Merge branch 'bcgov/main' into bcgov/feature/loki-log-streaming

README.md

@@ -19,7 +19,7 @@
 
 ## What is Traction?
 
-Traction is a digital wallet solution comprised of plugins layered on top of Hyperledger Aries Cloud Agent Python (ACA-Py) and streamlines the process of sending and receiving digital credentials for governments and organizations.
+Traction is a digital wallet solution comprised of plugins layered on top of OpenWallet Foundation ACA-Py and streamlines the process of sending and receiving digital credentials for governments and organizations.
 
 Its open-source foundation makes it easy to integrate digital trust technology into existing lines of business applications, without having to stand up, maintain and manage an instance of ACA-Py themselves. Future functionality could include machine-readable governance and more.
 
@@ -43,7 +43,7 @@ Establish your own Traction tenant in a B.C. Government sandbox to issue, hold,
 Traction makes it easier to integrate digital trust technology into existing line of business applications.
 
 - **API-first Architecture**: Traction is designed with an API-first architecture, this RESTful API allows for integration into existing line-of-business applications already being used by organizations, the Tenant user interface is built on this API to enable adoption prior to integration and for low-use functions.
-- **Enhanced Interoperability**: Hyperledger Aries makes Traction more broadly compatible with existing technologies used by governments and organizations around the world.
+- **Enhanced Interoperability**: OWF ACA-Py makes Traction more broadly compatible with existing technologies used by governments and organizations around the world.
 - **Multi-tenancy**: Rather than having multiple digital tools to integrate with organizations, one scalable instance of Traction can be used to participate in the digital trust ecosystem, control all connections, and more easily share data.
 - **Higher Scalability**: Traction is open-source technology, encouraging collaborative refinement, faster release, and higher scalability.
 
@@ -111,4 +111,4 @@ Traction is licensed under Apache License 2.0 which can be reviewed [here](./LIC
 ## Engage with the community
 
 Connect with others
-- for Aries discussion see the Hyperlerger Aries Github [participation section](https://github.com/hyperledger/aries#project-participation)
+- for ACA-Py discussion see the OWF ACA-Py Github [for links to discussion forums](https://github.com/openwallet-foundation/acapy?tab=readme-ov-file#troubleshooting)

charts/traction/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: traction
 description: The Traction service allows organizations to verify, hold, and issue verifiable credentials. The Traction Tenant UI allows tenants to manage their agent.
 type: application
-version: 0.3.3
-appVersion: 0.5.1
+version: 0.3.5
+appVersion: 1.0.0
 home: "https://github.com/bcgov/traction"
 sources: ["https://github.com/bcgov/traction"]
 icon: "https://github.com/bcgov/traction/raw/main/docs/assets/readme-logo.png"

charts/traction/templates/_helpers.tpl

@@ -79,15 +79,6 @@ it randomly.
 {{- end -}}
 {{- end }}
 
-{{/*
-Return true if a database secret should be created
-*/}}
-{{- define "acapy.database.createSecret" -}}
-{{- if not .Values.acapy.walletStorageCredentials.existingSecret -}}
-{{- true -}}
-{{- end -}}
-{{- end -}}
-
 {{/*
 Return true if a api secret should be created
 */}}
@@ -131,31 +122,23 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 Get the admin-password key.
 */}}
 {{- define "acapy.database.adminPasswordKey" -}}
-{{- if .Values.acapy.walletStorageCredentials.existingSecret -}}
-    {{- if .Values.acapy.walletStorageCredentials.secretKeys.adminPasswordKey -}}
-        {{- printf "%s" (tpl .Values.acapy.walletStorageCredentials.secretKeys.adminPasswordKey $) -}}
-    {{- else if .Values.postgresql.auth.secretKeys.adminPasswordKey -}}
-        {{- printf "%s" (tpl .Values.postgresql.auth.secretKeys.adminPasswordKey $) -}}
-    {{- end -}}
-{{- else -}}
-    {{- "admin-password" -}}
+{{- if .Values.acapy.walletStorageCredentials.secretKeys.adminPasswordKey -}}
+    {{- printf "%s" (tpl .Values.acapy.walletStorageCredentials.secretKeys.adminPasswordKey $) -}}
+{{- else if .Values.postgresql.auth.secretKeys.adminPasswordKey -}}
+    {{- printf "%s" (tpl .Values.postgresql.auth.secretKeys.adminPasswordKey $) -}}
 {{- end -}}
 {{- end -}}
 
