From 95ffb7adbf47be1f833e76f62ae106c076d6c95d Mon Sep 17 00:00:00 2001
From: Jose Luis Pumahuanca Carrion <puma@mbp-de-jose.home>
Date: Mon, 19 Feb 2024 14:03:07 -0500
Subject: [PATCH] =?UTF-8?q?demo=20ngrok=20corrig=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../docker-agent-author-endorser/.env-exemple |  1 +
 .../Dockerfile.acapy                          | 10 +++
 demo/docker-agent-author-endorser/README.md   | 87 +++++++++++++++++++
 .../docker-compose.yml                        | 47 ++++++++++
 .../ngrok-wait.sh                             | 51 +++++++++++
 5 files changed, 196 insertions(+)
 create mode 100644 demo/docker-agent-author-endorser/.env-exemple
 create mode 100644 demo/docker-agent-author-endorser/Dockerfile.acapy
 create mode 100644 demo/docker-agent-author-endorser/README.md
 create mode 100644 demo/docker-agent-author-endorser/docker-compose.yml
 create mode 100755 demo/docker-agent-author-endorser/ngrok-wait.sh

diff --git a/demo/docker-agent-author-endorser/.env-exemple b/demo/docker-agent-author-endorser/.env-exemple
new file mode 100644
index 0000000000..afb5193eea
--- /dev/null
+++ b/demo/docker-agent-author-endorser/.env-exemple
@@ -0,0 +1 @@
+NGROK_AUTHTOKEN=
\ No newline at end of file
diff --git a/demo/docker-agent-author-endorser/Dockerfile.acapy b/demo/docker-agent-author-endorser/Dockerfile.acapy
new file mode 100644
index 0000000000..f309b40950
--- /dev/null
+++ b/demo/docker-agent-author-endorser/Dockerfile.acapy
@@ -0,0 +1,10 @@
+FROM ghcr.io/hyperledger/aries-cloudagent-python:py3.9-0.9.0
+
+USER root
+
+ADD https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 ./jq
+RUN chmod +x ./jq
+COPY ngrok-wait.sh ngrok-wait.sh
+RUN chmod +x ./ngrok-wait.sh
+
+USER $user
diff --git a/demo/docker-agent-author-endorser/README.md b/demo/docker-agent-author-endorser/README.md
new file mode 100644
index 0000000000..e5bd454ae2
--- /dev/null
+++ b/demo/docker-agent-author-endorser/README.md
@@ -0,0 +1,87 @@
+# Running an Author Agent and connecting to an Endorser
+
+This directory contains scripts to run an aca-py agent as an Author, that can conenct to an Endorser service.
+
+## Running the Author Agent
+
+The docker-compose script runs ngrok to expose the agent's port publicly, and stores wallet data in a postgres database.
+
+To run the Author agent in this repo, open a command shell in this directory and run:
+
+- to build the containers:
+
+```bash
+docker-compose build
+```
+
+- to run the author agent:
+
+```bash
+docker-compose up
+```
+
+You can connect to the [agent's api service here](http://localhost:8010).
+
+Note that all the configuration settings are hard-coded in the docker-compose file and ngrok-wait.sh script, so if you change any configs you need to rebuild the docker images.
+
+- to shut down the agent:
+
+```bash
+docker-compose stop
+docker-compose rm -f
+```
+
+This will leave the agent's wallet data, so if you restart the agent it will maintain any created data.
+
+- to remove the agent's wallet:
+
+```bash
+docker volume rm docker-agent_wallet-db-data
+```
+
+Note that the Author agent is not (yet) configured with revocations enabled or a tails server, so revocation is not supported.
+
+## Connecting to an Endorser Service
+
+For this example, we will connect to [this endorser service](https://github.com/bcgov/aries-endorser-service), which you can connect to locally at `http://localhost:5050/endorser/docs`.
+
+Make sure you start the endorser service on the same ledger as your author, and make sure the endorser has a public DID with ENDORSER role.
