Update manage script to automate set-up

.gitignore

@@ -128,6 +128,7 @@ proxy-data/
 
 # General
 .env
+*ngrok.json
 
 # Visual Studio Code
 .vscode

.tgitconfig

@@ -0,0 +1,2 @@
+[tgit]
+	warnnosignedoffby = true

README.md

@@ -1,39 +1,78 @@
-# vc-authn-oidc
+[![img](https://img.shields.io/badge/Lifecycle-Maturing-007EC6)](https://github.com/bcgov/repomountie/blob/master/doc/lifecycle-badges.md)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
 
-clone [traction](https://github.com/bcgov/traction)
-connect those services to the network defined in by
+# Verifiable Credential Authentication with OpenID Connect (VC-AuthN OIDC)
 
-adding the following to `<traction_folder>/scripts/docker-compose.yaml`
+Verifiable Credential Identity Provider for OpenID Connect.
 
-```
+See [here](/docs/README.md) for background into how this integration is defined.
+
+For configuration instructions, refer to the [configuration guide](/docs/ConfigurationGuide.md).
+
+Make sure to read the [best practices](/docs/BestPractices.md) to be used when protecting a web application using `vc-authn-oidc`.
+
+# Pre-requisites
+
+## Tooling
+
+- A bash-compatible shell such as [Git Bash](https://git-scm.com/downloads)
+- [Docker](https://docs.docker.com/get-docker/)
+
+## Project Dependencies
+
+To run `vc-authn` locally, you will need an instance of [von-network](https://github.com/bcgov/von-network) running in Docker. A different ledger can be targeted by setting the `LEDGER_URL` environment variable before starting the project.
+
+It is possible to run the project targeting a multi-tenant ACA-Py instance managed by [traction](https://github.com/bcgov/traction). To use this option, prepare a `traction` instance by cloning the repository and performing these tasks:
+
+- add the following to `<traction_folder>/scripts/docker-compose.yaml`
+
+```yaml
 networks:
   default:
     external:
       name: oidc_vc_auth
 ```
 
-`docker-compose up` from `<traction_folder>/scripts`
+- start `traction` by executing `docker-compose up` from `<traction_folder>/scripts`
 
-run `docker-compose up` from `demo/vue` of this project
-run `./manage build` from `/docker` of this project to create and tag the image
+# Running VC-AuthN
 
-*inspect `./manage` file for environment variables, commenting/un-commenting configuration for an external multi-tenanted acapy, or using the single-tenant acapy defined in `../docker/docker-compose.yaml`
+Once the pre-requisites are met, open a shell in the [docker](./docker/) folder and run the following commands:
 
-run `./manage start-no-acapy` from `/docker` of this project
+- `./manage build` to build the required service images
+- `./manage start` to run the services
 
-### Prepare Acapy wallet for use
+Follow the script prompts to select the appropriate runtime options: they will be saved in an `env` for the next execution.
 
-have python installed. TODO, replace with this with BASH script.
-run `pip install requests` if needed.
-run `python wallet_init.py` from `/docker`
+To reset everything (including removing container data) execute `./manage rm`.
 
-### Prepare controller for use
+A list of all available commands is visible by executing `./manage -h`.
 
-1. create default verification_configuration @`http://localhost:5201/docs#/ver_configs/create_ver_conf_ver_configs_post` execute that endpoint with default payload
