didx-xyz · wdbasson · Mar 24, 2023 · Mar 24, 2023 · Mar 25, 2023 · Mar 29, 2023
diff --git a/.github/workflows/aws_ecr.yml b/.github/workflows/aws_ecr.yml
@@ -6,7 +6,7 @@ on:
       run-update-deployments:
         description: "Run Update Deployments step manually"
         required: false
-        default: "false"
+        default: "true"
       run-tests:
         description: "Run tests step"
         required: false
@@ -30,6 +30,8 @@ concurrency:
 jobs:
   build:
     name: Build image and push to ECR
+    permissions:
+      id-token: write # This is required for requesting the JWT
     runs-on: ubuntu-latest
 
     outputs:
@@ -85,16 +87,18 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: af-south-1
+          role-to-assume: arn:aws:iam::402177810328:role/cicd
+          role-session-name: github-cicd
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
 
       - name: Login to Amazon ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v1
+        with:
+          registries: "324190738845" # org registry
 
       - name: Docker Metadata
         id: meta
@@ -180,7 +184,7 @@ jobs:
       - name: Install dependencies
         run: |
           apt-get update && apt-get upgrade -y
-          apt-get install -y unzip postgresql-client python-is-python3
+          apt-get install -y unzip postgresql-client python-is-python3 redis-tools
           curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
           install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
           curl -Lo sops.deb https://github.com/mozilla/sops/releases/download/v3.7.3/sops_3.7.3_amd64.deb
@@ -190,7 +194,7 @@ jobs:
         uses: actions/checkout@v3
         with:
           repository: didx-xyz/cloud_api_helm
-          token: ${{ secrets.HELM_REPO_TOKEN }} # private access token here, for HTTPS clones
+          token: ${{ secrets.PAT }} # private access token here, for HTTPS clones
           path: helm/Chart
 
       - name: install-aws-cli
@@ -213,7 +217,7 @@ jobs:
 
       - name: Install helm plugins
         run: |
-          helm plugin install https://github.com/jkroepke/helm-secrets --version v4.4.2
+          # helm plugin install https://github.com/jkroepke/helm-secrets --version v4.4.2
           helm plugin install https://github.com/databus23/helm-diff
 
       - name: Symlink shared models
@@ -226,11 +230,10 @@ jobs:
         run: |
           for project in $(echo "${{ env.projects }}" | sed 's/\n/ /g'); do
             helm -n dev-cloudapi \
-              secrets diff upgrade "${project}" \
+              diff upgrade "${project}" \
               --install \
               --set image.tag=${{ needs.build.outputs.image_version }} \
               -f ./helm/Values/${project}.yaml \
-              -f ./helm/Secrets/${project}.yaml \
               ./helm/Chart
           done
 
@@ -257,19 +260,34 @@ jobs:
           bash ./scripts/aurora-delete.sh -o didx -d
           bash ./scripts/aurora-delete.sh -o didx_multitenant -d
 