+
+For example start the endorser service as `LEDGER_URL=http://test.bcovrin.vonx.io TAILS_SERVER_URL=https://tails-test.vonx.io ./manage start --logs` and then make sure the Author agent is started with `--genesis_url http://test.bcovrin.vonx.io/genesis`.
+
+### Connecting the Author to the Endorser
+
+Endorser Service:  Use the `GET /v1/admin/config` endpoint to fetch the endorser's configuration, including the public DID (which the author will need to know).  Also confirm whether the `ENDORSER_AUTO_ACCEPT_CONNECTIONS` and `ENDORSER_AUTO_ENDORSE_REQUESTS` settings are `True` or `False` - for the following we will assume that both are `False` and the endorser must explicitly respond to all requests.
+
+Author Agent:  Use the `POST /didexchange/create-request` to request a connection with the endorser, using the endorser's public DID.  Set the `alias` to `Endorser` - this *MUST* match the `--endorser-alias 'Endorser'` setting (in the ngrok-wait.sh script).  Use the `GET /connections` endpoint to verify the connection is in `request` state.
+
+Endorser Service:  Use the `GET /v1/connections` endpoint to see the connection request (state `request`).  Using the `connection_id`, call the `POST /connections/{connection_id}/accept` endpoint to accept the request.  Verify that the connection state goes to `active`.
+
+Author Agent:  Verify the connection state goes to `active`.  Use the `POST /transactions/{conn_id}/set-endorser-role` to set the connection role to `TRANSACTION_AUTHOR`, and then use `POST /transactions/{conn_id}/set-endorser-info` to set the endorser's alias to `Endorser` and the public DID to the endorser's public DID.  Verify the settings using the `GET /connections/{conn_id}/meta-data` endpoint.
+
+The connection is now setup between the two agents!
+
+### Creating a Public Author DID
+
+Author Agent:  Use the `POST /wallet/did/create` (use an empty `{}` POST body) to create a local did.  Then use `POST /ledger/register-nym` to send the data to the ledger - this will create a transaction and send it to the endorser service.
+
+Endorser Service:  Use the `GET /v1/endorse/transactions` endpoint to see the endorse request - it should be in state `request_received`.  Using the `POST /v1/endorse/transactions/{transaction_id}/endorse` endpoint and the `transaction_id`, approve the request.  The state should now (eventually) go to `transaction_acked`.
+
+Author Service:  Use the `GET /transactions` endpoint to verify the transaction is in `transaction_acked` state.  Then use the `POST /wallet/did/public` to set the new DID to be the Author's public DID.  This will generate another endorser transaction to set the DID's endpoint (ATTRIB transaction) on the ledger.
+
+Endorser Service:  Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.
+
+### Endorsing Author Requests
+
+Author requests to create schema, create credential definition and create revocation registries will all now generate endorse requests to the endorser.
+
+Author Agent:  To create a schema use the `POST /schemas` endpoint.  This will create an endorse request.
+
+Endorser Service:  Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.
+
+Author Agent:  To create a cred def use the `POST /credential-definitions` endpoint.  This will create an endorse request.
+
+Endorser Service:  Use the same endpoints as above (`GET /v1/endorse/transactions` and then `POST /v1/endorse/transactions/{transaction_id}/endorse`) to view the endorse request and approve it.
+
+
+
diff --git a/demo/docker-agent-author-endorser/docker-compose.yml b/demo/docker-agent-author-endorser/docker-compose.yml
new file mode 100644
index 0000000000..f959e0fbdf
--- /dev/null
+++ b/demo/docker-agent-author-endorser/docker-compose.yml
@@ -0,0 +1,47 @@
+# Sample docker-compose to start a local aca-py author agent
+# To start aca-py and the postgres database, just run `docker-compose up`
+# To shut down the services run `docker-compose rm` - this will retain the postgres database, so you can change aca-py startup parameters
+# and restart the docker containers without losing your wallet data
+# If you want to delete your wallet data just run `docker volume ls -q | xargs docker volume rm`
+version: "3"
+services:
+  ngrok-agent:
+    image: ngrok/ngrok
+    environment:
+      - NGROK_AUTHTOKEN=${NGROK_AUTHTOKEN}
+    ports:
+      - 4067:4040
+    command: http author-agent:8001 --log stdout
+
+  author-agent:
+    build:
+      context: .