 {{/*
 Get the user-password key.
 */}}
 {{- define "acapy.database.userPasswordKey" -}}
-{{- if .Values.acapy.walletStorageCredentials.existingSecret -}}
-    {{- if or (empty .Values.acapy.walletStorageCredentials.account) (eq .Values.acapy.walletStorageCredentials.account "postgres") -}}
-        {{- printf "%s" (include "acapy.database.adminPasswordKey" .) -}}
-    {{- else -}}
-        {{- if .Values.acapy.walletStorageCredentials.secretKeys.userPasswordKey -}}
-            {{- printf "%s" (tpl .Values.acapy.walletStorageCredentials.secretKeys.userPasswordKey $) -}}
-        {{- end -}}
-    {{- end -}}
+{{- if or (empty .Values.acapy.walletStorageCredentials.account) (eq .Values.acapy.walletStorageCredentials.account "postgres") -}}
+    {{- printf "%s" (include "acapy.database.adminPasswordKey" .) -}}
 {{- else -}}
-    {{- "database-password" -}}
+    {{- if .Values.acapy.walletStorageCredentials.secretKeys.userPasswordKey -}}
+        {{- printf "%s" (tpl .Values.acapy.walletStorageCredentials.secretKeys.userPasswordKey $) -}}
+    {{- end -}}
 {{- end -}}
 {{- end -}}
 
@@ -341,16 +324,14 @@ Create a default fully qualified app name for the postgres requirement.
 Generate acapy wallet storage config
 */}}
 {{- define "acapy.walletStorageConfig" -}}
-{{- if and .Values.acapy.walletStorageConfig (not .Values.postgresql.enabled) (not (index .Values "postgresql-ha" "enabled")) -}}
+{{- if and .Values.acapy.walletStorageConfig (not .Values.postgresql.enabled) -}}
 {{- if .Values.acapy.walletStorageConfig.json -}}
 {{- .Values.acapy.walletStorageConfig.json -}}
 {{- else -}}
 '{"url":"{{ .Values.acapy.walletStorageConfig.url }}","max_connections":"{{ .Values.acapy.walletStorageConfig.max_connection | default 10 }}", "wallet_scheme":"{{ .Values.acapy.walletStorageConfig.wallet_scheme }}"}'
 {{- end -}}
-{{- else if and .Values.postgresql.enabled ( not ( index .Values "postgresql-ha" "enabled") ) -}}
+{{- else if .Values.postgresql.enabled -}}
 '{"url":"{{ include "global.postgresql.fullname" . }}:{{ .Values.postgresql.primary.service.ports.postgresql }}","max_connections":"{{ .Values.acapy.walletStorageConfig.max_connections }}", "wallet_scheme":"{{ .Values.acapy.walletStorageConfig.wallet_scheme }}"}'
-{{- else if and ( index .Values "postgresql-ha" "enabled" ) ( not .Values.postgresql.enabled ) -}}
-'{"url":"{{ include "global.postgresql-ha.fullname" . }}:{{ index .Values "postgresql-ha" "service" "ports" "postgresql" }}","max_connections":"5", "wallet_scheme":"{{ .Values.acapy.walletScheme }}"}'
 {{- else -}}
 ''
 {{ end }}
@@ -360,16 +341,14 @@ Generate acapy wallet storage config
 Generate acapy wallet storage credentials
 */}}
 {{- define "acapy.walletStorageCredentials" -}}
-{{- if and .Values.acapy.walletStorageCredentials (not .Values.postgresql.enabled) (not (index .Values "postgresql-ha" "enabled")) -}}
+{{- if and .Values.acapy.walletStorageCredentials (not .Values.postgresql.enabled) -}}
 {{- if .Values.acapy.walletStorageCredentials.json -}}
 {{- .Values.acapy.walletStorageCredentials.json -}}
 {{- else -}}
 '{"account":"{{ .Values.acapy.walletStorageCredentials.account | default "acapy" }}","password":"$(POSTGRES_PASSWORD)", "admin_account":"{{ .Values.acapy.walletStorageCredentials.admin_account }}", "admin_password":"$(POSTGRES_POSTGRES_PASSWORD)"}'
 {{- end -}}
-{{- else if and .Values.postgresql.enabled ( not ( index .Values "postgresql-ha" "enabled") ) -}}
+{{- else if .Values.postgresql.enabled -}}
 '{"account":"{{ .Values.postgresql.auth.username }}","password":"$(POSTGRES_PASSWORD)", "admin_account":"{{ .Values.acapy.walletStorageCredentials.admin_account }}", "admin_password":"$(POSTGRES_POSTGRES_PASSWORD)"}'
-{{- else if and ( index .Values "postgresql-ha" "enabled" ) ( not .Values.postgresql.enabled ) -}}
-'{"account":"{{ .Values.acapy.walletStorageCredentials.account | default "acapy" }}","password":"$(POSTGRES_PASSWORD)", "admin_account":"{{ .Values.acapy.walletStorageCredentials.admin_account }}", "admin_password":"$(POSTGRES_POSTGRES_PASSWORD)"}'
 {{- end -}}
 {{- end -}}
 

