Tenant Issuer Config Related Fixes

plugins/traction_innkeeper/traction_innkeeper/v1_0/endorser/routes.py

@@ -18,6 +18,8 @@
 
 from .endorser_connection_service import EndorserConnectionService
 from ..tenant.routes import SWAGGER_CATEGORY
+from ..innkeeper.tenant_manager import TenantManager
+from ..innkeeper.models import TenantRecord
 
 LOGGER = logging.getLogger(__name__)
 
@@ -68,10 +70,28 @@ async def endorser_connection_set(request: web.BaseRequest):
 
     """
     context: AdminRequestContext = request["context"]
+    tenant_wallet_id = context.profile.settings.get("wallet.id")
+    tenant_mgr = context.inject(TenantManager)
+    root_profile = tenant_mgr.profile
     profile = context.profile
-    # TODO use when multi ledger support is implemented
-    endorser_config = profile.settings.get("tenant.endorser_config", [])
-    public_did_config = profile.settings.get("tenant.public_did_config", [])
+    async with root_profile.session() as session:
+        tenant_record = await TenantRecord.query_by_wallet_id(session, tenant_wallet_id)
+    # issuer check
+    if tenant_record.self_issuer_permission or (
+        not tenant_record.connected_to_endorsers
+        or not tenant_record.created_public_did
+        or (
+            tenant_record.connected_to_endorsers
+            and tenant_record.connected_to_endorsers == []
+        )
+        or (tenant_record.created_public_did and tenant_record.created_public_did == [])
+    ):
+        raise web.HTTPBadRequest(
+            reason=(
+                "Tenant is not configured as an issuer, cannot "
+                "connect with endorser or create public did"
+            )
+        )
     endorser_srv = context.inject(EndorserConnectionService)
     info = endorser_srv.endorser_info(profile)
     if not info:

plugins/traction_innkeeper/traction_innkeeper/v1_0/innkeeper/config.py

@@ -50,14 +50,15 @@ def default(cls):
 class ReservationConfig(BaseModel):
     expiry_minutes: int
     auto_approve: bool
+    self_issuer_permission: bool = False
 
     class Config:
         alias_generator = _alias_generator
         allow_population_by_field_name = True
 
     @classmethod
     def default(cls):
-        return cls(expiry_minutes=60, auto_approve=False)
+        return cls(expiry_minutes=60, auto_approve=False, self_issuer_permission=False)
 
 
 class TractionInnkeeperConfig(BaseModel):

plugins/traction_innkeeper/traction_innkeeper/v1_0/innkeeper/models.py

@@ -259,6 +259,7 @@ def __init__(
         wallet_id: str = None,
         connected_to_endorsers: List = [],
         created_public_did: List = [],
+        self_issuer_permission: bool = False,
         **kwargs,
     ):
         """Construct record."""
@@ -271,6 +272,7 @@ def __init__(
         self.wallet_id = wallet_id
         self.connected_to_endorsers = connected_to_endorsers
         self.created_public_did = created_public_did
+        self.self_issuer_permission = self_issuer_permission
 
     @property
     def tenant_id(self) -> Optional[str]:
@@ -287,6 +289,7 @@ def record_value(self) -> dict:
                 "wallet_id",
                 "connected_to_endorsers",
                 "created_public_did",
+                "self_issuer_permission",
             )
         }
 
@@ -370,3 +373,8 @@ class Meta:
         fields.Str(description="Ledger id"),
         required=False,
     )
+
+    self_issuer_permission = fields.Bool(
+        required=True,
+        description="True if tenant can make itself issuer, false if only innkeeper can",
+    )