+## Configuring a proof-request
 
-### Prepare example wallet
+To configure the default pre-built proof request, once the controller service is running execute `./manage configure-proof default` in a shell.
+This will create the following configuration:
 
-You will need a digital wallet app with a credential that contains two attributes `first_name` and `last_name`
+```json
+{
+  "ver_config_id": "test-request-config",
+  "subject_identifier": "first_name",
+  "proof_request": {
+    "name": "Basic Proof",
+    "version": "1.0",
+    "requested_attributes": [
+      {
+        "name": "first_name",
+        "restrictions": []
+      },
+      {
+        "name": "last_name",
+        "restrictions": []
+      }
+    ],
+    "requested_predicates": []
+  }
+}
+```
 
-# MongoDB
-Use `Block Storage` as pvc type for mongo when deployed on openshift.
+To add more proof-request configurations, use the following controller endpoint `http://localhost:5201/docs#/ver_configs/create_ver_conf_ver_configs_post`.

docker/docker-compose-ngrok.yaml

@@ -0,0 +1,25 @@
+version: "3"
+services:
+  controller-ngrok:
+    image: wernight/ngrok
+    environment:
+      - CONTROLLER_SERVICE_PORT=5000
+    ports:
+      - 4056:4040
+    command: ngrok http controller:5000 --log stdout
+    networks:
+      - vc_auth
+
+  aca-py-ngrok:
+    image: wernight/ngrok
+    environment:
+      - AGENT_HTTP_PORT=${AGENT_HTTP_PORT}
+    ports:
+      - 4059:4040
+    command: ngrok http aca-py:${AGENT_HTTP_PORT} --log stdout
+    networks:
+      - vc_auth
+
+networks:
+  vc_auth:
+    driver: bridge

docker/docker-compose.yaml

@@ -6,22 +6,20 @@ services:
     depends_on:
       controller-db:
         condition: service_started
-      controller-ngrok:
-        condition: service_started
     environment:
       - DB_HOST=${MONGODB_HOST}
       - DB_PORT=${MONGODB_PORT}
       - DB_NAME=${MONGODB_NAME}
       - OIDC_CONTROLLER_DB_USER=${OIDC_CONTROLLER_DB_USER}
       - OIDC_CONTROLLER_DB_USER_PWD=${OIDC_CONTROLLER_DB_USER_PWD}
-      - ACAPY_ADMIN_URL=${ACAPY_ADMIN_URL}
-      - ACAPY_TENANCY=${ACAPY_TENANCY}
+      - CONTROLLER_URL=${CONTROLLER_URL}
+      - ACAPY_TENANCY=${AGENT_TENANT_MODE}
+      - ACAPY_AGENT_URL=${AGENT_ENDPOINT}
+      - ACAPY_ADMIN_URL=${AGENT_ADMIN_URL}
       - MT_ACAPY_WALLET_ID=${MT_ACAPY_WALLET_ID}
       - MT_ACAPY_WALLET_KEY=${MT_ACAPY_WALLET_KEY}
-      - ST_ACAPY_ADMIN_API_KEY=${ST_ACAPY_ADMIN_API_KEY}
+      - ST_ACAPY_ADMIN_API_KEY=${AGENT_ADMIN_API_KEY}
       - ST_ACAPY_ADMIN_API_KEY_NAME=${ST_ACAPY_ADMIN_API_KEY_NAME}
-      - ACAPY_NGROK_TUNNEL_HOST=${ACAPY_NGROK_TUNNEL_HOST}
-      - CONTROLLER_NGROK=${CONTROLLER_NGROK}
     ports:
       - ${CONTROLLER_SERVICE_PORT}:5000
     volumes:
@@ -67,44 +65,24 @@ services:
       - vc_auth
 
   keycloak-db:
-    image: registry.access.redhat.com/rhscl/postgresql-10-rhel7:latest
+    image: postgres:15.1-alpine
     environment:
-      POSTGRESQL_USER: ${KEYCLOAK_DB_USER}
-      POSTGRESQL_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
-      POSTGRESQL_DATABASE: ${KEYCLOAK_DB_NAME}
+      - POSTGRES_USER=${KEYCLOAK_DB_USER}
+      - POSTGRES_PASSWORD=${KEYCLOAK_DB_PASSWORD}
+      - POSTGRES_DB=${KEYCLOAK_DB_NAME}
     volumes:
       - keycloak-db-data:/var/lib/pgsql/data