+      - name: List Elasticache Redis
+        if: github.event.review.state == 'approved' || github.event_name == 'push' || github.event.inputs.run-update-deployments == 'true'
+        env:
+          REDIS_HOST: ${{ secrets.REDIS_HOST }}
+          REDIS_PORT: ${{ secrets.REDIS_PORT }}
+        run: |
+          redis-cli -h $REDIS_HOST -p $REDIS_PORT --scan --pattern '*'
+
+      - name: Clean Elasticache Redis
+        if: github.event.review.state == 'approved' || github.event_name == 'push' || github.event.inputs.run-update-deployments == 'true'
+        env:
+          REDIS_HOST: ${{ secrets.REDIS_HOST }}
+          REDIS_PORT: ${{ secrets.REDIS_PORT }}
+        run: |
+          redis-cli -h $REDIS_HOST -p $REDIS_PORT FLUSHALL
+
       - name: Update deployments
         id: update_deployments
         if: github.event.review.state == 'approved' || github.event_name == 'push' || github.event.inputs.run-update-deployments == 'true'
         run: |
           for project in $(echo "${{ env.projects }}" | sed 's/\n/ /g'); do
             helm -n dev-cloudapi \
-              secrets upgrade "${project}" \
+              upgrade "${project}" \
               --install \
               --atomic \
               --timeout=300s \
               --set image.tag=${{ needs.build.outputs.image_version }} \
               -f ./helm/Values/${project}.yaml \
-              -f ./helm/Secrets/${project}.yaml \
               ./helm/Chart &
           done
           wait
@@ -320,7 +338,7 @@ jobs:
         continue-on-error: true
         run: |
           source ./scripts/env.sh
-          pytest -x --cov=trustregistry --cov=app trustregistry app
+          pytest --cov=trustregistry --cov=app trustregistry app
           # pytest -v app/tests/e2e/test_verifier.py
           # pytest -v app/tests/e2e/test_verifier.py::test_accept_proof_request_v1
           # bash <(curl -Ls https://coverage.codacy.com/get.sh) report -r coverage.xml
@@ -331,7 +349,7 @@ jobs:
         if: steps.test.outcome=='failure'
         run: |
           source ./scripts/env.sh
-          pytest -x --cov=trustregistry --cov=app trustregistry app
+          pytest --cov=trustregistry --cov=app trustregistry app
           # pytest -v app/tests/e2e/test_verifier.py
           # pytest -v app/tests/e2e/test_verifier.py::test_accept_proof_request_v1
 

diff --git a/.github/workflows/aws_ecr_github_runner.yml b/.github/workflows/aws_ecr_github_runner.yml
@@ -1,4 +1,4 @@
-name: Deploy to ECR
+name: Deploy to ECR Github Runner
 
 # github hosted runner to test latency issues in e2e tests post 0.8.0 upgrade
 

diff --git a/.github/workflows/continuous-build.yml b/.github/workflows/continuous-build.yml
@@ -61,7 +61,7 @@ jobs:
         id: test
         continue-on-error: true
         run: |
-          pytest -x --cov=trustregistry --cov=app trustregistry app
+          pytest --cov=trustregistry --cov=app trustregistry app
           # bash <(curl -Ls https://coverage.codacy.com/get.sh) report -r coverage.xml
           echo done
         # env:

diff --git a/README.md b/README.md
@@ -12,6 +12,16 @@
 This project is a essentially comprises of a [FastAPI](fastapi.tiangolo.com/) app around the [hyperledger aries stack](https://github.com/hyperledger/) primarily tailored around [YOMA](yoma.africa)-specific use cases. The FastAPI app serves as a wrapper around common workflows for real-life applications of the stack. You can think of it as a wrapper, a form of middleware, or interface for client applications (for instance a mobile app) and the backend stack (using [Aries Cloudcontroller](https://github.com/didx-xyz/aries-cloudcontroller-python) under the hood and [Aca-py](https://github.com/hyperledger/aries-cloudagent-python) in the back - like a mullet). The aim is to facilitate a client's workflow by providing some convenience API endpoints for common workflows like creating wallets, managing wallets, their connections, and credentials, proofs and workflows. What is multiple API calls to the AriesCloudAgent can often be achieved with a single call via this API. For example, you want to create a wallet, which involves writing to the ledger, waiting for the result, getting and accepting a TAA, creating a DID and creating the wallet itself can be done in a single blow - how convenient, isn't it.
 
 ## How to run it
+### Step 1: Run a local VON Network
+Setup the VON network locally that will provide an instance of Hyperledger Indy ledger. Follow the instructions in the [VON Network README](https://github.com/bcgov/von-network/blob/main/README.md)
+> NOTE: Ensure you start the VON Network with `--taa-sample` flag to enable TAA acceptance. For example:
+> ```bash
+> ./manage start --taa-sample
+> ```
+> This will start the VON Network with a sample TAA that you can use to accept the TAA. You can find the TAA in the `./von-network/config/sample_taa.json` and `./von-network/config/sample_aml.json` file.
+
+### Step 2: Run the Aries Cloud Agent
+> NOTE: Ensure the VON Network is running before starting the Cloud API. The Cloud API will try to connect to the VON Network and will fail if it is not running.
 
