Anoncreds schema endorsement #2715
Conversation
|
Overall looks good. I think we need to move where the ledger write actually happens, tho. Right now the transaction manager writes to the ledger (https://github.com/hyperledger/aries-cloudagent-python/blob/main/aries_cloudagent/protocols/endorse_transaction/v1_0/manager.py#L428) and then emits the event that we listen for (https://github.com/hyperledger/aries-cloudagent-python/blob/main/aries_cloudagent/protocols/endorse_transaction/v1_0/manager.py#L526). For anoncreds, I think the ledger write needs to move into our new (anoncreds) event handler method. |
|
@ianco Ok, thanks. I will look into doing that, and add some unit tests and ping you when I'm finished. |
jamshale
changed the title
|
The latest commit removes the extending of the registry interface, and instead implements the txn_submit method from within the legacy_indy registry. Author triggered txn_submits in the indy ledger and endorser manager complete_transaction create an instance of the LegacyIndyRegistry to submit the transactions. This will still end up submitting the transaction from the indy ledger but will make sure that ledger is injected from the anoncreds registry. One drawback is that because the transaction manager and ledger are imported from the ledger routes module on initialization, importing the LegacyIndyRegistry from the top level caused a circular import exception. To get around this the Registry is only imported when needed during anoncred transaction submit operations. |
There was a problem hiding this comment.
Apologies for taking so long to look deeper on this PR; I feel bad about making some comments early, requesting changes, and then requesting some more after you made those changes... But I think we're not quite aligned on vision for the endorser support yet.
Happy to discuss these points more.
|
I fear I'm coming across as harsh but I think there were some mistakes made in the first iteration of endorser support in ACA-Py that really need to be corrected. As it stands, I think we're inheriting a bit too much of those mistakes in this iteration. |
There was a problem hiding this comment.
Not completely happy with how the endorsed transaction is getting saved ... I don't like the (circular) dependency between the transaction manager and Indy registry, and would prefer the ledger transaction gets saved in the event handler somehow (limits the specific ledger dependencies) but let's accept this PR and then re-visit in the next endorser PR.
I think that's fair. A lot of this is new to me so I appreciate the feedback. Some of the things you mentioned I had been confused about. I don't think it should take to long. |
|
I think I'm getting a grip on the old implementation and how we want it to change with anoncreds. This should be way better now. One thing I noticed is that the I added a state for transaction_requested and I used a random uuid for the job-id. Wasn't sure if this was exactly what we wanted to do. |
Isn't there a ledger transaction id that isn't available until the schema is written to the ledger? |
That should still be there, yes. This is just for the anoncreds Result object. It has a state field I am setting to |
|
POST /schema {
"job_id": "db16fd5f8c094d62ba3d1722dacb2467",
"schema_state": {
"state": "transaction_requested",
"schema_id": "WgWxqztrNooG92RXvxSTWv:2:author-schema:1.1",
"schema": {
"issuerId": "WgWxqztrNooG92RXvxSTWv",
"attrNames": [
"score"
],
"name": "author-schema",
"version": "1.1"
}
},
"registration_metadata": {
"txn": {
"state": "request_sent",
"created_at": "2024-01-30T00:08:21.960157Z",
"updated_at": "2024-01-30T00:08:21.968250Z",
"trace": false,
"transaction_id": "7e664eb2-2ed0-460e-8411-b6858aeb2fa2",
"_type": "https://didcomm.org/sign-attachment/1.0/signature-request",
"signature_request": [
{
"context": "did:sov",
"method": "add-signature",
"signature_type": "default",
"signer_goal_code": "aries.transaction.endorse",
"author_goal_code": "aries.transaction.ledger.write"
}
],
"signature_response": [],
"timing": {
"expires_time": null
},
"formats": [
{
"attach_id": "4cef3a8f-b910-4794-9326-6f0a638d683c",
"format": "dif/endorse-transaction/[email protected]"
}
],
"messages_attach": [
{
"@id": "4cef3a8f-b910-4794-9326-6f0a638d683c",
"mime-type": "application/json",
"data": {