charts/traction/values.yaml

@@ -1,6 +1,6 @@
-## @param nameOverride
+## @param nameOverride String to override the helm chart name, second part of the prefix
 nameOverride: ""
-## @param fullnameOverride
+## @param fullnameOverride String to fully override the helm chart name, full prefix. *Must be provided if using a custom release name that does not include the word traction.*
 fullnameOverride: ""
 ## @param ingressSuffix Domain suffix to be used for default hostpaths in ingress
 ingressSuffix: -dev.example.com
@@ -173,17 +173,17 @@ acapy:
   ## @param acapy.walletStorageCredentials.admin_account Database account with CREATEDB role used to create additional databases per wallet.
   ## @param acapy.walletStorageCredentials.admin_password Database password for admin account.
   ## @param acapy.walletStorageCredentials.existingSecret Name of an existing secret containing database user, password, and admin password.
-  ## @param acapy.walletStorageCredentials.secretKeys.adminPasswordKey Key in existing secret containing admin password.
-  ## @param acapy.walletStorageCredentials.secretKeys.userPasswordKey Key in existing secret containing password .
+  ## @param acapy.walletStorageCredentials.secretKeys.adminPasswordKey Key in existing secret containing admin account password.
+  ## @param acapy.walletStorageCredentials.secretKeys.userPasswordKey Key in existing secret containing account password.
   ##
   walletStorageCredentials:
     json: ''
     account: acapy
     admin_account: postgres
     existingSecret: ""
     secretKeys:
-      adminPasswordKey: admin-password
-      userPasswordKey: database-password
+      adminPasswordKey: postgres-password
+      userPasswordKey: password
   ## @section ACA-Py Multitenancy Configuration
   ##  Specifies the multitenancy config.
   ##  Possible values: wallet_type, wallet_name, wallet_key, cache_size, 'key_derivation_method. 
@@ -883,21 +883,9 @@ postgresql:
   ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-user-on-first-run
   ##
   auth:
-    ## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
+    ## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user. Not recommended for production deployment.
     ##
     enablePostgresUser: true
-    ## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `postgresql.auth.postgresPassword`, `postgresql.auth.password`, and `postgresql.auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case.
-    ##
-    existingSecret: '{{ include "global.fullname" . }}'
-    ## @param postgresql.auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
-    ## @param postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
-    ##
-    secretKeys:
-      adminPasswordKey: admin-password
-      userPasswordKey: database-password
-    ## @param postgresql.auth.database Name for a custom database to create
-    ##
-    database: traction
     ## @param postgresql.auth.username Name for a custom user to create
     ##
     username: acapy
@@ -949,7 +937,3 @@ postgresql:
     ##
     extendedConfiguration: |
       max_connections = 500
-
-## @param postgresql-ha.enabled Deploy HA PostgreSQL chart. Not currently supported, provided for future use.
-postgresql-ha:
-  enabled: false

deploy/traction/values-pr.yaml

@@ -11,7 +11,8 @@ acapy:
       walletkey: "change-me"
       tenantid: "innkeeper"
   argfile.yml:
-    wallet-name: default
+    tails-server-base-url: https://tails-dev.vonx.io
+    tails-server-upload-url: https://tails-dev.vonx.io
   ledgers.yml:
     - id: bcovrin-test
       is_production: true
@@ -83,6 +84,7 @@ ui:
     authority: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-citz
     jwksUri: https://dev.loginproxy.gov.bc.ca/auth/realms/digitaltrust-citz/protocol/openid-connect/certs
     extraQueryParams: '{"kc_idp_hint":"idir"}'
+    label: "IDIR"
     reservationForm: >-
       {
         "formDataSchema": {

docs/README.md

@@ -1,17 +1,17 @@
 # Traction Documentation and Resources
 
-## A Traction Sandbox Hyperledger Aries/AnonCreds Workshop
+## A Traction Sandbox ACA-Py/AnonCreds Workshop
 
 This workshop contains a sequence of labs demonstrating issuing, receiving,
 holding, requesting, presenting, and verifying AnonCreds Verifiable
 Credentials--no technical experience required! The labs take about 20 minutes
 for complete. New developers expecting to build an Issuer or Verifier with
-[Traction] or [Aries Cloud Agent Python] will find this a great place to
+[Traction] or [ACA-Py] will find this a great place to
 start--with developer-oriented "Next Steps" suggested at the end of the
 Workshop.
 