 Export the necessary environment variables
 
@@ -109,3 +119,9 @@ done
 > pytest . --log-cli-level=DEBUG
 > ```
 > will output all log messages with a log level of `DEBUG` or higher.
+
+To run specific tests you can specify the path to the test file or the test class or test method. For example:
+
+```bash
+pytest app/tests/e2e/test_verifier.py::test_accept_proof_request_oob_v1 --log-cli-level=0
+```
diff --git a/app/facades/acapy_ledger.py b/app/facades/acapy_ledger.py
@@ -71,15 +71,9 @@ async def accept_taa(
         body=TAAAccept(**taa.dict(), mechanism=mechanism)
     )
 
-    if isinstance(accept_taa_response, dict):
-        accept_taa_response = accept_taa_response
-        logger.info("accept_taa_response - TAA response is type dict %s", accept_taa_response)
-    else:
-        logger.info("accept_taa_response - TAA response is type something else %s", accept_taa_response)
-        accept_taa_response = await accept_taa_response.json()
-
-    logger.info("accept_taa_response: %s", accept_taa_response)
-    if accept_taa_response != {}:
+    logger.info("accept_taa_response value: %s", accept_taa_response)
+
+    if isinstance(accept_taa_response, ClientResponseError):
         logger.error("Failed to accept TAA.\n %s", accept_taa_response)
         raise HTTPException(
             status_code=404,

diff --git a/app/generic/oob/oob.py b/app/generic/oob/oob.py
@@ -10,11 +10,13 @@
 from aries_cloudcontroller.model.invitation_create_request import (
     InvitationCreateRequest,
 )
+from aries_cloudcontroller.model.oob_record import OobRecord
+
 from fastapi import APIRouter, Depends, HTTPException
 from pydantic import BaseModel
 
 from app.dependencies import agent_selector
-from shared_models import OobRecord, Connection, conn_record_to_connection
+from shared_models import Connection, conn_record_to_connection
 
 logger = logging.getLogger(__name__)
 

diff --git a/app/requirements.txt b/app/requirements.txt
@@ -1,5 +1,5 @@
 aiohttp~=3.8.1
-aries-cloudcontroller~=0.7.0
+aries-cloudcontroller~=0.8.0rc5
 fastapi==0.65.2
 httpx==0.18.1
 pydantic~=1.8.2

diff --git a/app/tests/e2e/test_definitions.py b/app/tests/e2e/test_definitions.py
@@ -164,7 +164,7 @@ async def test_create_credential_definition_issuer_tenant(
     # There is a race condition / timing issue somewhere...
     # Temporary sleep workaround
     # TODO: debug
-    await asyncio.sleep(10)
+    # await asyncio.sleep(10)
 
     credential_definition = CreateCredentialDefinition(
         schema_id=schema_definition.id,

diff --git a/app/tests/e2e/test_oob.py b/app/tests/e2e/test_oob.py
@@ -12,11 +12,11 @@
 
 # When using the default module scoped fixture in ./conftest.py test_oob_connect_via_public_did fails
 # Setting temporary event_loop override for tests in this file.
-@pytest.fixture(scope="session")
-def event_loop():
-    loop = asyncio.get_event_loop_policy().new_event_loop()
-    yield loop
-    loop.close()
+# @pytest.fixture(scope="session")
+# def event_loop():
+#     loop = asyncio.get_event_loop_policy().new_event_loop()
+#     yield loop
+#     loop.close()
 