"json": "{\"endorser\": \"6bX4vukUZxxGKm7f5bBkmN\", \"identifier\": \"FB5yHWKaZk59hiKqjJKEHs\", \"operation\": {\"data\": {\"attr_names\": [\"score\"], \"name\": \"author-schema\", \"version\": \"1.1\"}, \"type\": \"101\"}, \"protocolVersion\": 2, \"reqId\": 1706573301954441235, \"signature\": \"5ihP9oXmgg6WRRMmNjHiiiP6W3r3S5xVfJFCru3BUzHSqiV6gkmRhvo3UgDzsTmQHU2Z4zp91hwU3cKHtLsG9xWA\"}"
}
}
],
"meta_data": {
"context": {
"job_id": "db16fd5f8c094d62ba3d1722dacb2467",
"schema_id": "WgWxqztrNooG92RXvxSTWv:2:author-schema:1.1"
}
},
"connection_id": "2e64c27e-5c35-4090-87ef-a48e4db3f2ba"
}
}
}GET /schems/{id} {
"schema": {
"issuerId": "FB5yHWKaZk59hiKqjJKEHs",
"attrNames": [
"score"
],
"name": "author-schema",
"version": "1.1"
},
"schema_id": "FB5yHWKaZk59hiKqjJKEHs:2:author-schema:1.1",
"resolution_metadata": {
"ledger_id": null
},
"schema_metadata": {
"seqNo": 1234
}
} |
| schema_state=SchemaState( | ||
| state=SchemaState.STATE_FINISHED, | ||
| state=SchemaState.STATE_TRANSACTION_REQUESTED, |
There was a problem hiding this comment.
This should be the generic STATE_WAIT.
There was a problem hiding this comment.
👍 I had second guessed adding a more specific state here. Wait makes sense.
| description="Connection identifier (optional) (this is an example)", | ||
| description=""" | ||
| Connection identifier (optional) (this is an example) | ||
| You can set this is you know the endorsers connection id you want to use. | ||
| If not specified then the agent will attempt to find an endorser connection. | ||
| """, | ||
| required=False, | ||
| example=UUIDFour.EXAMPLE, | ||
| ) | ||
|
|
||
| create_transaction_for_endorser = fields.Bool( | ||
| description=""" | ||
| Create transaction for endorser (optional, default false). | ||
| Use this for agents who don't specify an author role but want to | ||
| create a transaction for an endorser to sign.""", | ||
| required=False, | ||
| example=False, | ||
| ) | ||
|
|
There was a problem hiding this comment.
I think this is a good use of options. However, I wonder if the first option might be better handled by having an established default endorser (kind of like how we set our public DID and that persists across calls). And I'm honestly not sure what the second one means; is this perhaps a case where we could simplify the interface by sticking to a reasonable default? In what circumstances would we set this value to True?
There was a problem hiding this comment.
Yes. These were from the previous implementation.
I thought endorser_connection_id was so you could use a different endorser. It's not needed and the default endorser connection is found without it. Maybe we can remove it.
The create_transaction_for_endorser is when an agent want's to do a transaction but doesn't have the author role set. I'm not sure if this needs to be supported but the integration tests use them.
I think removing these options if we can should be done later as another smaller PR. I'll leave them for now.
| if self._profile.settings.get("wallet.type") == "askar-anoncreds": | ||
| event_bus = self.profile.inject(EventBus) | ||
| await event_bus.notify( | ||
| self._profile, | ||
| SchemaRegistrationFinishedEvent.with_payload(meta_data), | ||
| ) | ||
| else: | ||
| await notify_schema_event(self._profile, schema_id, meta_data) |
There was a problem hiding this comment.
What do you think of just calling AnonCredsIssuer.finish_schema directly?
There was a problem hiding this comment.
I think that's a good idea. I was just following the existing pattern here but that would be simpler.
I'll update it. I'd rather address them here before the next PR which will be a lot bigger. |
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
Signed-off-by: jamshale <[email protected]>
|
|
@dbluhm Addressed the comments now. |
Adds the flow for schema endorsement.
The endorsement flow is triggered by the agent having an author role or by manually setting the
create_transaction_for_endorseroption request param.The anoncreds registry submits the transaction based on wallet type, and the post processing (storing the schema in the wallet) is triggered by the transaction manager using a new anoncreds schema event.
The endorsement integration tests are run with anoncreds wallets on the endorser and author roles. Added unit tests mostly on the registry register schema flow.