+      dockerfile: Dockerfile.acapy
+    environment:
+      - NGROK_NAME=ngrok-agent
+    ports:
+      - 8010:8010
+      - 8001:8001
+    depends_on:
+      - wallet-db
+    entrypoint: /bin/bash
+    command: [
+        "-c",
+        "sleep 5; \
+        ./ngrok-wait.sh"
+      ]
+    volumes:
+      - ./ngrok-wait.sh:/home/aries/ngrok-wait.sh
+
+  wallet-db:
+    image: postgres:12
+    environment:
+      - POSTGRES_USER=DB_USER
+      - POSTGRES_PASSWORD=DB_PASSWORD
+    ports:
+      - 5433:5432
+    volumes:
+      - wallet-db-data:/var/lib/pgsql/data
+
+volumes:
+  wallet-db-data:
diff --git a/demo/docker-agent-author-endorser/ngrok-wait.sh b/demo/docker-agent-author-endorser/ngrok-wait.sh
new file mode 100755
index 0000000000..c353fadf58
--- /dev/null
+++ b/demo/docker-agent-author-endorser/ngrok-wait.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# based on code developed by Sovrin:  https://github.com/hyperledger/aries-acapy-plugin-toolbox
+
+echo "using ngrok end point [$NGROK_NAME]"
+
+NGROK_ENDPOINT=null
+while [ -z "$NGROK_ENDPOINT" ] || [ "$NGROK_ENDPOINT" = "null" ]
+do
+    echo "Fetching end point from ngrok service"
+    NGROK_ENDPOINT=$(curl --silent $NGROK_NAME:4040/api/tunnels | ./jq -r '.tunnels[] | select(.proto=="https") | .public_url')
+
+    if [ -z "$NGROK_ENDPOINT" ] || [ "$NGROK_ENDPOINT" = "null" ]; then
+        echo "ngrok not ready, sleeping 5 seconds...."
+        sleep 5
+    fi
+done
+
+export ACAPY_ENDPOINT=$NGROK_ENDPOINT
+
+echo "Starting aca-py agent with endpoint [$ACAPY_ENDPOINT]"
+
+# ... if you want to echo the aca-py startup command ...
+set -x
+
+exec aca-py start \
+    --auto-provision \
+    --inbound-transport http '0.0.0.0' 8001 \
+    --outbound-transport http \
+    --genesis-url "http://test.bcovrin.vonx.io/genesis" \
+    --endpoint "${ACAPY_ENDPOINT}" \
+    --auto-ping-connection \
+    --monitor-ping \
+    --public-invites \
+    --wallet-type "askar" \
+    --wallet-name "test_author" \
+    --wallet-key "secret_key" \
+    --wallet-storage-type "postgres_storage" \
+    --wallet-storage-config "{\"url\":\"wallet-db:5432\",\"max_connections\":5}" \
+    --wallet-storage-creds "{\"account\":\"DB_USER\",\"password\":\"DB_PASSWORD\",\"admin_account\":\"DB_USER\",\"admin_password\":\"DB_PASSWORD\"}" \
+    --admin '0.0.0.0' 8010 \
+    --label "test_author" \
+    --admin-insecure-mode \
+    --endorser-protocol-role author \
+    --endorser-alias 'Endorser' \
+    --auto-request-endorsement \
+    --auto-write-transactions \
+    --auto-create-revocation-transactions \
+    --log-level "error" 
+
+#    --genesis-url "https://raw.githubusercontent.com/ICCS-ISAC/dtrust-reconu/main/CANdy/dev/pool_transactions_genesis" \