 
 @pytest.mark.asyncio

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -311,7 +311,7 @@ services:
       tails-server
         --host 0.0.0.0
         --port 6543
-        --storage-path ./
+        --storage-path ./data
         --log-level INFO
 
 volumes:
@@ -323,4 +323,4 @@ volumes:
 networks:
   governance-multitenant:
   governance-ga:
-  host:
+  host:
diff --git a/dockerfiles/agents/Dockerfile b/dockerfiles/agents/Dockerfile
@@ -1,4 +1,4 @@
-FROM aries-cloudagent:py36-1.16-1_0.7.5
+FROM aries-cloudagent:py36-1.16-1_0.8.0
 
 ADD configuration ./configuration
 ADD scripts ./scripts
diff --git a/dockerfiles/agents/Dockerfile.agent b/dockerfiles/agents/Dockerfile.agent
@@ -6,7 +6,7 @@ RUN apt-get update && apt-get install -y gcc
 
 
 RUN pip3 install -U pip
-RUN pip3 install aries-cloudagent[askar]==0.7.5 acapy-wallet-groups-plugin
+RUN pip3 install aries-cloudagent[askar]==0.8.0 acapy-wallet-groups-plugin
 
 ADD https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 ./jq
 RUN chmod +x ./jq

diff --git a/dockerfiles/agents/Dockerfile.author.agent b/dockerfiles/agents/Dockerfile.author.agent
@@ -4,7 +4,7 @@ USER root
 RUN apt-get update
 RUN apt-get update && apt-get install -y gcc
 
-RUN pip3 install aries-cloudagent[askar]==0.7.5 acapy-wallet-groups-plugin
+RUN pip3 install aries-cloudagent[askar]==0.8.0 acapy-wallet-groups-plugin
 
 ADD https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 ./jq
 RUN chmod +x ./jq

diff --git a/endorser/requirements.txt b/endorser/requirements.txt
@@ -1,4 +1,4 @@
 fastapi_websocket_pubsub~=0.1.21
 typing_extensions
 httpx==0.18.1
-aries-cloudcontroller~=0.7.0
+aries-cloudcontroller~=0.8.0rc5
diff --git a/environments/governance-ga/aca-py-agent.default.env b/environments/governance-ga/aca-py-agent.default.env
@@ -49,8 +49,6 @@ ACAPY_GENESIS_URL=http://ledger-browser:8000/genesis
 # of the ecosystem
 # ACAPY_WALLET_SEED=00000000000000000governance1Any1
 
-ACAPY_PUBLIC_INVITES=true
-
 AGENT_ENDPOINT=http://governance-ga-agent:3020
 
 # ## DO NOT CHANGE VARIABLES BELOW
@@ -71,3 +69,13 @@ ACAPY_AUTO_VERIFY_PRESENTATION=true
 ACAPY_PRESERVE_EXCHANGE_RECORDS=false
 ACAPY_ENDORSER_ROLE=endorser
 ACAPY_AUTO_ENDORSE_TRANSACTIONS=false
+
+#Auto accept TAA
+#ACAPY_ACCEPT_TAA: "[service_agreement,1.0]"
+
+# Allow Public Invites
+ACAPY_PUBLIC_INVITES=true
+
+# Enable Public DID Connections. This is required for the CloudAPI to work
+# This is a breaking change in AcaPy 0.8.0 - see https://github.com/hyperledger/aries-cloudagent-python/pull/2034
+#ACAPY_REQUESTS_THROUGH_PUBLIC_DID=true
diff --git a/environments/governance-multitenant/aca-py-agent.default.env b/environments/governance-multitenant/aca-py-agent.default.env
@@ -49,8 +49,6 @@ ACAPY_MULTITENANT=true
 ACAPY_MULTITENANT_ADMIN=false
 ACAPY_MULTITENANT_JWT_SECRET=jwtSecret
 
-ACAPY_PUBLIC_INVITES=true
-
 AGENT_ENDPOINT=http://governance-multitenant-agent:3020
 