plugins/traction_innkeeper/traction_innkeeper/v1_0/innkeeper/routes.py

@@ -405,15 +405,18 @@ async def tenant_config_update(request: web.BaseRequest):
     body = await request.json()
     connect_to_endorser = body.get("connect_to_endorser")
     create_public_did = body.get("create_public_did")
+    tenant_issuer_flag = body.get("self_issuer_permission")
     mgr = context.inject(TenantManager)
     profile = mgr.profile
     tenant_id = request.match_info["tenant_id"]
     async with profile.session() as session:
         tenant_record = await TenantRecord.retrieve_by_id(session, tenant_id)
-        if connect_to_endorser:
+        if connect_to_endorser or connect_to_endorser == []:
             tenant_record.connected_to_endorsers = connect_to_endorser
-        if create_public_did:
+        if create_public_did or create_public_did == []:
             tenant_record.created_public_did = create_public_did
+        if tenant_issuer_flag is not None:
+            tenant_record.self_issuer_permission = tenant_issuer_flag
         await tenant_record.save(session)
     return web.json_response(tenant_record.serialize())
 

plugins/traction_innkeeper/traction_innkeeper/v1_0/innkeeper/tenant_manager.py

@@ -14,7 +14,7 @@
 from aries_cloudagent.storage.error import StorageError, StorageNotFoundError
 from aries_cloudagent.wallet.models.wallet_record import WalletRecord
 
-from .config import TractionInnkeeperConfig, InnkeeperWalletConfig
+from .config import TractionInnkeeperConfig, InnkeeperWalletConfig, ReservationConfig
 from .models import TenantRecord, ReservationRecord
 
 
@@ -54,6 +54,23 @@ async def create_wallet(
         # (mostly) duplicate code.
 
         try:
+            if "tenant.endorser_config" in extra_settings:
+                connect_to_endorsers = extra_settings.get("tenant.endorser_config")
+                del extra_settings["tenant.endorser_config"]
+            else:
+                connect_to_endorsers = self._config.innkeeper_wallet.connect_to_endorser
+            if "tenant.public_did_config" in extra_settings:
+                created_public_did = extra_settings.get("tenant.public_did_config")
+                del extra_settings["tenant.public_did_config"]
+            else:
+                created_public_did = self._config.innkeeper_wallet.create_public_did
+            if "tenant.self_issuer_permission" in extra_settings:
+                self_issuer_permission = extra_settings.get(
+                    "tenant.self_issuer_permission"
+                )
+                del extra_settings["tenant.self_issuer_permission"]
+            else:
+                self_issuer_permission = self._config.reservation.self_issuer_permission
             # we must stick with managed until AcaPy has full support for unmanaged.
             # transport/inbound/session.py only deals with managed.
             key_management_mode = WalletRecord.MODE_MANAGED
@@ -92,8 +109,9 @@ async def create_wallet(
         tenant = await self.create_tenant(
             wallet_id=wallet_record.wallet_id,
             tenant_id=tenant_id,
-            connected_to_endorsers=extra_settings.get("tenant.endorser_config"),
-            created_public_did=extra_settings.get("tenant.public_did_config"),
+            connected_to_endorsers=connect_to_endorsers,
+            created_public_did=created_public_did,
+            self_issuer_permission=self_issuer_permission,
         )
 
         return tenant, wallet_record, token
@@ -114,6 +132,7 @@ async def create_tenant(
         wallet_id: str,
         connected_to_endorsers: List = [],
         created_public_did: List = [],
+        self_issuer_permission: bool = False,
         tenant_id: str = None,
     ):
         try:
@@ -131,6 +150,7 @@ async def create_tenant(
                     new_with_id=tenant_id is not None,
                     connected_to_endorsers=connected_to_endorsers,
                     created_public_did=created_public_did,
+                    self_issuer_permission=self_issuer_permission,
                 )
                 await tenant.save(session, reason="New tenant")
                 # self._logger.info(tenant)
@@ -142,6 +162,7 @@ async def create_tenant(
 
