK=$(grep USE_NGROK ./.env | cut -d'=' -f 2-) - export AGENT_TENANT_MODE=$(grep AGENT_TENANT_MODE ./.env | cut -d'=' -f 2-) - if [[ $USE_NGROK == "true" ]]; then - # ngrok was already chosen, refresh containers/endpoints - echoInfo "Refreshing ngrok containers..." - startNgrokContainers $AGENT_TENANT_MODE - setNgrokEndpoints - fi - - exit 1 - configureEnvironment $@ docker-compose up -d ${_startupParams} ${DEFAULT_CONTAINERS} ${ACAPY_CONTAINERS} ${PROD_CONTAINERS} From 3e4ca5e0f5638b1047ad17d9bab78c93086aea52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emiliano=20Su=C3=B1=C3=A9?= Date: Wed, 8 Feb 2023 13:51:33 -0800 Subject: [PATCH 16/16] Remove configure-proof utility for now MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Emiliano Suñé --- README.md | 12 ++++-------- docker/manage | 24 ------------------------ 2 files changed, 4 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index bdaad9e4..71e5c349 100644 --- a/README.md +++ b/README.md @@ -55,16 +55,12 @@ This will create the following configuration: ```json { - "id": "test-request-config", - "subject_identifier": "email", - "configuration": { + "ver_config_id": "test-request-config", + "subject_identifier": "first_name", + "proof_request": { "name": "Basic Proof", "version": "1.0", "requested_attributes": [ - { - "name": "email", - "restrictions": [] - }, { "name": "first_name", "restrictions": [] @@ -79,4 +75,4 @@ This will create the following configuration: } ``` -To add more proof-request configurations, use the following controller endpoint `http://localhost:5201/docs#/ver_configs/create_ver_conf_ver_configs_post` or the helper script `./manage configure-proof `. +To add more proof-request configurations, use the following controller endpoint `http://localhost:5201/docs#/ver_configs/create_ver_conf_ver_configs_post`. diff --git a/docker/manage b/docker/manage index 94ffc721..298cfb51 100644 --- a/docker/manage +++ b/docker/manage @@ -79,9 +79,6 @@ usage() { start - Same as up. - configure-proof - Submits a proof-configuration to the controller. - 'default' uses a pre-defined proof-configuration. - logs - Display the logs from the docker compose run (ctrl-c to exit). stop - Stops the services. This is a non-destructive process. The volumes and containers @@ -341,16 +338,6 @@ function setNgrokEndpoints() { rm *-ngrok.json } - -setProofConfig() { - # post proof-request configuration to controller - docker run --network=vc-authn_vc_auth --rm curlimages/curl -X POST "http://controller:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key" -H "Content-Type: application/json-patch+json" -d @1 -} - -setDefaultProofConfig() { - # post default proof-request configuration to controller - setProofConfig "{ \"id\": \"test-request-config\", \"subject_identifier\": \"email\", \"configuration\": { \"name\": \"Basic Proof\", \"version\": \"1.0\", \"requested_attributes\": [ { \"name\": \"email\", \"restrictions\": [] }, { \"name\": \"first_name\", \"restrictions\": [] }, { \"name\": \"last_name\", \"restrictions\": [] } ], \"requested_predicates\": [] }}" -} # ================================================================================================================= pushd ${SCRIPT_HOME} >/dev/null @@ -404,17 +391,6 @@ build) configureEnvironment $@ buildImages ;; -configure-proof) - if [ -z $1 ] ; then - echoError "Please provide a proof configuration payload" - exit 1 - fi - if [ $1 == "default" ] ; then - setDefaultProofConfig - else - setProofConfig $1 - fi - ;; *) usage ;;