 # ## DO NOT CHANGE VARIABLES BELOW
@@ -75,3 +73,20 @@ ACAPY_ENDORSER_ROLE=author
 ACAPY_AUTO_REQUEST_ENDORSEMENT=true
 ACAPY_AUTO_WRITE_TRANSACTIONS=true
 ACAPY_ENDORSER_ALIAS=endorser
+
+#Auto accept TAA
+#ACAPY_ACCEPT_TAA: "[service_agreement,1.0]"
+
+# Allow Public Invites
+ACAPY_PUBLIC_INVITES=true
+
+# Enable Public DID Connections. This is required for the CloudAPI to work
+# This is a breaking change in AcaPy 0.8.0 - see https://github.com/hyperledger/aries-cloudagent-python/pull/2034
+#ACAPY_REQUESTS_THROUGH_PUBLIC_DID=true
+#
+#ACAPY_DEBUG_PRESENTATIONS=true
+#ACAPY_DEBUG_CONNECTIONS=true
+#ACAPY_EMIT_NEW_DIDCOMM_MIME_TYPE=true
+#ACAPY_EMIT_NEW_DIDCOMM_PREFIX=true
+#ACAPY_TRACE_TARGET=log
+#ACAPY_TRACE=true
diff --git a/manage b/manage
@@ -1,7 +1,8 @@
 #!/bin/bash
 export MSYS_NO_PATHCONV=1
-export DOCKERHOST=${APPLICATION_URL-$(docker run --rm --net=host codenvy/che-ip)}
-set -e
+# getDockerHost; for details refer to https://github.com/bcgov/DITP-DevOps/tree/main/code/snippets#getdockerhost
+. /dev/stdin <<<"$(cat <(curl -s --raw https://raw.githubusercontent.com/bcgov/DITP-DevOps/main/code/snippets/getDockerHost))"
+export DOCKERHOST=$(getDockerHost)
 
 SCRIPT_HOME="$(cd "$(dirname "$0")" && pwd)"
 
@@ -54,7 +55,7 @@ EOF
 # -----------------------------------------------------------------------------------------------------------------
 # Default Settings:
 # -----------------------------------------------------------------------------------------------------------------
-DEFAULT_CONTAINERS="governance-trust-registry governance-multitenant-wallets-db governance-multitenant-agent tails-server ledger-nodes ledger-browser
+DEFAULT_CONTAINERS="governance-trust-registry governance-multitenant-wallets-db governance-multitenant-agent tails-server
                     governance-ga-wallets-db governance-ga-agent governance-multitenant-web governance-ga-web wh-redis governance-webhooks-web governance-endorser"
 # -----------------------------------------------------------------------------------------------------------------
 # Functions:

diff --git a/scripts/aurora-delete.sh b/scripts/aurora-delete.sh
@@ -105,9 +105,8 @@ drop_db_function() {
     (
       log "Dropping database: $DB"
       PGPASSWORD=$DB_PASSWORD psql -h $DB_HOST -p $DB_PORT -U $DB_USER -d postgres -c "DROP DATABASE \"$DB\""
-    ) &
+    )
   done
-  wait
   log "$STEP: done"
   echo ""
 }

diff --git a/scripts/startup.sh b/scripts/startup.sh
@@ -1,8 +1,5 @@
 #!/bin/bash
 
-# Sleep 30 hack to wait for von network nodes to start up
-sleep 30
-
 aca-py start \
     -it http '0.0.0.0' "$HTTP_PORT" \
     -e "$AGENT_ENDPOINT" "${AGENT_ENDPOINT/http/ws}" \

diff --git a/shared_models/__init__.py b/shared_models/__init__.py
@@ -10,7 +10,6 @@
     IssueCredentialProtocolVersion,
     presentation_record_to_model,
     pres_id_no_version,
-    OobRecord,
     RedisItem,
     BasicMessage,
     PayloadType,