diff --git a/backend/business-partner-agent/pom.xml b/backend/business-partner-agent/pom.xml index aded257ac..c13424039 100644 --- a/backend/business-partner-agent/pom.xml +++ b/backend/business-partner-agent/pom.xml @@ -343,7 +343,7 @@ com.github.eirslett frontend-maven-plugin - 1.10.4 + 1.11.0 ../../frontend @@ -356,8 +356,8 @@ - v14.15.1 - 6.14.8 + v14.15.3 + 6.14.9 diff --git a/backend/business-partner-agent/src/main/resources/application.yml b/backend/business-partner-agent/src/main/resources/application.yml index 00bbdbbec..d03ed9e33 100644 --- a/backend/business-partner-agent/src/main/resources/application.yml +++ b/backend/business-partner-agent/src/main/resources/application.yml @@ -100,7 +100,7 @@ bpa: acapy: url: http://${bpa.docker.host}:8031 apiKey: empty - endpoint: ${AGENT_ENDPOINT:`http://localhost:8030`} + endpoint: ${ACAPY_ENDPOINT:`http://localhost:8030`} did: prefix: ${BPA_DID_PREFIX:`did:sov:iil:`} pg: diff --git a/charts/bpa/templates/bpa_deployment.yaml b/charts/bpa/templates/bpa_deployment.yaml index 2d8e394c8..16b80f64a 100644 --- a/charts/bpa/templates/bpa_deployment.yaml +++ b/charts/bpa/templates/bpa_deployment.yaml @@ -48,7 +48,7 @@ spec: value: {{ .Values.bpa.webMode | quote }} - name: AGENT_NAME value: {{ .Values.bpa.agentName | quote }} - - name: AGENT_ENDPOINT + - name: ACAPY_ENDPOINT value: https://{{ (index .Values.acapy.ingress.hosts 0).host }} - name: POSTGRES_PASSWORD valueFrom: diff --git a/scripts/.env-example b/scripts/.env-example index 901f3c2c4..6a17b345b 100644 --- a/scripts/.env-example +++ b/scripts/.env-example @@ -2,15 +2,14 @@ # Business Partner Agent # ------------------------------------------------------------ -# Frontend -#VUE_APP_UI_COLOR=#3498db -#VUE_APP_LOGO_URL= +# Specifies the label for this agent. This label is publicized (self-attested) to other agents as part of forming a connection +AGENT_NAME="Business Partner Agent" # localhost, ip address, dns name BPA_HOST=localhost BPA_PORT=8080 -# Security Config +# Security BPA_SECURITY_ENABLED=true # Default username and password, set if running in production like environments BPA_BOOTSTRAP_UN=admin @@ -25,7 +24,6 @@ BPA_RESOLVER_URL=https://resolver.dev.economyofthings.io BPA_DID_PREFIX=did:sov:iil: # The Ledger Explorer -LEDGER_URL=https://indy-test.bosch-digital.de BPA_LEDGER_BROWSER=https://indy-test.bosch-digital.de # Docker image to be used for the business partner (if it doesn't exist, docker-compose attempts to build it) @@ -35,14 +33,31 @@ BPA_DOCKER_IMAGE=myregistry/imagename:mytag # ACA-PY # ------------------------------------------------------------ +# Run in read only mode, requires BPA_WEB_MODE to be true. +#ACAPY_READ_ONLY_MODE=--read-only-ledger + +ACAPY_GENESIS_URL=https://indy-test.bosch-digital.de/genesis + +# +# Identity +# + # Enter wallet seed here: -#AGENT_SEED=0dcb2d7b444a4de591316231527aea1f +#ACAPY_SEED=0dcb2d7b444a4de591316231527aea1f + +# +# Build +# # Build ACA-Py instead of using a published image. Requires usage of docker-compose.custom-acapy.yml # Example here is using the current master ACAPY_BUILD_CONTEXT=https://github.com/hyperledger/aries-cloudagent-python.git ACAPY_BUILD_DOCKERFILE_PATH=docker/Dockerfile.run +# +# Security +# + # Protect all admin endpoints with the provided API key # Development setup (do not use in production!) ACAPY_ADMIN_CONFIG=--admin-insecure-mode @@ -50,26 +65,27 @@ ACAPY_ADMIN_CONFIG=--admin-insecure-mode #ACAPY_ADMIN_URL_API_KEY=change-me #ACAPY_ADMIN_CONFIG=--admin-api-key ${ACAPY_ADMIN_URL_API_KEY} -# Run in read only mode, requires BPA_WEB_MODE to be true. -# ACAPY_READ_ONLY_MODE=--read-only-ledger - -# Specifies the label for this agent. This label is publicized (self-attested) to other agents as part of forming a connection -AGENT_NAME="Business Partner Agent" +# +# Connectivity +# + +ACAPY_HTTP_PORT=8030 +ACAPY_ENDPOINT=http://localhost:8030 +ACAPY_ADMIN_PORT=8031 + +# +# Wallet Storage +# -# Default Docker config -AGENT_HTTP_PORT=8030 -AGENT_ENDPOINT=http://localhost:8030 -AGENT_ADMIN_PORT=8031 +ACAPY_WALLET_TYPE=postgres_storage +ACAPY_WALLET_DATABASE=wallet_db +ACAPY_WALLET_ENCRYPTION_KEY=key # ------------------------------------------------------------ -# Postges Wallet +# Postgres Storage # ------------------------------------------------------------ -# Default Docker config -WALLET_TYPE=postgres_storage -WALLET_DATABASE=wallet_db -WALLET_ENCRYPTION_KEY=key -POSTGRESQL_WALLET_HOST=postgres -POSTGRESQL_WALLET_PORT=5432 -POSTGRESQL_WALLET_USER=walletuser -POSTGRESQL_WALLET_PASSWORD=walletpassword \ No newline at end of file +POSTGRESQL_HOST=postgres +POSTGRESQL_PORT=5432 +POSTGRESQL_USER=walletuser +POSTGRESQL_PASSWORD=walletpassword \ No newline at end of file diff --git a/scripts/acapy-static-args.yml b/scripts/acapy-static-args.yml new file mode 100644 index 000000000..0c1d03b49 --- /dev/null +++ b/scripts/acapy-static-args.yml @@ -0,0 +1,17 @@ +auto-accept-invites: true +auto-accept-requests: true +auto-respond-messages: true +auto-respond-credential-proposal: true +auto-respond-credential-offer: true +auto-respond-credential-request: true +auto-respond-presentation-proposal: true +auto-respond-presentation-request: true +auto-store-credential: true +auto-verify-presentation: true +auto-ping-connection: true +monitor-ping: true +public-invites: true +plugin: 'aries_cloudagent.messaging.jsonld' +outbound-transport: http +wallet-type: 'indy' +log-level: info \ No newline at end of file diff --git a/scripts/docker-compose-backend-webonly.yml b/scripts/docker-compose-backend-webonly.yml index 4b45724bf..ab0387fba 100644 --- a/scripts/docker-compose-backend-webonly.yml +++ b/scripts/docker-compose-backend-webonly.yml @@ -26,6 +26,7 @@ services: aca-py start \ -it http '0.0.0.0' 8030 -ot http \ + -e http://0.0.0.0:8030 --admin '0.0.0.0' 8031 \ --admin-insecure-mode \ --plugin aries_cloudagent.messaging.jsonld \ diff --git a/scripts/docker-compose.aries-only.yml b/scripts/docker-compose.aries-only.yml index 0532a883b..1b3700044 100644 --- a/scripts/docker-compose.aries-only.yml +++ b/scripts/docker-compose.aries-only.yml @@ -6,36 +6,26 @@ services: aca-py: image: bcgovimages/aries-cloudagent:py36-1.15-0_0.5.6 ports: - - ${AGENT_ADMIN_PORT}:${AGENT_ADMIN_PORT} - - ${AGENT_HTTP_PORT}:${AGENT_HTTP_PORT} + - ${ACAPY_ADMIN_PORT}:${ACAPY_ADMIN_PORT} + - ${ACAPY_HTTP_PORT}:${ACAPY_HTTP_PORT} entrypoint: /bin/bash command: [ "-c", "sleep 1; aca-py start \ - --auto-accept-invites \ - --auto-accept-requests \ - --auto-respond-messages \ - --auto-respond-credential-proposal \ - --auto-respond-credential-offer \ - --auto-respond-credential-request \ - --auto-respond-presentation-proposal \ - --auto-respond-presentation-request \ - --auto-store-credential \ - --auto-verify-presentation \ - --auto-ping-connection \ - --public-invites \ - --plugin aries_cloudagent.messaging.jsonld \ - --inbound-transport http '0.0.0.0' ${AGENT_HTTP_PORT} \ - --outbound-transport http \ - --endpoint ${AGENT_ENDPOINT} \ - --profile-endpoint ${BPA_PROFILE_ENDPOINT} \ - --webhook-url http://company-agent:${BPA_PORT}/log \ - --genesis-url '${LEDGER_URL}/genesis' \ - --wallet-type 'indy' \ - --seed '${AGENT_SEED}' \ - --admin '0.0.0.0' ${AGENT_ADMIN_PORT} \ + --arg-file acapy-static-args.yml \ + --inbound-transport http '0.0.0.0' ${ACAPY_HTTP_PORT} \ + --endpoint ${ACAPY_ENDPOINT} \ + --profile-endpoint https://${BPA_HOST}/profile.jsonld \ + --webhook-url http://localhost:${BPA_PORT}/log \ + --genesis-url '${ACAPY_GENESIS_URL}' \ + --seed '${ACAPY_SEED}' \ + --admin '0.0.0.0' ${ACAPY_ADMIN_PORT} \ --admin-insecure-mode \ - --label ${AGENT_NAME} \ - --log-level info" - ] \ No newline at end of file + --wallet-name '${ACAPY_WALLET_DATABASE}' \ + --wallet-key '${ACAPY_WALLET_ENCRYPTION_KEY}' \ + --label '${AGENT_NAME}' \ + " + ] + volumes: + - "./acapy-static-args.yml:/home/indy/acapy-static-args.yml" \ No newline at end of file diff --git a/scripts/docker-compose.custom-acapy.yml b/scripts/docker-compose.custom-acapy.yml index 33157274f..73650b2a5 100644 --- a/scripts/docker-compose.custom-acapy.yml +++ b/scripts/docker-compose.custom-acapy.yml @@ -11,13 +11,13 @@ services: - aca-py environment: JAVA_OPTS: > - -Dbpa.acapy.url=http://aca-py:${AGENT_ADMIN_PORT} + -Dbpa.acapy.url=http://aca-py:${ACAPY_ADMIN_PORT} -Dbpa.acapy.apiKey=${ACAPY_ADMIN_URL_API_KEY} -Dmicronaut.security.enabled=${BPA_SECURITY_ENABLED} -Dmicronaut.server.port=${BPA_PORT} - -Dbpa.pg.url=jdbc:postgresql://${POSTGRESQL_WALLET_HOST}/${POSTGRESQL_WALLET_USER} - -Dbpa.pg.username=${POSTGRESQL_WALLET_USER} - -Dbpa.pg.password=${POSTGRESQL_WALLET_PASSWORD} + -Dbpa.pg.url=jdbc:postgresql://${POSTGRESQL_HOST}/${POSTGRESQL_USER} + -Dbpa.pg.username=${POSTGRESQL_USER} + -Dbpa.pg.password=${POSTGRESQL_PASSWORD} -Dbpa.host=${BPA_HOST} BPA_WEB_MODE: ${BPA_WEB_MODE} BPA_RESOLVER_URL: ${BPA_RESOLVER_URL} @@ -25,7 +25,7 @@ services: BPA_DID_PREFIX: ${BPA_DID_PREFIX} BPA_BOOTSTRAP_UN: ${BPA_BOOTSTRAP_UN} BPA_BOOTSTRAP_PW: ${BPA_BOOTSTRAP_PW} - AGENT_ENDPOINT: ${AGENT_ENDPOINT} + ACAPY_ENDPOINT: ${ACAPY_ENDPOINT} AGENT_NAME: ${AGENT_NAME} ports: - ${BPA_PORT}:${BPA_PORT} @@ -35,8 +35,8 @@ services: context: ${ACAPY_BUILD_CONTEXT} dockerfile: ${ACAPY_BUILD_DOCKERFILE_PATH} ports: - - ${AGENT_ADMIN_PORT}:${AGENT_ADMIN_PORT} - - ${AGENT_HTTP_PORT}:${AGENT_HTTP_PORT} + - ${ACAPY_ADMIN_PORT}:${ACAPY_ADMIN_PORT} + - ${ACAPY_HTTP_PORT}:${ACAPY_HTTP_PORT} depends_on: - postgres entrypoint: /bin/bash @@ -44,46 +44,32 @@ services: "-c", "sleep 1; aca-py start \ - --auto-accept-invites \ - --auto-accept-requests \ - --auto-respond-messages \ - --auto-respond-credential-proposal \ - --auto-respond-credential-offer \ - --auto-respond-credential-request \ - --auto-respond-presentation-proposal \ - --auto-respond-presentation-request \ - --auto-store-credential \ - --auto-verify-presentation \ - --auto-ping-connection \ - --monitor-ping \ - --public-invites \ - --plugin aries_cloudagent.messaging.jsonld \ - --inbound-transport http '0.0.0.0' ${AGENT_HTTP_PORT} \ - --outbound-transport http \ + --arg-file acapy-static-args.yml \ + --inbound-transport http '0.0.0.0' ${ACAPY_HTTP_PORT} \ --webhook-url http://bpa:${BPA_PORT}/log \ - --genesis-url '${LEDGER_URL}/genesis' \ - --endpoint ${AGENT_ENDPOINT} \ - --wallet-type 'indy' \ - --wallet-name '${WALLET_DATABASE}' \ - --wallet-key '${WALLET_ENCRYPTION_KEY}' \ - --wallet-storage-type '${WALLET_TYPE}' \ - --wallet-storage-config '{\"url\":\"${POSTGRESQL_WALLET_HOST}:${POSTGRESQL_WALLET_PORT}\",\"max_connections\":5}' \ - --wallet-storage-creds '{\"account\":\"${POSTGRESQL_WALLET_USER}\",\"password\":\"${POSTGRESQL_WALLET_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_WALLET_USER}\",\"admin_password\":\"${POSTGRESQL_WALLET_PASSWORD}\"}' \ - --seed '${AGENT_SEED}' \ - --admin '0.0.0.0' ${AGENT_ADMIN_PORT} \ + --genesis-url '${ACAPY_GENESIS_URL}' \ + --endpoint ${ACAPY_ENDPOINT} \ + --wallet-name '${ACAPY_WALLET_DATABASE}' \ + --wallet-key '${ACAPY_WALLET_ENCRYPTION_KEY}' \ + --wallet-storage-type '${ACAPY_WALLET_TYPE}' \ + --wallet-storage-config '{\"url\":\"${POSTGRESQL_HOST}:${POSTGRESQL_PORT}\",\"max_connections\":5}' \ + --wallet-storage-creds '{\"account\":\"${POSTGRESQL_USER}\",\"password\":\"${POSTGRESQL_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_USER}\",\"admin_password\":\"${POSTGRESQL_PASSWORD}\"}' \ + --seed '${ACAPY_SEED}' \ + --admin '0.0.0.0' ${ACAPY_ADMIN_PORT} \ --label '${AGENT_NAME}' \ - --log-level info \ ${ACAPY_ADMIN_CONFIG} \ ${ACAPY_READ_ONLY_MODE} \ " ] + volumes: + - "./acapy-static-args.yml:/home/indy/acapy-static-args.yml" postgres: image: "postgres:12-alpine" environment: - - POSTGRES_USER=${POSTGRESQL_WALLET_USER} - - POSTGRES_PASSWORD=${POSTGRESQL_WALLET_PASSWORD} + - POSTGRES_USER=${POSTGRESQL_USER} + - POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD} ports: - - ${POSTGRESQL_WALLET_PORT}:${POSTGRESQL_WALLET_PORT} + - ${POSTGRESQL_PORT}:${POSTGRESQL_PORT} volumes: - postgres-data:/var/lib/postgresql/data volumes: diff --git a/scripts/docker-compose.yml b/scripts/docker-compose.yml index 43b09a2e1..c0d4805c8 100644 --- a/scripts/docker-compose.yml +++ b/scripts/docker-compose.yml @@ -11,13 +11,13 @@ services: - aca-py environment: JAVA_OPTS: > - -Dbpa.acapy.url=http://aca-py:${AGENT_ADMIN_PORT} + -Dbpa.acapy.url=http://aca-py:${ACAPY_ADMIN_PORT} -Dbpa.acapy.apiKey=${ACAPY_ADMIN_URL_API_KEY} -Dmicronaut.security.enabled=${BPA_SECURITY_ENABLED} -Dmicronaut.server.port=${BPA_PORT} - -Dbpa.pg.url=jdbc:postgresql://${POSTGRESQL_WALLET_HOST}/${POSTGRESQL_WALLET_USER} - -Dbpa.pg.username=${POSTGRESQL_WALLET_USER} - -Dbpa.pg.password=${POSTGRESQL_WALLET_PASSWORD} + -Dbpa.pg.url=jdbc:postgresql://${POSTGRESQL_HOST}/${POSTGRESQL_USER} + -Dbpa.pg.username=${POSTGRESQL_USER} + -Dbpa.pg.password=${POSTGRESQL_PASSWORD} -Dbpa.host=${BPA_HOST} BPA_WEB_MODE: ${BPA_WEB_MODE} BPA_RESOLVER_URL: ${BPA_RESOLVER_URL} @@ -25,7 +25,7 @@ services: BPA_DID_PREFIX: ${BPA_DID_PREFIX} BPA_BOOTSTRAP_UN: ${BPA_BOOTSTRAP_UN} BPA_BOOTSTRAP_PW: ${BPA_BOOTSTRAP_PW} - AGENT_ENDPOINT: ${AGENT_ENDPOINT} + ACAPY_ENDPOINT: ${ACAPY_ENDPOINT} AGENT_NAME: ${AGENT_NAME} ports: - ${BPA_PORT}:${BPA_PORT} @@ -33,8 +33,8 @@ services: aca-py: image: bcgovimages/aries-cloudagent:py36-1.15-0_0.5.6 ports: - - ${AGENT_ADMIN_PORT}:${AGENT_ADMIN_PORT} - - ${AGENT_HTTP_PORT}:${AGENT_HTTP_PORT} + - ${ACAPY_ADMIN_PORT}:${ACAPY_ADMIN_PORT} + - ${ACAPY_HTTP_PORT}:${ACAPY_HTTP_PORT} depends_on: - postgres entrypoint: /bin/bash @@ -42,46 +42,32 @@ services: "-c", "sleep 1; aca-py start \ - --auto-accept-invites \ - --auto-accept-requests \ - --auto-respond-messages \ - --auto-respond-credential-proposal \ - --auto-respond-credential-offer \ - --auto-respond-credential-request \ - --auto-respond-presentation-proposal \ - --auto-respond-presentation-request \ - --auto-store-credential \ - --auto-verify-presentation \ - --auto-ping-connection \ - --monitor-ping \ - --public-invites \ - --plugin aries_cloudagent.messaging.jsonld \ - --inbound-transport http '0.0.0.0' ${AGENT_HTTP_PORT} \ - --outbound-transport http \ + --arg-file acapy-static-args.yml \ + --inbound-transport http '0.0.0.0' ${ACAPY_HTTP_PORT} \ --webhook-url http://bpa:${BPA_PORT}/log \ - --genesis-url '${LEDGER_URL}/genesis' \ - --endpoint ${AGENT_ENDPOINT} \ - --wallet-type 'indy' \ - --wallet-name '${WALLET_DATABASE}' \ - --wallet-key '${WALLET_ENCRYPTION_KEY}' \ - --wallet-storage-type '${WALLET_TYPE}' \ - --wallet-storage-config '{\"url\":\"${POSTGRESQL_WALLET_HOST}:${POSTGRESQL_WALLET_PORT}\",\"max_connections\":5}' \ - --wallet-storage-creds '{\"account\":\"${POSTGRESQL_WALLET_USER}\",\"password\":\"${POSTGRESQL_WALLET_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_WALLET_USER}\",\"admin_password\":\"${POSTGRESQL_WALLET_PASSWORD}\"}' \ - --seed '${AGENT_SEED}' \ - --admin '0.0.0.0' ${AGENT_ADMIN_PORT} \ + --genesis-url '${ACAPY_GENESIS_URL}' \ + --endpoint ${ACAPY_ENDPOINT} \ + --wallet-name '${ACAPY_WALLET_DATABASE}' \ + --wallet-key '${ACAPY_WALLET_ENCRYPTION_KEY}' \ + --wallet-storage-type '${ACAPY_WALLET_TYPE}' \ + --wallet-storage-config '{\"url\":\"${POSTGRESQL_HOST}:${POSTGRESQL_PORT}\",\"max_connections\":5}' \ + --wallet-storage-creds '{\"account\":\"${POSTGRESQL_USER}\",\"password\":\"${POSTGRESQL_PASSWORD}\",\"admin_account\":\"${POSTGRESQL_USER}\",\"admin_password\":\"${POSTGRESQL_PASSWORD}\"}' \ + --seed '${ACAPY_SEED}' \ + --admin '0.0.0.0' ${ACAPY_ADMIN_PORT} \ --label '${AGENT_NAME}' \ - --log-level info \ ${ACAPY_ADMIN_CONFIG} \ ${ACAPY_READ_ONLY_MODE} \ " ] + volumes: + - "./acapy-static-args.yml:/home/indy/acapy-static-args.yml" postgres: image: "postgres:12-alpine" environment: - - POSTGRES_USER=${POSTGRESQL_WALLET_USER} - - POSTGRES_PASSWORD=${POSTGRESQL_WALLET_PASSWORD} + - POSTGRES_USER=${POSTGRESQL_USER} + - POSTGRES_PASSWORD=${POSTGRESQL_PASSWORD} ports: - - ${POSTGRESQL_WALLET_PORT}:${POSTGRESQL_WALLET_PORT} + - ${POSTGRESQL_PORT}:${POSTGRESQL_PORT} volumes: - postgres-data:/var/lib/postgresql/data volumes: diff --git a/scripts/register-did.sh b/scripts/register-did.sh index d8bec8daf..a5928736a 100755 --- a/scripts/register-did.sh +++ b/scripts/register-did.sh @@ -39,7 +39,7 @@ if curl --fail -s -d $PAYLOAD -H "Content-Type: application/json" -X POST ${URL # Registration (probably) successfull echo "" echo ""Registration on $URL successful"" - echo ""Setting AGENT_SEED in .env file"" + echo ""Setting ACAPY_SEED in .env file"" if [ ! -f .env ]; then echo "".env does not exist"" echo ""Creating .env from .env-example"" @@ -47,12 +47,12 @@ if curl --fail -s -d $PAYLOAD -H "Content-Type: application/json" -X POST ${URL fi # sed on Mac and Linux work differently if [ "$ARCHITECTURE" = "Mac" ]; then - sed -i '' '/AGENT_SEED=/c\ - AGENT_SEED='"${SEED}"' + sed -i '' '/ACAPY_SEED=/c\ + ACAPY_SEED='"${SEED}"' ' .env else - sed -i '/AGENT_SEED=/c\ - AGENT_SEED='"${SEED}"' + sed -i '/ACAPY_SEED=/c\ + ACAPY_SEED='"${SEED}"' ' .env fi diff --git a/scripts/start-with-tunnels.sh b/scripts/start-with-tunnels.sh index b900858f4..18537017e 100755 --- a/scripts/start-with-tunnels.sh +++ b/scripts/start-with-tunnels.sh @@ -90,10 +90,10 @@ fi # write public ip to env export BPA_HOST=$BPA_HOST -export AGENT_ENDPOINT=$ACA_PY_ENDPOINT +export ACAPY_ENDPOINT=$ACA_PY_ENDPOINT echo "Business Partner Agent Public URL: https://$BPA_HOST" -echo "Public ACA-PY Endpoint: $AGENT_ENDPOINT" +echo "Public ACA-PY Endpoint: $ACAPY_ENDPOINT" # Start agent docker-compose -f $DOCKERFILE up