     networks:
       - vc_auth
 
-  controller-ngrok:
-    image: wernight/ngrok
-    environment:
-      - CONTROLLER_SERVICE_PORT=5000
-    ports:
-      - 4056:4040
-    command: ngrok http controller:5000 --log stdout
-    networks:
-      - vc_auth
-
-  aca-py-ngrok:
-    image: wernight/ngrok
-    environment:
-      - AGENT_HTTP_PORT=${AGENT_HTTP_PORT}
-    ports:
-      - 4059:4040
-    command: ngrok http aca-py:${AGENT_HTTP_PORT} --log stdout
-    networks:
-      - vc_auth
-
   aca-py:
-    image: bcgovimages/aries-cloudagent:py36-1.16-1_0.7.5
+    image: bcgovimages/aries-cloudagent:py36-1.16-1_1.0.0-rc1
     environment:
       - ACAPY_LABEL=${AGENT_NAME}
       - ACAPY_ENDPOINT=${AGENT_ENDPOINT}
       - ACAPY_GENESIS_URL=${GENESIS_URL}
       - ACAPY_WALLET_NAME=oidc_agent_wallet
-      - ACAPY_WALLET_TYPE=indy
+      - ACAPY_WALLET_TYPE=askar
       - ACAPY_WALLET_KEY=${WALLET_ENCRYPTION_KEY}
       - ACAPY_WALLET_SEED=${AGENT_WALLET_SEED}
       - ACAPY_AUTO_VERIFY_PRESENTATION=true
@@ -115,39 +93,35 @@ services:
       - ACAPY_AUTO_PROVISION=true
       - POSTGRESQL_WALLET_HOST=${POSTGRESQL_WALLET_HOST}
       - POSTGRESQL_WALLET_PORT=${POSTGRESQL_WALLET_PORT}
-      - POSTGRESQL_WALLET_USER=${POSTGRESQL_USER}
-      - POSTGRESQL_WALLET_PASSWORD=${POSTGRESQL_PASSWORD}
-      - POSTGRESQL_WALLET_ADMIN_PASSWORD=${POSTGRESQL_WALLET_ADMIN_USER}
-      - POSTGRESQL_WALLET_ADMIN_USER=${POSTGRESQL_WALLET_ADMIN_USER}
+      - POSTGRESQL_WALLET_USER=${POSTGRESQL_WALLET_USER}
+      - POSTGRESQL_WALLET_PASSWORD=${POSTGRESQL_WALLET_PASSWORD}
     ports:
       - ${AGENT_ADMIN_PORT}:${AGENT_ADMIN_PORT}
       - ${AGENT_HTTP_PORT}:${AGENT_HTTP_PORT}
     networks:
       - vc_auth
     depends_on:
       - wallet-db
-      - aca-py-ngrok
     entrypoint: /bin/bash
     command: [
         "-c",
-        "sleep 14;
+        "sleep 15;
         aca-py start \
         --inbound-transport http '0.0.0.0' ${AGENT_HTTP_PORT} \
         --outbound-transport http \
         --wallet-storage-config '{\"url\":\"${POSTGRESQL_WALLET_HOST}:${POSTGRESQL_WALLET_PORT}\",\"max_connections\":5}' \
-        --wallet-storage-creds '{\"account\":\"${POSTGRESQL_WALLET_USER}\",\"password\":\"${POSTGRESQL_WALLET_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_WALLET_ADMIN_USER}\",\"admin_password\":\"${POSTGRESQL_WALLET_ADMIN_PASSWORD}\"}' \ 
+        --wallet-storage-creds '{\"account\":\"${POSTGRESQL_WALLET_USER}\",\"password\":\"${POSTGRESQL_WALLET_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_WALLET_USER}\",\"admin_password\":\"${POSTGRESQL_WALLET_PASSWORD}\"}' \ 
         --admin '0.0.0.0' ${AGENT_ADMIN_PORT} \
-        --${ACAPY_ADMIN_MODE} 
+        --${AGENT_ADMIN_MODE} 
       "
       ]
 
   wallet-db:
-    image: registry.access.redhat.com/rhscl/postgresql-10-rhel7:latest
+    image: postgres:15.1-alpine
     environment:
-      - POSTGRESQL_USER=${POSTGRESQL_WALLET_USER}
-      - POSTGRESQL_PASSWORD=${POSTGRESQL_WALLET_PASSWORD}
-      - POSTGRESQL_DATABASE=${POSTGRESQL_WALLET_DATABASE}
-      - POSTGRESQL_ADMIN_PASSWORD=${POSTGRESQL_WALLET_ADMIN_PASSWORD}
+      - POSTGRES_USER=${POSTGRESQL_WALLET_USER}
+      - POSTGRES_PASSWORD=${POSTGRESQL_WALLET_PASSWORD}
+      - POSTGRES_DB=${POSTGRESQL_WALLET_DATABASE}
     networks:
       - vc_auth
     ports: