-
Notifications
You must be signed in to change notification settings - Fork 516
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
BREAKING: VCHolder multitenant binding (#3391)
* VCHolder multitenant binding Signed-off-by: jamshale <[email protected]> * fix: soft binding for MT askar of VC Holder Signed-off-by: Daniel Bluhm <[email protected]> * fix: openapi requests and responses for vc routes Signed-off-by: Daniel Bluhm <[email protected]> * fix: example script result assertion Signed-off-by: Daniel Bluhm <[email protected]> --------- Signed-off-by: jamshale <[email protected]> Signed-off-by: Daniel Bluhm <[email protected]> Co-authored-by: Daniel Bluhm <[email protected]>
- Loading branch information
Showing
7 changed files
with
167 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
services: | ||
agency: | ||
image: acapy-test | ||
ports: | ||
- "3001:3001" | ||
environment: | ||
RUST_LOG: 'aries-askar::log::target=error' | ||
command: > | ||
start | ||
--label Agency | ||
--inbound-transport http 0.0.0.0 3000 | ||
--outbound-transport http | ||
--endpoint http://agency:3000 | ||
--admin 0.0.0.0 3001 | ||
--admin-insecure-mode | ||
--no-ledger | ||
--wallet-type askar | ||
--wallet-name alice | ||
--wallet-key insecure | ||
--auto-provision | ||
--log-level debug | ||
--debug-webhooks | ||
--multitenant | ||
--multitenant-admin | ||
--jwt-secret insecure | ||
--multitenancy-config wallet_type=single-wallet-askar key_derivation_method=RAW | ||
healthcheck: | ||
test: curl -s -o /dev/null -w '%{http_code}' "http://localhost:3001/status/live" | grep "200" > /dev/null | ||
start_period: 30s | ||
interval: 7s | ||
timeout: 5s | ||
retries: 5 | ||
|
||
example: | ||
container_name: controller | ||
build: | ||
context: ../.. | ||
environment: | ||
- AGENCY=http://agency:3001 | ||
volumes: | ||
- ./example.py:/usr/src/app/example.py:ro,z | ||
command: python -m example | ||
depends_on: | ||
agency: | ||
condition: service_healthy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
"""Test VC Holder multi-tenancy isolation.""" | ||
|
||
import asyncio | ||
from os import getenv | ||
|
||
from acapy_controller import Controller | ||
from acapy_controller.logging import logging_to_stdout | ||
from acapy_controller.models import CreateWalletResponse | ||
from acapy_controller.protocols import DIDResult | ||
|
||
AGENCY = getenv("AGENCY", "http://agency:3001") | ||
|
||
|
||
async def main(): | ||
"""Test Controller protocols.""" | ||
async with Controller(base_url=AGENCY) as agency: | ||
issuer = await agency.post( | ||
"/multitenancy/wallet", | ||
json={ | ||
"label": "Issuer", | ||
"wallet_type": "askar", | ||
}, | ||
response=CreateWalletResponse, | ||
) | ||
alice = await agency.post( | ||
"/multitenancy/wallet", | ||
json={ | ||
"label": "Alice", | ||
"wallet_type": "askar", | ||
}, | ||
response=CreateWalletResponse, | ||
) | ||
bob = await agency.post( | ||
"/multitenancy/wallet", | ||
json={ | ||
"label": "Bob", | ||
"wallet_type": "askar", | ||
}, | ||
response=CreateWalletResponse, | ||
) | ||
|
||
async with ( | ||
Controller( | ||
base_url=AGENCY, wallet_id=alice.wallet_id, subwallet_token=alice.token | ||
) as alice, | ||
Controller( | ||
base_url=AGENCY, wallet_id=bob.wallet_id, subwallet_token=bob.token | ||
) as bob, | ||
Controller( | ||
base_url=AGENCY, wallet_id=issuer.wallet_id, subwallet_token=issuer.token | ||
) as issuer, | ||
): | ||
public_did = ( | ||
await issuer.post( | ||
"/wallet/did/create", | ||
json={"method": "key", "options": {"key_type": "ed25519"}}, | ||
response=DIDResult, | ||
) | ||
).result | ||
assert public_did | ||
cred = await issuer.post( | ||
"/vc/credentials/issue", | ||
json={ | ||
"credential": { | ||
"@context": [ | ||
"https://www.w3.org/2018/credentials/v1", | ||
"https://www.w3.org/2018/credentials/examples/v1", | ||
], | ||
"id": "http://example.edu/credentials/1872", | ||
"credentialSubject": { | ||
"id": "did:example:ebfeb1f712ebc6f1c276e12ec21" | ||
}, | ||
"issuer": public_did.did, | ||
"issuanceDate": "2024-12-10T10:00:00Z", | ||
"type": ["VerifiableCredential", "AlumniCredential"], | ||
}, | ||
"options": { | ||
"challenge": "3fa85f64-5717-4562-b3fc-2c963f66afa6", | ||
"domain": "example.com", | ||
"proofPurpose": "assertionMethod", | ||
"proofType": "Ed25519Signature2018", | ||
}, | ||
}, | ||
) | ||
await alice.post( | ||
"/vc/credentials/store", | ||
json={"verifiableCredential": cred["verifiableCredential"]}, | ||
) | ||
result = await bob.get("/vc/credentials") | ||
assert len(result["results"]) == 0 | ||
|
||
|
||
if __name__ == "__main__": | ||
logging_to_stdout() | ||
asyncio.run(main()) |