 [Traction]: https://digital.gov.bc.ca/digital-trust/technical-resources/traction/
-[Aries Cloud Agent Python]: https://aca-py.org
+[ACA-Py]: https://aca-py.org
 
 ## Basic Architecture Overview
 See [traction flow chart](assets/traction-flow-chart-1600x900-12162022.pdf)

docs/traction-anoncreds-workshop.md

@@ -1,3 +1,3 @@
-# A Traction Sandbox Hyperledger Aries/AnonCreds Workshop
+# A Traction Sandbox ACA-Py/AnonCreds Workshop
 
-Find the Traction AnonCreds workshop in its new home at [Hyperledger Aries ACA-Py Docs](https://aca-py.org/latest/demo/ACA-Py-Workshop/).
+Find the Traction AnonCreds workshop in its new home at [ACA-Py Docs](https://aca-py.org/latest/demo/ACA-Py-Workshop/).

plugins/README.md

@@ -1,8 +1,8 @@
 # Traction Aca-Py Plugins
 
-Traction is a set of plugins that facilitate multi-tenant management within [Aca-Py](https://github.com/hyperledger/aries-cloudagent-python). Some of the plugins ([basicmessage_storage](./basicmessage_storage/README.md), [connection_update](./connection_update/README.md) and [multitenant_provider](./multitenant_provider/README.md)) can be used independently from Traction.  
+Traction is a set of plugins that facilitate multi-tenant management within [Aca-Py](https://github.com/openwallet-foundation/acapy). Some of the plugins ([basicmessage_storage](./basicmessage_storage/README.md), [connection_update](./connection_update/README.md) and [multitenant_provider](./multitenant_provider/README.md)) can be used independently from Traction.  
 
 
 ### Developing Aca-Py Plugins
 
-Please refer to [Getting Started Aries Development: Plugins](https://github.com/hyperledger/aries-cloudagent-python/blob/45c832658245747a3366735f6179362d127bae02/docs/GettingStartedAriesDev/PlugIns.md) for an in depth look at how to build Aca-Py plugins and how they operate within Aca-Py.
+Please refer to [Features: Plugins](https://github.com/openwallet-foundation/acapy/blob/main/docs/features/PlugIns.md) for an in depth look at how to build Aca-Py plugins and how they operate within Aca-Py.

plugins/docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/hyperledger/aries-cloudagent-python:py3.12-1.0.1 AS base
+FROM ghcr.io/openwallet-foundation/acapy-agent:py3.12-1.1.0 AS base
 
 # Install and Configure Poetry
 USER root
@@ -24,16 +24,16 @@ RUN poetry install --only main
 RUN ln -s $(poetry env info -p)/lib/python3.6/site-packages site-packages
 
 
-FROM ghcr.io/hyperledger/aries-cloudagent-python:py3.12-1.0.1
+FROM ghcr.io/openwallet-foundation/acapy-agent:py3.12-1.1.0
 COPY --from=base --chown=aries:aries /home/aries/.venv /home/aries/.venv
 ENV PATH="/home/aries/.venv/bin:$PATH"
 
 COPY --chown=aries:aries docker/default.yml ./
 COPY --chown=aries:aries traction_innkeeper/traction_innkeeper traction_plugins/traction_innkeeper
-RUN pip install git+https://github.com/hyperledger/aries-acapy-plugins@1.0.1#subdirectory=basicmessage_storage
-RUN pip install git+https://github.com/hyperledger/aries-acapy-plugins@1.0.1#subdirectory=connection_update
-RUN pip install git+https://github.com/hyperledger/aries-acapy-plugins@1.0.1#subdirectory=multitenant_provider
-RUN pip install git+https://github.com/hyperledger/aries-acapy-plugins@1.0.1#subdirectory=rpc
+RUN pip install git+https://github.com/openwallet-foundation/acapy-plugins@1.1.0#subdirectory=basicmessage_storage
+RUN pip install git+https://github.com/openwallet-foundation/acapy-plugins@1.1.0#subdirectory=connection_update
+RUN pip install git+https://github.com/openwallet-foundation/acapy-plugins@1.1.0#subdirectory=multitenant_provider
+RUN pip install git+https://github.com/openwallet-foundation/acapy-plugins@1.1.0#subdirectory=rpc
 
 
 ENTRYPOINT ["/bin/bash", "-c", "aca-py \"$@\"", "--"]

plugins/pyproject.toml

@@ -9,7 +9,7 @@ readme = "README.md"
 
 [tool.poetry.dependencies]
 python = "^3.12"
-aries-cloudagent = { version = "1.0.1" }
+acapy-agent = { version = "1.1.0" }
 python-dateutil = "^2.8.2"
 typing-extensions = "4.8.0"
 traction-innkeeper = {path = "./traction_innkeeper", develop = true}
@@ -18,7 +18,6 @@ aries-askar = { version = "~0.3.2" }
 anoncreds= { version = "0.2.0" }
 indy-credx = { version = "~1.1.1" }
 indy-vdr = { version = "~0.4.1" }
-ursa-bbs-signatures = { version = "~1.0.1" }
 python3-indy = { version = "^1.11.1" }
 
 [tool.poetry.dev-dependencies]