     async def create_innkeeper(self):
         config: InnkeeperWalletConfig = self._config.innkeeper_wallet
+        reservation_config: ReservationConfig = self._config.reservation
         tenant_id = config.tenant_id
         wallet_name = config.wallet_name
         wallet_key = config.wallet_key
@@ -163,14 +184,14 @@ async def create_innkeeper(self):
             self._logger.info(f"'{wallet_name}' wallet exists.")
             token = await self.get_token(wallet_record, wallet_key)
         else:
-            self._logger.info(f"creating '{wallet_name}' wallet...")
             tenant_record, wallet_record, token = await self.create_wallet(
                 wallet_name,
                 wallet_key,
                 {
                     "wallet.innkeeper": True,
                     "tenant.endorser_config": config.connect_to_endorser,
                     "tenant.public_did_config": config.create_public_did,
+                    "tenant.self_issuer_permission": reservation_config.self_issuer_permission,
                 },
                 tenant_id,
             )
@@ -183,6 +204,9 @@ async def create_innkeeper(self):
         print(f"wallet.wallet_id = {wallet_record.wallet_id}")
         print(f"tenant.endorser_config = {tenant_record.connected_to_endorsers}")
         print(f"tenant.public_did_config = {tenant_record.created_public_did}")
+        print(
+            f"tenant.self_issuer_permission = {str(tenant_record.self_issuer_permission)}"
+        )
         _key = wallet_record.wallet_key if config.print_key else "********"
         print(f"wallet.wallet_key = {_key}\n")
         if config.print_token:

plugins/traction_innkeeper/traction_innkeeper/v1_0/innkeeper/utils.py

@@ -41,6 +41,10 @@ class TenantConfigSchema(OpenAPISchema):
         ),
         description="Public DID config",
     )
+    self_issuer_permission = fields.Bool(
+        required=True,
+        description="True if tenant can make itself issuer, false if only innkeeper can",
+    )
 
 
 def generate_reservation_token_data(expiry_minutes: int):

plugins/traction_innkeeper/traction_innkeeper/v1_0/tenant/routes.py

@@ -96,10 +96,12 @@ async def tenant_config_get(request: web.BaseRequest):
         tenant_record = await TenantRecord.query_by_wallet_id(session, wallet_id)
     endorser_config = tenant_record.connected_to_endorsers
     public_did_config = tenant_record.created_public_did
+    tenant_issuer_flag = tenant_record.self_issuer_permission
     return web.json_response(
         {
             "connect_to_endorser": endorser_config,
             "create_public_did": public_did_config,
+            "self_issuer_permission": tenant_issuer_flag,
         }
     )
 

scripts/plugin-config.yml

@@ -18,3 +18,4 @@ traction_innkeeper:
   reservation:
     auto_approve: true
     expiry_minutes: 2880
+    self_issuer_permission: false

services/tenant-ui/frontend/src/components/profile/issuance/Endorser.vue

@@ -56,7 +56,10 @@ const { endorserConnection, endorserInfo, tenantConfig } =
 
 // Allowed to connect to endorser?
 const canConnectEndorser = computed(() => {
-  if (tenantConfig.value?.connect_to_endorser?.length) {
+  if (
+    tenantConfig.value?.connect_to_endorser?.length > 0 ||
+    tenantConfig.value?.self_issuer_permission
+  ) {
     // At this point there's 1 ledger/endorser, check the first and deal with that
     // Will enhance once mult-ledger supported
     const allowedConnection = tenantConfig.value.connect_to_endorser[0];

services/tenant-ui/frontend/src/components/profile/issuance/PublicDid.vue

@@ -50,7 +50,10 @@ const { endorserConnection, publicDid, tenantConfig } =
 
 // Allowed to register a DID?
 const canRegisterDid = computed(() => {
-  if (tenantConfig.value?.create_public_did?.length) {
+  if (
+    tenantConfig.value?.create_public_did?.length > 0 ||
+    tenantConfig.value?.self_issuer_permission
+  ) {
     // At this point there's 1 ledger, check the first and deal with that
     // Will enhance once mult-ledger supported
     const allowedLedger = tenantConfig.value.create_public_did[0];

services/tenant-ui/frontend/src/types/acapyApi/acapyInterface.ts

@@ -3418,6 +3418,8 @@ export interface TenantConfig {
   connect_to_endorser?: EndorserLedgerConfig[];
   /** Public DID config */
   create_public_did?: string[];
+  /** self issuer permission flag */
+  self_issuer_permission?: boolean;
 }
 
 export interface TenantList {