Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wallet_scheme appears to be ignored in ACAPY_WALLET_STORAGE_CONFIG #464

Closed
rblaine95 opened this issue Sep 27, 2023 · 7 comments · Fixed by #512
Closed

wallet_scheme appears to be ignored in ACAPY_WALLET_STORAGE_CONFIG #464

rblaine95 opened this issue Sep 27, 2023 · 7 comments · Fixed by #512
Assignees
@ff137
Labels
bug Something isn't working

Comments

@rblaine95
Copy link
Collaborator

rblaine95 commented Sep 27, 2023
edited
Loading

According to hyperledger/aries-cloudagent-python, the ACAPY_WALLET_STORAGE_CONFIG environment variable maps to the Indy SDK Postgres Plugin

// https://github.com/hyperledger/indy-sdk/blob/main/experimental/plugins/postgres_storage/src/postgres_storage.rs#L377-L398
#[derive(Deserialize)]
pub struct PostgresConfig {
    url: String,
    tls: Option<String>,
    tls_ca: Option<String>,
    // default off
    max_connections: Option<u32>,
    // default 5
    min_idle_time: Option<u32>,
    // default 0, deprecated
    min_idle_count: Option<u32>,
    // default 0
    connection_timeout: Option<u64>,
    // default 5
    wallet_scheme: Option<WalletScheme>,   // default DatabasePerWallet
    database_name: Option<String>,   // default _WALLET_DB
    
    // For TLS
    #[serde(skip)]
    negotiator: Option<OpenSsl>,

}

It looks like wallet_scheme is being ignored when set via the ACAPY_WALLET_STORAGE_CONFIG environment variable (environments/governance-multitenant/aca-py-agent.default.env)
@rblaine95 rblaine95 added the bug Something isn't working label Sep 27, 2023
@rblaine95
Copy link
Collaborator Author

🤔
https://github.com/hyperledger/aries-askar/blob/main/askar-storage/src/backend/postgres/provision.rs#L28-L41

@rblaine95
Copy link
Collaborator Author

rblaine95 commented Sep 28, 2023
edited
Loading 

for ((i=0; i<10; i++)); do
curl -s -X 'POST' \
  'http://localhost:8100/admin/tenants' \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: adminApiKey' \
  -d @- <<EOF
{
  "image_url": "https://api.dicebear.com/7.x/pixel-art/svg?seed=somethingradnom",
  "name": "my-issuer",
  "roles": [
    "issuer"
  ],
  "group_id": "someGroup"
}
EOF
done

The above loop results in a Database Per Wallet being created, even if ACAPY_WALLET_STORAGE_CONFIG={"url":"governance-multitenant-wallets-db:5432","wallet_scheme":"MultiWalletSingleTable","max_connections":50}

@rblaine95
Copy link
Collaborator Author

openwallet-foundation/acapy#2043 (comment) uses wallet_scheme
openwallet-foundation/acapy#2074 (comment) uses scheme

@ff137
Copy link
Collaborator

ff137 commented Oct 18, 2023

AFAICT, wallet_scheme is the key used in all examples, except for one where scheme is used. That one's probably wrong.

Here's a test that claims to "test_postgres_wallet_scheme_works": https://github.com/hyperledger/aries-cloudagent-python/blob/ac1dde304e92683ab50bb0f2b8cad298b918aa52/aries_cloudagent/wallet/tests/test_indy_wallet.py#L830

But the IndyWalletConfig object that it's creating, makes no mention of wallet_scheme, or scheme .....
https://github.com/hyperledger/aries-cloudagent-python/blob/ac1dde304e92683ab50bb0f2b8cad298b918aa52/aries_cloudagent/indy/sdk/wallet_setup.py#L24

So it does indeed seem to be specific to the postgres_storage plugin.
Because the following test is for the postgres plugin, and it uses '{"wallet_scheme":"MultiWalletSingleTable"}':
https://github.com/hyperledger/aries-cloudagent-python/blob/ac1dde304e92683ab50bb0f2b8cad298b918aa52/aries_cloudagent/indy/sdk/tests/test_wallet_plugin.py#L15

See load_postgres_plugin method: https://github.com/hyperledger/aries-cloudagent-python/blob/ac1dde304e92683ab50bb0f2b8cad298b918aa52/aries_cloudagent/indy/sdk/wallet_plugin.py#L51C1-L51C1

All of this seems to be fairly untouched code in the last 2-3 years ... especially the plugin itself is still under "experimental" and most of it hasn't changed in 4-5 years ... maybe there's newer, better ways to do things? 🤷‍♂️ Questions for the hyperledger team!

The relevant flag seems to be: --wallet-storage-type postgres_storage, which we do have set with: ACAPY_WALLET_STORAGE_TYPE=postgres_storage.

All I can think is that maybe the ACAPY_WALLET_STORAGE_CONFIG body needs to be escaped?
i.e. "...,\"wallet_scheme\":\"MultiWalletSingleTable\"}".
Probably not, that's just a shot in the dark. But must be some way to get this config passed to the plugin: https://github.com/hyperledger/indy-sdk/blob/main/experimental/plugins/postgres_storage/README.md#wallet-management-modes

That's as much as I can see at the moment!

@rblaine95
Copy link
Collaborator Author

rblaine95 commented Oct 19, 2023
edited
Loading

This looks very much related to didx-xyz/acapy-wallet-groups-plugin

Edit: It's not

@ff137
Copy link
Collaborator

ff137 commented Oct 23, 2023

The following issue links to documentation for migrating indy wallets using MultiWalletSingleTable to askar:
openwallet-foundation/acapy-tools#7

@ff137
Copy link
Collaborator

ff137 commented Oct 23, 2023

This seems to be what we're missing: --multitenancy-config
As mentioned in aries-askar readme, to use wallet_type=askar-profile

@ff137 ff137 mentioned this issue Oct 23, 2023
Merged
@ff137 ff137 self-assigned this Oct 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ff137 ff137

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

✨ add multitenancy-config for askar wallets didx-xyz/aries-cloudapi-python
2 participants
@rblaine95 @ff137